CAge: Taming Certificate Authorities by Inferring Restricted Scopes

Abstract. The existing HTTPS public-key infrastructure (PKI) uses a coarse-grained trust model: either a certificate authority (CA) is trusted by browsers to vouch for the identity of any domain or it is not trusted at all. More than 1200 root and intermediate CAs can currently sign certificates for any domain and be trusted by popular browsers. This violates the principle of least privilege and creates an excessively large attack surface, as highlighted by recent CA compromises. In this paper, we present CAge, a mechanism that browser makers can apply to drastically reduce the excessive trust placed in CAs without fundamentally altering the CA ecosystem or breaking existing practice. CAge works by imposing restrictions on the set of top-level domains (TLDs) under which each CA is trusted to sign certs. Our key observation, based on an Internet-wide survey of TLS certs, is that CAs commonly sign for sites in only a handful of TLDs. We show that it is possible to algorithmically infer reasonable restrictions on CAs ’ trusted scopes based on this behavior, and we present evidence that browser-enforced inferred scopes would be a durable and effective way to reduce the attack surface of the HTTPS PKI. We find that simple inference rules can reduce the attack surface by nearly a factor of ten without hindering 99 % of CA activity over a 6 month period.

Outlaw Community Innovations

Recent studies of outlaw communities provide qualitative evidence of their existence and the organisation of the underlying innovation processes. We provide descriptive results from a large scale survey of two online outlaw communities focussing on Microsoft's XBox. In line with previous findings, we identify two types of participants in outlaw communities - user innovators and adopters. Based on 2,256 responses, we find that users modify their XBox mainly to be able to increase the set of available functions of their XBox. Users are also motivated to modify their XBox for the sake of having fun and to conduct pirate behaviour. Finally, the results from our survey suggest that user innovators are largely intrinsically motivated by fun and the intellectual stimulation of writing code for homebrew software

Impact of distinct poxvirus infections on the specificities and functionalities of CD4+ T cell responses.

UNLABELLED: The factors that determine CD4+ T cell (TCD4+) specificities, functional capacity, and memory persistence in response to complex pathogens remain unclear. We explored these parameters in the C57BL/6 mouse through comparison of two highly related (\u3e92% homology) poxviruses: ectromelia virus (ECTV), a natural mouse pathogen, and vaccinia virus (VACV), a heterologous virus that nevertheless elicits potent immune responses. In addition to elucidating several previously unidentified major histocompatibility complex class II (MHC-II)-restricted epitopes, we observed many qualitative and quantitative differences between the TCD4+ repertoires, including responses not elicited by VACV despite complete sequence conservation. In addition, we observed functional heterogeneity between ECTV- and VACV-specific TCD4+ at both a global and individual epitope level, particularly greater expression of the cytolytic marker CD107a from TCD4+ following ECTV infection. Most striking were differences during the late memory phase where, in contrast to ECTV, VACV infection failed to elicit measurable epitope-specific TCD4+ as determined by intracellular cytokine staining. These findings illustrate the strong influence of epitope-extrinsic factors on TCD4+ responses and memory. IMPORTANCE: Much of our understanding concerning host-pathogen relationships in the context of poxvirus infections stems from studies of VACV in mice. However, VACV is not a natural mouse pathogen, and therefore, the relevance of results obtained using this model may be limited. Here, we explored the MHC class II-restricted TCD4+ repertoire induced by mousepox (ECTV) infection and the functional profile of the responding epitope-specific TCD4+, comparing these results to those induced by VACV infection under matched conditions. Despite a high degree of homology between the two viruses, we observed distinct specificity and functional profiles of TCD4+ responses at both acute and memory time points, with VACV-specific TCD4+ memory being notably compromised. These data offer insight into the impact of epitope-extrinsic factors on the resulting TCD4+ responses

Evidence of CD4+ T cell-mediated immune pressure on the Hepatitis C virus genome

Hepatitis C virus (HCV)-specific T cell responses are critical for immune control of infection. Viral adaptation to these responses, via mutations within regions of the virus targeted by CD8+ T cells, is associated with viral persistence. However, identifying viral adaptation to HCV-specific CD4+ T cell responses has been difficult although key to understanding anti-HCV immunity. In this context, HCV sequence and host genotype from a single source HCV genotype 1B cohort (n = 63) were analyzed to identify viral changes associated with specific human leucocyte antigen (HLA) class II alleles, as these variable host molecules determine the set of viral peptides presented to CD4+ T cells. Eight sites across the HCV genome were associated with HLA class II alleles implicated in infection outcome in this cohort (p ≤ 0.01; Fisher’s exact test). We extended this analysis to chronic HCV infection (n = 351) for the common genotypes 1A and 3A. Variation at 38 sites across the HCV genome were associated with specific HLA class II alleles with no overlap between genotypes, suggestive of genotype-specific T cell targets, which has important implications for vaccine design. Here we show evidence of HCV adaptation to HLA class II-restricted CD4+ T cell pressure across the HCV genome in chronic HCV infection without a priori knowledge of CD4+ T cell epitopes

Server notaries: A complementary approach to the web PKI trust model

Secure socket layer/transport layer security (TLS) is the de facto protocol for providing secure communications over the Internet. It relies on the web PKI model for authentication and secure key exchange. Despite its relatively successful past, the number of web PKI incidents observed have increased recently. These incidents revealed the risks of forged certificates issued by certificate authorities without the consent of the domain owners. Several solutions have been proposed to solve this problem but no solution has yet received widespread adoption due to complexity and deployability issues. In this study, the authors propose an effective solution for this problem that allows a TLS server to detect a certificate substitution attack against its domain across the Internet. The proposed solution is practical and allows a smooth and gradual transition. They also give a triangulation algorithm enabling the server to find out the origin of the attack. They conducted simulation experiments using real-world BGP data and showed that their proposal can be effective for detecting and locating attacks using relatively few vantage points over the Internet

(More) Side Channels in Cloud Storage

Part 4: Privacy and Transparency in the Age of Cloud ComputingInternational audiencePublic cloud storage services are gaining in popularity and several commercial actors are offering their services for users, however, not always with the security and privacy of their users as the primary design goal. This paper investigates side channels in public cloud storage services that allow the service provider, and in some cases users of the same service, to learn who has stored a given file and to profile users’ usage of the service. These side channels are present in several public cloud storage services that are marketed as secure and privacy-friendly. Our conclusions are that cross-user deduplication should be disabled by default and that public cloud storage services need to be designed to provide unlinkability of users and data, even if the data is encrypted by users before storing it in the cloud