This project secures Internet domain validation against attackers that manipulate Internet routing via Border Gateway Protocol (BGP) hijack and interception attacks.
The Public Key Infrastructure protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities vouch for the identity of servers on the Internet through digitally signed certificates - usually displayed to users on their Internet browser via a small padlock icon near the address bar. Ironically, the mechanism that Certificate Authorities use to issue certificates (domain validation) is itself vulnerable to man-in-the-middle attacks by network-level adversaries.
This project analyzed the attack surface of domain validation against BGP-based attacks, designed countermeasures to secure domain validation protocols, and deployed them in real-world production systems such as Let's Encrypt and Cloudflare. This provides protection from these attacks to hundreds of millions of websites around the globe.
This website deploys cookies for basic functionality and to keep it secure. These cookies are strictly necessary. Optional analysis cookies which provide us with statistical information about the use of the website may also be deployed, but only with your consent. Please review our Privacy & Data Policy for more information.