Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper)

  • Christopher Soghoian
  • Sid Stamm
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7035)


This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.


Security Protocol Secure Socket Layer Transport Layer Security Notary Server Inside Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246 (Proposed Standard), Obsoleted by RFC 4346, updated by RFCs 3546, 5746 (January 1999)Google Scholar
  2. 2.
    Nightingale, J.: SSL Question Corner. meandering wildly (blog) (August 5, 2008),
  3. 3.
    Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: An empirical study of SSL warning effectiveness. In: Proceedings of the 18th Usenix Security Symposium (August 2009)Google Scholar
  4. 4.
    Soghoian, C.: Caught in the cloud: Privacy, encryption, and government back doors in the web 2.0 era. Journal on Telecommunications and High Technology Law (forthcoming)Google Scholar
  5. 5.
    Singel, R.: PGP Creator Defends Hushmail. Wired News Threat Level Blog (November 19, 2007),
  6. 6.
    McCullagh, D.: Court to FBI: No spying on in-car computers. CNET News (November 19, 2003),
  7. 7.
    Markoff, J.: Surveillance of skype messages found in china. The New York Times (October 1, 2008),
  8. 8.
    Jacobs, A.: China requires censorship software on new pcs. The New York Times (June 8, 2009),
  9. 9.
    Singel, R.: Law Enforcement Appliance Subverts SSL. Wired News Threat Level Blog (March 24, 2010),
  10. 10.
    Stajano, F., Anderson, R.J.: The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M., et al. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–182. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Arkko, J., Nikander, P.: Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 5–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Bussiere, M., Fratzscher, M.: Low probability, high impact: Policy making and extreme events. Journal of Policy Modeling 30(1), 111–121 (2008)CrossRefGoogle Scholar
  13. 13.
    Diwanji, P.: Detecting suspicious account activity. The Official Gmail Blog (March 24, 2010),
  14. 14.
    Certificate patrol (2010),
  15. 15.
    Kaminsky, D.: Email conversation with author (February 28, 2010)Google Scholar
  16. 16.
    Gillmor, D.K.: Technical Architecture shapes Social Structure: an example from the real world (February 21, 2007),
  17. 17.
    Peter SJF Bance. Ssl: Whom do you trust? (April 20, 2005),
  18. 18.
    Ed Gerck. First published online by the MCWG at (April 1997). Invited talk at the Black Hat Briefings 1999, Las Vegas, NV, July 7-8 (1999). Published by The Bell, ISSN 1530-048X, Vol. 1, No. 3, p. 8 (July 2000),
  19. 19.
    Hayes, J.M.: The problem with multiple roots in web browsers - certificate masquerading. In: WETICE 1998: Proceedings of the 7th Workshop on Enabling Technologies, pp. 306–313. IEEE Computer Society, Washington, DC (1998)Google Scholar
  20. 20.
    Crispo, B., Lomas, M.: A Certification Scheme for Electronic Commerce. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 19–32. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  21. 21.
    Monkeysphere (2010),
  22. 22.
    Grigg, I.: VeriSign’s conflict of interest creates new threat. Financial Cryptography (blog) (September 1, 2004),
  23. 23.
    Grigg, I.: PKI considered harmful (October 14, 2008),
  24. 24.
    Grigg, I.: Why the browsers must change their old SSL security (?) model. In: Financial Cryptography (blog) (March 24, 2010),
  25. 25.
    Grigg, I., Shostack, A.: VeriSign and Conflicts of Interest (February 2, 2005),
  26. 26.
    Engert, K.: Conspiracy — A Mozilla Firefox Extension (March 18, 2010),
  27. 27.
    Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: NSPW 2009: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 133–144 (September 2009)Google Scholar
  28. 28.
    Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving ssh-style host authentication with multi-path probing. In: ATC 2008: USENIX 2008 Annual Technical Conference on Annual Technical Conference, pp. 321–334. USENIX Association, Berkeley (2008)Google Scholar
  29. 29.
    Alicherry, M., Keromytis, A.D.: Doublecheck: Multi-path verification against man-in-the-middle attacks. In: ISCC 2009: IEEE Symposium on Computers and Communications, pp. 557–563. IEEE, Piscataway (2009)CrossRefGoogle Scholar
  30. 30.
    Herzberg, A., Jbara, A.: Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans. Internet Technol. 8(4), 1–36 (2008)CrossRefGoogle Scholar
  31. 31.
    Close, T.: Petname tool (2005),
  32. 32.
    Ahmad, D.: Two Years of Broken Crypto: Debian’s Dress Rehearsal for a Global PKI Compromise. IEEE Security and Privacy 6, 70–73 (2008)CrossRefGoogle Scholar
  33. 33.
    Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 Debian OpenSSL vulnerability. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference, pp. 15–27. ACM, New York (2009)CrossRefGoogle Scholar
  34. 34.
    The H Security. heise SSL Guardian: Protection against unsafe SSL certificates (July 4, 2008),
  35. 35.
    Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  36. 36.
    Anka, M.: SSL Blacklist 4.0 (January 31, 2010),
  37. 37.
    Jackson, C., Barth, A.: Forcehttps: protecting high-security web sites from network attacks. In: WWW 2008: Proceeding of the 17th International Conference on World Wide Web, pp. 525–534. ACM, New York (2008)Google Scholar
  38. 38.
    Hodges, J., Jackson, C., Barth, A.: Strict Transport Security (December 18, 2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Christopher Soghoian
    • 1
  • Sid Stamm
    • 1
  1. 1.Center for Applied Cybersecurity ResearchIndiana UniversityUSA

Personalised recommendations