TY - GEN
T1 - Tracing your roots
T2 - 21st ACM Internet Measurement Conference, IMC 2021
AU - Ma, Zane
AU - Austgen, James
AU - Mason, Joshua
AU - Durumeric, Zakir
AU - Bailey, Michael
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/11/2
Y1 - 2021/11/2
N2 - Secure TLS server authentication depends on reliable trust anchors. The fault intolerant design of today's system - -where a single compromised trust anchor can impersonate nearly all web entities - -necessitates the careful assessment of each trust anchor found in a root store. In this work, we present a first look at the root store ecosystem that underlies the accelerating deployment of TLS. Our broad collection of TLS user agents, libraries, and operating systems reveals a surprisingly condensed root store ecosystem, with nearly all user agents ultimately deriving their roots from one of three root programs: Apple, Microsoft, and NSS. This inverted pyramid structure further magnifies the importance of judicious root store management by these foundational root programs. Our analysis of root store management presents evidence of NSS's relative operational agility, transparency, and rigorous inclusion policies. Unsurprisingly, all derivative root stores in our dataset (e.g., Linuxes, Android, NodeJS) draw their roots from NSS. Despite this solid footing, derivative root stores display lax update routines and often customize their root stores in questionable ways. By scrutinizing these practices, we highlight two fundamental obstacles to existing NSS-derived root stores: rigid on-or-off trust and multi-purpose root stores. Taken together, our study highlights the concentration of root store trust in TLS server authentication, exposes questionable root management practices, and proposes improvements for future TLS root stores.
AB - Secure TLS server authentication depends on reliable trust anchors. The fault intolerant design of today's system - -where a single compromised trust anchor can impersonate nearly all web entities - -necessitates the careful assessment of each trust anchor found in a root store. In this work, we present a first look at the root store ecosystem that underlies the accelerating deployment of TLS. Our broad collection of TLS user agents, libraries, and operating systems reveals a surprisingly condensed root store ecosystem, with nearly all user agents ultimately deriving their roots from one of three root programs: Apple, Microsoft, and NSS. This inverted pyramid structure further magnifies the importance of judicious root store management by these foundational root programs. Our analysis of root store management presents evidence of NSS's relative operational agility, transparency, and rigorous inclusion policies. Unsurprisingly, all derivative root stores in our dataset (e.g., Linuxes, Android, NodeJS) draw their roots from NSS. Despite this solid footing, derivative root stores display lax update routines and often customize their root stores in questionable ways. By scrutinizing these practices, we highlight two fundamental obstacles to existing NSS-derived root stores: rigid on-or-off trust and multi-purpose root stores. Taken together, our study highlights the concentration of root store trust in TLS server authentication, exposes questionable root management practices, and proposes improvements for future TLS root stores.
UR - http://www.scopus.com/inward/record.url?scp=85118621685&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85118621685&partnerID=8YFLogxK
U2 - 10.1145/3487552.3487813
DO - 10.1145/3487552.3487813
M3 - Conference contribution
AN - SCOPUS:85118621685
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 179
EP - 194
BT - IMC 2021 - Proceedings of the 2021 ACM Internet Measurement Conference
PB - Association for Computing Machinery
Y2 - 2 November 2021 through 4 November 2021
ER -