The Inconvenient Truth about Web Certificates Jean-Pierre Hubaux Joint work with N. Vratonjic, J. Freudiger and V. Bindschaedler Work presented at WEIS.

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

Why Eve & Mallory Love Android

Browser Security Modes Alex Crowell and James Kasten.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Integrity of the Web Content: The Case of Online Advertising Nevena Vratonjic Julien Freudiger Jean-Pierre Hubaux August 2010, Usenix CollSec’10.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

DNS and HTTPs ACN Presentation. Domain Names We refer to computers on the Internet (Internet hosts), by names like: sharda.ac.in These are called domain.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Introduction To Windows NT ® Server And Internet Information Server.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

CSCI 6962: Server-side Design and Programming

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Robust Defenses for Cross-Site Request Forgery CS6V Presented by Saravana M Subramanian.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Module 9: Fundamentals of Securing Network Communication.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Apache Web Server Quick and Dirty for AfNOG 2015 (Originally by Joel Jaeggli for AfNOG 2007) ‏

Apache Web Server Quick and Dirty Evelyn NAMARA for AfNOG 2014 (Originally by Joel Jaeggli for AfNOG 2007) ‏

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Key management issues in PGP

Presentation By :- Krishna Sai Mulpuri

Setting and Upload Products

Apache web server Quick overview.

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Presented by Hussein Almulla

Presentation transcript:

The Inconvenient Truth about Web Certificates Jean-Pierre Hubaux Joint work with N. Vratonjic, J. Freudiger and V. Bindschaedler Work presented at WEIS in June 2011

2 Impersonation Eavesdropping Modifications Authentication Confidentiality Integrity HTTPS Secure communication e-banking, e-commerce, Web , etc. Authentication, HTTPS Confidentialityand Integrity

HTTPS in practice HTTPS is at the core of online businesses Provided security is dubious Notably due to obscure certificate management 3

Research Questions Q1: At which scale is HTTPS currently deployed? Q2: What are the problems with current HTTPS deployment? Q3: What are the underlying reasons that led to these problems? 4 Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million websites

Methodology 1 million most popular websites (Alexa’s ranking) Connect to each website with HTTP and HTTPS Store: URLs Content of Web pages Certificates 5

Q1: At which scale is HTTPS deployed?  1/3 of websites can be browsed via HTTPS 6 Is this too much or too little?

Login Pages: HTTP vs. HTTPS  77.4% of websites may compromise users’ credentials! 7  More Web pages should be served via HTTPS!

Q2: What are the problems with current HTTPS deployment? HTTPS may fail due to: Server certificate-based authentication Cipher suites  The majority ( 70%) of websites use DHE-RSA-AES256- SHA cipher suite 8

X.509 Certificates: Bind a public key with an identity Certificates issued by trusted Certification Authorities (CAs) To issue a certificate, CAs should validate: 1. The applicant owns the domain name 2. The applicant is a legitimate and legally accountable entity 9 Two-step validation BoA’s identifying information & domain name CA XYZ BoA’s public key K BoA Certificates  Organization Validated (OV) certificates

10 Authentication Chain of trust Public keys of trusted CAs pre-installed in Web browsers Certificate-based Authentication Browser: K CA HTTPS

11 Authentication Chain of trust cannot be verified by Web browsers Self-signed Certificates Browser: K EPFL ?

Self-signed Certificates 12

Trusted CA Not expired Domain match Successful authentication Verifying X.509 Certificates

Authentication Success 14 Total of 300’582 certificates

Authentication Failures 15 Total of 300’582 certificates

Certificate Reuse Across Multiple Domains Mostly due to Internet virtual hosting 16 Certificate Validity DomainNumber of virtual hosts *.bluehost.com10’075 *.hostgator.com9’148 *hostmonster.com4’954 Serving providers’ certs results in Domain Mismatch Solution: Server Name Indication (SNI) – TLS extension  Only 47.6% of collected certificates are unique

Domain Mismatch: Unique Trusted Certificates  45.24% of unique trusted certs cause Domain Mismatch 17 Subdomain mismatch: cert valid for subdomain.host deployed on host and vice versa Same organization

Authentication Success 18 Total of 300’582 certificates

Domain-validated only (DVO) certificates 1. The applicant owns the domain name 2. The applicant is a legitimate and legally accountable entity Based on Domain Name Registrars and verification  Problem: Domain Name Registrars are untrustworthy Trusted DVO Certificates  Legitimacy of the certificate owner cannot be trusted!

Domain-validated Only (DVO) 20 Trusted Organization NOT Validated Organization Validated Trusted Organization Validated (OV)

Extended Validation (EV) Rigorous extended validation of the applicant Special browser interface Trusted EV Certificates 21

DVO vs. OV vs. EV Certificates  61% of certs trusted by browsers are DVO 22 Certs with successful authentication (48’158 certs)  5.7% of certs (OV+EV) provide organization validation 22

Research Questions Q1: How is HTTPS currently deployed?  1/3 of websites can be browsed via HTTPS  77.4% of login pages may compromise users’ credentials Q2: What are the problems with current HTTPS deployment?  Authentication failures mostly due to domain mismatch  Weak authentication with DVO certificates 23

Q3: What are the underlying reasons that led to these problems? Economics Misaligned incentives Most website operators have an incentive to obtain cheap certs CAs have an incentive to distribute as many certs as possible Consequence: cheap certs for cheap security Liability No or limited liability of involved stakeholders Reputation Rely on subsidiaries to issue certs less rigorously Usability More interruptions users experience, more they learn to ignore security warnings Web browsers have little incentive to limit access to websites 24

Conclusion Large-scale empirical study of HTTPS and certificate- based authentication on 1 million websites  5.7% (18’785) implement cert-based authentication properly  No browser warnings  Legitimacy of the certificate owner verified Market for lemons Information asymmetry between CAs and website operators Most websites acquire cheap certs leading to cheap security Change policies to align incentives 25

Trusted certificates Extended Validation (EV) (extended validation) Organization Validated (OV) (two-step validation) Domain-validated only (DVO) (step 1. validation) Untrusted (self-signed) certificates Certificate Types 26 Certificate TypeProsCons EVMost trustExpensive OVTrusted Web browsers cannot distinguish OV from DVO certificate DVOInexpensive Cannot guarantee legitimacy of the certificate owner Self-signedNo costNot trusted by Web browsers

Facebook Login Page By default served with HTTP Source code of the login page: " pt=1" 27 http(s)://arbitraryServer/

CSC 104 Common Sense: Protect your passwords. Don’t use the same password for an insecure site as for a secure one. Essay Topic: Discuss an issue arising from improper security on the web. Notable examples include: theft of iTunes accounts, theft via PayPal, credit-card fraud. 28