The Inconvenient Truth about Web Certificates
description
Transcript of The Inconvenient Truth about Web Certificates
![Page 1: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/1.jpg)
The Inconvenient Truth about Web Certificates
Nevena VratonjicJulien Freudiger
Vincent BindschaedlerJean-Pierre Hubaux
June 2011, WEIS’11
![Page 2: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/2.jpg)
2
Impersonation
EavesdroppingModificationsAuthentication
ConfidentialityIntegrity
https://www.bankofamerica.com
HTTPS
Secure communicatione-banking, e-commerce, Web email, etc.Authentication,
HTTPS
Confidentialityand Integrity
![Page 3: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/3.jpg)
HTTPS in practiceHTTPS is at the core of online businessesProvided security is dubious
Notably due to obscure certificate management
3
![Page 4: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/4.jpg)
Research Questions
Q1: At which scale is HTTPS currently deployed?
Q2: What are the problems with current HTTPS deployment?
Q3: What are the underlying reasons that led to these problems?
4
Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million
websites
![Page 5: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/5.jpg)
Methodology1 million most popular websites (Alexa’s
ranking)
Connect to each website with HTTP and HTTPS
Store:URLsContent of Web pagesCertificates
5
![Page 6: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/6.jpg)
Q1: At which scale is HTTPS deployed?
1/3 of websites can be browsed via HTTPS
6
Is this too much or too little?
HTTPS
34.7%
HTTP65.3%
![Page 7: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/7.jpg)
Login Pages: HTTP vs. HTTPS
77.4% of websites may compromise users’ credentials!
7
HTTPS22.6%HTTP
77.4%
More Web pages should be served via HTTPS!
![Page 8: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/8.jpg)
Q2: What are the problems with current HTTPS deployment?
HTTPS may fail due to:Server certificate-based authenticationCipher suites
The majority ( 70%) of websites use DHE-RSA-AES256-SHA cipher suite
8
?
![Page 9: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/9.jpg)
X.509 Certificates: Bind a public key with an identity
Certificates issued by trusted Certification Authorities (CAs)
To issue a certificate, CAs should validate:1. The applicant owns the domain name2. The applicant is a legitimate and legally
accountable entity
9
Two-step validationBoA’s
identifying information & domain name www.bankofamerica.com
CA XYZBoA’s public
key KBoA
Certificates
Organization Validated (OV) certificates
![Page 10: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/10.jpg)
10
Authentication
https://www.bankofamerica.com
Chain of trust Public keys of trusted CAs pre-installed in Web
browsers
Certificate-based Authentication
Browser: KCA
HTTPS
![Page 11: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/11.jpg)
11
Authentication
https://icsil1mail.epfl.ch
Chain of trust cannot be verified by Web browsers
Self-signed Certificates
Browser: K
EPFL ?
??
![Page 12: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/12.jpg)
Self-signed Certificates
12
![Page 13: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/13.jpg)
Trusted CA
Not expiredDomain match
Successfulauthentication
Verifying X.509 Certificates
![Page 14: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/14.jpg)
Authentication Success
14Total of 300’582 certificates
![Page 15: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/15.jpg)
Authentication Failures
15Total of 300’582 certificates
![Page 16: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/16.jpg)
Certificate Reuse Across Multiple Domains
Mostly due to Internet virtual hosting
16
Certificate Validity Domain Number of virtual hosts
*.bluehost.com 10’075*.hostgator.com 9’148
*hostmonster.com 4’954
Serving providers’ certs results in Domain Mismatch
Solution: Server Name Indication (SNI) – TLS extension47.6% of collected certificates are unique
![Page 17: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/17.jpg)
Domain Mismatch: Unique Trusted Certificates
45.24% of unique trusted certs cause Domain Mismatch
17
Subdomain mismatch: cert valid for subdomain.host deployed on host and vice versa
![Page 18: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/18.jpg)
Authentication Success
18Total of 300’582 certificates
![Page 19: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/19.jpg)
Domain-validated only (DVO) certificates1. The applicant owns the domain name2. The applicant is a legitimate and legally
accountable entity Based on Domain Name Registrars and email
verification Problem: Domain Name Registrars are untrustworthy
Trusted DVO Certificates
Legitimacy of the certificate owner cannot be trusted!
![Page 20: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/20.jpg)
Domain-validated Only (DVO)
20
Trusted
Organization NOT Validated
Organization Validated
Trusted
Organization Validated (OV)
![Page 21: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/21.jpg)
Extended Validation (EV) Rigorous extended validation of the applicant
[ref]Special browser interface
Trusted EV Certificates
21
![Page 22: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/22.jpg)
DVO vs. OV vs. EV Certificates
61% of certs trusted by browsers are DVO
22
Certs with successful authentication(48’158 certs)
5.7% of certs (OV+EV) provide organization validation
DVO61%EV
6%
OV33%
![Page 23: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/23.jpg)
Research Questions
Q1: How is HTTPS currently deployed?1/3 of websites can be browsed via HTTPS77.4% of login pages may compromise users’
credentials
Q2: What are the problems with current HTTPS deployment?Authentication failures mostly due to domain
mismatchWeak authentication with DVO certificates
23
![Page 24: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/24.jpg)
Q3: What are the underlying reasons that led to these problems?
EconomicsMisaligned incentives
Most website operators have an incentive to obtain cheap certs CAs have an incentive to distribute as many certs as possible
Consequence: cheap certs for cheap securityLiability
No or limited liability of involved stakeholdersReputation
Rely on subsidiaries to issue certs less rigorouslyUsability
More interruptions users experience, more they learn to ignore security warnings
Web browsers have little incentive to limit access to websites
24
![Page 25: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/25.jpg)
New Third-Parties:Open websites managed by users, CAs or browser
vendorsIntroduce information related to performances of
CAs and websitesNew Policies:
Legal aspects CAs responsible for cert-based auth. Websites responsible for cert deployment
Web browser vendors limiting the number of root CAs Selection based on quality of certs
Authentication Success Rate wrt. CAs
Countermeasures
25
![Page 26: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/26.jpg)
Conclusion
Large-scale empirical study of HTTPS and certificate-based authentication on 1 million websites
5.7% (18’785) implement cert-based authentication properlyNo browser warnings Legitimacy of the certificate owner verified
Market for lemonsInformation asymmetry between CAs and website
operatorsMost websites acquire cheap certs leading to
cheap securityChange policies to align incentives
26
![Page 27: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/27.jpg)
Data available at:http://icapeople.epfl.ch/freudiger/
SSLSurvey
27
![Page 28: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/28.jpg)
Trusted certificatesExtended Validation (EV) (extended validation)Organization Validated (OV) (two-step validation)Domain-validated only (DVO) (step 1. validation)
Untrusted (self-signed) certificates
Certificate Types
28
Certificate Type Pros Cons
EV Most trust Expensive
OV TrustedWeb browsers cannot
distinguish OV from DVO certificate
DVO Inexpensive Cannot guarantee legitimacy of the certificate owner
Self-signed No cost Not trusted by Web browsers
![Page 29: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/29.jpg)
Domain Matching
Compare host to candidate fields: DNS Name (Alternative Name Certificate
Extension) Common Name (Subject)
Domain Match [RFC2459, RFC2818]:Host matches exactly one of the candidate
fields (case-insensitive)Host matches the regular expression given by
wildcard candidate fields (e.g., *.a.com matches foo.a.com but not
bar.foo.a.com)29
![Page 30: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/30.jpg)
Authentication Success Rate wrt. CAs
30
![Page 31: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/31.jpg)
Authentication Sucess Rate wrt. Countries
31
![Page 32: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/32.jpg)
Authentication Sucess Rate wrt. Website Rank
32
![Page 33: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/33.jpg)
Facebook Login Page
By default served with HTTPSource code of the login page:<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" ……>
33
http(s)://arbitraryServer/
![Page 34: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/34.jpg)
Collected Data
Data collected for 1’000’787 unique hosts958’420 working hosts
1’032’019 Web pages with HTTP339’693 Web pages with HTTPSFollowing redirections, final pages are mostly
in the initial domain or in www subdomain
34
![Page 35: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/35.jpg)
35
Verify How Success FailureValidity of Signatures
Open SSL verify tool
Valid chain of trust
Broken chain of trust
Trusted RootIs the root
among trusted root CAs?
Trusted Certificate
Untrusted Certificate
Validity Period Compare to the current date Not Expired Expired
Domain Matching
Compare host to
-CN subject-DNS name
Domain Match Domain Mismatch
Verifying X.509 Certificates
![Page 36: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/36.jpg)
SSL Observatory [1]Crawl the IP address spaceCheck certificate properties
E.e., EV certificates non-compliant with the standard
We crawl different domainsCheck how certificates are used in practice
E.g., domain matching
36
Related Work
[1] The EFF SSL Observatory — Electronic Frontier foundation. http://www.eff.org/observatory
![Page 37: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/37.jpg)
State of the Art - AttacksAttacks on HTTPS:
Attacking Root CAs [1]Attacking Weak Certificate Validation [2]
37
[1] C. Sogohian and S. Stamm, “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL,” in HotPETs, 2010. [2] SSL Certificate for Mozilla.com Issued Without Validation. http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
![Page 38: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/38.jpg)
Domain Mismatch: Trusted Certificates74.5% of trusted certs cause Domain Mismatch
38
Lack subdomain redirection: cert valid for subdomain.host deployed on host
Wrong subdomain cert: cert valid for host deployed on subdomain.host
![Page 39: The Inconvenient Truth about Web Certificates](https://reader036.fdocuments.in/reader036/viewer/2022070501/56816910550346895de02ac0/html5/thumbnails/39.jpg)
39