10.1145/2382196.2382204acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

The most dangerous code in the world: validating SSL certificates in non-browser software

Online:16 October 2012Publication History

ABSTRACT

SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established.

We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes Amazon's EC2 Java library and all cloud clients based on it; Amazon's and PayPal's merchant SDKs responsible for transmitting payment details from e-commerce sites to payment gateways; integrated shopping carts such as osCommerce, ZenCart, Ubercart, and PrestaShop; AdMob code used by mobile websites; Chase mobile banking and several other Android apps and libraries; Java Web-services middleware including Apache Axis, Axis 2, Codehaus XFire, and Pusher library for Android and all applications employing this middleware. Any SSL connection from any of these programs is insecure against a man-in-the-middle attack.

The root causes of these vulnerabilities are badly designed APIs of SSL implementations (such as JSSE, OpenSSL, and GnuTLS) and data-transport libraries (such as cURL) which present developers with a confusing array of settings and options. We analyze perils and pitfalls of SSL certificate validation in software based on these APIs and present our recommendations.

References

  1. https should check CN of x509 cert. https://issues.apache.org/jira/browse/HTTPCLIENT-613.Google ScholarGoogle Scholar
  2. D. Brumley and D. Boneh. Remote timing attacks are practical. In USENIX Security, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. S. Chen, Z. Mao, Y.-M. Wang, and M. Zhang. Pretty-Bad-Proxy: An overlooked adversary in browsers' HTTPS deployments. In S&P, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in Web applications: A reality today, a challenge tomorrow. In S&P, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Comodo report of incident. http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html, 2011.Google ScholarGoogle Scholar
  6. Diginotar issues dodgy SSL certificates for Google services after break-in. http://www.theinquirer.net/inquirer/news/2105321/ diginotar-issues-dodgy-ssl-certificates-google-services-break, 2011.Google ScholarGoogle Scholar
  7. P. Eckersley and J. Burns. An observatory for the SSLiverse. In DEFCON, 2010.Google ScholarGoogle Scholar
  8. C. Evans and C. Palmer. Certificate pinning extension for HSTS. http://www.ietf.org/mail-archive/web/websec/current/pdfnSTRd9kYcY.pdf, 2011.Google ScholarGoogle Scholar
  9. Fiddler - Web debugging proxy. http://fiddler2.com/fiddler2/.Google ScholarGoogle Scholar
  10. D. Kaminsky, M. Patterson, and L. Sassaman. PKI layer cake: new collision attacks against the global X.509 infrastructure. In FC, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Moxie Marlinspike. IE SSL vulnerability. http://www.thoughtcrime.org/ie-ssl-chain.txt, 2002.Google ScholarGoogle Scholar
  12. Moxie Marlinspike. Null prefix attacks against SSL/TLS certificates. http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf, 2009.Google ScholarGoogle Scholar
  13. Internet X.509 public key infrastructure certificate policy and certification practices framework. http://www.ietf.org/rfc/rfc2527.txt, 1999.Google ScholarGoogle Scholar
  14. HTTP over TLS. http://www.ietf.org/rfc/rfc2818.txt, 2000.Google ScholarGoogle Scholar
  15. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. http://tools.ietf.org/html/rfc5280, 2008.Google ScholarGoogle Scholar
  16. The Secure Sockets Layer (SSL) protocol version 3.0. http://tools.ietf.org/html/rfc6101, 2011.Google ScholarGoogle Scholar
  17. Representation and verification of domain-based application service identity within Internet public key infrastructure using X.509 (PKIX) certificates in the context of Transport Layer Security (TLS). http://tools.ietf.org/html/rfc6125, 2011.Google ScholarGoogle Scholar
  18. M. Stevens, A. Sotirov, J. Appelbaum, A. Lenstra, D. Molnar, D. Osvik, and B. Weger. Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In CRYPTO, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Q. Sun, D. Simon, Y.-M. Wang, W. Russell, V. Padmanabhan, and L. Qiu. Statistical identification of encrypted Web browsing traffic. In S&P, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. CVE-2009-4831. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4831, 2009.Google ScholarGoogle Scholar
  21. J. Viega and M. Messier. Secure Programming Cookbook for C and C++. O'Reilly Media, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. N. Vratonjic, J. Freudiger, V. Bindschaedler, and J.-P. Hubaux. The inconvenient truth about Web certificates. In WEIS, 2011.Google ScholarGoogle Scholar
  23. R. Wang, S. Chen, X. Wang, and S. Qadeer. How to shop for free online -- Security analysis of cashier-as-a-service based Web stores. In S&P, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. The most dangerous code in the world: validating SSL certificates in non-browser software

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!