Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2014, Pages 114-129

  Brubaker, Chad ^a,b   Jana, Suman ^b   Ray, Baishakhi ^c   Khurshid, Sarfraz ^b   Shmatikov, Vitaly ^b  

^a GOOGLE INC   (United States)

^b UNIVERSITY OF TEXAS AT AUSTIN   (United States)

^c UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

automated testing; certificate validation; SSL

Indexed keywords

AUTOMATION; COMPUTER OPERATING SYSTEMS; DISTRIBUTED DATABASE SYSTEMS; EMBEDDED SYSTEMS; NETWORK PROTOCOLS;

AUTOMATED TESTING; CERTIFICATE VALIDATIONS; MAN IN THE MIDDLE ATTACKS; SECURE SOCKETS LAYERS; SECURITY VULNERABILITIES; SELF-SIGNED CERTIFICATE; SERVER AUTHENTICATION; TRANSPORT LAYER SECURITY PROTOCOLS;

NETWORK SECURITY;

EID: 84914109052     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2014.15     Document Type: Conference Paper

References (79)

1. D. Akhawe, B. Amann, M. Vallentin, and R. Sommer. Here's my cert, so trust me, maybe? Understanding TLS errors on the Web. In WWW, 2013.
2. D. Akhawe and A. Felt. Alice in Warningland: A largescale field study of browser security warning effectiveness. In USENIX Security, 2013.
3. N. AlFardan and K. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In S&P, 2013.
4. B. Amann, R. Sommer, M. Vallentin, and S. Hall. No attack necessary: The surprising dynamics of SSL trust relationships. In ACSAC, 2013.
5. C. Amrutkar, K. Singh, A. Verma, and P. Traynor. Vulnerable Me: Measuring systemic weaknesses in mobile browser security. In ICISS, 2012.
6. C. Amrutkar, P. Traynor, and P. van Oorschot. An empirical evaluation of security indicators in mobile Web browsers. IEEE Trans. Mobile Computing, 2013.
7. S. Anand, E. Burke, T. Chen, J. Clark, M. Cohen, W. Grieskamp, M. Harman, M. Harrold, and P. McMinn. An orchestrated survey of methodologies for automated software test case generation. Journal of Systems and Software, 86(8):1978-2001, 2013.
8. D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In CRYPTO, 1996.
9. D. Brumley and D. Boneh. Remote timing attacks are practical. In USENIX Security, 2003.
10. D. Brumley, J. Caballero, Z. Liang, J. Newsome, and D. Song. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In USENIX Security, 2007.
11. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008.
12. C. Cadar and D. Engler. Execution generated test cases: How to make systems code crash itself. In SPIN, 2005.
13. B. Chandrasekhar, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In ISSTA, 2002.
14. T. Chen, S. Cheung, and S. Yiu. Metamorphic testing: A new approach for generating next test cases. Technical Report HKUST-CS98-01, Department of Computer Science, Hong Kong University of Science and Technology, 1998.
15. Y. Cheon and G. Leavens. A simple and practical approach to unit testing: The JML and JUnit way. In ECOOP, 2002.
16. J. Clark and P. van Oorschot. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In S&P, 2013.
17. Comodo report of incident. http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html, 2011.
18. B. Daniel, D. Dig, K. Garcia, and D. Marinov. Automated testing of refactoring engines. In FSE, 2007.
19. A. Delignat-Lavaud, M. Abadi, A. Birrell, I. Mironov, T. Wobber, and Y. Xie. Web PKI: Closing the gap between guidelines and practices. In NDSS, 2014.
20. W. Dickinson, D. Leon, and A. Podgurski. Finding failures by cluster analysis of execution profiles. In ICSE, 2001.
21. M. Dietz, A. Czeskis, D. Balfanz, and D. Wallach. Origin-bound certificates: A fresh approach to strong client authentication for the Web. In USENIX Security, 2012.
22. Diginotar issues dodgy SSL certificates for Google services after break-in. http://www.theinquirer.net/inquirer/news/2105321/diginotar-issues-dodgy-ssl-certificates-googleservices-break, 2011.
23. E. Dijkstra. A Discipline of Programming. 1976.
24. T. Duong and J. Rizzo. Here come the ⊕ninjas. http://nerdoholic.org/uploads/dergln/beast part2/ssl jun21.pdf, 2011.
25. Z. Durumeric, J. Kasten, M. Bailey, and A. Halderman. Analysis of the HTTPS certificate ecosystem. In IMC, 2013.
26. Z. Durumeric, E. Wustrow, and A. Halderman. ZMap: Fast Internet-wide scanning and its security applications. In USENIX Security, 2013.
27. P. Eckersley and J. Burns. An observatory for the SSLiverse. In DEFCON, 2010.
28. M. Ernst. Static and dynamic analysis: Synergy and duality. In WODA, 2003.
29. S. Fahl, M. Harbach, T. Muders, and M. Smith. Why Eve and Mallory love Android: An analysis of SSl (in)security on Android. In CCS, 2012.
30. FIPS PUB 140-2: Security requirements for cryptographic modules. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, 2001.
31. M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The most dangerous code in the world: Validating SSL certificates in non-browser software. In CCS, 2012.
32. M. Gligoric, F. Behrang, Y. Li, J. Overbey, M. Hafiz, and D. Marinov. Systematic testing of refactoring engines on real software projects. In ECOOP, 2013.
33. CVE-2014-0092. https://bugzilla.redhat.com/show bug.cgi?id= 1069865, 2014.
34. P. Godefroid, A. Kiezun, and M. Levin. Grammar-based whitebox fuzzing. In PLDI, 2008.
35. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, 2005.
36. P. Godefroid, M. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS, 2008.
37. W. Halfond, S. Anand, and A. Orso. Precise interface identification to improve testing and analysis of web applications. In ISSTA, 2009.
38. N. Heninger, Z. Durumeric, E. Wustrow, and A. Halderman. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In USENIX Security, 2012.
39. J. H. Holland. Adaptation in Natural and Artificial Systems. University of Michigan Press, 1975. Second edition, 1992.
40. CVE-2011-0228. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0228, 2011.
41. V. Jagannath, Y. Lee, B. Daniel, and D. Marinov. Reducing the costs of bounded-exhaustive testing. In FASE, 2009.
42. S. Jana and V. Shmatikov. Abusing file processing in malware detectors for fun and profit. In S&P, 2012.
43. J. Jones, J. Bowring, and M. Harrold. Debugging in parallel. In ISSTA, 2007.
44. D. Kaminsky, M. Patterson, and L. Sassaman. PKI layer cake: New collision attacks against the global X.509 infrastructure. In FC, 2010.
45. S. Khurshid, C. Pasareanu, and W. Visser. Generalized symbolic execution for model checking and testing. In TACAS, 2003.
46. A. Kiezun, P. Guo, K. Jayaraman, and M. Ernst. Automatic creation of SQL injection and cross-site scripting attacks. In ICSE, 2009.
47. J. King. Symbolic execution and program testing. Commun. ACM, 19(7), 1976.
48. R. Lammel and W. Schulte. Controllable combinatorial coverage in grammar-based testing. In Testing of Communicating Systems, Lecture Notes in Computer Science, pages 19-38. 2006.
49. A. Langley. Apple's SSL/TLS bug. https://www.imperialviolet.org/2014/02/22/applebug.html, 2014.
50. A. Lenstra, J. Hughes, M. Augier, J. Bos, T. Kleinjung, and C. Wachter. Ron was wrong, Whit is right. http://eprint.iacr.org/2012/064, 2012.
51. R. Majumdar and R. Xu. Directed test generation using symbolic grammars. In ASE, 2007.
52. B. Malloy and J. Power. An interpretation of Purdom's algorithm for automatic generation of test cases. In ICIS, 2001.
53. D. Marinov and S. Khurshid. Test Era: A novel framework for automated testing of Java programs. In ASE, 2001.
54. M. Marlinspike. IE SSL vulnerability. http://www.thoughtcrime.org/ie-ssl-chain.txt, 2002.
55. M. Marlinspike. More tricks for defeating SSL in practice. DEFCON, 2009.
56. M. Marlinspike. New tricks for defeating SSL in practice. Black Hat DC, 2009.
57. M. Marlinspike. Null prefix attacks against SSL/TLS certificates. http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf, 2009.
58. P. Maurer. Generating test data with enhanced context-free grammars. IEEE Software, 7(4):50-55, 1990.
59. W. McKeeman. Differential testing for software. Digital Technical Journal, 10(1):100-107, 1998.
60. A. Parsovs. Practical issues with TLS client certificate authentication. In NDSS, 2014.
61. A. Podgurski, D. Leon, P. Francis, W. Masri, M. Minch, J. Sun, and B. Wang. Automated support for classifying software failure reports. In ICSE, 2003.
62. P. Purdom. A sentence generator for testing parsers. BIT Numerical Mathematics, 12:366-375, 1972.
63. D. Ramos and D. Engler. Practical, low-effort equivalence verification of real code. In CAV, 2011.
64. The TLS protocol version 1.0. http://tools.ietf.org/html/rfc2246, 1999.
65. Internet X.509 public key infrastructure certificate policy and certification practices framework. http://www.ietf.org/rfc/rfc2527.txt, 1999.
66. HTTP over TLS. http://www.ietf.org/rfc/rfc2818.txt, 2000.
67. The Transport Layer Security (TLS) protocol version 1.1. http://tools.ietf.org/html/rfc4346, 2006.
68. The Transport Layer Security (TLS) protocol version 1.2. http://tools.ietf.org/html/rfc5246, 2008.
69. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. http://tools.ietf.org/html/rfc5280, 2008.
70. The Secure Sockets Layer (SSL) protocol version 3.0. http://tools.ietf.org/html/rfc6101, 2011.
71. Representation and verification of domain-based application service identity within Internet public key infrastructure using X.509 (PKIX) certificates in the context of Transport Layer Security (TLS). http://tools.ietf.org/html/rfc6125, 2011.
72. J. Rizzo and T. Duong. The CRIME attack. In Ekoparty, 2012.
73. P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for Java Script. In S&P, 2010.
74. K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In FSE, 2005.
75. E. Sirer and B. Bershad. Using production grammars in software testing. In Proc. 2nd Conference on Domain-specific Languages, 1999.
76. V. Srivastava, M. Bond, K. McKinley, and V. Shmatikov. A security policy oracle: Detecting security holes using multiple API implementations. In PLDI, 2011.
77. M. Stevens, A. Sotirov, J. Appelbaum, A. Lenstra, D. Molnar, D. Osvik, and B. Weger. Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In CRYPTO, 2009.
78. N. Vratonjic, J. Freudiger, V. Bindschaedler, and J.-P. Hubaux. The inconvenient truth about Web certificates. In WEIS, 2011.
79. X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in C compilers. In PLDI, 2011.