Detecting and Defending Against Certificate Attacks with Origin-Bound CAPTCHAs
Published reports have highlighted various attacks on secure Public Key Infrastructure (PKI)-based SSL/TLS protocols. A well-known example of such an attack, that exploits a flaw in the Certificate Authority (CA) model of the PKI, is the compelled Man-in-the-Middle (MITM) attack, in which governments or affiliated agencies compel a CA to issue false but verifiable certificates for popular websites. These certificates are then used to hijack secure communication for censorship and surveillance purposes. Such attacks significantly undermine the confidentiality guarantees provided by SSL and the privacy of Internet users at large.
To address this issue, we present Origin-Bound CAPTCHAs (OBCs), which are dual CAPTCHA tests that elevate the difficulty of launching such attacks and make their deployment infeasible especially in cases of mass surveillance. An OBC is linked to the public key of the server and by solving the OBC, the client can use the certificate to authenticate the server and verify the confidentially of the link. Our design is distinguished from prior efforts in that it does not require bootstrapping but does require minor changes at the server side. We discuss the security provided by an OBC from the perspective of an adversary who employs a human work force and presents the findings from a controlled user study that evaluates tradeoffs in OBC design choices. We also evaluate a software prototype of this concept that demonstrates how OBCs can be implemented and deployed efficiently with 1.2-3x overhead when compared to a traditional TLS/SSL implementation.
KeywordsCompelled-certificate attacks Man-in-the-middle attacks CAPTCHAs
We would like to thank all the anonymous reviewers of the program committee for their valuable insights on the paper. This work was partially funded by the National Science Foundation (NSF) under Grant No. CNS-1514503. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NSF.
- 1.CertLock - SecureW2. https://www.securew2.com/products/certlock/
- 2.Securimage PHP Captcha. https://www.phpcaptcha.org/
- 3.Heise SSL Guardian: Protection against unsafe SSL certificates (2008). www.h-online.com/security/features/Heise-SSL-Guardian-746213.html
- 4.Comodo report of incident (2011). https://www.comodo.com/ComodoFraud-Incident-2011-03-23.html.
- 5.Google 2-Step Verification, September 2016. https://www.google.com/landing/2step/
- 6.Node.js, July 2016. https://www.nodejs.org/en/
- 7.Sites using CAPTCHAS, July 2016. https://wappalyzer.com/categories/captchas
- 9.Alicherry, M., Keromytis, A.D.: DoubleCheck: multi-path verification against man-in-the-middle attacks. In: IEEE Symposium on Computers and Communications, ISCC 2009, pp. 557–563. IEEE (2009)Google Scholar
- 10.Balfanz, D., Hamilton, R.: Transport layer security (TLS) channel IDs. IETF Draft (2013)Google Scholar
- 11.Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based CAPTCHAs. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014) (2014)Google Scholar
- 12.Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: IEEE Symposium on Security and Privacy, pp. 399–413 (2010)Google Scholar
- 13.Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C., Jurafsky, D.: Easy does it: more usable CAPTCHAs. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2637–2646. ACM (2014)Google Scholar
- 14.captchas.net: Free captcha-service. http://captchas.net/
- 15.Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. Presented as part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 317–331 (2012)Google Scholar
- 16.Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for HTTP. Technical report (2015)Google Scholar
- 19.Gao, S., Mohamed, M., Saxena, N., Zhang, C.: Emerging image game CAPTCHAs for resisting automated and human-solver relay attacks. In: Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC (2015)Google Scholar
- 20.Karapanos, N., Capkun, S.: On the effective prevention of TLS man-in-the-middle attacks in web applications. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 671–686 (2014)Google Scholar
- 21.Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 483–498 (2015)Google Scholar
- 22.Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 58–71. ACM (2007)Google Scholar
- 23.Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 679–690. ACM (2013)Google Scholar
- 26.Shultze, S.: Diginotar hack highlights critical failures of our SSL web security model, September 2011. https://freedom-to-tinker.com/blog/sjs/diginotar-hack-highlights-critical-failures-our-ssl-web-security-model
- 28.Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. arXiv preprint arXiv:1503.08768 (2015)
- 29.Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: Secure and flexible TLS certificate management. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 406–417. ACM (2014)Google Scholar
- 31.Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Technical Conference, vol. 200 (2008)Google Scholar