Researchers review CT adoption and pitfalls at this year’s IEEE Symposium

The Certificate Transparency (CT) project has become a rare case study into how new security measures can be deployed across the web ecosystem with minimal disruption to users – and researchers are now aiming to mirror its success in the rollout of future systems.

Speaking at the IEEE Symposium in San Francisco this week, Chrome security engineer Emily Stark said: “The deployment of CT has gone pretty much unnoticed by end users, and in the process its brought big improvements to the security of the web through accountability and transparency of the issuance of HTTPS certificate.”

“Our hope is that by looking in depth at what has worked, and what has not worked for CT, we can bring out some lessons that can be applied to similar systems in the future.”

Stark was presenting a co-authored paper seeking to measure CT adoption and error rate, predominately through Google Chrome, which has mandated CT since July 2018.

This means that any TLS/SSL certificate issued for Chrome 68 and above must be validated in a public log run by either a Certificate Authority (CA) or browser vendor, making it easier to detect when a certificate is miss-issued or malicious.

For the end user, verified TLS/SSL certificates translate to a padlock icon in the address bar. Websites that do not comply to CT rules result in a security error and warning that the site about to be visited is ‘not secure’.

“If things had gone wrong, [CT deployment] could have resulted in millions – or maybe even billions – of users with these scary error pages on lots of websites across the internet,” Stark explained.

“It’s been this gradual process of deployment.”

Implementation errors

CT was initially standardized in 2013 after a major CA, DigiNotar, issued malevolent certificates for Google domains, sparking the need to revamp the system of trust underpinning the digital certificate protocol.

Stark and her team discovered that over 60% of the web’s HTTPS traffic was now supporting CT, with errors occurring due to poor CA implementation, rather than users simply ignoring the security warnings.

“When we looked at help forum posts we also found that users that encountered these CT errors had an incorrect solution or explanation given to them,” Stark said.

“And, in some cases, users are actually taking destructive action to try to get around these errors, like clearing settings and disabling extensions.”

Government portals and financial services were included in the top 10 Chrome websites that users were encountering CT errors on, Stark said, highlighting the importance of CT compliancy now that the basics of implementation have become more widely adopted.

“When a site is required to support CT, but is not compliant, that is when users see breakage or errors,” Stark said.

“So we have security errors caused by CT on important sites that users are clicking through because they don’t understand why they’re happening or how to fix them.”

Some 99.5% of Chrome sites, however, were CT compliant when required to be, Stark said.

“But even when these CT errors are rare, users are reacting to them badly,” she added. “It is an indicator of users becoming habituated to clicking through security errors.”

Help forum posts additionally revealed 90% of users simply switch to another browser when encountering a CT error.

“And the site works there because the site doesn’t implement CT,” Stark said, noting how the large implementation burden put on browser vendors was one of the pitfalls of effective CT rollout.

“CAs will implement CT when required to, but not all of them will necessarily,” she said. “We have to be mindful of that when implementing future stages of CT enforcement.”

The IEEE Symposium on Security and Privacy continues this week in San Francisco. The Daily Swig will be back with more coverage over the coming days.

RELATED False sense of security? HTTPS is no panacea, researchers warn