Locally-Centralized Certificate Validation and its Application in Desktop Virtualization Systems

To validate a certificate, a user needs to install the certificate of the root certification authority (CA) and download the certificate revocation information (CRI). Although operating systems and browsers manage the certificate trust list (CTL) of publicly-trusted root CAs for global users, locally-trusted root CAs still play an important role and it is difficult for a user to manage its CTL properly by itself. Meanwhile, the CRI access is inefficient, sometimes even unavailable, and causes privacy leakage. We revisit these problems by analyzing the TLS sessions within an organization. To the best of our knowledge, we are the first to analyze CTL management and CRI access on the scale of medium-sized organizations. Based on the analysis, a locally-centralized design is proposed to manage the CTLs of all users by IT administrators and access the CRI services for all users, within an organization. We apply this design to desktop virtualization systems to demonstrate its applicability, and build vCertGuard with oVirt and KVM-QEMU. In vCertGuard, the CTLs of all virtual machines (VMs) are managed in the VM monitors (VMMs). In the CTL, the self-signed certificates of publicly-trusted root CAs are properly configured, while each locally-trusted certificate chain is specified one by one. vCertGuard accesses the CRI services for all VMs, and the downloaded CRI is cached and shared among VMs. Because most TLS servers are visited by multiple users of an organization, it reduces the cost of CRI access. Experimental results of the prototype system show that vCertGuard maintains the CTLs with a negligible overhead, and significantly improves the performance of CRI access.

[1]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .

[2]  Julien Freudiger,et al.  The Inconvenient Truth about Web Certificates , 2011, WEIS.

[3]  Yubin Xia,et al.  Deconstructing Xen , 2017, NDSS.

[4]  Bruce M. Maggs,et al.  Measuring and Applying Invalid SSL Certificates: The Silent Majority , 2016, Internet Measurement Conference.

[5]  Rajendra Patil,et al.  An Exhaustive Survey on Security Concerns and Solutions at Different Components of Virtualization , 2019, ACM Comput. Surv..

[6]  Vitaly Shmatikov,et al.  Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations , 2014, 2014 IEEE Symposium on Security and Privacy.

[7]  Kevin R. B. Butler,et al.  Securing SSL Certificate Verification through Dynamic Linking , 2014, CCS.

[8]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[9]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[10]  Ramaswamy Chandramouli Security Recommendations for Hypervisor Deployment , 2014 .

[11]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[12]  Qi Zhang,et al.  Tenants Attested Trusted Cloud Service , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[13]  Mohammad Mannan,et al.  Killed by Proxy: Analyzing Client-end TLS Interce , 2016, NDSS.

[14]  Latifur Khan,et al.  SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps , 2014, NDSS.

[15]  Kent E. Seamons,et al.  Let's Revoke: Scalable Global Certificate Revocation , 2020, NDSS.

[16]  Yong Qi,et al.  TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud , 2014, J. Comput..

[17]  Matthew Smith,et al.  Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations , 2014, AsiaCCS.

[18]  Max Mühlhäuser,et al.  CA trust management for the Web PKI , 2014, J. Comput. Secur..

[19]  J. Alex Halderman,et al.  Towards a Complete View of the Certificate Ecosystem , 2016, Internet Measurement Conference.

[20]  Georg Carle,et al.  The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.

[21]  Jingqiang Lin,et al.  Elaphurus: Ensemble Defense Against Fraudulent Certificates in TLS , 2019, Inscrypt.

[22]  John S. Heidemann,et al.  Measuring the Latency and Pervasiveness of TLS Certificate Revocation , 2016, PAM.

[23]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[24]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[25]  Daniel Zappala,et al.  TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication , 2016, USENIX Security Symposium.

[26]  V. N. Venkatakrishnan,et al.  Vetting SSL Usage in Applications with SSLINT , 2015, 2015 IEEE Symposium on Security and Privacy.

[27]  Zhi Wang,et al.  Taming Hosted Hypervisors with (Mostly) Deprivileged Execution , 2013, NDSS.

[28]  Trent Jaeger,et al.  Seeding clouds with trust anchors , 2010, CCSW '10.

[29]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[30]  Matthew Smith,et al.  Rethinking SSL development in an appified world , 2013, CCS.

[31]  Adrian Perrig,et al.  PoliCert: Secure and Flexible TLS Certificate Management , 2014, CCS.

[32]  Curtis R. Taylor,et al.  Validating security protocols with cloud-based middleboxes , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[33]  Luke Austin Dickinson,et al.  Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation , 2018 .

[34]  Fengjun Li,et al.  Secure Cryptography Infrastructures in the Cloud , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[35]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[36]  Muhammad Rizwan Asghar,et al.  Certificate Revocation Guard (CRG): An Efficient Mechanism for Checking Certificate Revocation , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[37]  Zhi Wang,et al.  Isolating commodity hosted hypervisors with HyperLock , 2012, EuroSys '12.

[38]  Robin Sommer,et al.  No attack necessary: the surprising dynamics of SSL trust relationships , 2013, ACSAC.

[39]  David Cooper,et al.  Server-Based Certificate Validation Protocol (SCVP) , 2007, RFC.

[40]  Jiang Wang,et al.  Autonomic Recovery: HyperCheck: A Hardware-Assisted Integrity Monitor , 2013 .

[41]  Dan Boneh,et al.  The Case for Prefetching and Prevalidating TLS Server Certificates , 2012, NDSS.

[42]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[43]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[44]  Mohamed Ali Kâafar,et al.  TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication , 2015, NDSS.

[45]  Chris J. Mitchell,et al.  Installing Fake Root Keys in a PC , 2005, EuroPKI.

[46]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[47]  Bruce M. Maggs,et al.  CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[48]  Alec Wolman,et al.  Delusional boot: securing hypervisors without massive re-engineering , 2012, EuroSys '12.

[49]  Matthew Smith,et al.  You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores , 2014, Financial Cryptography.

[50]  Narseo Vallina-Rodriguez,et al.  A Tangled Mass: The Android Root Certificate Stores , 2014, CoNEXT.

[51]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[52]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[53]  Adrian Perrig,et al.  RITM: Revocation in the Middle , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[54]  ともやん KVM (Kernel-based Virtual Machine) - 仮想化 , 2009 .

[55]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[56]  Dave Levin,et al.  RevCast: Fast, Private Certificate Revocation over FM Radio , 2014, CCS.

[57]  Yeping He,et al.  HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data , 2013, 2013 IEEE Seventh International Conference on Software Security and Reliability Companion.

[58]  C. Jackson,et al.  Towards Short-Lived Certificates , 2012 .

[59]  Daniele Sgandurra,et al.  Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems , 2016, ACM Comput. Surv..

[60]  Donald Eastlake rd,et al.  Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[61]  Eric Wustrow,et al.  CAge: Taming Certificate Authorities by Inferring Restricted Scopes , 2013, Financial Cryptography.

[62]  Yulong Zhang,et al.  Improving Virtualization Security by Splitting Hypervisor into Smaller Components , 2012, DBSec.

[63]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[64]  Rusty Russell,et al.  virtio: towards a de-facto standard for virtual I/O devices , 2008, OPSR.

[65]  Kevin R. B. Butler,et al.  Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale , 2014, Internet Measurement Conference.

[66]  Edgar R. Weippl,et al.  "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS , 2017, USENIX Security Symposium.