Traditional verification methods rely on DNS lookup, HTTP challenge or email verification, all of which depend on the appropriate Internet routing. The inherent lack of security controls in BGP creates opportunities for traffic hijacking.
“When a CA performs a domain control check, it assumes that the traffic it sends has reached the correct server,” Sharkov said. “But that’s not always correct.”
The consequences are important: fraudulently obtained certificates enable convincing website imitation and potentially encrypted traffic stops.
How MPIC works
The open MPIC framework implements a direct but effective security principle: check the same verification data from multiple different locations on the Internet.
“The solution is to make certificate verification less dependency on any route,” Sakov explained. ” Instead of verifying domains from a single network location, MPIC requires CAS to check from multiple geographically different vantage points.”
This approach increases the work required for a successful attack, as the attacker needs to compromise the route to multiple geographically different vantage points simultaneously. Therefore, if one region is misled by BGP hijacking, others can capture the differences and prevent the certificate from being issued.
