Wednesday, March 24, 2010

Interception Attacks Against SSL

Detecting and Defeating Government - Interception Attacks Against SSL

This paper introduces a new attack,the compelled certificate creation attack,in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.

Download PDF

No comments: