Article

Analyzing Forged SSL Certificates in the Wild

Authors:

Lin Shung Huang,

Alex Rice,

Erling Ellingsen,

Collin JacksonAuthors Info & Claims

SP '14: Proceedings of the 2014 IEEE Symposium on Security and Privacy

Pages 83 - 97

https://doi.org/10.1109/SP.2014.13

Published: 18 May 2014 Publication History

Abstract

The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.

Cited By

View all

Yoon JDo SKim DChung TPark KBagchi SZhang Y(2024)mmTLSProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692031(631-647)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692031
Boulila EDacier M(2023)WPAD: Waiting Patiently for an Announced DisasterACM Computing Surveys10.1145/356536155:10(1-29)Online publication date: 2-Feb-2023
https://dl.acm.org/doi/10.1145/3565361
Larisch JAqeel WLum MGoldschlag YKannan LTorshizi KWang YChung TLevin DMaggs BMislove AParno BWilson CYin HStavrou ACremers CShi E(2022)HammurabiProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560594(1857-1870)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560594
Show More Cited By

Recommendations

The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public-key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it ...
How Is the Forged Certificates in the Wild: Practice on Large-Scale SSL Usage Measurement and Analysis
Computational Science – ICCS 2018
Abstract
Forged certificate is a prominent issue in the real world deployment of SSL/TLS - the most widely used encryption protocols for Internet security, which is typically used in man-in-the-middle (MITM) attacks, proxies, anonymous or malicious ...
E-SSL: An SSL Security-Enhanced Method for Bypassing MITM Attacks in Mobile Internet
6th International Workshop on Structured Object-Oriented Formal Language and Method - Volume 10189

In mobile internet, the Secure Sockets Layer SSL validation vulnerabilities of applications can be easily exploited through SSL Man-in-the-Middle MITM attacks, which are difficult to defeat. In this paper, an SSL Security-Enhanced method E-SSL is ...

Comments

Information & Contributors

Information

Published In

SP '14: Proceedings of the 2014 IEEE Symposium on Security and Privacy

May 2014

694 pages

ISBN:9781479946860

Publisher

IEEE Computer Society

United States

Publication History

Published: 18 May 2014

Author Tag

SSL, certificates, man-in-the-middle attack

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

41
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yoon JDo SKim DChung TPark KBagchi SZhang Y(2024)mmTLSProceedings of the 2024 USENIX Conference on Usenix Annual Technical Conference10.5555/3691992.3692031(631-647)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.5555/3691992.3692031
Boulila EDacier M(2023)WPAD: Waiting Patiently for an Announced DisasterACM Computing Surveys10.1145/356536155:10(1-29)Online publication date: 2-Feb-2023
https://dl.acm.org/doi/10.1145/3565361
Larisch JAqeel WLum MGoldschlag YKannan LTorshizi KWang YChung TLevin DMaggs BMislove AParno BWilson CYin HStavrou ACremers CShi E(2022)HammurabiProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560594(1857-1870)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560594
Galanou AGregor FKapitza RFetzer CBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)MATEEProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3565239(121-134)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3565239
Wang KZheng YZhang QBai GQin MZhang DDong J(2022)Assessing certificate validation user interfaces of WPA supplicantsProceedings of the 28th Annual International Conference on Mobile Computing And Networking10.1145/3495243.3517026(501-513)Online publication date: 14-Oct-2022
https://dl.acm.org/doi/10.1145/3495243.3517026
Zhang YLiu BLu CLi ZDuan HLi JZhang ZKim YKim JVigna GShi E(2021)Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI EcosystemProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484768(1373-1387)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484768
Wang XEl-Said MKhazanchi DSiy HGrispos GKwaku Setor T(2020)DomainPKIProceedings of the 21st Annual Conference on Information Technology Education10.1145/3368308.3415401(419-425)Online publication date: 7-Oct-2020
https://dl.acm.org/doi/10.1145/3368308.3415401
Baek JKim JSusilo WSun HShieh SGu GAteniese G(2020)Inspecting TLS Anytime Anywhere: A New Approach to TLS InterceptionProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3372199(116-126)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3372199
(2019)A delegation token-based method to authenticate the third party in TLSInternational Journal of High Performance Computing and Networking10.5555/3319261.331926513:2(164-174)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.5555/3319261.3319265
Al-Dailami ARuan CBao ZZhang T(2019)QoS3Security and Communication Networks10.1155/2019/31075432019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/3107543
Show More Cited By

Abstract

Cited By

Recommendations

The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements

How Is the Forged Certificates in the Wild: Practice on Large-Scale SSL Usage Measurement and Analysis

E-SSL: An SSL Security-Enhanced Method for Bypassing MITM Attacks in Mobile Internet

Comments

Information

Published In

Publisher

Publication History

Author Tag

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations