More Like this

1. A holistic analysis of web-based public key infrastructure failures: comparing experts' perceptions and real-world incidents

   https://doi.org/10.1093/cybsec/tyab025  

   Hadan, Hilda ; Serrano, Nicolas ; Camp, L. Jean ( December 2021 , Journal of Cybersecurity)

   Public key infrastructure (PKI) is the foundation of secure and trusted transactions across the Internet. This paper presents an evaluation of web-based PKI incidents in two parts. We began with a qualitative study where we captured security and policy experts' perceptions of PKI in a set of interviews. We interviewed 18 experts in two conferences who include security academics and practitioners. We describe their perceptions of PKI failures. To evaluate whether perceived failures match real documented failures, we conducted a quantitative analysis of real-world PKI incidents on the web since 2001. Our data comprise reports from Bugzilla, root program operators, academic literature, security blogs, and the popular press. We determined the underlying causes of each and reported the results. We identified a gap between experts' perceptions and real-world PKI incidents. We conclude that there are significant sources of failures of PKI that neither the usability nor traditional computer security community is engaging, nor can arguably engage separately. Specifically, we found incidents illustrate systematic weaknesses of organizational practices that create risks for all who rely upon PKI. More positively, our results also point to organizational and configuration choices that could avoid or mitigate some of these risks. Thus, we also identify immediate mitigation strategies (where feasible).

    

   more » « less
2. A Complete Study of P.K.I. (PKI’s Known Incidents)

   https://doi.org/10.2139/ssrn.3425554  

   Serrano, Nicolas ; Hadan, Hilda ; Camp, L. Jean ( September 2019 , SSRN Electronic Journal)

   null (Ed.)

   In this work, we report on a comprehensive analysis of PKI resulting from Certificate Authorities’ (CAs) behavior using over 1300 instances. We found several cases where CAs designed business models that favored the issuance of digital certificates over the guidelines of the CA Forum, root management programs, and other PKI requirements. Examining PKI from the perspective of business practices, we identify a taxonomy of failures and identify systemic vulnerabilities in the governance and practices in PKI. Notorious cases include the “backdating” of digital certificates, the issuance of these for MITM attempts, the lack of verification of a requester’s identity, and the unscrupulous issuance of rogue certificates. We performed a detailed study of 379 of these 1300 incidents. Using this sample, we developed a taxonomy of the different types of incidents and their causes. For each incident, we determined if the incident was disclosed by the problematic CA. We also noted the Root CA and the year of the incident. We identify the failures in terms of business practices, geography, and outcomes from CAs. We analyzed the role of Root Program Owners (RPOs) and differentiated their policies. We identified serial and chronic offenders in the PKI trusted root programs. Some of these were distrusted by RPOs, while others remain being trusted despite failures. We also identified cases where the concentration of power of RPOs was arguably a contributing factor in the incident. We identify these cases where there is a risk of concentration of power and the resulting conflict of interests. Our research is the first comprehensive academic study addressing all verified reported incidents. We approach this not from a machine learning or statistical perspective but, rather, we identify each reported public incident with a focus on identifying patterns of individual lapses. Here we also have a specific focus on the role of CAs and RPOs. Building on this study, we identify the issues in incentive structures that are contributors to the problems. 

   more » « less
3. Why We Failed: Barriers to Participation, Management, and Sustainability of an Immersive Faculty Experience Supporting Graduate Student Professional Development

   Ingram, Ella Lee ; Ellestad, Rachel McCord ; Hixson, Cory ; Williams, Julia M. ( July 2021 , 2021 ASEE Virtual Annual Conference Content Access)

   Failure analysis is central to the work of engineers, and yet we neglect to analyze our failures in the field of engineering education. In this paper, we examine our failure in the development and deployment of an immersive faculty experience for graduate students in engineering education. Professional development is a significant focus of graduate studies. Professional development broadly defined includes any activities supporting the acquisition of skills, knowledge, and abilities relevant to one’s current or desired position. In the context of graduate studies, professional development often involves such activities as conference or workshop attendance, internships or job exploration, mentoring or coaching directed at students, and certification programs. Despite the importance of professional development in graduate school, anecdotal and research-based evidence supports the assertion that graduate students experience professional development unevenly. Whether this unevenness results from intrinsic or extrinsic factors is not established. We investigate the barriers to participation in professional development, with a focus on an immersive faculty internship; however, this work revealed barriers associated with professional development in general and related to specific other types of professional development. We focus on barriers specifically because engineers examine both successes and failures in the effort to improve product design, and because our product—an immersive faculty experience for graduate students—was designed to overcome barriers identified during customary discovery research. For this analysis of failure, we rely on interviews and survey data from varied stakeholders (e.g., graduate students, their mentors, graduate program directors, representatives from grant-giving organizations, and faculty on hiring committees) to identify these barriers. We also share our personal reflections on the challenges associated with this effort. From the data collected from members of the engineering education community, we found that barriers to participation include time spent away from support systems, potential delays in graduation, lack of understanding of the value of professional development, and funding for participating in these opportunities. Graduate students perceive (rightly or wrongly) that their advisors do not support an immersive, off-site professional development experience, perhaps because advisors want graduate students to continue the work important to advisors or the advisors do not consider the experience valuable for cultivating the students’ professional identities. In addition, organizational challenges include facilitating a multi-site experience from a single institution that is subject to both institutional and NSF rules for budgeting. Stakeholders in graduate education have a significant interest in removing barriers to professional development, including opportunities like immersive internships. By doing so, they increase graduate students’ satisfaction with the graduate school experience and improve graduate students’ placement and career success. We connect our failure to both the concept of root cause failure analysis and the literature in organizational change. By doing so, we highlight how failure is an under-appreciated experience in the field of engineering education. 

   more » « less
4. A Blockchain-based Method for Decentralizing the ACME Protocol to Enhance Trust in PKI

   https://doi.org/10.1109/TSP49548.2020.9163555  

   Kfoury, Elie F. ; Khoury, David ; AlSabeh, Ali ; Gomez, Jose ; Crichigno, Jorge ; Bou-Harb, Elias ( July 2020 , 2020 43rd International Conference on Telecommunications and Signal Processing (TSP))

   Blockchain technology is the cornerstone of digital trust and systems’ decentralization. The necessity of eliminating trust in computing systems has triggered researchers to investigate the applicability of Blockchain to decentralize the conventional security models. Specifically, researchers continuously aim at minimizing trust in the well-known Public Key Infrastructure (PKI) model which currently requires a trusted Certificate Authority (CA) to sign digital certificates. Recently, the Automated Certificate Management Environment (ACME) was standardized as a certificate issuance automation protocol. It minimizes the human interaction by enabling certificates to be automatically requested, verified, and installed on servers. ACME only solved the automation issue, but the trust concerns remain as a trusted CA is required. In this paper we propose decentralizing the ACME protocol by using the Blockchain technology to enhance the current trust issues of the existing PKI model and to eliminate the need for a trusted CA. The system was implemented and tested on Ethereum Blockchain, and the results showed that the system is feasible in terms of cost, speed, and applicability on a wide range of devices including Internet of Things (IoT) devices. 

   more » « less
5. Cryptography, Trust and Privacy: It's Complicated

   https://doi.org/10.1145/3511265.3550443  

   Balsa, Ero ; Nissenbaum, Helen ; Park, Sunoo ( November 2022 , 2nd ACM Symposium on Computer Science and Law.)

   Privacy technologies support the provision of online services while protecting user privacy. Cryptography lies at the heart of many such technologies, creating remarkable possibilities in terms of functionality while offering robust guarantees of data confidential- ity. The cryptography literature and discourse often represent that these technologies eliminate the need to trust service providers, i.e., they enable users to protect their privacy even against untrusted service providers. Despite their apparent promise, privacy technolo- gies have seen limited adoption in practice, and the most successful ones have been implemented by the very service providers these technologies purportedly protect users from. The adoption of privacy technologies by supposedly adversarial service providers highlights a mismatch between traditional models of trust in cryptography and the trust relationships that underlie deployed technologies in practice. Yet this mismatch, while well known to the cryptography and privacy communities, remains rela- tively poorly documented and examined in the academic literature— let alone broader media. This paper aims to fill that gap. Firstly, we review how the deployment of cryptographic tech- nologies relies on a chain of trust relationships embedded in the modern computing ecosystem, from the development of software to the provision of online services, that is not fully captured by tra- ditional models of trust in cryptography. Secondly, we turn to two case studies—web search and encrypted messaging—to illustrate how, rather than removing trust in service providers, cryptographic privacy technologies shift trust to a broader community of secu- rity and privacy experts and others, which in turn enables service providers to implicitly build and reinforce their trust relationship with users. Finally, concluding that the trust models inherent in the traditional cryptographic paradigm elide certain key trust relation- ships underlying deployed cryptographic systems, we highlight the need for organizational, policy, and legal safeguards to address that mismatch, and suggest some directions for future work. 

   more » « less