December 6, 2024

A Brief History of Multi-Perspective Issuance Corroboration

By Henry Birge-Lee, Grace Cimaszewski, Liang Wang, Cyrill Krähenbühl, and Prateek Mittal

“Multi-Perspective Issuance Corroboration” (or “MPIC”) is currently under discussion as an industry-wide standard by the CA/Browser Forum Server Certificate Working Group, and possibly by other Forum Working Groups in the future (i.e., the S/MIME Working Group). This is a promising idea that aims to mitigate the risk of equally-specific Border Gateway Protocol (BGP) attacks by validating domain ownership and the corresponding CA’s permission to issue from multiple perspectives spread across the Internet. Our group at Princeton is spearheading the development of this technology and is also offering an implementation of MPIC via the Open MPIC Project. This post summarizes the history of MPIC and our group’s research and development efforts on this technology. We aim to highlight our commitment to open-source contributions. We trust that MPIC will find valuable and diverse applications across various fields, and we look forward to witnessing the positive impact of open innovation.

Author’s note: The technology of using multiple perspectives spread across the Internet to reduce the risk of BGP attacks causing certificate mis-issuance has gone through several different names including: “Multi-Perspective Domain Validation”, “Multiple-Vantage-Point Domain Validation”, “multiVA”, “Multi-Path Validation”, and “Multi-Perspective CAA”. Even though many of the articles we cite used some of these previous names, we use MPIC for consistency given the standardization process ongoing within the CA/Browser Forum.

History of MPIC:

  • 2015: Artyom Gavrichenkov presented “Breaking HTTPS With BGP Hijacking” at Black Hat USA which theoretically introduced the vulnerability of the PKI to BGP attacks and discussed localized BGP attacks that affect only a portion of the Internet.
  • 2017:
    • Henry Birge-Lee et al. ethically demonstrated the vulnerability of the PKI to BGP attacks for the first time in the wild to obtain a bogus certificate in a demo at HotPETs ‘17. They were also the first to publicly introduce the concept of validating challenges from multiple network perspectives in their abstract for the talk which ultimately became known as MPIC. This paper also linked to the first ever published implementation of multiple vantage point validation which relied upon HTTP proxies connected over VPN tunnels to perform domain control validation at remote perspectives. Let’s Encrypt immediately announced plans to deploy MPIC the day of our HotPETS talk. This ultimately led to a collaboration between our group at Princeton and Let’s Encrypt to further develop and deploy MPIC.
    • Let’s Encrypt officially announced that Multi-Perspective Domain Validation was implemented in their codebase and enabled in their staging environment. Their implementation was different from the original implementation by Birge-Lee et al. in that it relied upon running validation code at remote perspectives. In their implementation the primary orchestrating perspective sends information including the domain name to be validated and the challenge information (path and expected value) to the remote perspectives which then initiate their own validation requests. The challenge information and the responses are all sent over encrypted gRPC tunnels which rely on mutually-authenticated TLS sessions.
  • 2018: Birge-Lee et al. published a paper at the Usenix Security Symposium that rigorously analyzed attacks (both theoretically and via real-world attack experiments) that an adversary can use to obtain a bogus certificate and developed a taxonomy of BGP attacks on the PKI. This paper used Internet topology simulations and data on 1.8 million domains to provide the first effort to rigorously quantify the vulnerability of domain validation to BGP attacks as well as the security benefits of Multi-Perspective Domain Validation against localized equally-specific BGP attacks.
  • 2020: Through the collaboration between Princeton and Let’s Encrypt, Let’s Encrypt finalized their production deployment of multi-perspective domain validation and enabled it on all ~1.5 million certificates they sign every day.
  • 2021: The Princeton and Let’s Encrypt collaboration lead to Birge-Lee et al. publishing “Experiences Deploying Multi-Vantage-Point Domain Validation at Let’s Encrypt” at Usenix Security ‘21 which detailed Let’s Encrypt’s deployment, studied the impact on benign certificate issuance, and showed the deployment improved security against ethically-launched real-world BGP attacks.
  • 2024:
    • Public discussion on Ballot SC-067 to incorporate MPIC into the TLS Baseline Requirements began.
    • The Open MPIC Project was launched to offer an API-based open-source implementation that can be easily deployed by any CA. Open MPIC provides the first implementation for non-ACME CAs and allows CAs to deploy MPIC in their own cloud provider accounts. This offers the benefits of a cloud deployment while allowing CAs to have full visibility and control of the code that is running MPIC. In the future we hope to work with interested parties to turn the Open MPIC API Specification into an RFC standard that can also be adopted by other MPIC deployments.

Conclusion:

Over several years, our group has supported the open development and research of MPIC, including MPIC design, implementation, and deployment.  In the spirit of open innovation, the MPIC contributions from our Princeton team have been given to the public domain. We hope that MPIC finds diverse applications across fields, and look forward to witnessing the positive impact of open innovation. In a subsequent blog post we will discuss our future vision and the details of the Open MPIC project.

Comments

  1. What a great post! I learned a lot from it. Your analysis is quite thorough, and I really enjoy reading your work. This is a great post that I will be using again and again because of how much I learnt from it. You are doing an excellent job.

  2. sandscasino.co.kr says

    This post was really helpful and easy to follow. Reading your in-depth analyses and well-explained points is a delight. I found the samples you provided to be really useful. Your expertise is much appreciated.

  3. Flavored coffee says

    Thank you for this comprehensive and engaging article. Your clear and concise writing style makes it easy to follow along, even with more complex topics. I learned a lot from this post and will definitely be referring back to it in the future. Keep up the great work!

  4. Drake Kirlin says

    I love the depth of research and attention to detail in this article. Well done!

  5. senior move servies says

    What an excellent post! Reading it was really educational for me. You provided extremely well-organized material, and your explanations were both clear and brief. Your time and energy spent on this article’s research and writing are much appreciated. Anyone interested in this topic would surely benefit from this resource.

  6. sites like adsense says

    Excellent post! Your detailed analysis and engaging writing style make this a must-read for anyone interested in the topic. I appreciate the practical tips and examples you included. Thank you for taking the time to share your knowledge with us.

  7. senior move says

    What a great story! I’m so glad you shared it. The data you supplied was both practical and simple to grasp. Your ability to simplify otherwise difficult ideas is much appreciated. Anyone interested in learning more about this subject would benefit greatly from reading this.

  8. coldwell banker moving says

    An informative and well-written piece. The principles are easily understood and applied thanks to your thorough explanations and practical examples. Thank you for taking the time to provide such detailed information. Your time and knowledge are much appreciated.

Speak Your Mind

*