No Attack Necessary: The Surprising Dynamics of SSL Trust Relationships

Much of the Internet's end-to-end security relies on the SSL/TLS protocol alongwith its underlying X.509 certificate infrastructure. However, the systemremains quite brittle due to its liberal delegation of signing authority: asingle compromised certification authority undermines trust globally. Severalrecent high-profile incidents have demonstrated this shortcoming convincingly.Over time, the security community has proposed a number of counter measures toincrease the security of the certificate ecosystem; many of these effortsmonitor for what they consider tell-tale signs of man-in-the-middle attacks. Inthis work we set out to understand to which degree benign changes to thecertificate ecosystem shares structural properties with attacks, based on alarge-scale data set of more than 16 billion SSL sessions. We find that commonintuition falls short in assessing the maliciousness of an unknown certificate,since their typical artifacts routinely occur in benign contexts as well. Wealso discuss what impact our observations have on proposals aiming to improvethe security of the SSL ecosystem.


