Nevena Vratonjic Julien Freudiger Vincent Bindschaedler JeanPierre Hubaux June 2011 WEIS11 2 Impersonation Eavesdropping Modifications Authentication Confidentiality Integrity ID: 230394
Download Presentation The PPT/PDF document "The Inconvenient Truth about Web Certifi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
The Inconvenient Truth about Web Certificates
Nevena VratonjicJulien FreudigerVincent BindschaedlerJean-Pierre Hubaux
June 2011, WEIS’11Slide2
2
Impersonation
Eavesdropping
Modifications
Authentication
Confidentiality
Integrity
https://www.bankofamerica.com
HTTPS
Secure communication
e-banking, e-commerce, Web email, etc.
Authentication,
HTTPS
Confidentiality
and IntegritySlide3
HTTPS in practice
HTTPS is at the core of online businessesProvided security is dubiousNotably due to obscure certificate management3Slide4
Research Questions
Q1: At which scale is HTTPS currently deployed?Q2: What are the problems with current HTTPS deployment?Q3: What are the underlying reasons that led to these problems?4
Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million websitesSlide5
Methodology
1 million most popular websites (Alexa’s ranking)Connect to each website with HTTP and HTTPSStore:URLsContent of Web pagesCertificates5Slide6
Q1: At which scale is HTTPS deployed?
1/3 of websites can be browsed via HTTPS6
Is this too much or too little? Slide7
Login Pages: HTTP vs. HTTPS
77.4% of websites may compromise users’ credentials!7
More Web pages should be served via HTTPS!Slide8
Q2: What are the problems with current HTTPS deployment?
HTTPS may fail due to:Server certificate-based authenticationCipher suitesThe majority ( 70%) of websites use DHE-RSA-AES256-SHA cipher suite8
?Slide9
X.509 Certificates: Bind a public key with an identityCertificates issued by trusted Certification Authorities (CAs)
To issue a certificate, CAs should validate:The applicant owns the domain nameThe applicant is a legitimate and legally accountable entity9
Two-step validation
BoA
’s
identifying
information & domain name
www.bankofamerica.com
CA
XYZ
BoA
’s
public
key
K
BoA
Certificates
Organization Validated (OV) certificatesSlide10
10
Authentication
https://www.bankofamerica.com
Chain
of trust
Public keys of trusted CAs
pre-installed in Web
browsers
Certificate-based Authentication
Browser:
K
CA
HTTPSSlide11
11
Authentication
https://icsil1mail.epfl.ch
Chain
of trust
cannot
be verified by Web browsers
Self-signed Certificates
Browser:
K
EPFL
?
?
?Slide12
Self-signed Certificates
12Slide13
Successful
authentication
Verifying X.509 CertificatesSlide14
Authentication Success
14
Total of 300’582 certificatesSlide15
Authentication Failures
15
Total of 300’582 certificatesSlide16
Certificate Reuse Across Multiple Domains
Mostly due to Internet virtual hosting16Certificate Validity Domain
Number of virtual hosts*.bluehost.com10’075*.hostgator.com9’148*hostmonster.com
4’954
Serving providers’ certs results in Domain Mismatch
Solution: Server Name Indication (SNI) – TLS extension
47.6% of collected certificates are uniqueSlide17
Domain Mismatch: Unique Trusted Certificates
45.24% of unique trusted certs cause Domain Mismatch17
Subdomain mismatch:
cert valid for
subdomain.host
deployed on
host
and vice versa
Slide18
Authentication Success
18
Total of 300’582 certificatesSlide19
Domain-validated only (DVO) certificates
The applicant owns the domain nameThe applicant is a legitimate and legally accountable entity Based on Domain Name Registrars and email verification
Problem
: Domain Name Registrars are untrustworthy
Trusted DVO Certificates
Legitimacy of the certificate owner cannot be trusted!Slide20
Domain-validated Only (DVO)
20
Trusted
Organization
NOT
Validated
Organization Validated
Trusted
Organization Validated
(OV)Slide21
Extended Validation (EV)
Rigorous extended validation of the applicant [ref]Special browser interfaceTrusted EV Certificates21Slide22
DVO vs. OV vs. EV Certificates
61% of certs trusted by browsers are DVO22
Certs with successful authentication
(48’158 certs)
5.7% of certs (
OV+EV
) provide organization validation
22Slide23
Research QuestionsQ1: How is HTTPS currently deployed?
1/3 of websites can be browsed via HTTPS77.4% of login pages may compromise users’ credentialsQ2: What are the problems with current HTTPS deployment?Authentication failures mostly due to domain mismatchWeak authentication with DVO certificates23Slide24
Q3: What are the underlying reasons that led to these problems?
EconomicsMisaligned incentivesMost website operators have an incentive to obtain cheap certsCAs have an incentive to distribute as many certs as possibleConsequence: cheap certs for cheap securityLiabilityNo or limited liability of involved stakeholdersReputationRely on subsidiaries to issue certs less rigorouslyUsabilityMore interruptions users experience, more they learn to ignore security warningsWeb browsers have little incentive to limit access to websites
24Slide25
New Third-Parties:Open websites managed by users, CAs or browser vendors
Introduce information related to performances of CAs and websitesNew Policies:Legal aspects CAs responsible for cert-based auth.Websites responsible for cert deploymentWeb browser vendors limiting the number of root CAs Selection based on quality of certs
Authentication Success Rate
wrt
. CAs
Countermeasures
25Slide26
Conclusion
Large-scale empirical study of HTTPS and certificate-based authentication on 1 million websites5.7% (18’785) implement cert-based authentication properlyNo browser warnings Legitimacy of the certificate owner verifiedMarket for lemonsInformation asymmetry between CAs and website operatorsMost websites acquire cheap certs leading to cheap securityChange policies to align incentives
26Slide27
Data available at: http://icapeople.epfl.ch/freudiger/SSLSurvey
27Slide28
Trusted certificatesExtended Validation (EV
) (extended validation)Organization Validated (OV) (two-step validation)Domain-validated only (DVO) (step 1. validation)Untrusted (self-signed) certificatesCertificate Types28
Certificate TypePros
Cons
EV
Most trust
Expensive
OV
Trusted
Web browsers c
annot distinguish OV from DVO certificate
DVOInexpensiveCannot guarantee legitimacy of the certificate owner
Self-signedNo cost
Not trusted by Web browsersSlide29
Domain MatchingCompare
host to candidate fields: DNS Name (Alternative Name Certificate Extension) Common Name (Subject)Domain Match [RFC2459, RFC2818]:Host matches exactly one of the candidate fields (case-insensitive)Host matches the regular expression given by wildcard candidate fields(e.g., *.a.com matches foo.a.com but not bar.foo.a.com)
29Slide30
Authentication Success Rate wrt. CAs
30Slide31
Authentication Sucess Rate wrt
. Countries31Slide32
Authentication Sucess Rate wrt. Website Rank
32Slide33
Facebook Login Page
By default served with HTTPSource code of the login page:<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" ……>33
http(s)://arbitraryServer/Slide34
Collected DataData collected for 1’000’787 unique hosts
958’420 working hosts1’032’019 Web pages with HTTP339’693 Web pages with HTTPSFollowing redirections, final pages are mostly in the initial domain or in www subdomain34Slide35
35
VerifyHowSuccessFailureValidity of Signatures
Open SSL verify toolValid chain of trustBroken chain of trustTrusted RootIs the root among trusted root CAs?
Trusted Certificate
Untrusted Certificate
Validity Period
Compare to the current date
Not Expired
Expired
Domain Matching
Compare
host to-CN subject
-DNS nameDomain Match
Domain MismatchVerifying X.509 CertificatesSlide36
SSL Observatory [1]Crawl the IP address space
Check certificate propertiesE.e., EV certificates non-compliant with the standardWe crawl different domainsCheck how certificates are used in practiceE.g., domain matching36Related Work
[1] The EFF SSL Observatory — Electronic Frontier foundation. http://www.eff.org/observatorySlide37
State of the Art - Attacks
Attacks on HTTPS:Attacking Root CAs [1]Attacking Weak Certificate Validation [2]37[1] C. Sogohian and S. Stamm
, “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL,” in HotPETs, 2010. [2] SSL Certificate for Mozilla.com Issued Without Validation. http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.htmlSlide38
Domain Mismatch: Trusted Certificates
74.5% of trusted certs cause Domain Mismatch38
Lack subdomain redirection
: cert valid for
subdomain.host
deployed on
host
Wrong subdomain cert:
cert valid for
host
deployed on
subdomain
.
hostSlide39
39