[Cryptography] Analyzing Forged SSL Certificates in the Wild

[Jason Richards]

[Delurk]

Paper from Carnegie Mellon and Facebook: Analyzing Forged SSL
Certificates in the Wild: https://www.linshunghuang.com/papers/mitm.pdf

From the summary:

    We analyzed 3,447,719 real-world SSL connections and successfully
    discovered at least 6,845 (0.2%) of them were forged SSL certificates.

    Our contributions can be summarized as follows:

      o We designed a novel method for websites to collect direct
        evidence of man-in-the-middle attacks against their SSL
        connections. We further implemented this detection method on
        Facebook’s website.
      o We conducted the first analysis on forged SSL certificates by
        measuring over 3 million SSL connections. Our results show that
        0.2% SSL connections are in fact tampered with forged
        certificates.
      o Based real-world data, we categorized the root causes of forged
        SSL certificates. We showed that most of the SSL interceptions
        are due to antivirus software and organization-scale content
        filters.
      o We provided evidence of SSL interceptions by malware, which
        have infected users across at least 45 countries.

(h/t to Mikko Hypponen:
https://twitter.com/mikko/status/462209193986895872/photo/1)

J