The Potential of an Individualized Set of trusted CAs: Defending against CA Failures in the Web PKI

The security of most Internet applications relies on underlying public key infrastructures (PKIs) and thus on an ecosystem of certification authorities (CAs). The pool of PKIs responsible for the issuance and the maintenance of SSL certificates, called the Web PKI, has grown extremely large and complex. Herein, each CA is a single point of failure, leading to an attack surface, the size of which is hardly assessable. This paper approaches the issue if and how the attack surface can be reduced in order to minimize the risk of relying on a malicious certificate. In particular, we consider the individualization of the set of trusted CAs. We present a tool called Rootopia, which allows to individually assess the respective part of the Web PKI relevant for a user. Our analysis of browser histories of 22 Internet users reveals, that the major part of the PKI is completely irrelevant to a single user. On a per user level, the attack surface can be reduced by more than 90%, which shows the potential of the individualization of the set of trusted CAs. Furthermore, all the relevant CAs reside within a small set of countries. Our findings confirm that we unnecessarily trust in a huge number of CAs, thus exposing ourselves to unnecessary risks. Subsequently, we present an overview on our approach to realize the possible security gains.