[Cryptography] Analyzing Forged SSL Certificates in the Wild
Jason Richards
jjr2 at gmx.com
Fri May 2 20:10:21 EDT 2014
[Delurk]
Paper from Carnegie Mellon and Facebook: Analyzing Forged SSL
Certificates in the Wild: https://www.linshunghuang.com/papers/mitm.pdf
From the summary:
We analyzed 3,447,719 real-world SSL connections and successfully
discovered at least 6,845 (0.2%) of them were forged SSL certificates.
Our contributions can be summarized as follows:
o We designed a novel method for websites to collect direct
evidence of man-in-the-middle attacks against their SSL
connections. We further implemented this detection method on
Facebook’s website.
o We conducted the first analysis on forged SSL certificates by
measuring over 3 million SSL connections. Our results show that
0.2% SSL connections are in fact tampered with forged
certificates.
o Based real-world data, we categorized the root causes of forged
SSL certificates. We showed that most of the SSL interceptions
are due to antivirus software and organization-scale content
filters.
o We provided evidence of SSL interceptions by malware, which
have infected users across at least 45 countries.
(h/t to Mikko Hypponen:
https://twitter.com/mikko/status/462209193986895872/photo/1)
J
More information about the cryptography
mailing list