The Weakest Link of Certificate Transparency: Exploring the TLS/HTTPS Configurations of Third-Party Monitors

In order to enhance the accountability of certification authorities (CAs), certificate transparency (CT) is proposed to record CA-signed certificates in public logs. A certificate is accepted by CT-compliant browsers only if it is recorded in the logs, so that any fraudulent certificate will be detected by the domain owner in the public-visible logs. In practice, third-party monitors fetch certificates in the public logs to provide certificate search services, and the domain owner regularly searches all certificates issued for its domain from the third-party monitors to watch for suspicious ones among them. In this paper, we study the links of the CT framework among CAs, browsers, domain owners (or websites), third-party monitors, and log servers, and then analyze the security designs of each link. As an essential link of the CT framework which is proposed against TLS man-in-the-middle (MitM) attacks, the services of a thirdparty monitor shall be protected well against such attacks. We explore the TLS/HTTPS configurations of 8 well-known monitors and find that there are vulnerabilities of TLS MitM attacks. Thus, the attackers might first launch the MitM attacks on the very limited number of third-party monitors on the Internet and return manipulated certificate search results to domain owners, to conceal fraudulent certificates. The overall security guarantees of CT are jeopardized due to the weak protections of third-party monitors.