Nikita Korzhitskii,Niklas Carlsson

DOI: https://doi.org/10.48550/arXiv.2001.04319

2020-01-13

Networking and Internet Architecture

Abstract:Internet security and privacy stand on the trustworthiness of public certificates signed by Certificate Authorities (CAs). However, software products do not trust the same CAs and therefore maintain different root stores, each typically containing hundreds of trusted roots capable of issuing "trusted" certificates for any domain. Incidents with misissued certificates motivated Google to implement and enforce Certificate Transparency (CT). CT logs archive certificates in a public, auditable and append-only manner. The adoption of CT changed the trust landscape. As a part of this change, CT logs started to maintain their own root lists and log certificates that chain back to one of the trusted roots. In this paper, we present the first characterization of this emerging CT root store landscape, as well as the tool that we developed for data collection, visualization, and analysis of the root stores. We compare the logs' root stores and quantify their changes with respect to both each other and the root stores of major software vendors, look at evolving vendor CT policies, and show that root store mismanagement may be linked to log misbehavior. Finally, we present and discuss the results of a survey that we have sent to the log operators participating in Apple's and Google's CT log programs.

Yiming Zhang,Baojun Liu,Chaoyi Lu,Zhou Li,Haixin Duan,Jiachen Li,Zaifeng Zhang

DOI: https://doi.org/10.1145/3460120.3484768

2021-01-01

Abstract:HTTPS secures communications in the web and heavily relies on the Web PKI for authentication. In the Web PKI, Certificate Authorities (CAs) are organizations that provide trust and issue digital certificates. Web clients rely on public root stores maintained by operating systems or browsers, with hundreds of audited CAs as trust anchors. However, as reported by security incidents, hidden root CAs beyond the public root programs have been imported into local root stores, which allows adversaries to gain trust from web clients. In this paper, we provide the first client-side, nation-wide view of hidden root CAs in the Web PKI ecosystem. Through cooperation with a leading browser vendor, we analyze certificate chains in web visits, together with their verification statuses, from volunteer users in 5 months. In total, over 1.17 million hidden root certificates are captured and they cause a profound impact from the angle of web clients and traffic. Further, we identify around 5 thousand organizations that hold hidden root certificates, including fake root CAs that impersonate large trusted ones. Finally, we highlight that the implementation of hidden root CAs and certificates is highly flawed, and issues such as weak keys and signature algorithms are prevalent. Our findings uncover that the ecosystem of hidden root CAs is massive and dynamic, and shed light on the landscape of Web PKI security. Finally, we call for immediate efforts from the community to review the integrity of local root stores.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Martin Ukrop,Lydia Kraus,Vashek Matyas

DOI: https://doi.org/10.1145/3419472

2022-07-24

Abstract:Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much the content of error messages and documentation influences these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating different certificate validation errors. We also analyzed the influence of reworded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions, with trust decisions being far from binary. The self-signed and the name-constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages can positively influence resource use, comprehension, and trust assessment. At the end of the article, we summarize lessons learned from conducting usable security studies with IT professionals.

Cryptography and Security,Computers and Society

Pouyan Fotouhi Tehrani,Raphael Hiesgen,Teresa Lübeck,Thomas C. Schmidt,Matthias Wählisch

DOI: https://doi.org/10.23919/TMA62044.2024.10559089

2024-07-02

Abstract:Integrity and trust on the web build on X.509 certificates. Misuse or misissuance of these certificates threaten the Web PKI security model, which led to the development of several guarding techniques. In this paper, we study the DNS/DNSSEC records CAA and TLSA as well as CT logs from the perspective of the certificates in use. Our measurements comprise 4 million popular domains, for which we explore the existence and consistency of the different extensions. Our findings indicate that CAA is almost exclusively deployed in the absence of DNSSEC, while DNSSEC protected service names tend to not use the DNS for guarding certificates. Even though mainly deployed in a formally correct way, CAA CA-strings tend to not selectively separate CAs, and numerous domains hold certificates beyond the CAA semantic. TLSA records are repeatedly poorly maintained and occasionally occur without DNSSEC.

Cryptography and Security,Networking and Internet Architecture

Mark O'Neill,Scott Heidbrink,Jordan Whitehead,Scott Ruoti,Dan Bunker,Kent Seamons,Daniel Zappala

DOI: https://doi.org/10.48550/arXiv.1610.08570

2016-10-27

Abstract:We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We design and evaluate a prototype implementation of TrustBase on Linux, evaluate its security, and demonstrate that it has negligible overhead and universal compatibility with applications. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.

Cryptography and Security

Bargav Jayaraman,Hannah Li,David Evans

DOI: https://doi.org/10.48550/arXiv.1706.03370

2017-10-10

Abstract:The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single point-of-failure that could have disastrous consequences, so CAs go to great lengths to attempt to protect and control the use of their private keys. Nevertheless, keys are sometimes compromised and may be misused accidentally or intentionally by insiders. We propose splitting a CA's private key among multiple parties, and producing signatures using a generic secure multi-party computation protocol that never exposes the actual signing key. This could be used by a single CA to reduce the risk that its signing key would be compromised or misused. It could also enable new models for certificate generation, where multiple CAs would need to agree and cooperate before a new certificate can be generated, or even where certificate generation would require cooperation between a CA and the certificate recipient (subject). Although more efficient solutions are possible with custom protocols, we demonstrate the feasibility of implementing a decentralized CA using a generic two-party secure computation protocol with an evaluation of a prototype implementation that uses secure two-party computation to generate certificates signed using ECDSA on curve secp192k1.

Cryptography and Security

Stefan Kambiz Behfar,Jon Crowcroft

2023-11-03

Abstract:This study addresses the security challenges associated with the current internet transformations, specifically focusing on emerging technologies such as blockchain and decentralized storage. It also investigates the role of Web3 applications in shaping the future of the internet. The primary objective is to propose a novel design for 'smart certificates,' which are digital certificates that can be programmatically enforced. Utilizing such certificates, an enterprise can better protect itself from cyberattacks and ensure the security of its data and systems. Web3 recent security solutions by companies and projects like Certik, Forta, Slither, and Securify are the equivalent of code scanning tool that were originally developed for Web1 and Web2 applications, and definitely not like certificates to help enterprises feel safe against cyberthreats. We aim to improve the resilience of enterprises' digital infrastructure by building on top of Web3 application and put methodologies in place for vulnerability analysis and attack correlation, focusing on architecture of different layers, Wallet/Client, Application and Smart Contract, where specific components are provided to identify and predict threats and risks. Furthermore, Certificate Transparency is used for enhancing the security, trustworthiness and decentralized management of the certificates, and detecting misuses, compromises, and malfeasances.

Cryptography and Security,Artificial Intelligence

Patrick Herbke,Thomas Cory,Mauro Migliardi

2024-09-20

Abstract:Public key infrastructures are essential for Internet security, ensuring robust certificate management and revocation mechanisms. The transition from centralized to decentralized systems presents challenges such as trust distribution and privacy-preserving credential management. The transition from centralized to decentralized systems is motivated by addressing the single points of failure inherent in centralized systems and leveraging decentralized technologies' transparency and resilience. This paper explores the evolution of certificate status management from centralized to decentralized frameworks, focusing on blockchain technology and advanced cryptography. We provide a taxonomy of the challenges of centralized systems and discuss opportunities provided by existing decentralized technologies. Our findings reveal that, although blockchain technologies enhance security and trust distribution, they represent a bottleneck for parallel computation and face inefficiencies in cryptographic computations. For this reason, we propose a framework of decentralized technology components that addresses such shortcomings to advance the paradigm shift toward decentralized credential status management.

Cryptography and Security,Networking and Internet Architecture

Tim Hobson,Lydia France,Sam Greenbury,Luke Hare,Pamela Wochner

DOI: https://doi.org/10.1049/icp.2023.2561

2024-01-05

Abstract:The sharing of public key information is central to the digital credential security model, but the existing Web PKI with its opaque Certification Authorities and synthetic attestations serves a very different purpose. We propose a new approach to decentralised public key infrastructure, designed for digital identity, in which connections between legal entities that are represented digitally correspond to genuine, pre-existing relationships between recognisable institutions. In this scenario, users can judge for themselves the level of trust they are willing to place in a given chain of attestations. Our proposal includes a novel mechanism for establishing a root of trust in a decentralised setting via independently-verifiable timestamping. We also present a reference implementation built on open networks, protocols and standards. The system has minimal setup costs and is freely available for any community to adopt as a digital public good.

Cryptography and Security

Tong Zhou,Lein Harn

DOI: https://doi.org/10.1109/ccece.2008.4564549

2008-01-01

Abstract:In nonhierarchical public key infrastructure (PKI), any user can be a certificate authority (CA) to issue digital certificates to other users. As there is no single root CA, it is difficult to check the validity of certificates issued by unknown CAs. It is very risky to trust them without in-depth analysis. How users issue certificates in the real world has not been studied. Solomon Aschpsilas conformity experiment reveals that peoplespsila decisions are influenced by others. To reduce the risk of trusting malicious certificate issuers, we propose two novel methods, micro method and macro method, for users to make trust decisions based on the relationships among the CAs. They will improve the security in ad hoc networks and peer-to-peer (P2P) communications.

Stephanos Matsumoto,Raphael M. Reischuk,Pawel Szalachowski,Tiffany Hyun-Jin Kim,Adrian Perrig

DOI: https://doi.org/10.48550/arXiv.1506.03392

2015-06-13

Abstract:We address the problem of scaling authentication for naming, routing, and end-entity certification to a global environment in which authentication policies and users' sets of trust roots vary widely. The current mechanisms for authenticating names (DNSSEC), routes (BGPSEC), and end-entity certificates (TLS) do not support a coexistence of authentication policies, affect the entire Internet when compromised, cannot update trust root information efficiently, and do not provide users with the ability to make flexible trust decisions. We propose a Scalable Authentication Infrastructure for Next-generation Trust (SAINT), which partitions the Internet into groups with common, local trust roots, and isolates the effects of a compromised trust root. SAINT requires groups with direct routing connections to cross-sign each other for authentication purposes, allowing diverse authentication policies while keeping all entities globally verifiable. SAINT makes trust root management a central part of the network architecture, enabling trust root updates within seconds and allowing users to make flexible trust decisions. SAINT operates without a significant performance penalty and can be deployed alongside existing infrastructures.

Cryptography and Security

Pouyan Fotouhi Tehrani,Raphael Hiesgen,Thomas C. Schmidt,Matthias Wählisch

2024-11-12

Abstract:Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our discussion reveals pitfalls and highlights best practices when designing security protocols based on DNS.

Cryptography and Security,Networking and Internet Architecture

Adam Janovsky,Łukasz Chmielewski,Petr Svenda,Jan Jancar,Vashek Matyas

2024-08-19

Abstract:With 5394 security certificates of IT products and systems, the Common Criteria for Information Technology Security Evaluation have bred an ecosystem entangled with various kind of relations between the certified products. Yet, the prevalence and nature of dependencies among Common Criteria certified products remains largely unexplored. This study devises a novel method for building the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm, and measuring how often the references constitute actual dependencies between the certified products. With the help of the resulting reference graph, this work identifies just a dozen of certified components that are relied on by at least 10% of the whole ecosystem -- making them a prime target for malicious actors. The impact of their compromise is assessed and potentially problematic references to archived products are discussed.

Cryptography and Security

Dusko Pavlovic

DOI: https://doi.org/10.48550/arXiv.0808.0732

2008-10-25

Abstract:Trust is often conveyed through delegation, or through recommendation. This makes the trust authorities, who process and publish trust recommendations, into an attractive target for attacks and spoofing. In some recent empiric studies, this was shown to lead to a remarkable phenomenon of *adverse selection*: a greater percentage of unreliable or malicious web merchants were found among those with certain types of trust certificates, then among those without. While such findings can be attributed to a lack of diligence in trust authorities, or even to conflicts of interest, our analysis of trust dynamics suggests that public trust networks would probably remain vulnerable even if trust authorities were perfectly diligent. The reason is that the process of trust building, if trust is not breached too often, naturally leads to power-law distributions: the rich get richer, the trusted attract more trust. The evolutionary processes with such distributions, ubiquitous in nature, are known to be robust with respect to random failures, but vulnerable to adaptive attacks. We recommend some ways to decrease the vulnerability of trust building, and suggest some ideas for exploration.

Cryptography and Security

Xiaojing Gu,Xingsheng Gu

DOI: https://doi.org/10.3390/e17063806

IF: 2.738

2015-01-01

Entropy

Abstract:Transport Layer Security (TLS) and its predecessor, SSL, are important cryptographic protocol suites on the Internet. They both implement public key certificates and rely on a group of trusted certificate authorities (i.e., CAs) for peer authentication. Unfortunately, the most recent research reveals that, if any one of the pre-trusted CAs is compromised, fake certificates can be issued to intercept the corresponding SSL/TLS connections. This security vulnerability leads to catastrophic impacts on SSL/TLS-based HTTPS, which is the underlying protocol to provide secure web services for e-commerce, e-mails, etc. To address this problem, we design an attribute dependency-based detection mechanism, called SSLight. SSLight can expose fake certificates by checking whether the certificates contain some attribute dependencies rarely occurring in legitimate samples. We conduct extensive experiments to evaluate SSLight and successfully confirm that SSLight can detect the vast majority of fake certificates issued from any trusted CAs if they are compromised. As a real-world example, we also implement SSLight as a Firefox add-on and examine its capability of exposing existent fake certificates from DigiNotar and Comodo, both of which have made a giant impact around the world.

Wenya Wang,Yakang Li,Chao Wang,Yuan Yan,Juanru Li,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-92708-0_2

2021-01-01

Abstract:HTTPS is the typical security best practice to protect data transmission. However, it is difficult to correctly deploy HTTPS even for administrators with technical expertise, and mis-configurations often lead to user-facing errors and potential vulnerabilities. One major reason is that administrators do not follow new features of HTTPS ecosystem evolution, and mistakes were unnoticed and existed for years.

Paulo Trezentos,Ricardo Capote,Tiago Teodoro,João Carneiro

DOI: https://doi.org/10.48550/arXiv.2308.05278

2023-08-10

Abstract:This article introduces a distributed model of trust for app developers in Android and iOS mobile ecosystems. The model aims to allow the co-existence of multiple app stores and distribution channels while retaining a high level of safety for mobile device users and minimum changes to current mobile operating systems. The Developers Certification Model (DCM) is a trust model for Android and iOS that aims to distinguish legit applications from security threats to user safeness by answering the question: "is the developer of this app trustable"? It proposes security by design, where safety relies on a chain of trust mapping real-world levels of trust across organizations. For the technical implementation, DCM is heavily inspired by SSL/TLS certification protocol, as a proven model that has been working for over 30 years.

Cryptography and Security

Qiang Cao,Vamsi Thummala,Jeffrey S. Chase,Yuanjun Yao,Bing Xie

DOI: https://doi.org/10.48550/arXiv.1701.06562

2017-01-23

Abstract:SAFE is a data-centric platform for building multi-domain networked systems, i.e., systems whose participants are controlled by different principals. Participants make trust decisions by issuing local queries over logic content exchanged in certificates. The contribution of SAFE is to address a key barrier to practical use of logical trust: the problem of identifying, gathering, and assembling the certificates that are relevant to each trust decision. SAFE uses a simple linking abstraction to organize and share certificates according to scripted primitives that implement the application's trust kernel and isolate it from logic concerns. We show that trust scripting with logical data exchange yields compact trust cores for example applications: federated naming, nested groups and roles, secure IP prefix delegation and routing, attestation-based access control, and a federated infrastructure-as-a-service system. Linking allows granular control over dynamic logic content based on dependency relationships, enabling a logic server to make secure inferences at high throughput.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Noah Apthorpe,Boen Beavers,Yan Shvartzshnaider,Brett Frischmann

2024-09-01

Abstract:We examine the authentication practices of a diverse set of 101 colleges and universities in the United States and Canada to determine compliance with five standards in NIST Special Publication 800-63-3 Digital Identity Guidelines. We find widespread noncompliance with standards for password expiration, password composition rules, and knowledge-based authentication. Many institutions still require or recommend noncompliant practices despite years of expert advice and standards to the contrary. Furthermore, we observe that regional and liberal arts colleges have generally lower documented compliance rates than national and global universities, motivating further investment in authentication security at these institutions. These results are a wake-up call that expert cybersecurity recommendations are not sufficiently influencing the policies of higher education institutions, leaving the sector vulnerable to increasingly prevalent ransomware and other cyberattacks.

Cryptography and Security,Computers and Society