1 / 39

The Inconvenient Truth about Web Certificates

Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux. The Inconvenient Truth about Web Certificates. June 2011, WEIS’11. HTTPS. Secure communication e-banking, e-commerce, Web email, etc. Authentication,. Confidentiality. and Integrity.

ulfah
Download Presentation

The Inconvenient Truth about Web Certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NevenaVratonjic JulienFreudiger Vincent Bindschaedler Jean-Pierre Hubaux The Inconvenient Truth about Web Certificates June 2011, WEIS’11

  2. HTTPS • Secure communication • e-banking, e-commerce, Web email, etc. • Authentication, Confidentiality and Integrity https://www.bankofamerica.com HTTPS Impersonation Modifications Authentication Eavesdropping Integrity Confidentiality

  3. HTTPS in practice • HTTPS is at the core of online businesses • Provided security is dubious • Notably due to obscure certificate management

  4. Research Questions • Q1: At which scale is HTTPS currently deployed? • Q2: What are the problems with current HTTPS deployment? • Q3: What are the underlying reasons that led to these problems? Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million websites

  5. Methodology • 1 million most popular websites (Alexa’s ranking) • Connect to each website with HTTP and HTTPS • Store: • URLs • Content of Web pages • Certificates

  6. Q1: At which scale is HTTPS deployed? • 1/3 of websites can be browsed via HTTPS • Is this too much or too little?

  7. Login Pages: HTTP vs. HTTPS • 77.4% of websites may compromise users’ credentials! • More Web pages should be served via HTTPS!

  8. Q2: What are the problems with current HTTPS deployment? HTTPS may fail due to: • Server certificate-based authentication • Cipher suites • The majority ( 70%) of websites use DHE-RSA-AES256-SHA cipher suite ?

  9. Certificates • X.509 Certificates: Bind a public key with an identity • Certificates issued by trusted Certification Authorities (CAs) • To issue a certificate, CAs should validate: • The applicant owns the domain name • The applicant is a legitimate and legally accountable entity • Organization Validated (OV) certificates BoA’s public key CA XYZ KBoA Two-step validation BoA’s identifying information & domain name www.bankofamerica.com

  10. Certificate-based Authentication • Chain of trust • Public keys of trusted CAs pre-installed in Web browsers Browser: KCA https://www.bankofamerica.com HTTPS Authentication

  11. Self-signed Certificates • Chain of trust cannot be verified by Web browsers Browser: KEPFL? https://icsil1mail.epfl.ch ? ? Authentication

  12. Self-signed Certificates

  13. Verifying X.509 Certificates Successful authentication

  14. Authentication Success Total of 300’582 certificates

  15. Authentication Failures Total of 300’582 certificates

  16. Certificate Reuse Across Multiple Domains • Mostly due to Internet virtual hosting • Serving providers’ certs results in Domain Mismatch • Solution: Server Name Indication (SNI) – TLS extension • 47.6% of collected certificates are unique

  17. Domain Mismatch: Unique Trusted Certificates • 45.24% of unique trusted certs cause Domain Mismatch • Subdomain mismatch: cert valid for subdomain.hostdeployed on hostand vice versa

  18. Authentication Success Total of 300’582 certificates

  19. Trusted DVO Certificates • Domain-validated only (DVO) certificates • The applicant owns the domain name • The applicant is a legitimate and legally accountable entity • Based on Domain Name Registrars and email verification • Problem: Domain Name Registrars are untrustworthy • Legitimacy of the certificate owner cannot be trusted!

  20. Organization Validated (OV) Domain-validated Only (DVO) Organization NOT Validated Organization Validated Trusted Trusted

  21. Trusted EV Certificates • Extended Validation (EV) • Rigorous extended validation of the applicant [ref] • Special browser interface

  22. DVO vs. OV vs. EV Certificates Certs with successful authentication (48’158 certs) • 61% of certs trusted by browsers are DVO • 5.7% of certs (OV+EV) provide organization validation 22

  23. Research Questions • Q1: How is HTTPS currently deployed? • 1/3 of websites can be browsed via HTTPS • 77.4% of login pages may compromise users’ credentials • Q2: What are the problems with current HTTPS deployment? • Authentication failures mostly due to domain mismatch • Weak authentication with DVO certificates

  24. Q3: What are the underlying reasons that led to these problems? • Economics • Misaligned incentives • Most website operators have an incentive to obtain cheap certs • CAs have an incentive to distribute as many certs as possible • Consequence: cheap certs for cheap security • Liability • No or limited liability of involved stakeholders • Reputation • Rely on subsidiaries to issue certs less rigorously • Usability • More interruptions users experience, more they learn to ignore security warnings • Web browsers have little incentive to limit access to websites

  25. Countermeasures Authentication Success Rate wrt. CAs • New Third-Parties: • Open websites managed by users, CAs or browser vendors • Introduce information related to performances of CAs and websites • New Policies: • Legal aspects • CAs responsible for cert-based auth. • Websites responsible for cert deployment • Web browser vendors limiting the number of root CAs • Selection based on quality of certs

  26. Conclusion • Large-scale empirical study of HTTPS and certificate-based authentication on 1 million websites • 5.7% (18’785) implement cert-based authentication properly • No browser warnings • Legitimacy of the certificate owner verified • Market for lemons • Information asymmetry between CAs and website operators • Most websites acquire cheap certs leading to cheap security • Change policies to align incentives

  27. Data available at: http://icapeople.epfl.ch/freudiger/SSLSurvey

  28. Certificate Types • Trusted certificates • Extended Validation (EV) (extended validation) • Organization Validated (OV) (two-step validation) • Domain-validated only (DVO) (step 1. validation) • Untrusted (self-signed) certificates

  29. Domain Matching • Compare host to candidate fields: • DNS Name (Alternative Name Certificate Extension) • Common Name (Subject) • Domain Match [RFC2459, RFC2818]: • Host matches exactly one of the candidate fields (case-insensitive) • Host matches the regular expression given by wildcard candidate fields • (e.g., *.a.com matches foo.a.com but not bar.foo.a.com)

  30. Authentication Success Rate wrt. CAs

  31. Authentication Sucess Rate wrt. Countries

  32. Authentication SucessRate wrt. Website Rank

  33. Facebook Login Page • By default served with HTTP • Source code of the login page: <div class="menu_login_container"> <form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" ……> • http(s)://arbitraryServer/

  34. Collected Data • Data collected for 1’000’787 unique hosts • 958’420 working hosts • 1’032’019 Web pages with HTTP • 339’693 Web pages with HTTPS • Following redirections, final pages are mostly in the initial domain or in www subdomain

  35. Verifying X.509 Certificates

  36. Related Work • SSL Observatory [1] • Crawl the IP address space • Check certificate properties • E.e., EV certificates non-compliant with the standard • We crawl different domains • Check how certificates are used in practice • E.g., domain matching [1] The EFF SSL Observatory — Electronic Frontier foundation. http://www.eff.org/observatory

  37. State of the Art - Attacks • Attacks on HTTPS: • Attacking Root CAs [1] • Attacking Weak Certificate Validation [2] [1] C. Sogohian and S. Stamm, “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL,” in HotPETs, 2010. [2] SSL Certificate for Mozilla.com Issued Without Validation. http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html

  38. Domain Mismatch: Trusted Certificates • 74.5% of trusted certs cause Domain Mismatch • Lack subdomain redirection: cert valid for subdomain.host deployed on host • Wrong subdomain cert: cert valid for host deployed on subdomain.host

More Related