No Attack Necessary: The Surprising Dynamics of SSL Trust Relationships

TitleNo Attack Necessary: The Surprising Dynamics of SSL Trust Relationships
Publication TypeConference Paper
Year of Publication2013
AuthorsAmann, J., Sommer R., Vallentin M., & Hall S.
Other Numbers3604

Much of the Internet's end-to-end security relies on the SSL/TLS protocol alongwith its underlying X.509 certificate infrastructure. However, the systemremains quite brittle due to its liberal delegation of signing authority: asingle compromised certification authority undermines trust globally. Severalrecent high-profile incidents have demonstrated this shortcoming convincingly.Over time, the security community has proposed a number of counter measures toincrease the security of the certificate ecosystem; many of these effortsmonitor for what they consider tell-tale signs of man-in-the-middle attacks. Inthis work we set out to understand to which degree benign changes to thecertificate ecosystem shares structural properties with attacks, based on alarge-scale data set of more than 16 billion SSL sessions. We find that commonintuition falls short in assessing the maliciousness of an unknown certificate,since their typical artifacts routinely occur in benign contexts as well. Wealso discuss what impact our observations have on proposals aiming to improvethe security of the SSL ecosystem.


This work was partially supported by funding provided to ICSI by the Deutscher Akademischer Austausch Dienst (DAAD) through a postdoctoral fellowship; by National Science Foundation through grant ACI :1032889 ("Enhancing Bro for Operational Network Security Monitoring in Scientific Environments"); and by the U.S. Army Research Laboratory and the U.S.Army Research Office under MURI grant number W911NF-09-1-0553. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors or originators and do not necessarily reflect the views of the National Science Foundation or the U.S. Army Research Office.

Bibliographic Notes

Proceedings of the 2013 Annual Computer Security Applications Conference (ACSAC 2013), New Orleans, Louisiana

Abbreviated Authors

J. Amann, R. Sommer, M. Vallentin, and S. Hall

ICSI Research Group

Networking and Security

ICSI Publication Type

Article in conference proceedings