May 18, 2014
Analyzing Forged SSL Certificates in the Wild
IEEE Symposium on Security and Privacy (IEEE S&P)
The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook.
By: David Huang, Alex Rice, Erling Ellingsen, Collin Jackson
Security & Privacy