measurement and analysis of private key sharing in the...
TRANSCRIPT
Measurement and Analysis of Private Key Sharing in
the HTTPS Ecosystem
Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson
How do we know with whom we are communicating?
How do we know with whom we are communicating?
Certificate
Public
Private
Certificate
CertificateAuthorities
Public
Private
Certificate
CertificateAuthorities
Public
Private
Certificate
Certificate
How do we know with whom we are communicating?
CertificateCertificate
How do we know with whom we are communicating?
CertificateCertificate
How do we know with whom we are communicating?
CertificateCertificate
TLS Handshake
How do we know with whom we are communicating?
CertificateCertificate
How do we know with whom we are communicating?
CertificateCertificate
How do we know with whom we are communicating?
CertificateCertificate
Authentication fundamentally assumes:
Only knows
How do we know with whom we are communicating?
The PKI in today’s web
Rare!
The PKI in today’s web
The PKI in today’s web
The PKI in today’s web
The PKI in today’s web
The PKI in today’s web
Third-party Hosting Providers
• Content delivery networks
• Web hosting services
• Cloud providers
Varying levels of involvement
But all trusted to deliver content
The PKI in today’s web
Certificate
The PKI in today’s web
Certificate
The PKI in today’s web
Certificate
The PKI in today’s web
Certificate
The PKI in today’s web
Certificate
The PKI in today’s web
Certificate
The PKI in today’s web
Third-party hosting providers know their customers’ private keys
Third-party hosting providers know their customers’ private keys
Authentication fundamentally assumes:Only knows
Example of key sharing
What’s wrong with sharing?
1. Complicates the trust model,users don’t know who they’re really trusting
2. Potential to create centralization of trust
3. Potential to create single point of failure (in terms of management)
This study
This study
How many websites share their private keys?
This study
How many keys have 3rd parties obtained?
How many websites share their private keys?
This study
How has this affected key management?
How many keys have 3rd parties obtained?
How many websites share their private keys?
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
DomainDomainDomainDomainCertificateIP Addr
DomainDomainDomainDomainCertificateIP Addr
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
IPv4 Scan DomainDomainDomainDomainCertificateIP Addr
DomainDomainDomainDomainCertificateIP Addr
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
DomainDomainDomainDomainCertificateIP Addr
DomainDomainDomainDomainCertificateIP Addr
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
DomainDomainDomainDomainCertificate
DomainDomainDomainDomainCertificateIP Addr
IP Addr
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
IPv4 Scan
DomainDomainDomainDomainCertificate
DomainDomainDomainDomainCertificateIP Addr
IP Addr
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
DomainDomainDomainDomainCertificate
DomainDomainDomainDomainCertificateIP Addr
IP Addr
How do we detect sharing at scale?
DomainDomainDomainDomainCertificate
DomainDomainDomainDomainCertificate IP Addr
IP Addr
Rapid7 weekly port 443 scans 2013-2015DATA
How do we detect sharing at scale?
DomainDomainDomainDomainCertificate
DomainDomainDomainDomainCertificate IP Addr
IP Addr
5.1 million valid leaf certificatesRapid7 weekly port 443 scans 2013-2015DATA
How do we detect sharing at scale?Rapid7 weekly port 443 scans 2013-2015DATA
Domain
Domain
Domain
Domain
Domain
IP Addr
IP Addr
5.1 million valid leaf certificates
How do we detect sharing at scale?
Domain
Domain
Domain
Domain
Domain
IP Addr
IP Addr
Does the same entity that owns the domain own and operate the server at that IP address?
How do we detect sharing at scale?
Domain
Domain
Domain
Domain
Domain
IP Addr
IP Addr
Reverse DNS
Does the same entity that owns the domain own and operate the server at that IP address?
Domain equivalence?
google.com google.co.uk
google.com youtube.com
nestle.com friskies.com
whitehouse.gov whitehouse.com
Domain names alone are not enough
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
whois RegistrantEmail:
AdminEmail:
TechEmail:
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
[email protected]@[email protected]
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
[email protected]@[email protected]
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
RegistrantEmail:
AdminEmail:
TechEmail:
whois
whois
[email protected]@[email protected]
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
Emails in whois records reflect administrative domain
[email protected]@[email protected]
Incorporating whois
google.com
google.co.uk
google.de
zagat.com
golang.org
Emails in whois records reflect administrative domain
whois
whois
[email protected]@[email protected]
Incorporating whois
google.com
google.co.uk
google.de
zagat.com
golang.org
Emails in whois records reflect administrative domain
RegistrantEmail:
AdminEmail:
TechEmail:
whois
whois
[email protected]@[email protected]
Incorporating whois
google.com
google.co.uk
google.de
zagat.com
golang.org
[email protected]@[email protected]
Incorporating whois
Emails in whois records reflect administrative domain
google.com
google.co.uk
google.de
zagat.com
golang.org
Incorporating whois
Domain Organization
Emails in whois records reflect administrative domain
How do we detect sharing at scale?
Domain
Domain
Domain
Domain
Domain
IP Addr
IP Addr
Does the same entity that owns the domain own and operate the server at that IP address?
Domain
Domain
Domain
How do we detect sharing at scale?
Domain
Domain Org
Domain Org
DomainDomain Org IP Addr
IP Addr
Does the same entity that owns the domain own and operate the server at that IP address?
Domain
Domain
Domain
How do we detect sharing at scale?
Domain
Domain Org
Domain Org
DomainDomain Org Host
Host
Does the same entity that owns the domain own and operate the server at that IP address?
Key sharing: domain org ≠ host org
Domain
Domain
Domain
How do we detect sharing at scale?
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
Does the same entity that owns the domain own and operate the server at that IP address?
Key sharing: domain org ≠ host org
Outline
How many keys have providers aggregated?
How does sharing impact key management?
How prevalent is key sharing?
How prevalent is key sharing?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
How prevalent is key sharing?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
How prevalent is key sharing?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Self-hosted
Key sharing
How prevalent is key sharing?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Self-hosted
Key sharing
How prevalent is key sharing?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Self-hosted
Key sharing
How prevalent is key sharing?
0
0.2
0.4
0.6
0.8
1
0 1 10 102 103 104 105
CD
F
Number of Third-Party Hosting Providers Used
Organizations
How prevalent is key sharing?
0
0.2
0.4
0.6
0.8
1
0 1 10 102 103 104 105
CD
F
Number of Third-Party Hosting Providers Used
Organizations
How prevalent is key sharing?
0
0.2
0.4
0.6
0.8
1
0 1 10 102 103 104 105
CD
F
Number of Third-Party Hosting Providers Used
Organizations23.5% Self-hosted
How prevalent is key sharing?
0
0.2
0.4
0.6
0.8
1
0 1 10 102 103 104 105
CD
F
Number of Third-Party Hosting Providers Used
Organizations23.5% Self-hosted
76.5%share
at least1 key
How prevalent is key sharing?
0
0.2
0.4
0.6
0.8
1
0 1 10 102 103 104 105
CD
F
Number of Third-Party Hosting Providers Used
Organizations23.5% Self-hosted
76.5%share
at least1 key
Who?
Who shares?
0
0.2
0.4
0.6
0.8
1
0 200k 400k 600k 800k 1M
Fra
cti
on
of
Do
ma
ins
Ho
ste
do
n T
hir
d-p
art
y P
rov
ide
rs
Alexa Site Rank (bins of 10,000)
At least one key sharedAll keys shared
Who shares?
0
0.2
0.4
0.6
0.8
1
0 200k 400k 600k 800k 1M
Fra
cti
on
of
Do
ma
ins
Ho
ste
do
n T
hir
d-p
art
y P
rov
ide
rs
Alexa Site Rank (bins of 10,000)
At least one key sharedAll keys shared
Who shares?
0
0.2
0.4
0.6
0.8
1
0 200k 400k 600k 800k 1M
Fra
cti
on
of
Do
ma
ins
Ho
ste
do
n T
hir
d-p
art
y P
rov
ide
rs
Alexa Site Rank (bins of 10,000)
At least one key sharedAll keys shared43.2% (of Top 10k)
share at least one
Who shares?
0
0.2
0.4
0.6
0.8
1
0 200k 400k 600k 800k 1M
Fra
cti
on
of
Do
ma
ins
Ho
ste
do
n T
hir
d-p
art
y P
rov
ide
rs
Alexa Site Rank (bins of 10,000)
At least one key sharedAll keys shared43.2% (of Top 10k)
share at least one
22.4% share all
Who shares?
Key sharing is common across the Internet
0
0.2
0.4
0.6
0.8
1
0 200k 400k 600k 800k 1M
Fra
cti
on
of
Do
ma
ins
Ho
ste
do
n T
hir
d-p
art
y P
rov
ide
rs
Alexa Site Rank (bins of 10,000)
At least one key sharedAll keys shared43.2% (of Top 10k)
share at least one
22.4% share all
Outline
How many keys have providers aggregated?
How does sharing impact key management?
How prevalent is key sharing?
Outline
How many keys have providers aggregated?
How does sharing impact key management?
How prevalent is key sharing?
• 76.5% share with ≥ 1 provider • Common even among most popular websites
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
How many keys have providers aggregated?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
How many keys have providers aggregated?
100
101
102
103
104
105
106
100
101
102
103
104
105
106
Nu
mb
er
of
Dis
tin
ct
Cu
sto
mers
Serv
ed
Rank-Order Third-Party Hosting Providers
How have keys been aggregated?
100
101
102
103
104
105
106
100
101
102
103
104
105
106
Nu
mb
er
of
Dis
tin
ct
Cu
sto
mers
Serv
ed
Rank-Order Third-Party Hosting Providers
How have keys been aggregated?
100
101
102
103
104
105
106
100
101
102
103
104
105
106
Nu
mb
er
of
Dis
tin
ct
Cu
sto
mers
Serv
ed
Rank-Order Third-Party Hosting Providers
How have keys been aggregated?
secureserver.net
unifiedlayer.comamazonaws.com
Cloud Flare Inc.Rackspace Hosting
akamaitechnologies.com
266,110151,628117.22978,36954,158
15,440… …
#Organizations Hosting provider277,891175,089122,158
87,07763,418
22,671…
#Domains
100
101
102
103
104
105
106
100
101
102
103
104
105
106
Nu
mb
er
of
Dis
tin
ct
Cu
sto
mers
Serv
ed
Rank-Order Third-Party Hosting Providers
How have keys been aggregated?
secureserver.net
unifiedlayer.comamazonaws.com
Cloud Flare Inc.Rackspace Hosting
akamaitechnologies.com
266,110151,628117.22978,36954,158
15,440… …
#Organizations Hosting provider277,891175,089122,158
87,07763,418
22,671…
#Domains
100
101
102
103
104
105
106
100
101
102
103
104
105
106
Nu
mb
er
of
Dis
tin
ct
Cu
sto
mers
Serv
ed
Rank-Order Third-Party Hosting Providers
How have keys been aggregated?
secureserver.net
unifiedlayer.comamazonaws.com
Cloud Flare Inc.Rackspace Hosting
akamaitechnologies.com
266,110151,628117.22978,36954,158
15,440… …
#Organizations Hosting provider277,891175,089122,158
87,07763,418
22,671…
#Domains
Top 1% of providers hold keysfor 86% of all organizations
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Does key sharing make enticing attack targets?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Does key sharing make enticing attack targets?
Domain
Domain
Domain
Domain
Domain Org
Domain Org
DomainDomain Org Host
HostHostOrg
HostOrg
HostOrg
Domain Org
Does key sharing make enticing attack targets?
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
60% of Top 1K, same provider
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
60% of Top 1K, same provider
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
>40% of all sites, 10 providers
60% of Top 1K, same provider
Does key sharing make enticing attack targets?
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106
Cu
mu
lati
ve
Fra
cti
on
of
Do
ma
ins
’ K
ey
s A
cq
uir
ed
Number of Hosting Providers Compromised
Alexa Top 1kAlexa Top 1m
All Domains
Popular hosting services are prime targets for attack
>40% of all sites, 10 providers
60% of Top 1K, same provider
Outline
How many keys have providers aggregated?
How does sharing impact key management?
How prevalent is key sharing?
• Top 1% of providers hold keys for 86% of orgs
• Attractive targets for attack
• 76.5% share with ≥ 1 provider • Common even among most popular websites
Key Management
Request certificates
Renew expiring certificates
Revoke and reissue compromised certificates
Who manages private keys?
CAsWebsite acquires Third-party acquires
Who manages private keys?
CAsWebsite acquires Third-party acquires
Who manages private keys?
CAsWebsite acquires Third-party acquires
Who manages private keys?
Website acquires Third-party acquires
Who manages private keys?
Website acquires Third-party acquires
Diverse
“Self-managed”
Who manages private keys?
Website acquires Third-party acquires
Diverse Heavily skewed
“Self-managed” “Outsourced”
Who manages private keys?
Website acquires Third-party acquires
Diverse Heavily skewed
“Self-managed” “Outsourced”58.4% of Alexa Top 10K 33.0% of all domains
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
CloudFlarerevocations
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Outsourced (w/o CF)
CloudFlarerevocations
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Outsourced (w/o CF)
CloudFlarerevocations
Slightly more thorough
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Outsourced (w/o CF)
CloudFlarerevocations
10 days to react!
Slightly more thorough
Natural experiment: Heartbleed (4/7/2014)
How does sharing impact key management?
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
0.75
0.8
0.85
0.9
0.95
1
04/07 04/11 04/15 04/19 04/23 04/27 05/01 05/05
Fra
cti
on
of
Cert
ific
ate
s
No
t R
evo
ked
Date
Self-managedOutsourced
Outsourced (w/o CF)
CloudFlarerevocations
10 days to react!
Slightly more thorough
Natural experiment: Heartbleed (4/7/2014)
A few revoked thoroughly, but many did not!
How does sharing impact key management?
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
CD
F o
f H
os
tin
g P
rov
ide
rs
Fraction of Heartbleed-vulnerable Certificates Revoked
Self-managedOutsourced
Natural experiment: Heartbleed (4/7/2014)
(One year after Heartbleed)
How does sharing impact key management?
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
CD
F o
f H
os
tin
g P
rov
ide
rs
Fraction of Heartbleed-vulnerable Certificates Revoked
Self-managedOutsourced
Natural experiment: Heartbleed (4/7/2014)
(One year after Heartbleed)
How does sharing impact key management?
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
CD
F o
f H
os
tin
g P
rov
ide
rs
Fraction of Heartbleed-vulnerable Certificates Revoked
Self-managedOutsourced
66% of providers did not revoke a single vulnerable certificate!
Natural experiment: Heartbleed (4/7/2014)
(One year after Heartbleed)
How does sharing impact key management?
0
0.2
0.4
0.6
0.8
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
CD
F o
f H
os
tin
g P
rov
ide
rs
Fraction of Heartbleed-vulnerable Certificates Revoked
Self-managedOutsourced
66% of providers did not revoke a single vulnerable certificate!
A small minority of providers revoked most of their vulnerable certificates, but none revoked all
Natural experiment: Heartbleed (4/7/2014)
(One year after Heartbleed)
Outline
How many keys have providers aggregated?
How does sharing impact key management?
How prevalent is key sharing?
• Creates single point of failure • Most third-parties did poor job of revoking
• Top 1% of providers hold keys for 86% of orgs
• Attractive targets for attack
• 76.5% share with ≥ 1 provider • Common even among most popular websites
Due to economic incentives, key sharing is prevalent in today’s web
Future work on the PKI should take economics and hosting providers into account, ideally:
hosting should not require key sharing
Most providers are not managing keys responsibly
securepki.orgCode and data available at: