A man-in-the-middle (“MITM”) attack is a type of computer security breach in which an attacker makes independent connections with two victims and relays messages between them. The attacker in a MITM attack makes it appear to the victims of the attack that they are communicating directly with one another over a private connection. The attacker, however, controls the entire conversation.
In a transaction between a client and a server, for example, a MITM attacker can utilize various techniques to split a single connection between a client and a server into two separate connections: one connection between the client and the attacker and another connection between the server and the attacker. Once the connection has been split in this manner, the attacker can read and modify data transmitted between the client and server without being easily detected.
Public key certificates (which may be referred to herein as “digital certificates” or simply “certificates”) are one mechanism utilized to prevent MITM attacks. A public key certificate is an electronic document issued by a trusted party, called a certification authority (“CA”), which can be utilized to verify that a public encryption key belongs to a company or individual. For example, a CA might issue a public key certificate to an e-commerce merchant. The public key certificate includes information about the merchant, the merchant's public encryption key, and is digitally signed by the CA using the CA's private encryption key.
When a client connects to a server operated by the e-commerce merchant, the server transmits the merchant's public key certificate to the client. The client then utilizes the certificate to verify that the merchant in fact operates the server and to obtain the merchant's public encryption key. A key exchange can then occur between the client and the server to create an encrypted two-way communications session.
Despite the trusted nature of the CAs, it is possible for an attacker to fraudulently obtain a valid public key certificate for a domain that the attacker does not own. An attacker can then utilize such a fraudulently obtained public key certificate to masquerade as the owner of the domain and to perform MITM attacks on victims connecting to the domain.
It is with respect to these and other considerations that the disclosure made herein is presented.