Skip to main content
SpringerLink
Log in

CAge: Taming Certificate Authorities by Inferring Restricted Scopes

  • Conference paper
Financial Cryptography and Data Security (FC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7859))

Included in the following conference series:

Abstract

The existing HTTPS public-key infrastructure (PKI) uses a coarse-grained trust model: either a certificate authority (CA) is trusted by browsers to vouch for the identity of any domain or it is not trusted at all. More than 1200 root and intermediate CAs can currently sign certificates for any domain and be trusted by popular browsers. This violates the principle of least privilege and creates an excessively large attack surface, as highlighted by recent CA compromises. In this paper, we present CAge, a mechanism that browser makers can apply to drastically reduce the excessive trust placed in CAs without fundamentally altering the CA ecosystem or breaking existing practice. CAge works by imposing restrictions on the set of top-level domains (TLDs) under which each CA is trusted to sign certs. Our key observation, based on an Internet-wide survey of TLS certs, is that CAs commonly sign for sites in only a handful of TLDs. We show that it is possible to algorithmically infer reasonable restrictions on CAs’ trusted scopes based on this behavior, and we present evidence that browser-enforced inferred scopes would be a durable and effective way to reduce the attack surface of the HTTPS PKI. We find that simple inference rules can reduce the attack surface by nearly a factor of ten without hindering 99% of CA activity over a 6 month period.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gmail.com SSL MITM Attack by Iranian government (August 2011), http://pastebin.com/ff7Yg663

  2. Alicherry, M., Keromytis, A.D.: Doublecheck: Multi-path verification against man-in-the-middle attacks. In: ISCC, pp. 557–563. IEEE (2009)

    Google Scholar 

  3. Bhat, S.: Gmail users in Iran hit by MITM Attacks. Website (August 2011), http://techie-buzz.com/tech-news/gmail-iran-hit-mitm.html

  4. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard) (May 2008)

    Google Scholar 

  5. EFF. The EFF SSL Observatory, https://www.eff.org/observatory

  6. Evans, C.: New Chromium security features (June 2011), Website, http://blog.chromium.org/2011/06/new-chromium-security-features-june.html

  7. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: Detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, p. 35. USENIX Association, Berkeley (2012)

    Google Scholar 

  8. IANA. Top level domains, http://data.iana.org/TLD/tlds-alpha-by-domain.txt

  9. Loesch, C.: Certificate patrol. Website, http://patrol.psyced.org/

  10. Marlinspike, M.: SSL and the future of authenticity, BlackHat USA (August 2011)

    Google Scholar 

  11. Richmond, R.: Comodo fraud incident (March 2011), http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

  12. Soghoian, C., Stamm, S.: Certified lies: Detecting and defeating government interception attacks against SSL (short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: Improving SSH-style host authentication with multi-path probing. In: USENIX 2008 Annual Technical Conference, pp. 321–334. USENIX Association, Berkeley (2008)

    Google Scholar 

  14. Zusman, M.: Criminal charges are not pursued: Hacking PKI, DefCon 17 (August 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Michigan, USA

    James Kasten, Eric Wustrow & J. Alex Halderman

Authors
  1. James Kasten
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eric Wustrow
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. Alex Halderman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technische Universität Darmstadt, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kasten, J., Wustrow, E., Halderman, J.A. (2013). CAge: Taming Certificate Authorities by Inferring Restricted Scopes. In: Sadeghi, AR. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7859. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39884-1_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39884-1_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39883-4

  • Online ISBN: 978-3-642-39884-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation