much more often than others. Further, server scans naturally do
not include network and client problems.
11.1.3 Developer motivations. Why do server miscongurations
happen? Given browser warnings, it is surprising that web devel-
opers allow server miscongurations to occur and linger. Fahl et al.
surveyed 755 web developers about why they have certicate errors
on their websites [
14
]. A third of developers said they had made a
mistake, but two-thirds intentionally deployed non-validating cer-
ticates. Their reasons included: testing and development servers
don’t need HTTPS, the cost of certicates, lack of trust in Certicate
Authorities, the URL wasn’t meant to be accessed by end users, and
the site was no longer operational.
11.2 Studies of TLS proxies
According to two studies, TLS proxies are widespread. Approx-
imately 0.2% of TLS connections to Facebook are transparently
proxied [
19
], and a broader study found that 0.41% of TLS con-
nections in general were proxied [
23
]. They identied anti-virus
software, rewalls, malware, parental controls, and enterprise lters
as common types of proxies. We looked for these types of proxies
and nd that they are also major sources of errors.
Our research question is essentially the complement of these
studies. They investigated how often TLS connections are silently
intercepted, whereas we aim to identify the causes of user-visible
warnings. Their methodologies excluded most TLS connections
with warnings because users had to visit the target websites for their
analysis code to run. Modern browsers disallow clicking through
warnings on
facebook.com
due to HSTS, thereby excluding those
connections from the Facebook dataset. The broader study likely
included some connections with warnings, but high warning ad-
herence rates (e.g., 70% for Chrome [
29
]) mean that most would be
ltered from their dataset. Further, neither study included websites
with server miscongurations. In contrast, our dataset represents
the full spectrum of failed TLS connections.
12 CONCLUSION
In an attack scenario, it is critical that users heed HTTPS certicate
error warnings. Large numbers of false alarms make it less likely
that they will do so [
28
,
30
]. Spurious warnings also create a poor
user experience and hinder HTTPS adoption.
In this paper we have shown that client and network miscongu-
rations are prominent culprits for spurious certicate warnings. We
assigned root causes to certicate reports collected from volunteer
Chrome users, and we investigated the small number of root causes
– such as incorrect client clocks and insucient intermediates –
which account for vast numbers of warnings. Finally, we proposed,
implemented, and evaluated mitigations for the common causes
of spurious certicate warnings, replacing about 25% of them in
total. Our ndings and mitigations are applicable to other browser
vendors as well as other types of TLS clients, all of which may be
susceptible to client and network miscongurations that interfere
with certicate validations.
ACKNOWLEDGMENTS
We thank Andrew Whalley, Chris Palmer, Emily Schechter, Eric
Roman, Lucas Garron, and Noé Lutz for their help with this work.
REFERENCES
[1]
[n. d.]. Captive Portal Interaction (capport). https://datatracker.ietf.org/wg/
capport/about/.
[2]
[n. d.]. Chrome Release Channels. https://www.chromium.org/getting-involved/
dev-channel.
[3] [n. d.]. Roughtime. https://roughtime.googlesource.com/roughtime.
[4]
2014. Comodo EV Chain Issues. https://community.qualys.com/thread/13775#
comment-24990.
[5]
2015. Kaspersky Lab Forum: clock is being changed by ?virus. https://forum.
kaspersky.com/index.php?showtopic=289198.
[6]
2016. HTTPS websites fail to load or you receive the error message "Connection is
untrusted" when using your web browser with ESET products. http://support.eset.
com/kb3126/?locale=en_US.
[7]
2017. The Chromium Projects Security FAQ. https:
//www.chromium.org/Home/chromium-security/security-faq#
TOC-How-does-key-pinning-interact-with-local-proxies-and-lters-.
[8]
2017. Google Chrome Privacy Whitepaper: Safe Browsing protection. https:
//www.google.com/chrome/browser/privacy/whitepaper.html#malware.
[9]
Devdatta Akhawe, Bernhard Amann, Matthias Vallentin, and Robin Sommer. 2013.
Here’s My Cert, So Trust Me, Maybe?: Understanding TLS Errors on the Web. In
Proceedings of the 22Nd International Conference on World Wide Web (WW W ’13).
ACM, New York, NY, USA, 59–70. https://doi.org/10.1145/2488388.2488395
[10]
Xavier de CarnÃľ de Carnavalet and Mohammad Mannan. 2016. Killed by Proxy:
Analyzing Client-end TLS Interception Software. In NDSS.
[11]
T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version
1.2. https://tools.ietf.org/html/rfc5246#section-7.4.2.
[12]
Zakir Durumeric, James Kasten, Michael Bailey, and J. Alex Halderman. 2013.
Analysis of the HTTPS Certicate Ecosystem. In Proceedings of the 2013 Confer-
ence on Internet Measurement Conference (IMC ’13). ACM, New York, NY, USA,
291–304. https://doi.org/10.1145/2504730.2504755
[13] Zakir Durumeric, Zane Ma, Drew Springall, Richard Barnes, Nick Sullivan, Elie
Bursztein, Michael Bailey, J Alex Halderman, and Vern Paxson. 2017. The Security
Impact of HTTPS Interception. In Network and Distributed Systems Symposium
(NDSSâĂŹ17).
[14]
Sascha Fahl, Yasemin Acar, Henning Perl, and Matthew Smith. 2014. Why Eve
and Mallory (Also) Love Webmasters: A Study on the Root Causes of SSL Miscon-
gurations. In Proceedings of the 9th ACM Symposium on Information, Computer
and Communications Security (ASIA CCS ’14). ACM, New York, NY, USA, 507–512.
https://doi.org/10.1145/2590296.2590341
[15]
Adrienne Porter Felt, Alex Ainslie, Robert W. Reeder, Sunny Consolvo, Somas
Thyagaraja, Alan Bettes, Helen Harris, and Je Grimes. 2015. Improving SSL
Warnings: Comprehension and Adherence. In Proceedings of the 33rd Annual
ACM Conference on Human Factors in Computing Systems (CHI ’15). ACM, New
York, NY, USA, 2893–2902. https://doi.org/10.1145/2702123.2702442
[16]
Adrienne Porter Felt, Robert W. Reeder, Hazim Almuhimedi, and Sunny Consolvo.
2014. Experimenting at Scale with Google Chrome’s SSL Warning. In Proceedings
of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’14). ACM,
New York, NY, USA, 2667–2670. https://doi.org/10.1145/2556288.2557292
[17]
Lucas Garron and David Benjamin. 2015. An update on SHA-1
certicates in Chrome. https://security.googleblog.com/2015/12/
an-update-on-sha-1-certicates-in.html.
[18]
Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL
Landscape: A Thorough Analysis of the x.509 PKI Using Active and Passive
Measurements. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet
Measurement Conference (IMC ’11). ACM, New York, NY, USA, 427–444. https:
//doi.org/10.1145/2068816.2068856
[19]
Lin Shung Huang, Alex Rice, Erling Ellingsen, and Collin Jackson. 2014. Analyzing
Forged SSL Certicates in the Wild. In Proceedings of the 2014 IEEE Symposium
on Security and Privacy (SP ’14). IEEE Computer Society, Washington, DC, USA,
83–97. https://doi.org/10.1109/SP.2014.13
[20]
Mariko Kobayashi. 2017. Sur vey on Behaviors of Captive Portals. https://www.
ietf.org/proceedings/98/slides/slides-98-capport-survey-00.pdf.
[21]
Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie
Bursztein, and Vern Paxson. 2016. Remedying Web Hijacking: Notication
Eectiveness and Webmaster Comprehension. In International World Wide Web
Conference.
[22]
Tyler Odean. 2012. Chromium Blog: Changes to the Field Trials Infrastructure.
https://blog.chromium.org/2012/05/changes-to-eld-trials-infrastructure.html.
[23]
Mark O’Neill, Scott Ruoti, Kent Seamons, and Daniel Zappala. 2016. TLS Proxies:
Friend or Foe?. In Proceedings of the 2016 Internet Measurement Conference (IMC
’16). ACM, New York, NY, USA, 551–557. https://doi.org/10.1145/2987443.2987488
[24]
Tavis Ormandy. 2016. Kaspersky: SSL interception dierentiates certicates with a
32bit hash. https://bugs.chromium.org/p/project-zero/issues/detail?id=978.
[25]
Waseem Patwegar. 2016. How to Fix Slow or Incorrect
Windows Computer Clock. http://www.techbout.com/
x-slow-incorrect-windows-computer-clock-14287/.
Session F5: Understanding Security Fails
CCS’17, October 30-November 3, 2017, Dallas, TX, USA