Extracting Certificates from Live Traffic: A Near Real Time SSL Notary Service
Title | Extracting Certificates from Live Traffic: A Near Real Time SSL Notary Service |
Publication Type | Technical Report |
Year of Publication | 2012 |
Authors | Amann, J., Vallentin M., Hall S., & Sommer R. |
Other Numbers | 3376 |
Abstract | Much of the Internet's end to end security relies on the SSL protocol along with its underlyingX.509 certificate infrastructure. However, the system remains quite brittle due to its liberaldelegation of signing authority: a single compromised certification authority undermines trustglobally. We present a novel notary service that helps clients to identify malicious certificates byproviding a third party perspective on what they should expect to receive from a server. Whilesimilar in spirit to existing efforts, such as Convergence and the EFF's SSL observatory, ournotary collects certificates passively from live upstream traffic at seven independent Internetsites. Our data set currently includes 330k certificates extracted from 5.5B SSL sessions over atime interval of 6 months. The notary offers a DNS based, near real time query interface to thepublic that is compatible to existing systems. We will maintain the notary as an ongoing serviceto the community and plan to include further data providers in the future to extend itscoverage. From a broader perspective, we also see our work as a case study on workingsuccessfully with network operators to provide researchers with real world data. |
Acknowledgment | This work was partially funded by the Deutscher Akademischer Austausch Dienst (DAAD) through a postdoctoral fellowship. |
URL | http://www.icsi.berkeley.edu/pubs/techreports/ICSI_TR-12-014.pdf |
Bibliographic Notes | ICSI Technical Report TR-12-014 |
Abbreviated Authors | J. Amann, M. Vallentin, S. Hall, and R. Sommer |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Technical Report |