SALVE: server authentication with location verification

Authors: Der-Yeuan Yu, Aanjhan Ranganathan, Ramya Jayaram Masti, Claudio Soriente, and Srdjan Čapkun

Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, MobiCom 2016

Abstract

The Location Service (LCS) proposed by the telecommunication industry is an architecture that allows the location of mobile devices to be accessed in various applications. We explore the use of LCS in location-enhanced server authentication, which traditionally relies on certificates. Given recent incidents involving certificate authorities, various techniques to strengthen server authentication were proposed. They focus on improving the certificate validation process, such as pinning, revocation, or multi-path probing. In this paper, we propose using the server’s geographic location as a second factor of its authenticity. Our solution, SALVE, achieves location-based server authentication by using secure DNS resolution and by leveraging LCS for location measurements. We develop a TLS extension that enables the client to verify the server’s location in addition to its certificate. Successful server authentication therefore requires a valid certificate and the server’s presence at a legitimate geographic location, e.g., on the premises of a data center. SALVE prevents server impersonation by remote adversaries with mis-issued certificates or stolen private keys of the legitimate server. We develop a prototype implementation and our evaluation in real-world settings shows that it incurs minimal impact to the average server throughput. Our solution is backward compatible and can be integrated with existing approaches for improving server authentication in TLS.

People

Dr. Der-Yeuan Yu

Doctoral Student (2012 – 2017)

Zühlke, Zurich

Dr. Aanjhan Ranganathan

Doctoral Student (2010 – 2017)

Assistant Professor, Northeastern University

Dr. Ramya Jayaram Masti

Doctoral Student (2010 – 2015)

Intel Corporation

Dr. Claudio Soriente

Doctoral Student (2012 – 2015)

Researcher, NEC Laboratories

Prof. Srdjan Čapkun

Group Leader

BibTex

@inproceedings{yu2016salve,
  author    = {Yu, Der-Yeuan and Ranganathan, Aanjhan and Masti, Ramya Jayaram and Soriente, Claudio and Capkun, Srdjan},
  title     = {{SALVE: server authentication with location verification}},
  booktitle = {Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, MobiCom 2016},
  address   = {New York City, NY, USA},
  year      = 2016,
  month     = oct,
  publisher = {Association for Computing Machinery},
  doi       = {10.1145/2973750.2973766},
  url       = {https://doi.org/10.1145/2973750.2973766}
}

Research Collection: 20.500.11850/120932