LEADING THE INTERNET WITH TECHNOLOGY DEVELOPMENT

At Verisign Labs, research is not just for the sake of exploration, but to develop technologies that will play a significant role in the evolution of the internet. Our research spans a wide range of technical disciplines and our researchers collaborate closely with engineering, platform developers, data architects and operations experts. Verisign Labs initiatives are deeply embedded in Verisign's business areas. A selection of our ongoing research projects is listed here, along with the publications of individual Verisign Labs researchers.

MitM Attack by Name Collision: Cause Analysis and WPAD Vulnerability Assessment in the New gTLD Era. Man in the Middle (MitM) attacks on web browsing have become easier than they have ever been before because of a problem called “Name Collision” and a protocol called the Web Proxy Auto-Discovery (WPAD) protocol. This name collision attack can cause all web traffic of an internet user to be redirected to a MitM proxy automatically right after the launching of a standard browser. The underlying problem of this attack is internal namespace WPAD query leakage, which itself is a known problem for years. However, it remains understudied since it was not easily exploitable before the recent new gTLD delegation.

In this paper, researchers from Verisign Labs and the University of Michigan focus on this newly exposed MitM attack vector and perform the first systematic study of the underlying problem causes and its vulnerability status in the wild.