Extracting Certificates from Live Traffic: A Near Real Time SSL Notary Service

TitleExtracting Certificates from Live Traffic: A Near Real Time SSL Notary Service
Publication TypeTechnical Report
Year of Publication2012
AuthorsAmann, J., Vallentin M., Hall S., & Sommer R.
Other Numbers3376

Much of the Internet's end to end security relies on the SSL protocol along with its underlyingX.509 certificate infrastructure. However, the system remains quite brittle due to its liberaldelegation of signing authority: a single compromised certification authority undermines trustglobally. We present a novel notary service that helps clients to identify malicious certificates byproviding a third party perspective on what they should expect to receive from a server. Whilesimilar in spirit to existing efforts, such as Convergence and the EFF's SSL observatory, ournotary collects certificates passively from live upstream traffic at seven independent Internetsites. Our data set currently includes 330k certificates extracted from 5.5B SSL sessions over atime interval of 6 months. The notary offers a DNS based, near real time query interface to thepublic that is compatible to existing systems. We will maintain the notary as an ongoing serviceto the community and plan to include further data providers in the future to extend itscoverage. From a broader perspective, we also see our work as a case study on workingsuccessfully with network operators to provide researchers with real world data.


This work was partially funded by the Deutscher Akademischer Austausch Dienst (DAAD) through a postdoctoral fellowship.

Bibliographic Notes

ICSI Technical Report TR-12-014

Abbreviated Authors

J. Amann, M. Vallentin, S. Hall, and R. Sommer

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report