Analysis of the HTTPS certificate ecosystem

Zakir Durumeric, James Kasten, Michael Bailey, J. Alex Halderman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem - the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, we gain detailed and temporally fine-grained visibility into this otherwise opaque area of security-critical infrastructure. We investigate the trust relationships among root authorities, intermediate authorities, and the leaf certificates used by web servers, ultimately identifying and classifying more than 1,800 entities that are able to issue certificates vouching for the identity of any website. We uncover practices that may put the security of the ecosystem at risk, and we identify frequent configuration problems that lead to user-facing errors and potential vulnerabilities. We conclude with lessons and recommendations to ensure the long-term health and security of the certificate ecosystem.

Original languageEnglish (US)
Title of host publicationIMC 2013 - Proceedings of the 13th ACM Internet Measurement Conference
Pages291-303
Number of pages13
DOIs
StatePublished - 2013
Externally publishedYes
Event13th ACM Internet Measurement Conference, IMC 2013 - Barcelona, Spain
Duration: Oct 23 2013Oct 25 2013

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other13th ACM Internet Measurement Conference, IMC 2013
CountrySpain
CityBarcelona
Period10/23/1310/25/13

Keywords

  • Certificates
  • HTTPS
  • Internet-wide scanning
  • Measurement
  • Public-key infrastructure
  • SSL
  • Security
  • TLS
  • X.509

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Analysis of the HTTPS certificate ecosystem'. Together they form a unique fingerprint.

Cite this