DoubleCheck: Multi-Path Verification Against Man-in-the-Middle Attacks

Self-signed certificates for SSL and self-generated hosts keys for SSH are popular zero-cost, simple alternatives to Public Key Infrastructure (PKI). They provide security against man-in-the-middle attacks, as long as the client connecting to those services knows the certificates or host keys a priori. A simple solution used in practice is to trust the certificate or the host key when the client connects to a server for the first time. This approach is susceptible to man-in-the-middle attacks, a fact exploited by adversaries in a variety of attacks against unsuspecting users. The authors develop a simple and scalable solution named DoubleCheck to protect against such attacks.