measurement and analysis of private key sharing in the
play

Measurement and Analysis of Private Key Sharing in the HTTPS - PowerPoint PPT Presentation

Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson How do we know with whom we are communicating? How do we know


  1. How prevalent is key sharing? 1 0.8 0.6 CDF 0.4 0.2 Organizations 0 10 2 10 3 10 4 10 5 0 1 10 Number of Third-Party Hosting Providers Used

  2. How prevalent is key sharing? 1 0.8 0.6 CDF 0.4 0.2 Organizations 0 10 2 10 3 10 4 10 5 0 1 10 Number of Third-Party Hosting Providers Used

  3. How prevalent is key sharing? 1 0.8 0.6 CDF 0.4 0.2 23.5% Self-hosted Organizations 0 10 2 10 3 10 4 10 5 0 1 10 Number of Third-Party Hosting Providers Used

  4. How prevalent is key sharing? 1 76.5% 0.8 share 0.6 at least CDF 1 key 0.4 0.2 23.5% Self-hosted Organizations 0 10 2 10 3 10 4 10 5 0 1 10 Number of Third-Party Hosting Providers Used

  5. How prevalent is key sharing? 1 Who? 76.5% 0.8 share 0.6 at least CDF 1 key 0.4 0.2 23.5% Self-hosted Organizations 0 10 2 10 3 10 4 10 5 0 1 10 Number of Third-Party Hosting Providers Used

  6. Who shares? Fraction of Domains Hosted 1 on Third-party Providers At least one key shared All keys shared 0.8 0.6 0.4 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000)

  7. Who shares? Fraction of Domains Hosted 1 on Third-party Providers At least one key shared All keys shared 0.8 0.6 0.4 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000)

  8. Who shares? Fraction of Domains Hosted 1 on Third-party Providers At least one key shared 43.2% (of Top 10k) All keys shared 0.8 share at least one 0.6 0.4 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000)

  9. Who shares? Fraction of Domains Hosted 1 on Third-party Providers At least one key shared 43.2% (of Top 10k) All keys shared 0.8 share at least one 0.6 0.4 22.4% share all 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000)

  10. Who shares? Fraction of Domains Hosted 1 on Third-party Providers At least one key shared 43.2% (of Top 10k) All keys shared 0.8 share at least one 0.6 0.4 22.4% share all 0.2 0 0 200k 400k 600k 800k 1M Alexa Site Rank (bins of 10,000) Key sharing is common across the Internet

  11. Outline How prevalent is key sharing? How many keys have providers aggregated? How does sharing impact key management?

  12. Outline • 76.5% share with ≥ 1 provider How prevalent is • Common even among most key sharing? popular websites How many keys have providers aggregated? How does sharing impact key management?

  13. How many keys have providers aggregated? Domain Host Org Org Domain Domain Domain Org Host Host Org Domain Domain Org Domain Host Domain Domain Host Org Org

  14. How many keys have providers aggregated? Domain Host Org Org Domain Domain Domain Org Host Host Org Domain Domain Org Domain Host Domain Domain Host Org Org

  15. How have keys been aggregated? 10 6 10 5 Number of Distinct Customers Served 10 4 10 3 10 2 10 1 10 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Rank-Order Third-Party Hosting Providers

  16. How have keys been aggregated? 10 6 10 5 Number of Distinct Customers Served 10 4 10 3 10 2 10 1 10 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Rank-Order Third-Party Hosting Providers

  17. How have keys been aggregated? Hosting provider #Organizations #Domains 266,110 277,891 secureserver.net 10 6 151,628 175,089 amazonaws.com 117.229 122,158 unifiedlayer.com 10 5 Number of Distinct 78,369 87,077 Customers Served Cloud Flare Inc. 54,158 63,418 Rackspace Hosting 10 4 … … … 15,440 22,671 akamaitechnologies.com 10 3 10 2 10 1 10 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Rank-Order Third-Party Hosting Providers

  18. How have keys been aggregated? Hosting provider #Organizations #Domains 266,110 277,891 secureserver.net 10 6 151,628 175,089 amazonaws.com 117.229 122,158 unifiedlayer.com 10 5 Number of Distinct 78,369 87,077 Customers Served Cloud Flare Inc. 54,158 63,418 Rackspace Hosting 10 4 … … … 15,440 22,671 akamaitechnologies.com 10 3 10 2 10 1 10 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Rank-Order Third-Party Hosting Providers

  19. How have keys been aggregated? Hosting provider #Organizations #Domains 266,110 277,891 secureserver.net 10 6 151,628 175,089 amazonaws.com 117.229 122,158 unifiedlayer.com 10 5 Number of Distinct 78,369 87,077 Customers Served Cloud Flare Inc. 54,158 63,418 Rackspace Hosting 10 4 … … … 15,440 22,671 akamaitechnologies.com 10 3 10 2 10 1 10 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Rank-Order Third-Party Hosting Providers Top 1% of providers hold keys for 86% of all organizations

  20. Does key sharing make enticing attack targets? Domain Host Org Org Domain Domain Domain Org Host Host Org Domain Domain Org Domain Host Domain Domain Host Org Org

  21. Does key sharing make enticing attack targets? Domain Host Org Org Domain Domain Domain Org Host Host Org Domain Domain Org Domain Host Domain Domain Host Org Org

  22. Does key sharing make enticing attack targets? Domain Host Org Org Domain Domain Domain Org Host Host Org Domain Domain Org Domain Host Domain Domain Host Org Org

  23. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 0.6 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised

  24. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 0.6 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised

  25. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 60% of Top 1K, same provider 0.6 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised

  26. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 60% of Top 1K, same provider 0.6 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised

  27. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 60% of Top 1K, same provider 0.6 >40% of all sites, 10 providers 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised

  28. Does key sharing make enticing attack targets? 1 Domains’ Keys Acquired Cumulative Fraction of 0.8 60% of Top 1K, same provider 0.6 >40% of all sites, 10 providers 0.4 Alexa Top 1k 0.2 Alexa Top 1m All Domains 0 10 0 10 1 10 2 10 3 10 4 10 5 10 6 Number of Hosting Providers Compromised Popular hosting services are prime targets for attack

  29. Outline • 76.5% share with ≥ 1 provider How prevalent is • Common even among most key sharing? popular websites • Top 1% of providers hold 
 How many keys have keys for 86% of orgs providers aggregated? • Attractive targets for attack How does sharing impact key management?

  30. Key Management Request certificates Renew expiring certificates Revoke and reissue compromised certificates

  31. Who manages private keys? Website acquires Third-party acquires CAs

Recommend


More recommend