Abstract
Transport Layer Security (TLS) and its predecessor, SSL, are important cryptographic protocol suites on the Internet. They both implement public key certificates and rely on a group of trusted certificate authorities (i.e., CAs) for peer authentication. Unfortunately, the most recent research reveals that, if any one of the pre-trusted CAs is compromised, fake certificates can be issued to intercept the corresponding SSL/TLS connections. This security vulnerability leads to catastrophic impacts on SSL/TLS-based HTTPS, which is the underlying protocol to provide secure web services for e-commerce, e-mails, etc. To address this problem, we design an attribute dependency-based detection mechanism, called SSLight. SSLight can expose fake certificates by checking whether the certificates contain some attribute dependencies rarely occurring in legitimate samples. We conduct extensive experiments to evaluate SSLight and successfully confirm that SSLight can detect the vast majority of fake certificates issued from any trusted CAs if they are compromised. As a real-world example, we also implement SSLight as a Firefox add-on and examine its capability of exposing existent fake certificates from DigiNotar and Comodo, both of which have made a giant impact around the world.
Highlights
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are built upon anX.509 public key infrastructure [1] and used as a base in important secure protocols and applications on the Internet, such as HTTPS, VPN and SMTPS
SSLight is implemented as a Firefox add-on and used to expose real-world fake certificates with a 100% accuracy
If we use the detection rate directly, we must focus on a subset of fake certificates and legitimate ones
Summary
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are built upon anX.509 public key infrastructure [1] and used as a base in important secure protocols and applications on the Internet, such as HTTPS, VPN and SMTPS. SSL/TLS employ end entity certificates to authenticate peer identities [2,3]. SSL/TLS employ the X.509 v3 certificate format to profile their X.509 certificates with necessary fields, called attributes, and corresponding usages [2]. These attributes can be classified into two groups, basic certificate attributes and certificate extension attributes [2], both of which are encoded following the ASN. distinguished encoding rules (DER) [16] in order to facilitate signature calculation. Two basic certificate attributes, Subject and Issuer , include several sub-fields defined in the X.500 specification [17]. Certificate extension attributes, on the other hand, associate additional information with the owner and for managing relationships between CAs [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
