SSL and HTTPS

Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certificate infrastructure used in practice. Keywords-SSL; certificates; browser trust model; usability. I. INTRODUCTORY REMARKS Enabling end users to easily communicate sensitive data online was a significant milestone in the development of today’s web, and, arguably, a necessary condition for its explosive growth. Little-changed since its early days (1994– 2000), the core SSL/TLS technology persists as the basis for securing many aspects of today’s Internet including software download, data transfer, user passwords, and for site authentication. While centred on the HTTPS protocol (HTTP over SSL/TLS), its security services—confidentiality, message integrity, and site authentication—fundamentally rely on the correct interplay of out-of-band infrastructures, procedures, and trust decisions. While the web has moved from serving static information pages to one which is relied on for billions of dollars of commerce and for supporting critical infrastructures, there has been an erosion of confidence in the HTTPS certificate infrastructure for multiple reasons, e.g., increasing issuance of server certificates through fully-automated (domain validated) procedures, a proliferation of certificate authorities (CAs) which may either directly issue site certificates or certificates for other CAs, and the compromise of real-world CAs leading to increased concern amongst security experts of real-world man-in-the-middle (MITM) attacks on HTTPS. SSL/TLS has evolved in response to the discovery of cryptographic weaknesses and protocol design flaws. Problems with the certificate model appear to be more chalVersion: March 7, 2013. An extended abstract of this paper appeared at IEEE Symposium on Security and Privacy 2013 [33]. lenging, including among others: design and implementation issues in the CA/Browser (CA/B) trust model leading to fragility (compromise of a single CA can, at least temporarily, undermine system-wide security) and lack of trust agility, poor support for certificate revocation, a reduction in CA diligence in certificate issuance, and user interface challenges related to reliably signalling to end-users, in ways not ignored or spoofed, security indicators and site authentication information. In this paper, we provide a broad perspective of the SSL/TLS (henceforth TLS) mechanism, as employed with web browsers for securing HTTP traffic. We consider HTTPS, the underlying CA infrastructure, CA/B trust model, and proposed enhancements. Among many important HTTPS-related topics beyond our main focus are: phishing, performance enhancements, use of certificates for clientauthentication, and the use of TLS beyond securing HTTP. Our main contributions are the following: (1) We classify and put into a broader context disparate contributions on HTTPS security, spanning elements of cryptographic design and implementation, systems software, operations, and human factors. (2) We provide a comparative evaluation of existing proposals to enhance security aspects of the CA/B model, deconstructing and evaluating their core ideas. (3) Building on this contextual review, classification, and analysis, we summarize open problems and future research directions. In addition, by systematic discussion of security issues in a single place, we hope to provide perspective based on the hindsight of a multitude of historical problems. Our work highlights the overall complexity, including algorithms, protocols, infrastructure, configuration, and interfaces, and contributes an overall understanding of which issues are addressed by which enhancements and protocol revisions.