{"title":"揭开SSL/TLS MITM主机的面纱","authors":"Zhuguo Li, G. Xiong, Li Guo","doi":"10.1109/ICISCAE51034.2020.9236866","DOIUrl":null,"url":null,"abstract":"The SSL man-in-the-middle (MITM) attack uses forged X.509 certificates to impersonate each endpoint and intercept encrypted connections between clients and servers. Prior researches have revealed the prevalence of MITM attacks from SSL proxies, firewall, anti-virus, adware and malware. In this work, we design and implement a novel method to discovery suspicious SSL MITM hosts in the wild. Our results show that hosts using untrusted certificates are vulnerable to MITM attacks. We find 322,831 forged certificates, most of which are generated by TLS proxies and corporate firewalls such as Lancom System, Fortinet, Technicolor, Ubiquiti, and so on. The main reason of these forged certificates disclosed in public maybe origin from default configurations. At the end, we clarify the limitations of our method and give suggestions to defend against SSL MITM attacks.","PeriodicalId":355473,"journal":{"name":"2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Unveiling SSL/TLS MITM Hosts in the Wild\",\"authors\":\"Zhuguo Li, G. Xiong, Li Guo\",\"doi\":\"10.1109/ICISCAE51034.2020.9236866\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The SSL man-in-the-middle (MITM) attack uses forged X.509 certificates to impersonate each endpoint and intercept encrypted connections between clients and servers. Prior researches have revealed the prevalence of MITM attacks from SSL proxies, firewall, anti-virus, adware and malware. In this work, we design and implement a novel method to discovery suspicious SSL MITM hosts in the wild. Our results show that hosts using untrusted certificates are vulnerable to MITM attacks. We find 322,831 forged certificates, most of which are generated by TLS proxies and corporate firewalls such as Lancom System, Fortinet, Technicolor, Ubiquiti, and so on. The main reason of these forged certificates disclosed in public maybe origin from default configurations. At the end, we clarify the limitations of our method and give suggestions to defend against SSL MITM attacks.\",\"PeriodicalId\":355473,\"journal\":{\"name\":\"2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISCAE51034.2020.9236866\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISCAE51034.2020.9236866","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The SSL man-in-the-middle (MITM) attack uses forged X.509 certificates to impersonate each endpoint and intercept encrypted connections between clients and servers. Prior researches have revealed the prevalence of MITM attacks from SSL proxies, firewall, anti-virus, adware and malware. In this work, we design and implement a novel method to discovery suspicious SSL MITM hosts in the wild. Our results show that hosts using untrusted certificates are vulnerable to MITM attacks. We find 322,831 forged certificates, most of which are generated by TLS proxies and corporate firewalls such as Lancom System, Fortinet, Technicolor, Ubiquiti, and so on. The main reason of these forged certificates disclosed in public maybe origin from default configurations. At the end, we clarify the limitations of our method and give suggestions to defend against SSL MITM attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
