Web Spoofing Revisited: SSL and Beyond

Abstract

Can users believe what their browsers tell them? Even sophisticated Web users decide whether or not to trust a server based on browser cues such as location bar information, SSL icons, SSL warnings, certificate information, and response time. In their seminal work on Web spoofing, Felten et al showed how, in 1996, a malicious server could forge some of these cues. However, this work used genuine SSL sessions, and Web technology has evolved much since 1996. The Web has since become the pre-eminent medium for electronic service delivery to remote users, and the security of many commerce, government, and academic network applications critically rests on the assumption that users can authenticate the servers with which they interact. This situation raises the question: is the browser-user communication model today secure enough to warrant this assumption? In this paper, we answer this question by systematically showing how a malicious server can forge every one of the above cues. Our work extends the prior results by examining contemporary browsers, and by forging all of the SSL information a client sees, including the very existence of an SSL session (thus providing a cautionary tale about the security of one of the most common applications of PKI). We have made these techniques available for public demonstration, because anything less than working code would not convincingly answer the question. We also discuss implications and potential countermeasures, both short-term and long-term