Post on 25-Feb-2016
description
The Inconvenient Truth about Web Certificates
Jean-Pierre Hubaux Joint work with
N. Vratonjic, J. Freudiger and V. Bindschaedler
Work presented at WEIS in June 2011
2
Impersonation
EavesdroppingModificationsAuthentication
ConfidentialityIntegrity
https://www.bankofamerica.com
HTTPS
Secure communicatione-banking, e-commerce, Web email, etc.Authentication,
HTTPS
Confidentialityand Integrity
HTTPS in practiceHTTPS is at the core of online businessesProvided security is dubious
Notably due to obscure certificate management
3
Research Questions
Q1: At which scale is HTTPS currently deployed?
Q2: What are the problems with current HTTPS deployment?
Q3: What are the underlying reasons that led to these problems?
4
Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million
websites
Methodology1 million most popular websites (Alexa’s
ranking)
Connect to each website with HTTP and HTTPS
Store:URLsContent of Web pagesCertificates
5
Q1: At which scale is HTTPS deployed?
1/3 of websites can be browsed via HTTPS
6
Is this too much or too little?
HTTPS
34.7%
HTTP65.3%
Login Pages: HTTP vs. HTTPS
77.4% of websites may compromise users’ credentials!
7
HTTPS22.6%HTTP
77.4%
More Web pages should be served via HTTPS!
Q2: What are the problems with current HTTPS deployment?
HTTPS may fail due to:Server certificate-based authenticationCipher suites
The majority ( 70%) of websites use DHE-RSA-AES256-SHA cipher suite
8
?
X.509 Certificates: Bind a public key with an identity
Certificates issued by trusted Certification Authorities (CAs)
To issue a certificate, CAs should validate:1. The applicant owns the domain name2. The applicant is a legitimate and legally
accountable entity
9
Two-step validationBoA’s
identifying information & domain name www.bankofamerica.com
CA XYZBoA’s public
key KBoA
Certificates
Organization Validated (OV) certificates
10
Authentication
https://www.bankofamerica.com
Chain of trust Public keys of trusted CAs pre-installed in Web
browsers
Certificate-based Authentication
Browser: KCA
HTTPS
11
Authentication
https://icsil1mail.epfl.ch
Chain of trust cannot be verified by Web browsers
Self-signed Certificates
Browser: K
EPFL ?
??
Self-signed Certificates
12
Trusted CA
Not expiredDomain match
Successfulauthentication
Verifying X.509 Certificates
Authentication Success
14Total of 300’582 certificates
Authentication Failures
15Total of 300’582 certificates
Certificate Reuse Across Multiple Domains
Mostly due to Internet virtual hosting
16
Certificate Validity Domain Number of virtual hosts
*.bluehost.com 10’075*.hostgator.com 9’148
*hostmonster.com 4’954
Serving providers’ certs results in Domain Mismatch
Solution: Server Name Indication (SNI) – TLS extension Only 47.6% of collected certificates are unique
Domain Mismatch: Unique Trusted Certificates
45.24% of unique trusted certs cause Domain Mismatch
17
Subdomain mismatch: cert valid for subdomain.host deployed on host and vice versa
Same organization
Authentication Success
18Total of 300’582 certificates
Domain-validated only (DVO) certificates1. The applicant owns the domain name2. The applicant is a legitimate and legally
accountable entity Based on Domain Name Registrars and email
verification Problem: Domain Name Registrars are untrustworthy
Trusted DVO Certificates
Legitimacy of the certificate owner cannot be trusted!
Domain-validated Only (DVO)
20
Trusted
Organization NOT Validated
Organization Validated
Trusted
Organization Validated (OV)
Extended Validation (EV) Rigorous extended validation of the applicantSpecial browser interface
Trusted EV Certificates
21
DVO vs. OV vs. EV Certificates
61% of certs trusted by browsers are DVO
22
Certs with successful authentication(48’158 certs)
5.7% of certs (OV+EV) provide organization validation
DVO61%EV
6%
OV33%
Research Questions
Q1: How is HTTPS currently deployed?1/3 of websites can be browsed via HTTPS77.4% of login pages may compromise users’
credentials
Q2: What are the problems with current HTTPS deployment?Authentication failures mostly due to domain
mismatchWeak authentication with DVO certificates
23
Q3: What are the underlying reasons that led to these problems?
EconomicsMisaligned incentives
Most website operators have an incentive to obtain cheap certs CAs have an incentive to distribute as many certs as possible
Consequence: cheap certs for cheap securityLiability
No or limited liability of involved stakeholdersReputation
Rely on subsidiaries to issue certs less rigorouslyUsability
More interruptions users experience, more they learn to ignore security warnings
Web browsers have little incentive to limit access to websites
24
Conclusion
Large-scale empirical study of HTTPS and certificate-based authentication on 1 million websites
5.7% (18’785) implement cert-based authentication properlyNo browser warnings Legitimacy of the certificate owner verified
Market for lemonsInformation asymmetry between CAs and website
operatorsMost websites acquire cheap certs leading to
cheap securityChange policies to align incentives
25
Trusted certificatesExtended Validation (EV) (extended validation)Organization Validated (OV) (two-step validation)Domain-validated only (DVO) (step 1. validation)
Untrusted (self-signed) certificates
Certificate Types
26
Certificate Type Pros Cons
EV Most trust Expensive
OV TrustedWeb browsers cannot
distinguish OV from DVO certificate
DVO Inexpensive Cannot guarantee legitimacy of the certificate owner
Self-signed No cost Not trusted by Web browsers
Facebook Login Page
By default served with HTTPSource code of the login page:<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" ……>
27
http(s)://arbitraryServer/
CSC 104
Common Sense: Protect your passwords. Don’t use the same password for an insecure site as for a secure one.
Essay Topic: Discuss an issue arising from improper security on the web. Notable examples include: theft of iTunes accounts, theft via PayPal, credit-card fraud.
28