Article

Trustbase: an architecture to repair and strengthen certificate-based authentication

Authors:

Scott Heidbrink,

Jordan Whitehead,

Luke Dickinson,

Travis Hendershot,

Joshua Reynolds,

Daniel ZappalaAuthors Info & Claims

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

Pages 609 - 624

Published: 16 August 2017 Publication History

Abstract

The current state of certificate-based authentication is messy, with broken authentication in applications and proxies, along with serious flaws in the CA system. To solve these problems, we design TrustBase, an architecture that provides certificate-based authentication as an operating system service, with system administrator control over authentication policy. TrustBase transparently enforces best practices for certificate validation on all applications, while also providing a variety of authentication services to strengthen the CA system. We describe a research prototype of TrustBase for Linux, which uses a loadable kernel module to intercept traffic in the socket layer, then consults a userspace policy engine to evaluate certificate validity using a variety of plugins. We evaluate the security of TrustBase, including a threat analysis, application coverage, and hardening of the Linux prototype. We also describe prototypes of TrustBase for Android and Windows, illustrating the generality of our approach. We show that TrustBase has negligible overhead and universal compatibility with applications. We demonstrate its utility by describing eight authentication services that extend CA hardening to all applications.

References

[1]

ALICHERRY, M., AND KEROMYTIS, A. D. Doublecheck: Multipath verification against man-in-the-middle attacks. In Symposium on Computers and Communications (ISCC) (2009), IEEE, pp. 557- 563.

[2]

AMANN, B., VALLENTIN, M., HALL, S., AND SOMMER, R. Extracting certificates from live traffic: A near real-time SSL notary service. Tech. rep., TR-12-014, ICSI Nov. 2012, 2012.

[3]

AMANN, B., VALLENTIN, M., HALL, S., AND SOMMER, R. Revisiting SSL: A large-scale study of the internet's most trusted protocol. Tech. rep., TR-12-015, ICSI Dec. 2012, 2012.

[4]

BATES, A., PLETCHER, J., NICHOLS, T., HOLLEMBAEK, B., TIAN, D., BUTLER, K. R., AND ALKHELAIFI, A. Securing SSL certificate verification through dynamic linking. In Conference on Computer and Communications Security (CCS) (2014), ACM.

[5]

BRUBAKER, C., JANA, S., RAY, B., KHURSHID, S., AND SHMATIKOV, V. Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In Symposium on Security and Privacy (SP) (2014), IEEE.

[6]

CONTI, M., DRAGONI, N., AND GOTTARDO, S. MITHYS: Mind the hand you shake-protecting mobile devices from SSL usage vulnerabilities. In Security and Trust Management. Springer, 2013, pp. 65-81.

[7]

DE CARNAVALET, X. D. C., AND MANNAN, M. Killed by proxy: Analyzing client-end TLS interception software. In Network and Distributed System Security Symposium (NDSS) (2016), Internet Society.

[8]

DIERKS, T., AND RESCORLA, E. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008.

[9]

DURUMERIC, Z., ADRIAN, D., MIRIAN, A., KASTEN, J., BURSZTEIN, E., LIDZBORSKI, N., THOMAS, K., ERANTI, V., BAILEY, M., AND HALDERMAN, J. A. Neither snow nor rain nor MITM...: An empirical analysis of email delivery security. In Internet Measurement Conference (IMC) (2015), ACM.

[10]

DURUMERIC, Z., KASTEN, J., BAILEY, M., AND HALDERMAN, J. A. Analysis of the HTTPS certificate ecosystem. In Internet Measurement Conference (IMC) (2013), ACM.

[11]

DURUMERIC, Z., MA, Z., SPRINGALL, D., BARNES, R., SULLIVAN, N., BURSZTEIN, E., BAILEY, M., HALDERMAN, J. A., AND PAXSON, V. The security impact of HTTPS interception. In Network and Distributed System Security Symposium (NDSS) (2017), Internet Society.

[12]

ECKERSLEY, P., AND BURNS, J. An observatory for the SSLiverse. http://www:eff:org/files/DefconSSLiverse:pdf, 2010.

[13]

ECKERSLEY, P., AND BURNS, J. The (decentralized) SSL observatory. In USENIX Security Symposium (2011).

[14]

(EFF), E. F. F. The Sovereign Keys Project. http:/www:eff:org/sovereign-keys/, 2011.

[15]

ENGERT, K. MECAI - mutually endorsing CA infrastructure. http://kuix:de/mecai. Accessed: March 2013.

[16]

EVANS, C., AND PALMER, C. Certificate pinning extension for HSTS. http://tools:ietf:org/html/draft-evans-palmer-hsts-pinning-00. Accessed: 22 March, 2013.

[17]

FAHL, S., HARBACH, M., MUDERS, T., BAUMGÄRTNER, L., FREISLEBEN, B., AND SMITH, M. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Conference on Computer and Communications Security (CCS) (2012), ACM.

[18]

FAHL, S., HARBACH, M., PERL, H., KOETTER, M., AND SMITH, M. Rethinking SSL development in an appified world. In Conference on Computer Communications Security (CCS) (2013), ACM.

[19]

FOSTER, I. D., LARSON, J., MASICH, M., SNOEREN, A. C., SAVAGE, S., AND LEVCHENKO, K. Security by any other name: On the effectiveness of provider based email security. In Conference on Computer and Communications Security (CCS) (2015), ACM.

[20]

GEORGIEV, M., IYENGAR, S., JANA, S., ANUBHAI, R., BONEH, D., AND SHMATIKOV, V. The most dangerous code in the world: validating SSL certificates in non-browser software. In Conference on Computer and Communications Security (CCS) (2012), ACM.

[21]

HOFFMAN, P., AND SCHLYTER, J. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA, RFC 6698. https://datatracker:ietf:org/doc/rfc6698, 2012. Accessed: 24 Feb, 2014.

[22]

HOLZ, R., AMANN, J., MEHANI, O., WACHS, M., AND KAAFAR, M. A. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. In Network and Distributed System Security Symposium (NDSS) (2016), Internet Society.

[23]

HOLZ, R., RIEDMAIER, T., KAMMENHUBER, N., AND CARLE, G. X.509 forensics: Detecting and localising the SSL/TLS men-in-the-middle. In European Symposium on Research in Computer Security (ESORICS). Springer, 2012, pp. 217-234.

[24]

HUANG, L.-S., RICE, A., ELLINGSEN, E., AND JACKSON, C. Analyzing forged SSL certificates in the wild. In Symposium on Security and Privacy (SP) (2014), IEEE.

[25]

KEIZER, G. Hackers spied on 300,000 Iranians using fake Google certificate. http://www:computerworld:com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate:html. Accessed: 27 October, 2015.

[26]

KIM, T. H.-J., HUANG, L.-S., PERRING, A., JACKSON, C., AND GLIGOR, V. Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure. In International Conference on World Wide Web (WWW) (2013).

[27]

LAURIE, B., LANGLEY, A., AND KASPER, E. Certificate transparency, IETF RFC 6962. http://tools:ietf:org/html/rfc6962, Jun 2013.

[28]

LIGH, M. H., CASE, A., LEVY, J., AND WALTERS, A. The art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory. John Wiley & Sons, 2014.

[29]

LIU, Y., TOME, W., ZHANG, L., CHOFFNES, D., LEVIN, D., MAGGS, B., MISLOVE, A., SCHULMAN, A., AND WILSON, C. An end-to-end measurement of certificate revocation in the web's PKI. In Internet Measurement Conference (IMC) (2015), ACM.

[30]

MAASS, M., SALES, A., CHUNG, B., AND SUNSHINE, J. A systematic analysis of the science of sandboxing. PeerJ Computer Science 2 (2016), e43.

[31]

MARLINSPIKE, M. SSL and the future of authenticity. Black Hat USA (2011).

[32]

MARLINSPIKE, M., AND PERRIN, T. Trust assertions for certificate keys. http://tack:io/, 2013.

[33]

NYGREN, E. Reaching toward universal TLS SNI. https://blogs:akamai:com/2017/03/reaching-toward-universal-tls-sni:html. Accessed: 21 June, 2017.

[34]

O'NEILL, M., RUOTI, S., SEAMONS, K., AND ZAPPALA, D. TLS proxies: Friend or foe? In Internet Measurement Conference (IMC) (2016), ACM.

[35]

ONWUZURIKE, L., AND DE CRISTOFARO, E. Danger is my middle name: experimenting with SSL vulnerabilities in Android apps. In Conference on Security & Privacy in Wireless and Mobile Networks (WiSec) (2015), ACM.

[36]

PROVOS, N., FRIEDL, M., AND HONEYMAN, P. Preventing privilege escalation. In USENIX Security (2003), vol. 3.

[37]

RISTIC, I. Bulletproof SSL and TLS. Feisty Duck (2014).

[38]

ROETHLISBERGER, D. Sslsplit. https://www:roe:ch/SSLsplit. Accessed: 11 July, 2015.

[39]

RYAN, M. D. Enhanced certificate transparency and end-to-end encrypted mail. In Network and Distributed System Security Symposium (NDSS) (2014), Internet Society.

[40]

SOGHOIAN, C., AND STAMM, S. Certified lies: Detecting and defeating government interception attacks against SSL (short paper). In Financial Cryptography and Data Security. Springer, 2012, pp. 250-259.

[41]

WENDLANDT, D., ANDERSEN, D. G., AND PERRIG, A. Perspectives: Improving SSH-style host authentication with multi-path probing. In USENIX Annual Technical Conference (2008).

Cited By

Hiller JAmann JHohlfeld OLigatti JOu XKatz JVigna G(2020)The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key InfrastructuresProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3423345(1289-1306)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3423345
O'Neill MHeidbrink SWhitehead JPerdue TDickinson LCollett TBonner NSeamons KZappala DEnck WFelt A(2018)The secure socket APIProceedings of the 27th USENIX Conference on Security Symposium10.5555/3277203.3277264(799-816)Online publication date: 15-Aug-2018
https://dl.acm.org/doi/10.5555/3277203.3277264

Index Terms

Trustbase: an architecture to repair and strengthen certificate-based authentication
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...
A novel identity-based strong designated verifier signature scheme

Unlike ordinary digital signatures, a designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

August 2017

1479 pages

ISBN:9781931971409

Editors:
Engin Kirda
Northeastern University
,
Thomas Ristenpart
Cornell Tech

Sponsors

Google Inc.
IBMR: IBM Research
NSF
Facebook: Facebook
CISCO

Publisher

USENIX Association

United States

Publication History

Published: 16 August 2017

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hiller JAmann JHohlfeld OLigatti JOu XKatz JVigna G(2020)The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key InfrastructuresProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3423345(1289-1306)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3423345
O'Neill MHeidbrink SWhitehead JPerdue TDickinson LCollett TBonner NSeamons KZappala DEnck WFelt A(2018)The secure socket APIProceedings of the 27th USENIX Conference on Security Symposium10.5555/3277203.3277264(799-816)Online publication date: 15-Aug-2018
https://dl.acm.org/doi/10.5555/3277203.3277264

View Options

View options

Media

Figures

Other

Tables

View Table of Contents