To Trust, or not to Trust, that is the Question: Structural Properties of X.509 Certificates
نویسندگان
چکیده
The SSL/TLS protocol suite constitutes the key building block of today’s Internet security, providing encryption and authentication for end-to-end communication with its underlying X.509 certificate infrastructure. However, the system remains brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. Several recent high-profile incidents have demonstrated this shortcoming. A striking example is the 2012 breach of the DigiNotar Certificate Authority (CA) where 30 CA certificates were compromised. The perpetrators used these certificates, e.g., to carry out man-in-the-middle-attack attacks against users in Iran accessing Google [3]. Over time, the security community has proposed a number of countermeasures to increase the security of the certificate ecosystem; examples include DANE, which supports certificate pinning through DNS, TACK which pins certificates to server keys, or HPKP which instructs web-clients to pin certificates for future connections [2]. We set out to understand to which degree benign changes to the certificate ecosystem share structural properties with attacks, based on a large-scale data set of more than 17 billion SSL/TLS sessions [1]. We find that common intuition falls short in assessing the maliciousness of an unknown certificate, since their typical artifacts routinely occur in benign contexts as well. Examples include certificates being signed by intermediate CA certificates that were not encountered before (e.g. for delaware.gov); sites starting to use certificates signed by different CAs while continuing to use their old certificates (e.g. for americanexpress.com); and new certificates being issued while the current ones are still valid for a significant time. BODY Even for a human observer with full knowledge it is impossible to decide if a new certificate is legitimate without out-of-band context.
منابع مشابه
Adding Distributed Trust Management to Shibboleth
This paper analyses the simplicity of the trust model adopted by the Shibboleth infrastructure and describes an enhanced distributed trust model and authorisation decision making capability that can be implemented by using X.509 attribute certificates and a Privilege Management Infrastructure such as PERMIS. Several different combinatorial approaches can be taken, depending upon the trust model...
متن کاملNISTIR 7224, 4th Annual PKI R&D Workshop "Multiple Paths to Trust" Proceedings
This paper analyses the simplicity of the trust model adopted by the Shibboleth infrastructure and describes an enhanced distributed trust model and authorisation decision making capability that can be implemented by using X.509 attribute certificates and a Privilege Management Infrastructure such as PERMIS. Several different combinatorial approaches can be taken, depending upon the trust model...
متن کاملA Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملA Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملAHP Techniques for Trust Evaluation in Semantic Web
The increasing reliance on information gathered from the web and other internet technologies raise the issue of trust. Through the development of semantic Web, One major difficulty is that, by its very nature, the semantic web is a large, uncensored system to which anyone may contribute. This raises the question of how much credence to give each resource. Each user knows the trustworthiness of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- TinyToCS
دوره 3 شماره
صفحات -
تاریخ انتشار 2015