The Security Impact of HTTPS Interception

Durumeric, Zakir; Ma, Zane; Springall, Drew; Barnes, Richard; Sullivan, Nick; Bursztein, Elie; Bailey, Michael; Halderman, J. Alex; Paxson, Vern

doi:10.14722/ndss.2017.23456

Cited by 122 publications

(99 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As soon as an app trusts such a rogue certificate, the owner of the rogue certificate can issue valid certificates for any domain visited by the device and can, therefore, pretend to be any server [21]. This enables an attacker to act as a middle man (man-in-the-middle [MitM]) between the client and the server, leading to undermined integrity of server responses and loss of privacy between the client (and thus the user of an app) and the server [40]. In Android version <7, the user can install such a certificate himself.…”

Section: Methodsmentioning

confidence: 99%

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Müthing¹,

Jäschke²,

Friedrich³

2017

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

BackgroundMobile health (mHealth) apps show a growing importance for patients and health care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help patients to keep track of their health. However, insufficient transport security can lead to confidentiality issues for patients and medical professionals, as well as safety issues regarding data integrity. mHealth apps should therefore deploy intensified vigilance to protect their data and integrity. This paper analyzes the state of security in mHealth apps.ObjectiveThe objectives of this study were as follows: (1) identification of relevant transport issues in mHealth apps, (2) development of a platform for test purposes, and (3) recommendation of practices to mitigate them.MethodsSecurity characteristics relevant to the transport security of mHealth apps were assessed, presented, and discussed. These characteristics were used in the development of a prototypical platform facilitating streamlined tests of apps. For the tests, six lists of the 10 most downloaded free apps from three countries and two stores were selected. As some apps were part of these top 10 lists in more than one country, 53 unique apps were tested.ResultsOut of the 53 apps tested from three European App Stores for Android and iOS, 21/53 (40%) showed critical results. All 21 apps failed to guarantee the integrity of data displayed. A total of 18 apps leaked private data or were observable in a way that compromised confidentiality between apps and their servers; 17 apps used unprotected connections; and two apps failed to validate certificates correctly. None of the apps tested utilized certificate pinning. Many apps employed analytics or ad providers, undermining user privacy.ConclusionsThe tests show that many mHealth apps do not apply sufficient transport security measures. The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable.

show abstract

Section: Methodsmentioning

confidence: 99%

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Müthing¹,

Jäschke²,

Friedrich³

2017

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

show abstract

“…• When a locally installed root of trust is in use, Chrome disables various certificate validation and TLS security checks that cannot reasonably be enforced for local roots, such as HTTP Public Key Pinning [7]. Most proxies do not implement these checks themselves, and in many cases do not perform even basic certificate validation, leaving the user vulnerable to attack [13,24].…”

Section: Anti-virusmentioning

confidence: 99%

Where the Wild Warnings Are

Acer

Stark

Felt

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

HTTPS error warnings are supposed to alert browser users to network attacks. Unfortunately, a wide range of non-attack circumstances trigger hundreds of millions of spurious browser warnings per month. Spurious warnings frustrate users, hinder the widespread adoption of HTTPS, and undermine trust in browser warnings. We investigate the root causes of HTTPS error warnings in the field, with the goal of resolving benign errors.We study a sample of over 300 million errors that Google Chrome users encountered in the course of normal browsing. After manually reviewing more than 2,000 error reports, we developed automated rules to classify the top causes of HTTPS error warnings. We are able to automatically diagnose the root causes of two-thirds of error reports. To our surprise, we find that more than half of errors are caused by client-side or network issues instead of server misconfigurations. Based on these findings, we implemented more actionable warnings and other browser changes to address clientside error causes. We further propose solutions for other classes of root causes.

show abstract

“…Worryingly, recent studies of such proxies uncovered a plethora of serious security issues, from inappropriate or inexistent certification validation and ciphersuite downgrades, to the execution of completely invalid TLS handshakes [15], [34]. A typical example of what can go wrong is the Superfish scandal of 2015 [18] where the private key of the CA certificate used by a client-side proxy was leaked, allowing attackers to impersonate any website to any client who used the proxy.…”

Section: Introductionmentioning

confidence: 99%

A Formal Treatment of Accountable Proxying Over TLS

Bhargavan

Boureanu

Delignat-Lavaud

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Much of Internet traffic nowadays passes through active proxies, whose role is to inspect, filter, cache, or transform data exchanged between two endpoints. To perform their tasks, such proxies modify channel-securing protocols, like TLS, resulting in serious vulnerabilities. Such problems are exacerbated by the fact that middleboxes are often invisible to one or both endpoints, leading to a lack of accountability. A recent protocol, called mcTLS, pioneered accountability for proxies, which are authorized by the endpoints and given limited read/write permissions to application traffic.Unfortunately, we show that mcTLS is insecure: the protocol modifies the TLS protocol, exposing it to a new class of middlebox-confusion attacks. Such attacks went unnoticed mainly because mcTLS lacked a formal analysis and security proofs. Hence, our second contribution is to formalize the goal of accountable proxying over secure channels. Third, we propose a provably-secure alternative to soon-to-be-standardized mcTLS: a generic and modular protocol-design that carefully composes generic secure channel-establishment protocols, which we prove secure. Finally, we present a proof-of-concept implementation of our design, instantiated with unmodified TLS 1.3 draft 23, and evaluate its overheads.

show abstract

The Security Impact of HTTPS Interception

Cited by 122 publications

References 19 publications

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues

Where the Wild Warnings Are

A Formal Treatment of Accountable Proxying Over TLS

Contact Info

Product

Resources

About