Certificate Transparency in the Wild:Exploring the Reliability Of
Total Page:16
File Type:pdf, Size:1020Kb
Certificate Transparency in the Wild: Exploring the Reliability of Monitors Bingyu Li1;2;3, Jingqiang Lin1;2;3∗, Fengjun Li4, Qiongxiao Wang1;2, Qi Li5, Jiwu Jing6, Congli Wang1;2;3 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences 2. Data Assurance and Communication Security Center, Chinese Academy of Sciences 3. School of Cyber Security, University of Chinese Academy of Sciences 4. Department of Electrical Engineering and Computer Science, the University of Kansas, USA 5. Institute for Network Sciences and Cyberspace, Tsinghua University, China 6. School of Computer Science and Technology, University of Chinese Academy of Sciences {libingyu, linjingqiang}@iie.ac.cn, [email protected], [email protected], [email protected], [email protected], [email protected] ABSTRACT KEYWORDS To detect fraudulent TLS server certificates and improve the ac- Certificate Transparency; Trust Management countability of certification authorities (CAs), certificate transparen- cy (CT) is proposed to record certificates in publicly-visible logs, from which the monitors fetch all certificates and watch for suspi- ACM Reference Format: cious ones. However, if the monitors, either domain owners them- Bingyu Li, Jingqiang Lin, Fengjun Li, Qiongxiao Wang, Qi Li, Jiwu Jing, and selves or third-party services, fail to return a complete set of cer- Congli Wang. 2019. Certificate Transparency in the Wild: Exploring the tificates issued for a domain of interest, potentially fraudulent cer- Reliability of Monitors. In 2019 ACM SIGSAC Conference on Computer and tificates may not be detected and then the CT framework becomes Communications Security (CCS’19), November 11–15, 2019, London, United less reliable. This paper presents the first systematic study on CT Kingdom. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/ monitors. We analyze the data in 88 public logs and the services 3319535.3345653 of 5 active third-party monitors regarding 3,000,431 certificates of 6,000 selected Alexa Top-1M websites. We find that although CT 1 INTRODUCTION allows ordinary domain owners to act as monitors, it is impractical Traditional X.509 public key infrastructures (PKIs) assume trusted for them to perform reliable processing by themselves, due to the certification authorities (CAs) that are responsible for issuing cer- rapidly increasing volume of certificates in public logs (e.g., onav- tificates [14]. However, several security incidents indicate that ac- erage 5 million records or 28.29 GB daily for the minimal set of logs credited CAs may be compromised or deceived to issue fraudulent that need to be monitored). Moreover, our study discloses that (a) TLS server certificates [13, 19, 27, 38, 53, 75, 77, 79], which bind none of the third-party monitors guarantees to return the complete a domain name (e.g., www.facebook.com or www.gmail.com) to set of certificates for a domain, and(b) for some domains, even the a key pair held by man-in-the-middle (MitM) or impersonation union of the certificates returned by the five third-party monitors attackers, instead of the legitimate website. can probably be incomplete. As a result, the certificates accepted Several approaches attempt to tame the absolute authority of by CT-enabled browsers are not absolutely visible to the claimed CAs from different perspectives [22, 40, 43, 72, 76], but none of them domain owners, even when CT is adopted with well-functioning is widely deployed [6]. Certificate transparency (CT) is proposed logs. The risk of invisible fraudulent certificates in public logs raises to detect fraudulent certificates and improve the accountability of doubts on the reliability of CT in practice. CAs [28, 46]. It has been supported by browsers and TLS software, CCS CONCEPTS including Chrome [29], Apple platforms [8], Firefox [55], OpenSSL [59], Nginx [56], Microsoft AD Certificate Service and Azure Key • Security and privacy → Security services; Network secu- Vault [51]. rity. In the CT framework, a certificate is submitted to multiple public ∗Jingqiang Lin is the corresponding author. servers called logs by the CA that issues it or sometimes by the domain owner (or website) for which it is issued. In response, the log Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed generates a signed certificate timestamp (SCT). In TLS negotiations, for profit or commercial advantage and that copies bear this notice and the full citation the server certificate is delivered along with SCTs; otherwise, it will on the first page. Copyrights for components of this work owned by others than ACM be rejected by CT-enabled browsers. CT ensures that any certificate must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a acceptable to CT-enabled browsers is recorded in publicly-visible fee. Request permissions from [email protected]. logs, so that it is visible to monitors for further checks. CCS ’19, November 11–15, 2019, London, United Kingdom It is worth noting that CT does not prevent a CA from issuing © 2019 Association for Computing Machinery. ACM ISBN 978-1-4503-6747-9/19/11...$15.00 fraudulent certificates. CT logs only record all certificates submit- https://doi.org/10.1145/3319535.3345653 ted to them and sign the corresponding SCTs, without checking whether a certificate is issued with the domain owner’s authoriza- costly for an ordinary domain owner to act as the monitor by itself, tion. Hence, a fraudulent certificate is still acceptable to CT-enabled to fetch and process the rapidly increasing volume of certificates browsers after being submitted to the logs by the attacker (e.g., a (about 30 GB per day at least) in the public logs. compromised CA). So the CT framework relies on the monitors Moreover, our study of the third-party monitor services shows to retrieve all the certificates belonging to the inquired domain in that none of the third-party monitors guarantees to return the com- a timely and reliably means to assist the detection of fraudulent plete set of valid certificates recorded in the public logs for a domain. certificates. If a fraudulent certificate is missing in the search result We studied two groups of domains, one for the popular Alexa Top- returned to users, the attacker could exploit it to launch MitM or im- 1K websites and the other for less popular ones (5,000 domains personation attacks, without triggering any alert in CT. The longer randomly selected from Alexa Top-1M websites), and searched cer- the fraudulent certificates stay undetected in the system (orCT tificates for all these domains from 5 third-party monitors. Inboth logs), the more the damage they may cause to the PKI ecosystem. cases, none of the monitors returns the complete sets of certificates Thus, the quality of the search results provided by the CT monitors, for all the inquired domain names, which also supports our first especially the completeness of the results, affects the overall security finding that an ordinary domain owner is less capable of actingas enhancement by the CT framework. a monitor to process all records in the logs. The incompleteness of However, there is little study in the literature about the relia- the returned search results may cause some fraudulent certificates bility of the services provided by CT monitors. In practice, many in public logs to be invisible to the claimed domain owners and thus third-party monitors claim to reliably return all known, unexpired evade the detection, which makes the CT framework unreliable. certificates for a domain [24, 35, 63], but none of them provides To the best of our knowledge, this is the first work to analyze CT any mechanism about the completeness of the returned results. monitors in the wild. Existing studies on CT [6, 37, 58, 67, 70, 74] This work is among the first to study the reliability of CT mon- focus on the deployment of log servers and the adoption in websites itors. We expect a reliable monitor to return the complete set of or browsers. While providing different views of CT, these large-scale certificates for any inquired domain name. With the assistance of studies do not investigate the reliability of monitors in practice. Our such reliable monitors, a domain owner can quickly identify any study identifies challenges in the implementation of CT monitors suspicious certificates issued for its domain. However, this requires and discloses the vulnerabilities in third-party monitors. the monitor to monitor a large number of, if not all, public CT logs. In summary, the contributions of this paper are as follow: (a) We In practice, it needs to fetch all certificates at least in the default perform the first systematic study of the reliability of monitors for logs that are pre-included in CT-enabled browsers. Meanwhile, the the purpose of studying the effectiveness of CT. (b) We investigate monitor should process the fetched certificates properly to produce various types of log sets and find that each monitor can monitor a the correct answer for each inquiry in the certificate search services. minimal set of logs while ensuring the reliability. (c) We measure While the monitors are essential to CT, it remains unclear if the the reliability of all mainstream third-party monitors and evaluate monitors in the wild provide reliable services. A domain owner is the completeness of certificates returned by their certificate search allowed to act as a monitor to watch for certificates related to its services. (d) We analyze the possible causes of incomplete certificate domain name [28, 44].