Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11.

Published byClaude Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11."— Presentation transcript:

1 The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11

2 2 Impersonation Eavesdropping Modifications Authentication Confidentiality Integrity https://www.bankofamerica.com HTTPS Secure communication e-banking, e-commerce, Web email, etc. Authentication, HTTPS Confidentialityand Integrity

3 HTTPS in practice HTTPS is at the core of online businesses Provided security is dubious Notably due to obscure certificate management 3

4 Research Questions Q1: At which scale is HTTPS currently deployed? Q2: What are the problems with current HTTPS deployment? Q3: What are the underlying reasons that led to these problems? 4 Large-scale empirical analysis of the current deployment of HTTPS on the top 1 million websites

5 Methodology 1 million most popular websites (Alexa’s ranking) Connect to each website with HTTP and HTTPS Store: URLs Content of Web pages Certificates 5

6 Q1: At which scale is HTTPS deployed?  1/3 of websites can be browsed via HTTPS 6 Is this too much or too little?

7 Login Pages: HTTP vs. HTTPS  77.4% of websites may compromise users’ credentials! 7  More Web pages should be served via HTTPS!

8 Q2: What are the problems with current HTTPS deployment? HTTPS may fail due to: Server certificate-based authentication Cipher suites  The majority ( 70%) of websites use DHE-RSA-AES256- SHA cipher suite 8

9 X.509 Certificates: Bind a public key with an identity Certificates issued by trusted Certification Authorities (CAs) To issue a certificate, CAs should validate: 1. The applicant owns the domain name 2. The applicant is a legitimate and legally accountable entity 9 Two-step validation BoA’s identifying information & domain name www.bankofamerica.com CA XYZ BoA’s public key K BoA Certificates  Organization Validated (OV) certificates

10 10 Authentication https://www.bankofamerica.com Chain of trust Public keys of trusted CAs pre-installed in Web browsers Certificate-based Authentication Browser: K CA HTTPS

11 11 Authentication https://icsil1mail.epfl.ch Chain of trust cannot be verified by Web browsers Self-signed Certificates Browser: K EPFL ?

12 Self-signed Certificates 12

13 Trusted CA Not expired Domain match Successful authentication Verifying X.509 Certificates

14 Authentication Success 14 Total of 300’582 certificates

15 Authentication Failures 15 Total of 300’582 certificates

16 Certificate Reuse Across Multiple Domains Mostly due to Internet virtual hosting 16 Certificate Validity DomainNumber of virtual hosts *.bluehost.com10’075 *.hostgator.com9’148 *hostmonster.com4’954 Serving providers’ certs results in Domain Mismatch Solution: Server Name Indication (SNI) – TLS extension  47.6% of collected certificates are unique

17 Domain Mismatch: Unique Trusted Certificates  45.24% of unique trusted certs cause Domain Mismatch 17 Subdomain mismatch: cert valid for subdomain.host deployed on host and vice versa

18 Authentication Success 18 Total of 300’582 certificates

19 Domain-validated only (DVO) certificates 1. The applicant owns the domain name 2. The applicant is a legitimate and legally accountable entity Based on Domain Name Registrars and email verification  Problem: Domain Name Registrars are untrustworthy Trusted DVO Certificates  Legitimacy of the certificate owner cannot be trusted!

20 Domain-validated Only (DVO) 20 Trusted Organization NOT Validated Organization Validated Trusted Organization Validated (OV)

21 Extended Validation (EV) Rigorous extended validation of the applicant [ref] Special browser interface Trusted EV Certificates 21

22 DVO vs. OV vs. EV Certificates  61% of certs trusted by browsers are DVO 22 Certs with successful authentication (48’158 certs)  5.7% of certs (OV+EV) provide organization validation 22

23 Research Questions Q1: How is HTTPS currently deployed?  1/3 of websites can be browsed via HTTPS  77.4% of login pages may compromise users’ credentials Q2: What are the problems with current HTTPS deployment?  Authentication failures mostly due to domain mismatch  Weak authentication with DVO certificates 23

24 Q3: What are the underlying reasons that led to these problems? Economics Misaligned incentives Most website operators have an incentive to obtain cheap certs CAs have an incentive to distribute as many certs as possible Consequence: cheap certs for cheap security Liability No or limited liability of involved stakeholders Reputation Rely on subsidiaries to issue certs less rigorously Usability More interruptions users experience, more they learn to ignore security warnings Web browsers have little incentive to limit access to websites 24

25 New Third-Parties: Open websites managed by users, CAs or browser vendors Introduce information related to performances of CAs and websites New Policies: Legal aspects CAs responsible for cert-based auth. Websites responsible for cert deployment Web browser vendors limiting the number of root CAs Selection based on quality of certs Authentication Success Rate wrt. CAs Countermeasures 25

26 Conclusion Large-scale empirical study of HTTPS and certificate- based authentication on 1 million websites  5.7% (18’785) implement cert-based authentication properly  No browser warnings  Legitimacy of the certificate owner verified Market for lemons Information asymmetry between CAs and website operators Most websites acquire cheap certs leading to cheap security Change policies to align incentives 26

27 Data available at: http://icapeople.epfl.ch/freudiger/SSLSurvey 27

Download ppt "The Inconvenient Truth about Web Certificates Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jean-Pierre Hubaux June 2011, WEIS’11."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Why Eve & Mallory Love Android

Why Eve & Mallory Love Android
Browser Security Modes Alex Crowell and James Kasten.

Browser Security Modes Alex Crowell and James Kasten.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating.

HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CP3397 ECommerce.

CP3397 ECommerce.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Integrity of the Web Content: The Case of Online Advertising Nevena Vratonjic Julien Freudiger Jean-Pierre Hubaux August 2010, Usenix CollSec’10.

Integrity of the Web Content: The Case of Online Advertising Nevena Vratonjic Julien Freudiger Jean-Pierre Hubaux August 2010, Usenix CollSec’10.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
DNS and HTTPs ACN Presentation. Domain Names We refer to computers on the Internet (Internet hosts), by names like: sharda.ac.in These are called domain.

DNS and HTTPs ACN Presentation. Domain Names We refer to computers on the Internet (Internet hosts), by names like: sharda.ac.in These are called domain.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Similar presentations

Ads by Google