Most SSL certificate misissuance caused by software bugs and rule misinterpretations

Academic study analyzed 379 incidents of incorrectly-issued SSL certificates from a total of 1,300+ known cases.
Written by Catalin Cimpanu, Contributor
HTTPS SSL certificate lock

Software bugs and misinterpretations of industry standards are at the heart of most cases of incorrectly-issued SSL certificates -- accounting for 42% of all incidents --, a recent academic study has discovered.

The research, authored by a team from the School of Informatics and Computing at Indiana University Bloomington, looked at 379 instances of misissued SSL certificates -- from a total of over 1,300 known incidents.

Academics gathered incident data from public sources such as Mozilla's Bugzilla tracker and the Google Groups discussion forums for the Firefox and Chrome browser security teams.

The purpose of this research was to look at how Certificate Authorities (CAs) adhered to industry standards, and what is the most common cause behind misissued SSL certificates.

CAs are organizations that sell or provide free SSL certificates. These SSL certificates are then used to encrypt communications between clients and servers in the form of HTTPS connections.

CA activity is governed by the CA/B Forum, an industry group made up of browser and OS makers, and the CAs themselves.

The CA/B Forum publishes and updates industry guidelines that dictate the correct way to issue SSL certificates.

Over the years, CAs have had multiple missteps where they issued certificates without adhering to these rules. There have been cases where CAs have issued SSL certificates that have been used to perform man-in-the-middle (MitM) attacks and intercept HTTPS traffic; have been used for malware operations; or CAs issued certificates without following standard procedures -- because of human errors, accident, or to cut costs and increase profits.

CAs have also been observed backdating SSL certificates to avoid deprecation timelines; issuing SSL certificates without verifying that the buyer is a legitimate person/company; or issued SSL certs that have used weak or non-compliant algorithms.

Image: Serrano et al.

But according to the team at Indiana University Bloomington, most of the incidents of incorrectly-issued SSL certificates had been caused by software bugs.

Of the 379 cases they analyzed, 91 (24%) had been caused by software bugs in one of the CA's software platform, resulting in customers receiving non-compliant SSL certificates.

The second most common cause was the CAs misinterpreting CA/B Forum rules, or the CAs being unaware that a rule had changed. This accounted for 69 cases or 18% of all incidents of misissued SSL certs.

The first case of a malevolent root cause for SSL misissuance ranked only third. Academics said that in 52 cases of misissued SSL certificates -- or 14% of all analyzed incidents -- CAs intentionally put profits over compliance and industry rules.

"Examples of these are backdating SHA-1 certificates in order to evade its prohibition, charging for the revocation of compromised digital certificates, selling certificates for Man-in-the-Middle (MITM) attempts, and the potential (or actual) issuance of rogue certificates," researchers said. "It goes without saying that this category presented the most alarming incidents with regarding CAs' misbehaviors or lack of ethics."

The fourth most common cause was human error, with 37 cases (10% of the total).

Fifth ranked operational errors, where the mistake was in a CA's faulty internal procedures, rather than software or human error. This accounted for 29 cases or 8% of all cases.

The sixth root cause was "non-optimum request check," a term that described errors made in checking the identity of a customer, which usually allows a rogue customer to impersonate another entity -- for example, a malware author getting an SSL certificate for a legitimate company. Researchers found 24 such incidents, accounting for 6% of all SSL misissuance incidents.

The seventh most common root cause for misissued SSL certificates is "improper security controls," a generic category that included all cases of CAs getting hacked or losing control of their infrastructure to allow a third-party to obtain SSL certificates.

Other root causes for SSL misissuance included change in Baseline Requirements [BR] (when CAs lagged in applying a CA/B Forum rule change); infrastructure problems (when CAs had unavailable servers, defective networks, or problems in the hardware, but they still issued a certificate); and organizational constraints (when CAs operated under strict national/government rules that were incompatible with CA/B Forum rules).

Based on the data researchers compiled, the top most problematic CAs included the likes of StartCom, WoSign, DigiCert, PROCERT, Comodo (now Sectigo), Quo Vadis, VISA, GoDaddy, Certum, Camerfirma, and SwissSign.

Image: Serrano et al.

Researchers also said that "the ten Root CAs with most incidents related to them hoarded almost half of these incidents," revealing that a few bad apples were at the heart of most of the issues in the CA landscape.

They suggested that these entities "should be severely penalized in order to deter them, since we found that it is a pervasive behavior in the CAs."

This article only summarized the researchers' work. For a more in-depth look, please refer to the research team's 45-page white paper, entitled "A Complete Study of P.K.I. (PKI's Known Incidents)."

All the Chromium-based browsers

Editorial standards