Visible to the public Measuring and Improving Management of Today's PKI - UMD - October 2015Conflict Detection Enabled

Submitted by jkatz on Mon, 10/12/2015 - 10:23pm

PI(s): David Levin
Researchers: Frank Cangialosi (UMD, undergraduate)

PROJECT OVERVIEW

Authentication is the property that allows a user to know that, when they go to a website, they are truly communicating with whom they expect, and not an impersonator. This critical property is made possible with a set of cryptographic and networking protocols collectively referred to as a public key infrastructure (PKI). While online use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation. This project studies the following questions: Are administrators doing what users of the Web need them to do in order to ensure security? and, how can we help facilitate or automate these tasks?

We are performing internet-wide measurements of how online certificates are actively being managed, including how quickly and thoroughly administrators revoke their certificates after a potential key compromise, and what role third-party hosting services play.  In particular, we find that CDNs (content distribution networks)—which serve content for many of the most popular websites—appear to have access to content providers' private keys, violating the fundamental assumption of PKIs (i.e., no one shares their private keys).  We are performing the first widespread analyses of the extent to which websites are sharing their private keys, and exploring what impact this has on the management of the PKI and on users' privacy and security in general.

HARD PROBLEM(S) ADDRESSED

Metrics; Human Behavior.

PUBLICATIONS

  • "An End-to-End Measurement of Certificate Revocation in the Web's PKI" Yabing Liu, Will Tome, Liang Zhang, David Choffnes, Dave Levin, Bruce Maggs, Alan Mislove, Aaron Schulman, Christo Wilson. Submitted to ACM IMC (Internet Measurement Conference) 2015.

Abstract: Critical to the security of any public key infrastructure (PKI) is the ability to revoke previously issued certificates. While the overall SSL ecosystem is well-studied, the frequency with which certificates are revoked and the circumstances under which clients (e.g., browsers) check whether certificates are revoked are still not well-understood.

In this paper, we take a close look at certificate revocations in the Web’s PKI. Using 74 full IPv4 HTTPS scans, we find that a surprisingly large fraction (8%) of the certificates served have been revoked, and that obtaining certificate revocation information can often be expensive in terms of latency and bandwidth for clients. We then study the revocation checking behavior of 30 different combinations of web browsers and operating systems; we find that browsers often do not bother to check whether certificates are revoked (including mobile browsers, which uniformly never check). We also examine the CRLSet infrastructure built into Google Chrome for disseminating revocations; we find that CRLSet only covers 0.35% of all revocations. Overall, our results paint a bleak picture of the ability to effectively revoke certificates today.

ACCOMPLISHMENT HIGHLIGHTS

  • Developed a technique for determining whether two domains are owned by the same company, a technique we refer to as the "domain equivalence problem."  We have performed a preliminary evaluation on a set of features—including the edit distance of the two domains, how many authoritative DNS name servers they have in common, and how similar their certificates are—and have found high accuracy rates.  Our next step will be to apply this equivalence check to all domains in our SSL certificate dataset, so as to determine how many different companies (not just how many different domains) appear on a given certificate together, and so on.
  • Developed an initial protocol for more transparent delegation of rights from a website to a CDN.  It has the nice property that CDNs would effectively be used as a "proxy"—unable to undetectably alter data between a content provider and a user, and unable to view confidential data between the two.  The challenge is to achieve this while maintaining CDNs' ability to detect and prevent attacks (e.g., SQL injection) that require inspection of data's plaintext.  To this end, we are developing a scheme by which we encrypt only portions of a web transfer.  We are looking into a comprehensive set of tests and firewall rules (OWASP is a good start) against which to evaluate and further refine our protocol.

COMMUNITY INTERACTION

This quarter, Levin presented results from these studies of the PKI's administration to broad audiences, including at the RTCM (Radio Technical Commission for Maritime Services) conference, and the NMEA (National Maritime Electronics Association) conference, both held in Baltimore, MD, and at the CyberSci Summit held by ICF International, in Fairfax, VA.  The audiences consisted of a wide range of practitioners, many with very little background in computer science and security, yet who are influential in developing communication policies at both institutional and international levels.  Additionally, Levin presented the results to groups of graduate and undergraduate students at UMD.

Groups: