Handshake: Decentralizing DNS to Improve the Security of the Internet
Sept 19, 2019 – updated
Handshake can make the internet more secure by providing a distributed alternative to Certificate Authorities (CAs) and making domain names censorship-resistant, seizure-resistant, and tamper-proof.
To understand how Handshake can improve the internet, let’s first look at how security on the Internet works today. If you already know how TLS and CAs work, you can skip to Problems with CAs.
When you make an HTTP request to Google.com, your browser first does a DNS lookup to find the IP address of Google’s servers. Your browser then makes a request to that IP address. The request goes from your computer to Google’s servers, but your request is routed through a variety of large interconnected networks before it reaches its destination. In some cases, it may even pass through another country before returning to your country. For instance, most of the internet traffic in South America routes through Miami. At any point along this journey, intermediaries may inspect or even attempt to modify the data you send to Google to another server that’s not Google! This is known as a MITM (Man In The Middle) attack. In fact, Edward Snowden’s documents revealed that the NSA did exactly that when they performed MITM attacks on Google to collect data on people.
MITM attack. Source cloudflare.com
We need Authentication, Integrity, and Encryption in order to prevent MITM attacks.The solution is to use HTTPS, which relies on TLS and CAs.
Your browser encrypts traffic to websites using TLS (Transport Security Layer), which relies on public key cryptography. Public key cryptography is a method of asymmetric encryption using a pair of keys: a public key and a private key pair (as opposed to symmetric encryption with only one key). The public key is shared publicly and is used to verify signatures. The private key is used to decrypt messages encrypted by the public key. The private key is never shared.
When the browser makes an HTTPS request to Google, it initiates a TLS Handshake with Google and receives Google’s public key. The browser then uses Google’s public key to verify that the rest of the messages in the TLS handshake are initiated by Google, because only Google has the private key for its public key. This way, even if intermediate networks spy on the request, they won’t be able to decrypt the contents of it. If an intermediary routes the request to another server pretending to be Google, the browser will know because that server won’t be able to respond to the request.
How do you know that Google’s public key is actually Google’s public key? When you make that first request to Google, an intermediate network may have intercepted your request and returned a fake public key for Google. CAs attempt to solve this problem. CAs are trusted third parties that verify the authenticity of public keys for websites. Your operating system ships with a list of vetted CAs by default. When a website wants to support HTTPS requests, they register their public key with one of the trusted CAs. You verify that the public key you receive from Google is truly Google’s public key by checking it with your CAs.
You may have noticed a fundamental assumption: You must trust the CAs. All of them. There are hundreds of CAs installed on your computer by default — Microsoft Windows comes with 390 certificates, and Mac OS X comes with 170 certificates. These CAs can delegate trust to intermediates, and those intermediates can delegate trust to even more child intermediates. You don’t know who all these CA intermediates are and if even a single one of them gets hacked, all your HTTPS traffic is vulnerable to MITM attacks. In the DigiNotar attack, the Iranian government hacked a Dutch CA and used it to MITM 300,000 Iranian citizens.
Just a few of the certificates that my machine trusts. Not surprised to see GoDaddy but I did not expect to see a Hong Kong CA installed…
While Blockchain-based protocols can be slow and limited, they excel at addressing the issue of trusted third parties. Da