49K - views

The Inconvenient Truth about Web Certificates

Nevena. . Vratonjic. Julien. . Freudiger. Vincent . Bindschaedler. Jean-Pierre . Hubaux. . June 2011, WEIS’11. 2. Impersonation. Eavesdropping. Modifications. Authentication. Confidentiality. Integrity.

Embed :
Presentation Download Link

Download Presentation - The PPT/PDF document "The Inconvenient Truth about Web Certifi..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

The Inconvenient Truth about Web Certificates






Presentation on theme: "The Inconvenient Truth about Web Certificates"— Presentation transcript:

Slide1

The Inconvenient Truth about Web Certificates

Nevena VratonjicJulien FreudigerVincent BindschaedlerJean-Pierre Hubaux

June 2011, WEIS’11Slide2

2

Impersonation

Eavesdropping

Modifications

Authentication

Confidentiality

Integrity

https://www.bankofamerica.com

HTTPS

Secure communication

e-banking, e-commerce, Web email, etc.

Authentication,

HTTPS

Confidentiality

and IntegritySlide3

HTTPS in practice

HTTPS is at the core of online businessesProvided security is dubiousNotably due to obscure certificate management3Slide4

Research Questions

Q1: At which scale is HTTPS currently deployed?Q2: What are the problems with current HTTPS deployment?Q3: What are the underlying reasons that led to these problems?4

Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million websitesSlide5

Methodology

1 million most popular websites (Alexa’s ranking)Connect to each website with HTTP and HTTPSStore:URLsContent of Web pagesCertificates5Slide6

Q1: At which scale is HTTPS deployed?

1/3 of websites can be browsed via HTTPS6

Is this too much or too little? Slide7

Login Pages: HTTP vs. HTTPS

77.4% of websites may compromise users’ credentials!7

More Web pages should be served via HTTPS!Slide8

Q2: What are the problems with current HTTPS deployment?

HTTPS may fail due to:Server certificate-based authenticationCipher suitesThe majority ( 70%) of websites use DHE-RSA-AES256-SHA cipher suite8

?Slide9

X.509 Certificates: Bind a public key with an identityCertificates issued by trusted Certification Authorities (CAs)

To issue a certificate, CAs should validate:The applicant owns the domain nameThe applicant is a legitimate and legally accountable entity9

Two-step validation

BoA

’s

identifying

information & domain name

www.bankofamerica.com

CA

XYZ

BoA

’s

public

key

K

BoA

Certificates

Organization Validated (OV) certificatesSlide10

10

Authentication

https://www.bankofamerica.com

Chain

of trust

Public keys of trusted CAs

pre-installed in Web

browsers

Certificate-based Authentication

Browser:

K

CA

HTTPSSlide11

11

Authentication

https://icsil1mail.epfl.ch

Chain

of trust

cannot

be verified by Web browsers

Self-signed Certificates

Browser:

K

EPFL

?

?

?Slide12

Self-signed Certificates

12Slide13

Successful

authentication

Verifying X.509 CertificatesSlide14

Authentication Success

14

Total of 300’582 certificatesSlide15

Authentication Failures

15

Total of 300’582 certificatesSlide16

Certificate Reuse Across Multiple Domains

Mostly due to Internet virtual hosting16Certificate Validity Domain

Number of virtual hosts*.bluehost.com10’075*.hostgator.com9’148*hostmonster.com

4’954

Serving providers’ certs results in Domain Mismatch

Solution: Server Name Indication (SNI) – TLS extension

47.6% of collected certificates are uniqueSlide17

Domain Mismatch: Unique Trusted Certificates

45.24% of unique trusted certs cause Domain Mismatch17

Subdomain mismatch:

cert valid for

subdomain.host

deployed on

host

and vice versa

Slide18

Authentication Success

18

Total of 300’582 certificatesSlide19

Domain-validated only (DVO) certificates

The applicant owns the domain nameThe applicant is a legitimate and legally accountable entity Based on Domain Name Registrars and email verification

Problem

: Domain Name Registrars are untrustworthy

Trusted DVO Certificates

Legitimacy of the certificate owner cannot be trusted!Slide20

Domain-validated Only (DVO)

20

Trusted

Organization

NOT

Validated

Organization Validated

Trusted

Organization Validated

(OV)Slide21

Extended Validation (EV)

Rigorous extended validation of the applicant [ref]Special browser interfaceTrusted EV Certificates21Slide22

DVO vs. OV vs. EV Certificates

61% of certs trusted by browsers are DVO22

Certs with successful authentication

(48’158 certs)

5.7% of certs (

OV+EV

) provide organization validation

22Slide23

Research QuestionsQ1: How is HTTPS currently deployed?

1/3 of websites can be browsed via HTTPS77.4% of login pages may compromise users’ credentialsQ2: What are the problems with current HTTPS deployment?Authentication failures mostly due to domain mismatchWeak authentication with DVO certificates23Slide24

Q3: What are the underlying reasons that led to these problems?

EconomicsMisaligned incentivesMost website operators have an incentive to obtain cheap certsCAs have an incentive to distribute as many certs as possibleConsequence: cheap certs for cheap securityLiabilityNo or limited liability of involved stakeholdersReputationRely on subsidiaries to issue certs less rigorouslyUsabilityMore interruptions users experience, more they learn to ignore security warningsWeb browsers have little incentive to limit access to websites

24Slide25

New Third-Parties:Open websites managed by users, CAs or browser vendors

Introduce information related to performances of CAs and websitesNew Policies:Legal aspects CAs responsible for cert-based auth.Websites responsible for cert deploymentWeb browser vendors limiting the number of root CAs Selection based on quality of certs

Authentication Success Rate

wrt

. CAs

Countermeasures

25Slide26

Conclusion

Large-scale empirical study of HTTPS and certificate-based authentication on 1 million websites5.7% (18’785) implement cert-based authentication properlyNo browser warnings Legitimacy of the certificate owner verifiedMarket for lemonsInformation asymmetry between CAs and website operatorsMost websites acquire cheap certs leading to cheap securityChange policies to align incentives

26Slide27

Data available at: http://icapeople.epfl.ch/freudiger/SSLSurvey

27Slide28

Trusted certificatesExtended Validation (EV

) (extended validation)Organization Validated (OV) (two-step validation)Domain-validated only (DVO) (step 1. validation)Untrusted (self-signed) certificatesCertificate Types28

Certificate TypePros

Cons

EV

Most trust

Expensive

OV

Trusted

Web browsers c

annot distinguish OV from DVO certificate

DVOInexpensiveCannot guarantee legitimacy of the certificate owner

Self-signedNo cost

Not trusted by Web browsersSlide29

Domain MatchingCompare

host to candidate fields: DNS Name (Alternative Name Certificate Extension) Common Name (Subject)Domain Match [RFC2459, RFC2818]:Host matches exactly one of the candidate fields (case-insensitive)Host matches the regular expression given by wildcard candidate fields(e.g., *.a.com matches foo.a.com but not bar.foo.a.com)

29Slide30

Authentication Success Rate wrt. CAs

30Slide31

Authentication Sucess Rate wrt

. Countries31Slide32

Authentication Sucess Rate wrt. Website Rank

32Slide33

Facebook Login Page

By default served with HTTPSource code of the login page:<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" ……>33

http(s)://arbitraryServer/Slide34

Collected DataData collected for 1’000’787 unique hosts

958’420 working hosts1’032’019 Web pages with HTTP339’693 Web pages with HTTPSFollowing redirections, final pages are mostly in the initial domain or in www subdomain34Slide35

35

VerifyHowSuccessFailureValidity of Signatures

Open SSL verify toolValid chain of trustBroken chain of trustTrusted RootIs the root among trusted root CAs?

Trusted Certificate

Untrusted Certificate

Validity Period

Compare to the current date

Not Expired

Expired

Domain Matching

Compare

host to-CN subject

-DNS nameDomain Match

Domain MismatchVerifying X.509 CertificatesSlide36

SSL Observatory [1]Crawl the IP address space

Check certificate propertiesE.e., EV certificates non-compliant with the standardWe crawl different domainsCheck how certificates are used in practiceE.g., domain matching36Related Work

[1] The EFF SSL Observatory — Electronic Frontier foundation. http://www.eff.org/observatorySlide37

State of the Art - Attacks

Attacks on HTTPS:Attacking Root CAs [1]Attacking Weak Certificate Validation [2]37[1] C. Sogohian and S. Stamm

, “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL,” in HotPETs, 2010. [2] SSL Certificate for Mozilla.com Issued Without Validation. http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.htmlSlide38

Domain Mismatch: Trusted Certificates

74.5% of trusted certs cause Domain Mismatch38

Lack subdomain redirection

: cert valid for

subdomain.host

deployed on

host

Wrong subdomain cert:

cert valid for

host

deployed on

subdomain

.

hostSlide39

39