{"id":"https://openalex.org/W1959803714","doi":"https://doi.org/10.1007/978-3-642-33167-1_12","title":"Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties","display_name":"Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties","publication_year":2012,"publication_date":"2012-01-01","ids":{"openalex":"https://openalex.org/W1959803714","doi":"https://doi.org/10.1007/978-3-642-33167-1_12","mag":"1959803714"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-33167-1_12","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-33167-1_12","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-33167-1_12.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-33167-1_12.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006676867","display_name":"Italo Dacosta","orcid":null},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Italo Dacosta","raw_affiliation_strings":["Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018826118","display_name":"Mustaque Ahamad","orcid":"https://orcid.org/0000-0002-7955-5126"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mustaque Ahamad","raw_affiliation_strings":["Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048941759","display_name":"Patrick Traynor","orcid":"https://orcid.org/0000-0002-7143-5189"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Patrick Traynor","raw_affiliation_strings":["Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Converging Infrastructure Security (CISEC) Laboratory, Georgia Tech Information Security Center (GTISC), Georgia Institute of Technology, USA","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":13.8637,"has_fulltext":true,"cited_by_count":66,"citation_normalized_percentile":{"value":0.99345316,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"199","last_page":"216"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.920276939868927},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8358504772186279},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.809208869934082},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6155803799629211},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5972615480422974},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.5531915426254272},{"id":"https://openalex.org/keywords/public-key-infrastructure","display_name":"Public key infrastructure","score":0.5525281429290771},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5026509761810303},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4612656235694885},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.4098812937736511},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3478120267391205},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.2619503140449524}],"concepts":[{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.920276939868927},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8358504772186279},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.809208869934082},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6155803799629211},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5972615480422974},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.5531915426254272},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.5525281429290771},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5026509761810303},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4612656235694885},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.4098812937736511},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3478120267391205},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2619503140449524},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-642-33167-1_12","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-33167-1_12","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-33167-1_12.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.719.6146","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.719.6146","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cc.gatech.edu/%7Etraynor/papers/dacosta-esorics12.pdf","raw_type":"text"}],"best_oa_location":{"id":"doi:10.1007/978-3-642-33167-1_12","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-642-33167-1_12","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-642-33167-1_12.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"score":0.6499999761581421,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G6671297155","display_name":null,"funder_award_id":"CAREER","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7908536285","display_name":"CAREER:  Protecting User Data on Lost, Stolen and Damaged Mobile Phones","funder_award_id":"0952959","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W1959803714.pdf","grobid_xml":"https://content.openalex.org/works/W1959803714.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W89672345","https://openalex.org/W203500824","https://openalex.org/W1498527206","https://openalex.org/W1550000763","https://openalex.org/W1566273181","https://openalex.org/W1567409052","https://openalex.org/W1568223756","https://openalex.org/W1595293097","https://openalex.org/W1595861018","https://openalex.org/W1706727159","https://openalex.org/W1806341695","https://openalex.org/W1895302964","https://openalex.org/W2100442755","https://openalex.org/W2105922461","https://openalex.org/W2133495192","https://openalex.org/W2136039867","https://openalex.org/W2160343382","https://openalex.org/W2161954933","https://openalex.org/W2167993151","https://openalex.org/W2233514401","https://openalex.org/W2238866705","https://openalex.org/W2266218113","https://openalex.org/W2282323267","https://openalex.org/W2295478238","https://openalex.org/W2476332689","https://openalex.org/W2483988241","https://openalex.org/W2505013646","https://openalex.org/W4225591807"],"related_works":["https://openalex.org/W2994213367","https://openalex.org/W1968118562","https://openalex.org/W4313128548","https://openalex.org/W1612032142","https://openalex.org/W2741200606","https://openalex.org/W1915479549","https://openalex.org/W3013016046","https://openalex.org/W1494030766","https://openalex.org/W3195490030","https://openalex.org/W4386315167"],"abstract_inverted_index":{"The":[0],"security":[1],"guarantees":[2],"provided":[3],"by":[4,16],"SSL/TLS":[5],"depend":[6],"on":[7,96,119,169],"the":[8,170],"correct":[9],"authentication":[10,115,199],"of":[11,49,64,86,94,128,148],"servers":[12],"through":[13],"certificates":[14,45,110],"signed":[15],"a":[17,47,89,120,191],"trusted":[18],"authority.":[19],"However,":[20],"as":[21],"recent":[22],"incidents":[23],"have":[24,41,66,75],"demonstrated,":[25],"trust":[26],"in":[27,155],"these":[28],"authorities":[29,36],"is":[30,133],"not":[31,134],"well":[32],"placed.":[33],"Increasingly,":[34],"certificate":[35,99],"(by":[37],"coercion":[38],"or":[39,184],"compromise)":[40],"been":[42,67],"creating":[43],"forged":[44],"for":[46,98,108],"range":[48],"adversaries,":[50],"allowing":[51],"seemingly":[52],"secure":[53],"communications":[54],"to":[55,103,140,180,196],"be":[56],"intercepted":[57],"via":[58],"man-in-the-middle":[59],"(MITM)":[60],"attacks.":[61],"A":[62],"variety":[63],"solutions":[65],"proposed,":[68],"but":[69,142],"their":[70,77,109],"complexity":[71],"and":[72,105,137,158,177,193,200],"deployment":[73],"costs":[74],"hindered":[76],"adoption.":[78],"In":[79,187],"this":[80,124],"paper,":[81],"we":[82,189],"propose":[83],"Direct":[84],"Validation":[85],"Certificates":[87],"(DVCert),":[88],"novel":[90],"protocol":[91],"that,":[92],"instead":[93],"relying":[95,118],"third-parties":[97],"validation,":[100],"allows":[101],"domains":[102],"directly":[104],"securely":[106],"vouch":[107],"using":[111],"previously":[112],"established":[113],"user":[114,185],"credentials.":[116],"By":[117],"robust":[121,192],"cryptographic":[122],"construction,":[123],"relatively":[125],"simple":[126],"means":[127],"enhancing":[129],"server":[130,171,182,198],"identity":[131],"validation":[132],"only":[135],"efficient":[136],"comparatively":[138],"easy":[139],"deploy,":[141],"it":[143],"also":[144],"solves":[145],"other":[146],"limitations":[147],"third-party":[149],"solutions.":[150],"Our":[151],"extensive":[152],"experimental":[153],"analysis":[154],"both":[156],"desktop":[157],"mobile":[159],"platforms":[160],"shows":[161],"that":[162],"DVCert":[163],"transactions":[164],"require":[165],"little":[166],"computation":[167],"time":[168],"(e.g.,":[172],"less":[173],"than":[174],"1":[175],"ms)":[176],"are":[178],"unlikely":[179],"degrade":[181],"performance":[183],"experience.":[186],"short,":[188],"provide":[190],"practical":[194],"mechanism":[195],"enhance":[197],"protect":[201],"web":[202],"applications":[203],"from":[204],"MITM":[205],"attacks":[206],"against":[207],"SSL/TLS.":[208]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":10},{"year":2016,"cited_by_count":11},{"year":2015,"cited_by_count":5},{"year":2014,"cited_by_count":14},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}