More Web Proxy on the site http://driver.im/

research-article

Tracing your roots: exploring the TLS trust anchor ecosystem

Authors:

Zakir Durumeric,

Michael BaileyAuthors Info & Claims

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

Pages 179 - 194

https://doi.org/10.1145/3487552.3487813

Published: 02 November 2021 Publication History

Abstract

Secure TLS server authentication depends on reliable trust anchors. The fault intolerant design of today's system---where a single compromised trust anchor can impersonate nearly all web entities---necessitates the careful assessment of each trust anchor found in a root store. In this work, we present a first look at the root store ecosystem that underlies the accelerating deployment of TLS. Our broad collection of TLS user agents, libraries, and operating systems reveals a surprisingly condensed root store ecosystem, with nearly all user agents ultimately deriving their roots from one of three root programs: Apple, Microsoft, and NSS. This inverted pyramid structure further magnifies the importance of judicious root store management by these foundational root programs.

Our analysis of root store management presents evidence of NSS's relative operational agility, transparency, and rigorous inclusion policies. Unsurprisingly, all derivative root stores in our dataset (e.g., Linuxes, Android, NodeJS) draw their roots from NSS. Despite this solid footing, derivative root stores display lax update routines and often customize their root stores in questionable ways. By scrutinizing these practices, we highlight two fundamental obstacles to existing NSS-derived root stores: rigid on-or-off trust and multi-purpose root stores. Taken together, our study highlights the concentration of root store trust in TLS server authentication, exposes questionable root management practices, and proposes improvements for future TLS root stores.

References

[1]

[n.d.]. About the security partial trust allow list. https://support.apple.com/en-gb/HT204938.

[2]

[n.d.]. Add 2 new SECOM root certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=1313982.

[3]

[n.d.]. Add Asseco DS / Certum root certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=1598577.

[4]

[n.d.]. Add Autoridad de Certificacion Raiz del Estado Venezolano root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1302431.

[5]

[n.d.]. Add CA Root certificate (Brazil's National PKI). https://bugzilla.mozilla.org/show_bug.cgi?id=438825.

[6]

[n.d.]. Add Chunghwa Telecom's HiPKI Root CA -G1 Certificate to NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=1563417.

[7]

[n.d.]. Add Cisco Root CA Cert. https://bugzilla.mozilla.org/show_bug.cgi?id=416842.

[8]

[n.d.]. Add D-TRUST Root CA 3 2013 to NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=1348132.

[9]

[n.d.]. Add DigiCert non-TLS Intermediate Certs to OneCRL. https://bugzilla.mozilla.org/show_bug.cgi?id=1404501.

[10]

[n.d.]. Add Digidentity Service Root Certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1558450.

[11]

[n.d.]. Add e-commerce monitoring's GLOBALTRUST 2020 root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1627552.

[12]

[n.d.]. Add "Fina Root CA" root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1449941.

[13]

[n.d.]. add Finnish Population Register Centre's Root CA Certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=463989.

[14]

[n.d.]. Add GLOBALTRUST 2015 root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1440271.

[15]

[n.d.]. Add MOI GPKI Root CA certificate(s). https://bugzilla.mozilla.org/show_bug.cgi?id=1226100.

[16]

[n.d.]. Add MULTICERT Root Certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1040072.

[17]

[n.d.]. Add OATI's Root CA Certificate to Mozilla's trusted root list. https://bugzilla.mozilla.org/show_bug.cgi?id=848766.

[18]

[n.d.]. Add PostSignum root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=643398.

[19]

[n.d.]. Add PostSignum Root QCA 4 to Root Store. https://bugzilla.mozilla.org/show_bug.cgi?id=1602415.

[20]

[n.d.]. Add Renewed AC Camerfirma root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=986854.

[21]

[n.d.]. Add Renewed ACEDICOM root certificate(s). https://bugzilla.mozilla.org/show_bug.cgi?id=1239329.

[22]

[n.d.]. Add Symantec-brand Class 1 and Class 2 roots. https://bugzilla.mozilla.org/show_bug.cgi?id=833986.

[23]

[n.d.]. Add Telia CA root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1664161.

[24]

[n.d.]. Add TunRootCA2 root certificate(s). https://bugzilla.mozilla.org/show_bug.cgi?id=1233645.

[25]

[n.d.]. Add TunTrust Root CA root certificate. https://bugzilla.mozilla.org/show_bug.cgi?id=1587779.

[26]

[n.d.]. Android ca-certificates. https://android.googlesource.com/platform/system/ca-certificates.

[27]

[n.d.]. BearSSL. https://bearssl.org/.

[28]

[n.d.]. BoringSSL. https://boringssl.googlesource.com/boringssl/.

[29]

[n.d.]. Botan: Crypto and TLS for Modern C++. https://github.com/randombit/botan.

[30]

[n.d.]. Bouncy Castle. http://git.bouncycastle.org/index.html.

[31]

[n.d.]. ca-certificates: Removal of GeoTrust Global CA requires investigation. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962596.

[32]

[n.d.]. ca-certificates should remove Symantec certs. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289.

[33]

[n.d.]. CA/Additional Trust Changes. https://wiki.mozilla.org/CA/Additional_Trust_Changes.

[34]

[n.d.]. CA:Camerfirma Issues. https://wiki.mozilla.org/CA:Camerfirma_Issues.

[35]

[n.d.]. CAcert root cert inclusion into browser. https://bugzilla.mozilla.org/show_bug.cgi?id=215243.

[36]

[n.d.]. CA/Certinomis Issues. https://wiki.mozilla.org/CA/Certinomis_Issues.

[37]

[n.d.]. CA/Certinomis Issues. https://wiki.mozilla.org/CA/Certinomis_Issues.

[38]

[n.d.]. CA:PROCERT Issues. https://wiki.mozilla.org/CA:PROCERT_Issues.

[39]

[n.d.]. CA:Symantec Issues. https://wiki.mozilla.org/CA:Symantec_Issues.

[40]

[n.d.]. CA:WoSign Issues. https://wiki.mozilla.org/CA:WoSign_Issues.

[41]

[n.d.]. Chrome Root Program. https://www.chromium.org/Home/chromium-security/root-ca-policy.

[42]

[n.d.]. CNNIC Action Items. https://bugzilla.mozilla.org/show_bug.cgi?id=1177209.

[43]

[n.d.]. cryptlib. https://www.cs.auckland.ac.nz/~pgut001/cryptlib/.

[44]

[n.d.]. crypto: add deprecated ValiCert CA for cross cert. https://github.com/nodejs/node/pull/1135.

[45]

[n.d.]. Debian ca-certificates. https://salsa.debian.org/debian/ca-certificates.

[46]

[n.d.]. Docker hub: alpine. https://hub.docker.com/_/alpine/.

[47]

[n.d.]. Docker hub: amazonlinux. https://hub.docker.com/_/amazonlinux.

[48]

[n.d.]. Erlang OTP SSL. https://github.com/erlang/otp/tree/master/lib/ssl.

[49]

[n.d.]. GnuTLS. https://gitlab.com/gnutls/gnutls/blob/master/README.md.

[50]

[n.d.]. Google Groups: [email protected]. https://groups.google.com/a/mozilla.org/g/dev-security-policy.

[51]

[n.d.]. Google Groups: mozilla.dev.security.policy. https://groups.google.com/g/mozilla.dev.security.policy.

[52]

[n.d.]. Java SE CA Root Certificate Program. https://www.oracle.com/java/technologies/javase/carootcertsprogram.html.

[53]

[n.d.]. LibreSSL libtls. https://cvsweb.openbsd.org/src/lib/libtls/.

[54]

[n.d.]. MatrixSSL. https://github.com/matrixssl/matrixssl.

[55]

[n.d.]. Mbed TLS. https://github.com/ARMmbed/mbedtls.

[56]

[n.d.]. Microsec new (ECC) Root Inclusion Request. https://bugzilla.mozilla.org/show_bug.cgi?id=1445364.

[57]

[n.d.]. Mozilla CA/FAQ. https://wiki.mozilla.org/CA/FAQ.

[58]

[n.d.]. Network Security Services (NSS). https://hg.mozilla.org/projects/nss.

[59]

[n.d.]. NodeJS. https://github.com/nodejs/node.

[60]

[n.d.]. OkHttp. https://github.com/square/okhttp.

[61]

[n.d.]. OpenJDK. http://hg.openjdk.java.net/.

[62]

[n.d.]. OpenJDK source. https://github.com/openjdk/.

[63]

[n.d.]. OpenSSL. https://github.com/openssl/openssl.

[64]

[n.d.]. Removed CA Certificate List. https://ccadb-public.secure.force.com/mozilla/RemovedCACertificateReport.

[65]

[n.d.]. Review Request: ca-cacert.org - CAcert.org CA root certificates. https://bugzilla.redhat.com/show_bug.cgi?id=474549.

[66]

[n.d.]. Root certificates used by Opera. https://web.archive.org/web/20150207210358/http://www.opera.com/docs/ca/.

[67]

[n.d.]. RSA BSAFE. https://community.rsa.com/community/products/bsafe.

[68]

[n.d.]. s2n. https://github.com/awslabs/s2n.

[69]

[n.d.]. Secure Transport. https://opensource.apple.com/source/Security/.

[70]

[n.d.]. Secure Transport. https://developer.apple.com/documentation/security/secure_transport.

[71]

[n.d.]. Super-CAs. https://wiki.mozilla.org/CA/Subordinate_CA_Checklist#Super-CAs.

[72]

[n.d.]. Symantec root certs - Set CKA_NSS_SERVER_DISTRUST_AFTER. https://bugzilla.mozilla.org/show_bug.cgi?id=1618404.

[73]

[n.d.]. Ubuntu ca-certificates. https://launchpad.net/ubuntu/+source/ca-certificates.

[74]

[n.d.]. wolfSSL. https://github.com/wolfSSL/wolfssl.

[75]

2005. Apple Root Certificate Program. https://web.archive.org/web/20050503225244/http://www.apple.com/certificateauthority/ca_program.html.

[76]

2010. Windows root certificate program members. https://web.archive.org/web/20110728002957/http://support.microsoft.com/kb/931125.

[77]

2011. Security Update 2011-005. https://support.apple.com/kb/dl1447.

[78]

2015. The MCS Incident and Its Consequences for CNNIC. https://blog.mozilla.org/security/files/2015/04/CNNIC-MCS.pdf.

[79]

2018. Electron's chromium is trusting different CAs then Electron's NodeJS. https://github.com/electron/electron/issues/11741.

[80]

2018. Implement the Symantec distrust plan from Bug 1409257. https://hg.mozilla.org/mozreview/gecko/rev/f6c9341fde050d7079a8934636644aaf54bde922.

[81]

2018. Secure Channel. https://docs.microsoft.com/en-us/windows/win32/secauthn/secure-channel.

[82]

Heather Adkins. 2011. An update on attempted man-in-the-middle attacks. https://security.googleblog.com/2011/08/update-on-attempted-man-in-middle.html.

[83]

Bernhard Amann, Robin Sommer, Matthias Vallentin, and Seth Hall. 2013. No attack necessary: The surprising dynamics of SSL trust relationships. In 29th Annual Computer Security Applications Conference.

Digital Library

[84]

Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek Mittal. 2018. Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security).

[85]

Johannes Braun and Gregor Rynkowski. 2013. The potential of an individualized set of trusted CAs: Defending against CA failures in the Web PKI. In International Conference on Social Computing. IEEE.

Digital Library

[86]

Taejoong Chung, Yabing Liu, David Choffnes, Dave Levin, Bruce MacDowell Maggs, Alan Mislove, and Christo Wilson. 2016. Measuring and applying invalid SSL certificates: the silent majority. In 16th ACM Internet Measurement Conference.

Digital Library

[87]

Jeremy Clark and Paul C Van Oorschot. 2013. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In 34th IEEE Symposium on Security and Privacy.

Digital Library

[88]

Jon Douglas. [n.d.]. Incident: NuGet Restore Issues on Debian Family Linux Distros. https://github.com/NuGet/Announcements/issues/49.

[89]

Zakir Durumeric, James Kasten, Michael Bailey, and J Alex Halderman. 2013. Analysis of the HTTPS certificate ecosystem. In 13th ACM Internet Measurement Conference.

Digital Library

[90]

Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie Bursztein, Michael Bailey, J. Alex Halderman, and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In Network & Distributed System Security Symposium (NDSS '17).

[91]

Jens Hiller, Johanna Amann, and Oliver Hohlfeld. 2020. The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures. In 27th ACM Conference on Computer and Communications Security.

Digital Library

[92]

Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL Landscape: A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements. In 11th ACM Internet Measurement Conference.

Digital Library

[93]

James Kasten, Eric Wustrow, and J Alex Halderman. 2013. CAge: Taming certificate authorities by inferring restricted scopes. In International Conference on Financial Cryptography and Data Security.

[94]

Jeff Kline, Paul Barford, Aaron Cahn, and Joel Sommers. 2017. On the structure and characteristics of user agent string. In 17th Internet Measurement Conference.

Digital Library

[95]

Nikita Korzhitskii and Niklas Carlsson. 2020. Characterizing the Root Landscape of Certificate Transparency Logs. In IFIP Networking Conference (Networking).

[96]

Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J Alex Halderman, and Michael Bailey. 2018. Tracking certificate misissuance in the wild. In 39th IEEE Symposium on Security and Privacy.

[97]

Ben Laurie, Adam Langley, and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https://rfc-editor.org/rfc/rfc6962.txt

[98]

Zane Ma, Joshua Mason, Manos Antonakakis, Zakir Durumeric, and Michael Bailey. 2021. What's in a Name? Exploring CA Certificate Control. In 30th USENIX Security Symposium (USENIX Security '21).

[99]

Mozilla. [n.d.]. Common CA Database. https://www.ccadb.org/.

[100]

Mozilla. [n.d.]. WoSign and StartCom. https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/edit.

[101]

Johnathan Nightingale. 2011. DigiNotar Removal Follow Up. https://blog.mozilla.org/security/2011/09/02/diginotar-removal-follow-up/.

[102]

Johnathan Nightingale. 2011. Fraudulent ^*.google.com Certificate. https://blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certificate/.

[103]

Devin O'Brien, Ryan Sleevi, and Andrew Whalley. [n.d.]. Chrome Plan to Distrust Symantec Certificates. https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html.

[104]

F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (2011), 2825--2830.

Digital Library

[105]

Henning Perl, Sascha Fahl, and Matthew Smith. 2014. You won't be needing these any more: On removing unused certificates from trust stores. In International Conference on Financial Cryptography and Data Security.

[106]

Ryan Sleevi. [n.d.]. Announcing the Chrome Root Program. https://groups.google.com/g/mozilla.dev.security.policy/c/3Q36J4flnQs/m/VyWFiVwrBQAJ.

[107]

Rob Stradling. [n.d.]. authroot.stl. https://github.com/robstradling/authroot.stl.

[108]

Wayne Thayer. [n.d.]. DarkMatter Concerns. https://groups.google.com/g/mozilla.dev.security.policy/c/nnLVNfqgz7g/m/TseYqDzaDAAJ.

[109]

Narseo Vallina-Rodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver, and Vern Paxson. 2014. A Tangled Mass: The Android Root Certificate Stores. In 10th ACM Conference on emerging Networking Experiments and Technologies.

Digital Library

[110]

Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2016. Towards a complete view of the certificate ecosystem. In 16th ACM Internet Measurement Conference.

Digital Library

[111]

Louis Waked, Mohammad Mannan, and Amr Youssef. 2018. To intercept or not to intercept: Analyzing TLS interception in network appliances. In Asia Conference on Computer and Communications Security.

Digital Library

[112]

Ben Wilson. [n.d.]. Quantifying the Value of Adding a New CA. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/LT_5efOFsSU.

[113]

Kathleen Wilson. 2016. https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/.

Cited By

Zhang CAn CYu TZheng ZWang J(2024)Investigate and Improve the Certificate Revocation in Web PKINOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575605(1-5)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575605
Dong HShu HPrakash VZhang YParacha MChoffnes DTorres-Arias SHuang DSun YMontpetit MLeivadeas AUhlig SJaved M(2023)Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the WildProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624815(457-477)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624815
Farhan SChung T(2023)Exploring the Evolution of TLS CertificatesPassive and Active Measurement10.1007/978-3-031-28486-1_4(71-84)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_4
Show More Cited By

Tracing your roots: exploring the TLS trust anchor ecosystem
1. Security and privacy
  1. Systems security

Recommendations

Formulas for roots of L-functions of the airy exponential sums

We study the L-function of the Airy exponential sum associated to the polynomial f(X)=Xd+X using Dwork's dual theory on cohomology level. We get explicit formulas for all the roots of the L-function in the ordinary case in terms of p-adic GKZ-...
Computing the Roots of Complex Orthogonal and Kernel Polynomials

A method is presented to compute the roots of complex orthogonal and kernel polynomials. An important application of complex kernel polynomials is the acceleration of iterative methods for the solution of nonsymmetric linear equations.In the real case, ...
Roots of Polynomials Expressed in Terms of Orthogonal Polynomials

A technique is presented for determining the roots of a polynomial $p(x)$ that is expressed in terms of an expansion in orthogonal polynomials. The roots are expressed as the eigenvalues of a nonstandard companion matrix $B_n$ whose coefficients depend ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '21: Proceedings of the 21st ACM Internet Measurement Conference

November 2021

768 pages

ISBN:9781450391290

DOI:10.1145/3487552

General Chairs:
Dave Levin
University of Maryland
,
Alan Mislove
Northeastern University
,
Program Chairs:
Johanna Amann
International Computer Science Institute
,
Matthew Luckie
University of Waikato

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

IMC '21

Sponsor:

IMC '21: ACM Internet Measurement Conference

November 2 - 4, 2021

Virtual Event

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
442
Total Downloads

Downloads (Last 12 months)79
Downloads (Last 6 weeks)12

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang CAn CYu TZheng ZWang J(2024)Investigate and Improve the Certificate Revocation in Web PKINOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575605(1-5)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575605
Dong HShu HPrakash VZhang YParacha MChoffnes DTorres-Arias SHuang DSun YMontpetit MLeivadeas AUhlig SJaved M(2023)Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the WildProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624815(457-477)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624815
Farhan SChung T(2023)Exploring the Evolution of TLS CertificatesPassive and Active Measurement10.1007/978-3-031-28486-1_4(71-84)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_4
Bruhner CLinnarsson ONemec MArlitt MCarlsson N(2022)Changing of the Guards: Certificate and Public Key Management on the InternetPassive and Active Measurement10.1007/978-3-030-98785-5_3(50-80)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-030-98785-5_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents