An innovative protection against website counterfeiting developed by Princeton researchers went live on the internet Feb. 19, boosting security for hundreds of millions of websites. The rollout was the culmination of over two years of close collaboration between research groups at Princeton and Let's Encrypt, the world's largest certificate authority serving 200 million websites.
The countermeasure plugs a hole – identified by the Princeton team back in 2017 – that malicious actors can exploit to fraudulently obtain “digital certificates.” Issued by organizations like Let’s Encrypt, digital certificates tell users’ computers to “trust” online sites and establish encrypted connections. If cybercriminals get their hands on a certificate, they can pose as the legitimate operators of websites, tricking users into forking over personal information.
Historically, during the validation process in the issuance of digital certificates, certificate authorities have relied on a single internet pathway between themselves and website owners. The Princeton-led countermeasure – dubbed multi-perspective or multiple vantage point verification – does away with this single point of failure by looping in additional internet pathways. The challenge to malicious actors is thus vastly increased. The scammers must intercept requests coming from multiple, disparately located servers – a tall order. Even if they pulled off such a feat, scammers would risk being quickly exposed because of internet traffic disruptions caused by their hijinks.
“It’s a different strategy to have the certificate authority get multiple perspectives before issuing a digital certificate,” said Henry Birge-Lee, a research programmer in Princeton’s electrical engineering and computer science departments who began developing the countermeasure as an undergraduate student at Princeton. “Ultimately, the new countermeasure strengthens the digital certificate issuance process, which helps end users around the world trust that the websites they’ve reached are the genuine, vetted articles.”
During his sophomore year, Birge-Lee began an independent research project on the countermeasure, under the guidance of his teachers Prateek Mittal and Jennifer Rexford, and in collaboration with the graduate students Yixin Sun and Annie Edmundson. Birge-Lee then presented a talk along with a live demonstration of the cybersecurity lapse and its countermeasure at the Privacy Enhancing Technologies Symposium (PETS), a security and privacy conference held in Minneapolis in July 2017.
The founder and chief executive of Let’s Encrypt, Josh Aas, was in attendance that day. Highly intrigued, his nonprofit organization soon reached out to begin a collaboration toward fully developing the countermeasure. Over the subsequent two-plus years, the project team proved the countermeasure’s effectiveness and scalability for deployment. Along the way, the researchers secured key support from the Open Technology Fund, a Washington, D.C.-based nonprofit, and a full paper detailing the countermeasure published at the 27th USENIX Security Symposium in August 2018 in Baltimore, Maryland.
And now, at long last, the countermeasure is ready.
“Princeton University and a major industry player, Let’s Encrypt, came together on this important project to advance the state-of-the-art on website domain validation,” said Mittal, an associate professor of electrical engineering and associated faculty in computer science. “Digital certificates provide the root of trust for most encryption on the internet today, and a breach of that trust can have devastating consequences.”
During the development of the countermeasure, the research team at Princeton, then joined by postdoctoral scholar Liang Wang, had to combine their respective expertise in novel ways. Mittal primarily studies the security of the services that run over the internet, such as the certificate authorities that issue digital certificates to websites. Rexford’s focus is on the security of the underlying internet infrastructure, which involves the routing of traffic from one computer to another. Working with Birge-Lee – who took courses by both professors – and engineers at Let’s Encrypt required team members to think outside these boundaries, just as cybercriminals do.
“This project has really looked across two ‘layers’ of the internet,” said Rexford, the Gordon Y.S. Wu Professor in Engineering and chair of the computer science department. “Adversaries aren’t so thoughtful as to attack only one layer, so to think like an adversary – and to design practical and effective defenses – we have to work across the layers, too, and that’s what happened here.”
The hope is that other certificate authorities will follow Let’s Encypt’s lead, bolstering safety for millions more people who count on the internet for banking, bill payments and other essential activities of daily life.
For Birge-Lee, seeing a kernel of an idea grow into a full-fledged security tool being implemented by the biggest digital certificate authority has been quite a journey.
“It’s definitely a feeling of ‘whoa’,” said Birge-Lee. “I’m overjoyed that what began as an undergraduate project has led to real-world change for millions of internet users out there.”