论文信息 - CAge: Taming Certificate Authorities by Inferring Restricted Scopes

CAge: Taming Certificate Authorities by Inferring Restricted Scopes

The existing HTTPS public-key infrastructure (PKI) uses a coarse-grained trust model: either a certificate authority (CA) is trusted by browsers to vouch for the identity of any domain or it is not trusted at all. More than 1200 root and intermediate CAs can currently sign certificates for any domain and be trusted by popular browsers. This violates the principle of least privilege and creates an excessively large attack surface, as highlighted by recent CA compromises. In this paper, we present CAge, a mechanism that browser makers can apply to drastically reduce the excessive trust placed in CAs without fundamentally altering the CA ecosystem or breaking existing practice. CAge works by imposing restrictions on the set of top-level domains (TLDs) under which each CA is trusted to sign certs. Our key observation, based on an Internet-wide survey of TLS certs, is that CAs commonly sign for sites in only a handful of TLDs. We show that it is possible to algorithmically infer reasonable restrictions on CAs’ trusted scopes based on this behavior, and we present evidence that browser-enforced inferred scopes would be a durable and effective way to reduce the attack surface of the HTTPS PKI. We find that simple inference rules can reduce the attack surface by nearly a factor of ten without hindering 99% of CA activity over a 6 month period.

Eric Wustrow | J. Alex Halderman | James Kasten

[1] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.

[2] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[3] Eric Wustrow,et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.

[4] Angelos D. Keromytis,et al. DoubleCheck: Multi-path verification against man-in-the-middle attacks , 2009, 2009 IEEE Symposium on Computers and Communications.

[5] David Cooper,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[6] Ben Laurie. Certificate Transparency , 2014, ACM Queue.

[7] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[8] Adrian Perrig,et al. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[9] Joseph Bonneau,et al. What's in a Name? , 2020, Financial Cryptography.