Securing Domain Validation
Background: The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.
This project is analyzing the attack surface of domain validation against BGP-based attacks, designing countermeasures to secure domain validation protocols, and deploying them in real-world production systems for creating societal impact.
Funding to date
- Just an Idea (Pre-alpha)
- It Exists! (Alpha/Beta)
- It's basically done. (Release)
- People Use It. (Production)