Abstract
A properly managed public key infrastructure (PKI) is critical to ensure secure communication on the Internet. Surprisingly, some of the most important administrative steps---in particular, reissuing new X.509 certificates and revoking old ones---are manual and remained unstudied, largely because it is difficult to measure these manual processes at scale.
We use Heartbleed, a widespread OpenSSL vulnerability from 2014, as a natural experiment to determine whether administrators are properly managing their certificates. All domains affected by Heartbleed should have patched their software, revoked their old (possibly compromised) certificates, and reissued new ones, all as quickly as possible. We find the reality to be far from the ideal: over 73% of vulnerable certificates were not reissued and over 87% were not revoked three weeks after Heartbleed was disclosed. Our results also show a drastic decline in revocations on the weekends, even immediately following the Heartbleed announcement. These results are an important step in understanding the manual processes on which users rely for secure, authenticated communication.
- Alexa Top 1 Million Domains. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip.Google Scholar
- Botan SSL Library. http://botan.randombit.net.Google Scholar
- CERT Vulnerability Note VU#720951: OpenSSL TLS heartbeat extension read overflow discloses sensitive information. http://www.kb.cert.org/vuls/id/720951.Google Scholar
- Chung, T., Liu, Y., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., Wilson, C. Measuring and applying invalid SSL certificates: The silent majority. In ACM Internet Measurement Conference (IMC) (2016). Google ScholarDigital Library
- Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A. Analysis of the HTTPS certificate ecosystem. In ACM Internet Measurement Conference (IMC) (2013). Google ScholarDigital Library
- Durumeric, Z., Kasten, J., Li, F., Amann, J., Beekman, J., Payer, M., Weaver, N., Halderman, J.A., Paxson, V., Bailey, M. The matter of Heartbleed. In ACM Internet Measurement Conference (IMC) (2014). Google ScholarDigital Library
- Eastlake, D III. Transport Layer Security (TLS) Extensions: Extension Definitions, Jan. 2011. IETF RFC-6066.Google Scholar
- Grubb, B. Heartbleed disclosure timeline: who knew what and when, 2014. http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html.Google Scholar
- Holz, R., Braun, L., Kammenhuber, N., Carle, G. The SSL landscape -- A thorough analysis of the X.509 PKI using active and passive measurements. In ACM Internet Measurement Conference (IMC) (2011). Google ScholarDigital Library
- Huang, L.S., Rice, A., Ellingsen, E., Jackson, C. Analyzing forged SSL certificates in the wild. In IEEE Symposium on Security and Privacy (S&P) (2014). Google ScholarDigital Library
- Liu, Y., Tome, W., Zhang, L., Choffnes, D., Levin, D., Maggs, B.M., Mislove, A., Schulman, A., Wilson, C. An end-to-end measurement of certificate revocation in the web's PKI. In ACM Internet Measurement Conference (IMC) (2015). Google ScholarDigital Library
- Mac OS X 10.9.2 Root Certificates. http://support.apple.com/kb/HT6005.Google Scholar
- Mutton, P. Half a million widely trusted websites vulnerable to heartbleed bug, 2014. http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html.Google Scholar
- Nappa, A., Johnson, R., Bilge, L., Caballero, J., Dumitras, T. The attack of the clones: A study of the impact of shared code on vulnerability patching. In IEEE Symposium on Security and Privacy (S&P) (2015). Google ScholarDigital Library
- OpenSSL Project. https://www.openssl.org.Google Scholar
- Rapid7 SSL Certificate Scans. https://scans.io/study/sonar.ssl.Google Scholar
- Seggelmann, R., Tuexen, M., Williams, M. Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension, Feb. 2012. IETF RFC-6520.Google Scholar
- Sullivan, N. The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued, 2014. http://blog.cloudflare.com/the-heartbleed-aftermath-all-cloudflare-certificates-revoked-and-reissued.Google Scholar
- Sullivan, N. The Results of the CloudFlare Challenge, 2014. http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge.Google Scholar
- The GnuTLS Transport Layer Security Library. http://www.gnutls.org.Google Scholar
- Topalovic, E., Saeta, B., Huang, L.-S., Jackson, C., Boneh, D. Toward shortlived certificates. In Web 2.0 Security & Privacy (W2SP) (2012).Google Scholar
- Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S. When private keys are public: Results from the 2008 Debian OpenSSL vulnerability. In ACM Internet Measurement Conference (IMC) (2009). Google ScholarDigital Library
Index Terms
Analysis of SSL certificate reissues and revocations in the wake of heartbleed
Recommendations
Analysis of SSL certificate reissues and revocations in the wake of heartbleed
IMC '14: Proceedings of the 2014 Conference on Internet Measurement ConferenceCentral to the secure operation of a public key infrastructure (PKI) is the ability to revoke certificates. While much of users' security rests on this process taking place quickly, in practice, revocation typically requires a human to decide to reissue ...
Securing SSL Certificate Verification through Dynamic Linking
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityRecent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet's communications in doubt. Newly proposed SSL trust enhancements ...
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
SP '14: Proceedings of the 2014 IEEE Symposium on Security and PrivacyModern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network ...
Comments