The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
PKI layer cake: new collision attacks against the global x.509 infrastructure
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Mining your Ps and Qs: detection of widespread weak keys in network devices
Security'12 Proceedings of the 21st USENIX conference on Security symposium
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
Analysis of the HTTPS certificate ecosystem
Proceedings of the 2013 conference on Internet measurement conference
| Hi-index | 0.00 |
Much of the Internet's end-to-end security relies on the SSL/TLS protocol along with its underlying X.509 certificate infrastructure. However, the system remains quite brittle due to its liberal delegation of signing authority: a single compromised certification authority undermines trust globally. Several recent high-profile incidents have demonstrated this shortcoming convincingly. Over time, the security community has proposed a number of counter measures to increase the security of the certificate ecosystem; many of these efforts monitor for what they consider tell-tale signs of man-in-the-middle attacks. In this work we set out to understand to which degree benign changes to the certificate ecosystem share structural properties with attacks, based on a large-scale data set of more than 17 billion SSL sessions. We find that common intuition falls short in assessing the maliciousness of an unknown certificate, since their typical artifacts routinely occur in benign contexts as well. We also discuss what impact our observations have on proposals aiming to improve the security of the SSL ecosystem.