Tracking certificate misissuance in the wild

Certificate Authorities (CAs) are responsible for delegating trust in the TLS Public Key Infrastructure (PKI). Unfortunately, there is a long history of CAs abusing this responsibility, either due to negligence or in some cases, falling victim to attacks. As a result, the PKI community has established standards that define the correctness of certificates and how a well managed CA should operate. In this work, we evaluate a systematic approach to identifying whether certificates issued by CAs are compliant with community standards. To this end, we present ZLint, a system that determines whether a certificate is not conformant to standards, i.e., misissued. We find that while misissuance has decreased over time, there is still a long tail of non-conformant CAs in the ecosystem. Further, our results show that certificate misissuance serves as a reasonable indicator for mismanagement and untrustworthiness, suggesting that CAs that misissue more frequently pose a greater threat to security of the PKI. Community efforts thus far to curb these threats have been moderately successful, but the lack of a systematic approach to identifying these problems lets some classes of problems slip through the cracks. We argue that an automated and systematic approach to measuring misissuance in the ecosystem is a necessary first step in solving the problems that lie ahead

Measuring the Effectiveness of Microsoft Authenticode: A Systematic Analysis of Signed Freeware

Recent studies have shown that Authenticode, the Windows code signing standard for portable executable files, can be abused by potentially unwanted programs (PUP) and malware to evade detection and bypass Windows protections. These studies discuss improper signature checks by frameworks (e.g., anti-virus programs), key mismanagement, improper verification by certificate authorities (CAs) and underground certificate trade as weaknesses that can be abused in Windows code signing public key infrastructure (PKI). We explore the Authenticode signatures of supposedly benign applications in the wild to gain a clearer understanding of this mechanism so that we can identify potential issues that can undermine trust in Authenticode. For studying the blackbox of the Authenticode, we tackle the main challenge of doing a measurement study on Authenticode, lack of a comprehensive corpus of Windows code signing certificates. As placing trust in the freeware that is downloaded from web is one significant use case of code signing, we target eight popular download portals as source of our dataset and collect 106K Windows applications. We present an analysis framework for studying code signing certificates and extract 27K certificates from signed executable applications. This framework provides a crawler for automated download of applications from download portals. Furthermore, as part of our analysis framework, we develop a linter that is specifically designed for Authenticode certificates. Both of our tools are in the process of release for public use of researchers. Our results identify issues in the code signing certificates that the Authenticode validation fails in preventing them. Usage of inadequately secure hash and public key algorithms such as MD5, SHA1 and 1024-bit RSA, missing or invalid Key Usage and Extended Key Usage, missing revocation information, non-critical Basic Constraints for CA certificates are examples of the issues that potentially undermine both integrity and authenticity assurance that Authenticode provides

The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201

A hard lesson: Assessing the HTTPS deployment of Italian university websites

In this paper we carry out a systematic analysis of the state of the HTTPS deployment of the most popular Italian university websites. Our analysis focuses on three different key aspects: HTTPS adoption and activation, HTTPS certificates, and cryptographic TLS implementations. Our investigation shows that the current state of the HTTPS deployment is unsatisfactory, yet it is possible to significantly improve the level of security by working exclusively at the web application layer. We hope this observation will encourage site operators to take actions to improve the current state of protection

Understanding the trust relationships of the web PKI

TLS and the applications it secures (e.g., email, online banking, social media) rely on the web PKI to provide authentication. Without strong authentication guarantees, a capable attacker can impersonate trusted network entities and undermine both data integrity and confidentiality. At its core, the web PKI succeeds as a global authentication system because of the scalability afforded by trust. Instead of requiring every network entity to directly authenticate every other network entity, network entities trust certification authorities (CAs) to perform authentication on their behalf. Prior work has extensively studied the TLS protocol and CA authentication of network entities (i.e., certificate issuance), but few have examined even the most foundational aspect of trust management and understood which CAs are trusted by which TLS user agents, and why. One major reason for this disparity is the opacity of trust management in two regards: difficult data access and poor specifications. It is relatively easy to acquire and test popular TLS client/server software and issued certificates. On the other hand, tracking trust policies/deployments and evaluating CA operations is less straightforward, but just as important for securing the web PKI. This dissertation is one of the first attempts to overcome trust management opacity. By observing new measurement perspectives and developing novel fingerprinting techniques, we discover the CAs that operate trust anchors, the default trust anchors that popular TLS user agents rely on, and a general class of injected trust anchors: TLS interceptors. This research not only facilitates new ecosystem visibility, it also provides an empirical grounding for trust management specification and evaluation. Furthermore, our findings point to many instances of questionable, and sometimes broken, security practices such as improperly identified CAs, inadvertent and overly permissive trust, and trivially exploitable injected trust. We argue that most of these issues stem from inadequate transparency, and that explicit mechanisms for linking trust anchors and root stores to their origins would help remedy these problems

Understanding of Adversary Behavior and Security Threats in Public Key Infrastructures

Public Key Infrastructure (PKI) is designed to guarantee the authenticity and integrity of digital assets such as messages, executable binaries, etc. In PKIs, there are two representative applications: 1) the Web PKI and 2) the Code-Signing PKI. 1) The Web PKI enables entities (e.g., clients and web service providers) to securely communicate over untrusted networks such as the Internet, and 2) the Code-Signing PKI helps protect clients from executing files of unknown origin. However, anecdotal evidence has indicated that adversaries compromised and abused the PKIs, which poses security threats to entities. For example, CAs have mis-issued digital certificates to adversaries due to their failed vetting processes. Moreover, private keys that are supposed to be securely kept were stolen by adversaries. Such mis-issued certificates or stolen private keys were used to launch impersonation attacks. In this regard, we need to have a sound understanding of such security threats and adversaries' behaviors in the PKIs to mitigate them and further to enhance the security of the PKIs. In this dissertation, we conduct a large-scale measurement study in the two representative applications---the Web PKI and the Code-Signing PKI---to better understand adversaries' behaviors and the potential security threats. First, in 1) the Web PKI, we mainly focus on phishing websites served with TLS certificates. From the measurement study, we observe that certificate authorities (CAs) often fail in their vetting process and mis-issue TLS certificates to adversaries (i.e., phishing attackers). Also, CAs rarely revoke their issued TLS certificates that have been compromised. Second, in 2) the Code-Signing PKI, we characterize the weaknesses of the three actors (i.e., CAs, software publishers, and clients) that adversaries can exploit to compromise the Code-Signing PKI. Moreover, we measure the effectiveness of the primary defense, revocation, against the Code-Signing PKI abuses. We find that erroneous revocations (e.g., wrong effective revocation date setting) can pose additional security threats to clients who execute binaries because the revocations become ineffective. Such security threats stem from an inherent challenge of setting an effective revocation date in the Code-Signing PKI and CAs' misunderstanding of the PKI. These findings help Anti-Virus companies and a CA fix their flaws

T3AB: Transparent and Trustworthy Third-party Authority using Blockchain

Increasingly, information systems rely on computational, storage, and network resources deployed in third-party facilities or are supported by service providers. Such an approach further exacerbates cybersecurity concerns constantly raised by numerous incidents of security and privacy attacks resulting in data leakage and identity theft, among others. These have in turn forced the creation of stricter security and privacy related regulations and have eroded the trust in cyberspace. In particular, security related services and infrastructures such as Certificate Authorities (CAs) that provide digital certificate service and Third-Party Authorities (TPAs) that provide cryptographic key services, are critical components for establishing trust in Internet enabled applications and services. To address such trust issues, various transparency frameworks and approaches have been recently proposed in the literature. In this paper, we propose a Transparent and Trustworthy TPA using Blockchain (T3AB) to provide transparency and accountability to the trusted third-party entities, such as honest-but-curious third-party IaaS servers, and coordinators in various privacy-preserving machine learning (PPML) approaches. T3AB employs the Ethereum blockchain as the underlying public ledger and also includes a novel smart contract to automate accountability with an incentive mechanism that motivates participants' to participate in auditing, and punishes unintentional or malicious behaviors. We implement T3AB, and show through experimental evaluation in the Ethereum official test network, Rinkeby, that the framework is efficient. We also formally show the security guarantee provided by T3AB, and analyze the privacy guarantee and trustworthiness it provides

Attributes and Dimensions of Trust in Secure Systems

What is it to be trusted? This is an important question as trust is increasingly placed in a system and the degree to which a system is trusted is increasingly being assessed. However, there are issues with how related terms are used. Many definitions focus on one attribute of trust (typically behaviour) preventing that definition from being used for other attributes (e.g., identity). This is confused further by conflating what trustors measure about a trustee and what conclusions a trustor reaches about a trustee. Therefore, in this paper we present definitions of measures (trustiness and trustworthiness) and conclusions (trusted and trustworthy). These definitions are general and do not refer to a specific attribute allowing them to be used with arbitrary attributes which are being assessed (e.g., identity, behaviour, limitation, execution, correctness, data, environment). In addition, in order to demonstrate the complexities of describing if a trustee is designated as trusted or trustworthy, a set of dimensions are defined to describe attributes (time, scale, proactive/reactive, strength, scope, source). Finally, an example system is classified using these attributes and their dimensions in order to highlight the complexities of describing a system as holistically trusted or trustworthy