SALVE: Server Authentication with Location VErification

TL;DR

SALVE introduces a location-based server authentication method that verifies a server's geographic location using secure DNS and LCS, enhancing TLS security against certificate-based impersonation with minimal performance impact.

Contribution

This paper presents SALVE, a novel location verification approach integrated into TLS for improved server authentication, addressing certificate authority vulnerabilities.

Findings

SALVE effectively prevents impersonation with mis-issued certificates.

The prototype incurs minimal throughput impact.

It is backward compatible with existing TLS systems.

Abstract

The Location Service (LCS) proposed by the telecommunication industry is an architecture that allows the location of mobile devices to be accessed in various applications. We explore the use of LCS in location-enhanced server authentication, which traditionally relies on certificates. Given recent incidents involving certificate authorities, various techniques to strengthen server authentication were proposed. They focus on improving the certificate validation process, such as pinning, revocation, or multi-path probing. In this paper, we propose using the server's geographic location as a second factor of its authenticity. Our solution, SALVE, achieves location-based server authentication by using secure DNS resolution and by leveraging LCS for location measurements. We develop a TLS extension that enables the client to verify the server's location in addition to its certificate. Successful server authentication therefore requires a valid certificate and the server's presence at a legitimate geographic location, e.g., on the premises of a data center. SALVE prevents server impersonation by remote adversaries with mis-issued certificates or stolen private keys of the legitimate server. We develop a prototype implementation and our evaluation in real-world settings shows that it incurs minimal impact to the average server throughput. Our solution is backward compatible and can be integrated with existing approaches for improving server authentication in TLS.