References & Citations
Computer Science > Cryptography and Security
Title: Server Location Verification and Server Location Pinning: Augmenting TLS Authentication
(Submitted on 13 Aug 2016 (v1), last revised 16 Aug 2016 (this version, v2))
Abstract: We introduce the first known mechanism providing realtime server location verification. Its uses include enhancing server authentication (e.g., augmenting TLS) by enabling browsers to automatically interpret server location information. We describe the design of this new measurement-based technique, Server Location Verification (SLV), and evaluate it using PlanetLab. We explain how SLV is compatible with the increasing trends of geographically distributed content dissemination over the Internet, without causing any new interoperability conflicts. Additionally, we introduce the notion of (verifiable) "server location pinning" within TLS (conceptually similar to certificate pinning) to support SLV, and evaluate their combined impact using a server-authentication evaluation framework. The results affirm the addition of new security benefits to the existing SSL/TLS-based authentication mechanisms. We implement SLV through a location verification service, the simplest version of which requires no server-side changes. We also implement a simple browser extension that interacts seamlessly with the verification infrastructure to obtain realtime server location-verification results.
Submission history
From: AbdelRahman Abdou [view email][v1] Sat, 13 Aug 2016 04:09:26 GMT (759kb,D)
[v2] Tue, 16 Aug 2016 20:03:46 GMT (772kb,D)
Link back to: arXiv, form interface, contact.