Full Program »
No Attack Necessary: The Surprising Dynamics of SSL Trust Relationships
with its underlying X.509 certificate infrastructure. However, the system
remains quite brittle due to its liberal delegation of signing authority: a
single compromised certification authority undermines trust globally. Several
recent high-profile incidents have demonstrated this shortcoming convincingly.
Over time, the security community has proposed a number of counter measures to
increase the security of the certificate ecosystem; many of these efforts
monitor for what they consider tell-tale signs of man-in-the-middle attacks. In
this work we set out to understand to which degree benign changes to the
certificate ecosystem shares structural properties with attacks, based on a
large-scale data set of more than 16 billion SSL sessions. We find that common
intuition falls short in assessing the maliciousness of an unknown certificate,
since their typical artifacts routinely occur in benign contexts as well. We
also discuss what impact our observations have on proposals aiming to improve
the security of the SSL ecosystem.
Author(s):
Bernhard Amann
International Computer Science Institute
United States
Robin Sommer
International Computer Science Institute / Lawrence Berkeley National Laboratory
United States
Matthias Vallentin
UC Berkeley
United States
Seth Hall
International Computer Science Institute
United States