Abstract

http://ssrn.com/abstract=1591033
 
 

References (59)



 


 



Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL


Christopher Soghoian


Yale University - Yale Information Society Project

Sid Stamm


affiliation not provided to SSRN

April 16, 2010


Abstract:     
This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. Although we do not have direct evidence that this form of active surveillance is taking place in the wild, we show how products already on the market are geared and marketed towards this kind of use - suggesting such attacks may occur in the future, if they are not already occurring. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.

Number of Pages in PDF File: 20

Keywords: privacy, security, government surveillance

working papers series





Download This Paper

Date posted: April 18, 2010  

Suggested Citation

Soghoian, Christopher and Stamm, Sid, Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL (April 16, 2010). Available at SSRN: http://ssrn.com/abstract=1591033 or http://dx.doi.org/10.2139/ssrn.1591033

Contact Information

Christopher Soghoian (Contact Author)
Yale University - Yale Information Society Project ( email )
127 Wall Street
New Haven, CT 06511
United States
Sid Stamm
affiliation not provided to SSRN ( email )
Feedback to SSRN


Paper statistics
Abstract Views: 2,840
Downloads: 375
Download Rank: 44,419
References:  59

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo2 in 0.328 seconds