• DocumentCode
    153547
  • Title

    Analyzing Forged SSL Certificates in the Wild

  • Author

    Lin Shung Huang ; Rice, Alex ; Ellingsen, Erling ; Jackson, Collin

  • Author_Institution
    Carnegie Mellon Univ., Pittsburgh, PA, USA
  • fYear
    2014
  • fDate
    18-21 May 2014
  • Firstpage
    83
  • Lastpage
    97
  • Abstract
    The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.
  • Keywords
    certification; security of data; Facebook; SSL man-in-the-middle attack; antivirus software; corporate-scale content filters; encrypted connections; forged SSL certificate analysis; global Web site; secure socket layer; Browsers; Cryptography; Java; Protocols; Servers; Sockets; SSL; certificates; man-in-the-middle attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy (SP), 2014 IEEE Symposium on
  • Conference_Location
    San Jose, CA
  • ISSN
    1081-6011
  • Type

    conf

  • DOI
    10.1109/SP.2014.13
  • Filename
    6956558
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=153547