Measuring and Improving Management of Today's PKI - UMD - January 2017
PI(s): David Levin
Researchers: Frank Cangialosi (former UMD undergraduate; now a graduate student at MIT)
PROJECT OVERVIEW
Authentication allows a user to know, when they go to a website, that they are truly communicating with whom they expect, and not an impersonator. This critical property is made possible with a set of cryptographic and networking protocols collectively referred to as a public key infrastructure (PKI). While online use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation. This project studies the following questions: Are administrators doing what users of the Web need them to do in order to ensure security? And, how can we help facilitate or automate these tasks?
We are performing internet-wide measurements of how online certificates are actively being managed, including how quickly and thoroughly administrators revoke their certificates after a potential key compromise, and what role third-party hosting services play. In particular, we find that CDNs (content distribution networks)—which serve content for many of the most popular websites—appear to have access to content providers' private keys, violating the fundamental assumption of PKIs (i.e., no one shares their private keys). We are performing the first widespread analyses of the extent to which websites are sharing their private keys, and exploring what impact this has on the management of the PKI and on users' privacy and security in general.
HARD PROBLEM(S) ADDRESSED
Metrics; Human Behavior.
ACCOMPLISHMENT HIGHLIGHTS
Browsers must periodically download revocation information from CAs, or else the efforts on behalf of website administrators would be wasted. Unfortunately, browser developers are reluctant to do this, as it consumes bandwidth and potentially increases page load times. We have developed techniques for more efficiently disseminating revocation information. Included in our design is a novel data structure we call an In-n-Out Bloom Filter, which yields extremely compact representations of all certificates on the web. Our results show that we are able to represent all 8.7M certificate revocations and roughly 30M revocations in total in approximately 8MB — roughly 8 bits per revocation. By comparison, Google's CRLSet uses 100 bits per revocation, and Mozilla's OneCRL uses 1990 bits per revocation. This work demonstrates that it is now worthwhile to reinvestigate the trade-offs of complete and universal delivery of revocation information.
We have submitted this work to IEEE Security & Privacy 2017.
A fundamental building block of online communication is the Domain Name Service (DNS), which maps between human-understandable domain names (like cs.umd.edu) and Internet-routable IP addresses (128.8.127.30). If this mapping is not delivered with integrity, then attackers can compromise communication at its onset. DNSSEC seeks to add integrity and authenticity to DNS through an in-band PKI. We have begun studying this PKI by collecting data on key announcements for the most popular websites. This work is still somewhat formative, but already we have identified odd key management behavior among popular websites, indicating that the DNSSEC PKI, like the web, is subject to buggy management strategies.
COMMUNITY INTERACTION
This quarter, Levin presented the results to groups of graduate students at UMD. Levin also presented results to international collaborators in Amman, Jordan: at the University of Jordan, Princess Sumaya University for Technology, and the Hashemite University.
At ACM IMC 2016, we presented our work demonstrating why almost 88% of SSL/TLS certificates advertised over the past three years are invalid. Our data and code for this study are publicly available on our project website, https://securepki.org
At ACM CCS 2016, we presented our work that reveals that key sharing is pervasive on the web, and the potential ramifications of this dangerous trend. We are preparing our data and code for public release.