Full paper will be presented at the 40th IEEE Symposium on Security and Privacy on May 20-22, 2019 at San Francisco (CA).

Abstract

HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that ensures the confidentiality and integrity of communication and enables client/server authentication. However, HTTPS is based on the SSL/TLS protocol suites that have been shown to be vulnerable to various attacks in the years. This has required fixes and mitigations both in the servers and in the browsers, producing a complicated mixture of protocol versions and implementations in the wild, which makes it unclear which attacks are still effective on the modern Web and what is their import on web application security. In this paper, we present the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities. We specify attack conditions against TLS using attack trees and we crawl the Alexa Top 10k to assess the import of these issues on page integrity, authentication credentials and web tracking. Our results show that the security of a consistent number of websites is severely harmed by cryptographic weaknesses that, in many cases, are due to external or related-domain hosts. This empirically, yet systematically demonstrates how a relatively limited number of exploitable HTTPS vulnerabilities are amplified by the complexity of the web ecosystem.

graph

An anonymized top Alexa website (central circle) and its sub-domains (gray, on the right) and dependencies (white, with arrows). The website is entirely deployed over HTTPS, but becomes insecure due to three vulnerable sub-domains and three vulnerable dependencies (striped circles).

Experimental Results

We crawled the first 10,000 websites according to the Alexa top 1M list (retrieved on July 20, 2018) served over HTTPS. Their sub-resources and related domains added up to 90,816 more hosts that underwent a vulnerability analysis, completed at the beginning of August 2018. We discovered TLS vulnerabilities in 5,574 hosts (5.5%):

As a consequence of these cryptographic vulnerabilities, we found that:

Credits