Forced perspectives: Evaluating an SSL trust enhancement at scale

Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Kevin R.B. Butler

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The certificate authority (CA) PKI system has been used for decades as a means of providing domain identity verification services throughout the Internet, but a growing body of ev- idence suggests that our trust in this system is misplaced. A recently proposed CA alternative, Convergence, extends the Network Perspectives system of multi-path probing to perform certificate verification. Unfortunately, adoption of Convergence and other SSL/TLS trust enhancements has been slow, in part because it is unknown how these systems perform against large workloads and realistic conditions. In this work we ask the question \What if all certificates were validated with Convergence?"We perform a case study of deploying Convergence under realistic workloads with a university-wide trace of real-world HTTPS activity. By syn- Thesizing Convergence requests, we effectively force perspect- ives-based verification on an entire university in simulation. We demonstrate that through local and server caching, a single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1% network overhead and requiring as little as 108 ms to validate a cer- Tificate, making Convergence a worthwhile candidate for fur- Ther deployment and adoption.

Original languageEnglish (US)
Title of host publicationIMC 2014 - Proceedings of the 2014 ACM
PublisherAssociation for Computing Machinery
Pages503-509
Number of pages7
ISBN (Electronic)9781450332132
DOIs
StatePublished - Nov 5 2014
Externally publishedYes
Event2014 ACM Internet Measurement Conference, IMC 2014 - Vancouver, Canada
Duration: Nov 5 2014Nov 7 2014

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other2014 ACM Internet Measurement Conference, IMC 2014
Country/TerritoryCanada
CityVancouver
Period11/5/1411/7/14

Keywords

  • HTTPS
  • Public-key certificates
  • SSL
  • TLS

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Forced perspectives: Evaluating an SSL trust enhancement at scale'. Together they form a unique fingerprint.

Cite this