research-article

Here's my cert, so trust me, maybe?: understanding TLS errors on the web

Authors:

Devdatta Akhawe,

Matthias Vallentin,

Robin SommerAuthors Info & Claims

WWW '13: Proceedings of the 22nd international conference on World Wide Web

Pages 59 - 70

https://doi.org/10.1145/2488388.2488395

Published: 13 May 2013 Publication History

Abstract

When browsers report TLS errors, they cannot distinguish between attacks and harmless server misconfigurations; hence they leave it to the user to decide whether continuing is safe. However, actual attacks remain rare. As a result, users quickly become used to "false positives" that deplete their attention span, making it unlikely that they will pay sufficient scrutiny when a real attack comes along. Consequently, browser vendors should aim to minimize the number of low-risk warnings they report. To guide that process, we perform a large-scale measurement study of common TLS warnings. Using a set of passive network monitors located at different sites, we identify the prevalence of warnings for a total population of about 300,000 users over a nine-month period. We identify low-risk scenarios that consume a large chunk of the user attention budget and make concrete recommendations to browser vendors that will help maintain user attention in high-risk situations. We study the impact on end users with a data set much larger in scale than the data sets used in previous TLS measurement studies. A key novelty of our approach involves the use of internal browser code instead of generic TLS libraries for analysis, providing more accurate and representative results.

References

[1]

Code Release. http://is.gd/pxe5e6.

[2]

Amann, J., Vallentin, M., Hall, S., and Sommer, R. Extracting Certificates from Live Traffic: A Near Real-Time SSL Notary Service. TR-12-014, ICSI Nov. 2012. http://is.gd/EMt2Kz.

[3]

Barth, A. X-Script-Origin, we hardly knew ye, Oct 2011. http://is.gd/PvWp5w.

[4]

Böhme, R., and Grossklags, J. The Security Cost of Cheap User Interaction. In Proc. of NSPW 2011

Digital Library

[5]

Chromium Authors. HSTS Preload and Certificate Pinning List. http://is.gd/1Hfvxe.

[6]

Convergence. http://www.convergence.io.

[7]

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and Polk, W. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile. RFC 5280, May 2008.

[8]

Dhamija, R., Tygar, J., and Hearst, M. Why Phishing Works. In Proc. of CHI 2006 pp. 581--590.

Digital Library

[9]

Dreger, H., Feldmann, A., Mai, M., Paxson, V., and Sommer, R. Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection. In Proc. of USENIX Security Symp. (2006).

Digital Library

[10]

Eastlake, D. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066 (Proposed Standard), Jan. 2011.

[11]

Egelman, S., Cranor, L. F., and Hong, J. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In CHI (2008).

Digital Library

[12]

The EFF SSL Observatory. https://www.eff.org/observatory.

[13]

Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgartner, L., and Freisleben, B. Why Eve and Mallory Love Android: An Analysis of Android SSL (In)security. In Proc. of CCS 2012 pp. 50--61.

Digital Library

[14]

Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In Proc. of SOUPS (2012).

Digital Library

[15]

Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., and Shmatikov, V. The most dangerous code in the world: validating SSL certificates in non-browser software. In Proc. of CCS 2012 pp. 38--49.

Digital Library

[16]

Hodges, J., Jackson, C., and Barth, A. Http strict transport security (hsts). RFC 6797 Nov. 2012.

[17]

Hoffman, P., and Schlyter, J. The DNS-Based Authentication of Named Entities (DANE): TLSA Protocol. RFC 6698, Aug. 2012.

[18]

Holz, R., Braun, L., Kammenhuber, N., and Carle, G. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In Proc. of IMC 2011.

Digital Library

[19]

Karlof, C., Tygar, J., and Wagner, D. Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication. In Proc. of 16th NDSS (February 2009).

Digital Library

[20]

Krosnick, J. Response strategies for coping with the cognitive demands of attitude measures in surveys. Applied cognitive psychology 5, 3 (1991), 213--236.

[21]

Langley, A. Revocation checking and Chrome's CRL. http://is.gd/2rg7SS, Feb. 2012.

[22]

Langley, A. SSL Interstitial Bypass Rates, Feb. 2012. http://is.gd/hPErbv

[23]

Laurie, B., Langley, A., and Kasper, E. Certificate Authority Transparency and Auditability. http://www.certificate-transparency.org/.

[24]

Leavitt, N. Internet security under attack: The undermining of digital certificates. Computer 44.

Digital Library

[25]

Lenstra, A., Hughes, J., Augier, M., Bos, J., Kleinjung, T., and Wachter, C. Ron was wrong, Whit is right. IACR eprint archive 64 (2012).

[26]

StartSSL Free. https://www.startssl.com.

[27]

MozillaWiki: Mobile Web Evangelism. https://wiki.mozilla.org/Mobile/Evangelism.

[28]

Motiee, S., Hawkey, K., and Beznosov, K. Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices. In Proc. of SOUPS (2010).

Digital Library

[29]

Mozilla Bugzilla. Bug 364667: Tolerate mismatch between certificate host and actual host if the difference is only "www.". https://bugzil.la/364667.

[30]

Mozilla Bugzilla. Bug 634074: Cannot validate valid certificate chain when looping/cross-signed certs are involved. https://bugzil.la/634074.

[31]

Mozilla Bugzilla. Bug 657228 -- Preload all known intermediate certificates for CAs in our root store. https://bugzil.la/657228.

[32]

Mozilla Bugzilla. Bug 806281: NSS doesn't use publicsuffix list. https://bugzil.la/806281.

[33]

Mozilla Bugzilla. Bug 808331: Intermediates Cached in Private Browsing Mode. https://bugzil.la/808331.

[34]

Mozilla Bugzilla. Tech Evangelism Bugs. http://is.gd/sqCtFm.

[35]

MozillaWiki: Maintaining Confidence in Root Certificates. http://is.gd/gnGt0M.

[36]

Network Security Services (NSS). https://www.mozilla.org/projects/security/pki/nss/.

[37]

Paxson, V. Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31

Digital Library

[38]

Public Suffix List. http://publicsuffix.org.

[39]

Rescorla, E. HTTP Over TLS. RFC 2818 (Informational), May 2000.

Digital Library

[40]

Saint-Andre, P., and Hodges, J. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security. RFC 6125, March 2011.

[41]

Santesson, S., and Hallam-Baker, P. Online Certificate Status Protocol Algorithm Agility. RFC 6277 (Proposed Standard), June 2011.

[42]

Soghoian, C., and Stamm, S. Certified lies: Detecting and defeating government interception attacks against ssl (short paper). Financial Cryptography and Data Security (2012), 250--259.

Digital Library

[43]

Sotirakopoulos, A., Hawkey, K., and Beznosov, K. On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings. In Proc. of SOUPS 2011 pp. 3:1--3:18.

Digital Library

[44]

Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., and Cranor, L. F. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proceedings of the 18th Usenix Security Symposium (2009).

Digital Library

[45]

EFF: The Sovereign Keys Project. https://www.eff.org/sovereign-keys.

[46]

Vratonjic, N., Freudiger, J., Bindschaedler, V., and Hubaux, J. The inconvenient truth about web certificates. In Proc. of WEIS (2011), 79--117.

[47]

Wendlandt, D., Andersen, D. G., and Perrig, A. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. USENIX ATC (2008).

Digital Library

[48]

Whalen, T., and Inkpen, K. Gathering evidence: use of visual security cues in web browsers. In Proc. of Graphics Interface 2005 (2005), pp. 137--144.

Digital Library

[49]

Wikipedia. Accuracy of Ranking by Alexa Toolbar.

Cited By

Luo MFeng BLu LKirda ERen K(2024)On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile BrowsersIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325586921:1(419-433)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3255869
Debnath NJain A(2024)A comprehensive survey on mobile browser security issues, challenges and solutionsInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347256(1-20)Online publication date: 29-Apr-2024
https://doi.org/10.1080/19393555.2024.2347256
Zineddine AChakir OSadqi YMaleh YSingh Gaba GGurtov ADev K(2024)A systematic review of cybersecurity assessment methods for HTTPSComputers and Electrical Engineering10.1016/j.compeleceng.2024.109137115:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109137
Show More Cited By

Index Terms

Here's my cert, so trust me, maybe?: understanding TLS errors on the web
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public-key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it ...
Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

HTTPS error warnings are supposed to alert browser users to network attacks. Unfortunately, a wide range of non-attack circumstances trigger hundreds of millions of spurious browser warnings per month. Spurious warnings frustrate users, hinder the ...
Hunting Malicious TLS Certificates with Deep Neural Networks
AISec '18: Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security

Encryption is widely used across the internet to secure communications and ensure that information cannot be intercepted and read by a third party. However, encryption also allows cybercriminals to hide their messages and carry out successful malware ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '13: Proceedings of the 22nd international conference on World Wide Web

May 2013

1628 pages

ISBN:9781450320351

DOI:10.1145/2488388

General Chairs:
Daniel Schwabe
PUC-Rio - Brazil
,
Virgílio Almeida
UFMG - Brazil
,
Hartmut Glaser
CGI.br - Brazil
,
Program Chairs:
Ricardo Baeza-Yates
Yahoo! Labs - Spain & Chile
,
Sue Moon
KAIST - South Korea

Copyright © 2013 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

NICBR: Nucleo de Informatcao e Coordenacao do Ponto BR
CGIBR: Comite Gestor da Internet no Brazil

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WWW '13

Sponsor:

NICBR
CGIBR

WWW '13: 22nd International World Wide Web Conference

May 13 - 17, 2013

Rio de Janeiro, Brazil

Acceptance Rates

WWW '13 Paper Acceptance Rate 125 of 831 submissions, 15%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
761
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Luo MFeng BLu LKirda ERen K(2024)On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile BrowsersIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325586921:1(419-433)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3255869
Debnath NJain A(2024)A comprehensive survey on mobile browser security issues, challenges and solutionsInformation Security Journal: A Global Perspective10.1080/19393555.2024.2347256(1-20)Online publication date: 29-Apr-2024
https://doi.org/10.1080/19393555.2024.2347256
Zineddine AChakir OSadqi YMaleh YSingh Gaba GGurtov ADev K(2024)A systematic review of cybersecurity assessment methods for HTTPSComputers and Electrical Engineering10.1016/j.compeleceng.2024.109137115:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109137
Sebastian G(2023)Privacy and Data Protection in ChatGPT and Other AI ChatbotsInternational Journal of Security and Privacy in Pervasive Computing10.4018/IJSPPC.32547515:1(1-14)Online publication date: 11-Jul-2023
https://doi.org/10.4018/IJSPPC.325475
Dong HShu HPrakash VZhang YParacha MChoffnes DTorres-Arias SHuang DSun YMontpetit MLeivadeas AUhlig SJaved M(2023)Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the WildProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624815(457-477)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624815
Khan SLuo FZhang ZUllah FAmin FQadri SHeyat MRuby RWang LUllah SLi MLeung VWu K(2023)A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger TechnologiesIEEE Communications Surveys & Tutorials10.1109/COMST.2023.332364025:4(2529-2568)Online publication date: Dec-2024
https://doi.org/10.1109/COMST.2023.3323640
Ukrop MBalážová MŽáčik PValčík EMatyas V(2022)Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation ErrorsProceedings of the 2022 European Symposium on Usable Security10.1145/3549015.3554296(131-144)Online publication date: 29-Sep-2022
https://dl.acm.org/doi/10.1145/3549015.3554296
Wang KZheng YZhang QBai GQin MZhang DDong J(2022)Assessing certificate validation user interfaces of WPA supplicantsProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3517026(501-513)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3517026
Li BLin JLi FWang QWang WLi QCheng GJing JWang C(2022)The Invisible Side of Certificate Transparency: Exploring the Reliability of Monitors in the WildIEEE/ACM Transactions on Networking10.1109/TNET.2021.312350730:2(749-765)Online publication date: Apr-2022
https://doi.org/10.1109/TNET.2021.3123507
Zurko M(2022)Disinformation and Reflections From Usable SecurityIEEE Security & Privacy10.1109/MSEC.2022.315940520:3(4-7)Online publication date: May-2022
https://doi.org/10.1109/MSEC.2022.3159405
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents