What's in a Name? Exploring CA Certificate Control

TLS clients rely on a supporting PKI in which certificate authorities (CAs)—trusted organizations—validate and cryptographically attest to the identities of web servers. A client’s confidence that it is connecting to the right server depends entirely on the set of CAs that it trusts. However, as we demonstrate in this work, the identity specified in CA certificates is frequently inaccurate due to lax naming requirements, ownership changes, and long-lived certificates. This not only mud-dles client selection of trusted CAs, but also prevents PKI operators and researchers from correctly attributing CA certificate issues to CA organizations. To help Web PKI participants understand the organizations that control each CA certificate, we develop Fides, a system that models and clusters CA operational behavior in order to detect CA certificates under shared operational control. We label the clusters that Fides uncovers, and build a new database of CA ownership that corrects the CA operator for 241 CA certificates, and expands coverage to 651 new CA certificates, leading to a more complete picture of CA certificate control.

[1]  Oliver Hohlfeld,et al.  The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures , 2020, CCS.

[2]  Richard Roberts,et al.  When Certificate Transparency Is Too Transparent: Analyzing Information Leakage in HTTPS Domain Names , 2019, WPES@CCS.

[3]  Richard Roberts,et al.  You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates , 2019, CCS.

[4]  Vincent Drury,et al.  Certified Phishing: Taking a Look at Public Key Certificates of Phishing Websites , 2019, SOUPS @ USENIX Security Symposium.

[5]  Eric Wustrow,et al.  The use of TLS in Censorship Circumvention , 2019, NDSS.

[6]  Georg Carle,et al.  The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem , 2018, Internet Measurement Conference.

[7]  Deepak Kumar,et al.  Tracking Certificate Misissuance in the Wild , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[8]  Jennifer Rexford,et al.  Bamboozling Certificate Authorities with BGP , 2018, USENIX Security Symposium.

[9]  Narseo Vallina-Rodriguez,et al.  Studying TLS Usage in Android Apps , 2018, ANRW.

[10]  Nikolaos Pitropakis,et al.  Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse , 2017, CCS.

[11]  Ninghui Li,et al.  SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[12]  Angelos D. Keromytis,et al.  HVLearn: Automated Black-Box Analysis of Hostname Verification in SSL/TLS Implementations , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[13]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[14]  D. McGrew,et al.  Deciphering malware’s use of TLS (without decryption) , 2016, Journal of Computer Virology and Hacking Techniques.

[15]  J. Alex Halderman,et al.  Towards a Complete View of the Certificate Ecosystem , 2016, Internet Measurement Conference.

[16]  Bruce M. Maggs,et al.  Measuring and Applying Invalid SSL Certificates: The Silent Majority , 2016, Internet Measurement Conference.

[17]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[18]  Pavel Celeda,et al.  Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[19]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[20]  Vitaly Shmatikov,et al.  Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations , 2014, 2014 IEEE Symposium on Security and Privacy.

[21]  Yinglian Xie,et al.  Web PKI: Closing the Gap between Guidelines and Practices , 2014, NDSS.

[22]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[23]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[24]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[25]  Georg Carle,et al.  The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.

[26]  Sandra Pianalto Report of Independent Accountants , 2004 .