Back to top

Securing Domain Validation

This project aims to secure Internet domain validation against attackers that manipulate Internet routing via Border Gateway Protocol (BGP) hijack and interception attacks.

Background: The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.

This project is analyzing the attack surface of domain validation against BGP-based attacks, designing countermeasures to secure domain validation protocols, and deploying them in real-world production systems for creating societal impact.

Funding to date

2017
$300 000
12 months
Total funding: 
$300 000
Core issues: 
Security from danger or threat online
Current project status
  • Just an Idea (Pre-alpha)
  • It Exists! (Alpha/Beta)
  • It's basically done. (Release)
  • People Use It. (Production)
Objectives
Research
Deploying technology
Beneficiaries
General public
Addressed problems
Technical attacks against government critics, journalists, and/or human rights organizations (Cyberattacks)
Repressive surveillance or monitoring of communication
Technology focus
Networking
Other

Get the word out

Similar projects

NetBlocks is a modular technology framework for internet governance transparency, enabling real-time detection and monitoring of mass-scale network controls which affect entire regions and populations.