Laribus: Privacy-Preserving Detection of Fake SSL Certificates with a Social P2P Notary Network

摘要

In this paper we present Laribus, a peer-to-peer network designed to detect local man-in-the-middle attacks against SSL/TLS. With Laribus clients can validate the authenticity of a certificate presented to them by retrieving it from different vantage points on the network. Unlike previous solutions, clients do not have to trust a central notary service, nor do they have to rely on the cooperation of website owners. The Laribus network is based on a Social Network graph, which allows users to form Notary Groups that improve both privacy and availability. It integrates several well-known techniques, such as secret sharing, ring signatures, layered encryption, range queries and a Distributed Hash Table (DHT), to achieve privacy-aware queries, scalability and decentralization. We present the design and core components of Laribus, discuss its security properties and also provide results from a simulation-based feasibility study.