Abstract |
The information shared over the Internet today is enormous, very personal and thus it
must be secured. Several studies have pointed out the simplicity of HTTP session hijacking
attacks and this stresses the fact that encrypted end to end communication is not a
necessity only for websites with economic transactions. HTTP over SSL (HTTPS) is evolving
and in 2017 it has reached the point where it is becoming the norm rather than the
exception. TLS protocol, the successor of SSL, has room for improvement and so do the
SSL/TLS certificates, which are used to secure and authenticate trusted entities.
An SSL or PKIX certificate binds a cryptographic key to a certain subject. It has a predefined
validity period, during which it is considered trusted unless it is revoked. To attest its
validity it is issued by a Certification Authority (CA), which is a trusted third party. One
certificate may secure one or many entities, under a validation process which is
performed by the CA. Moreover, to sign this information, the issuer uses a signature
algorithm, that is computed by the browser.
This thesis is a measurement study that aims to shed light on the ecosystem of SSL
certificates so that the reader can have an overall perspective on how they are adopted.
Initially we analyze their basic components and attempt to indicate correlations and
trends, and consequently, we discuss interesting cases within the data and possible
correlations of certificates with high traffic sites' maintenance and with known attacks.
To this end, Certificate Transparency's public data set, along with Alexa's top sites and
Hackmaggedon statistics on cyber attacks are used.
Additionally, the trust model around different aspects of the SSL certificates is closely
examined. First, after reviewing known weaknesses, we explore cases where certificates
were used as a mean to conceal rogue behavior and last we show where certification
authorities fail to correctly validate secured entities. Furthermore, this study focuses on
revocation to measure the trends around it and emphasizes the importance of revocation,
by demonstrating known cases of attacks, which were due to the negligence of status
checking. Additionally, since the main reason that revocation checking mechanisms fail is
due to the related protocols applied, we take a step further to analyze and compare
existing solutions and newly introduced promising protocols.
As a prime to future work, we contemplate whether the PKIX infrastructure is suitable to
support the vast network of the Internet of Things, which is comprised of embedded
devices with limited computational capabilities. SSL/TLS protocol proves to be
burdensome in its traditional state, so we discuss less demanding protocols and variations
tailored to their infrastructure
|