ELE 297 Project receives Best Presentation Award at HotPETs 2017

Sept. 8, 2017

Henry Birge-Lee’s  ELE 297 Project with graduate students Yixin Sun and Annie Edmundson received the best presentation award at the Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017). The students were advised by Prof. Prateek Mittal and Prof. Jennifer Rexford. 
 
The project, titled “Using BGP to Acquire Bogus TLS Certificates” demonstrates a real-world attack against  the domain validation protocol used to secure Internet communications. The project is influencing industry-wide deployment of secure domain validation mechanisms, including at LetsEncrypt (the world’s largest certificate authority), which is expected to issue more than 40 million digital certificates based on the suggested countermeasures by the year end.
 
Demo of the talk including the attack:
https://www.youtube.com/watch?v=TYBq2ammTRg&index=62&list=PLWSQygNuIsPf349Bl-ls2T3EelyJA9DS5
 
Link to the workshop paper:
https://petsymposium.org/2017/papers/hotpets/bgp-bogus-tls.pdf