The change centers on how web browsers and operating systems verify a website’s identity when establishing a secure connection. They rely on third party organizations known as certification authorities, who issue digital certificates of authenticity based on a website owner’s ability to demonstrate legitimate control over the website domain, usually by embedding a random value that the certification authority has provided.
The Princeton team, led by professors Prateek Mittal and Jennifer Rexford, showed that bad actors could easily sidestep those hurdles to obtain a fraudulent certificate for a website they do not legitimately control. The scheme took less than a minute to pull off using a laptop. And it could target any website on the internet. Users had no way to spot the fraud since the certificates were real, even if their underlying facts had been forged. With a fraudulent certificate, criminals could attack users and route traffic to fake sites without anyone knowing.
That raised the specter of worst-case scenarios, according to Ryan Dickson and Chris Clements, cybersecurity experts at Google Chrome who helped usher in the new Princeton standard.
“Imagine somehow a bad actor getting between you and your news site,” Dickson said. “And it fraudulently claims there’s an imminent natural disaster and people must begin evacuating their area.”
In the old system, the fake site would look every bit as legitimate as the real one. The bad actor could wreak havoc. “The harm to society could be catastrophic,” he said.
Virtually all the internet’s billions of daily interactions, from social media posts to bill payments to intergovernmental document transfers, were subject to this fraud.
By adopting the Princeton standard, certification authorities have agreed to verify each website from multiple vantage points rather than only one — a deceptively simple-sounding solution that has taken more than five years to refine for broad adoption.
From good idea to practical innovation
The fraud scheme was first uncovered in a 2017 study by Henry Birge-Lee, an undergraduate student at the time, working with Mittal and Rexford. Birge-Lee demonstrated the scheme at an academic conference that year.
Josh Aas, founder and chief executive of Let’s Encrypt, the world’s largest certification authority, was the keynote speaker at that same conference and happened to see Birge-Lee’s presentation. He immediately recognized the urgency of the situation.
“When I saw the presentation demonstrating the attack, it made a lot of sense and I knew we’d want to take action to fix it,” Aas said. “We started working with the Princeton team shortly thereafter and it’s been a productive partnership since.”
The Princeton team introduced a technical solution in a follow-up 2018 paper. And they collaborated with Aas to implement the solution in his organization’s real systems, ultimately deploying it starting in 2020.
Mittal, a professor of electrical and computer engineering, said that Let’s Encrypt’s involvement was pivotal in the evolution of the project. The organization not only proved that the solution worked at scale, it also showed that the solution was reasonably affordable. Let’s Encrypt also demonstrated that collaborating with the Princeton team was valuable in bringing the technology to the world.
That played a deciding role in convincing the wider cybersecurity community that the benefits of adopting the new approach were worth the costs, according to people involved in the process.
To adopt the new approach as a universal standard, it had to go before a consortium of the internet’s most important security organizations, called the Certification Authority/Browser Forum. This consortium includes tech giants like Apple, Google, Microsoft and Mozilla, as well as 55 certification authorities. The group made more than a thousand edits to their governing document. Every word change became a negotiation. In the end, the voting members reached unanimous agreement.
Mittal said this work, although not typical of academics, was crucial in giving their research a chance to make a difference in real lives. It wasn’t as simple as finding the problem and proposing a solution. It took a sustained effort, convincing powerful people again and again over many years. “We had to do the missionary work,” he said.
One decisive minute, years in the making
By December 2022, the Princeton team working on this problem had grown. In addition to Birge-Lee, Mittal and Rexford, who is Princeton’s provost and the Gordon Y. S. Wu Professor in Engineering, the group included Ph.D. student Grace Cimaszewski; Liang Wang, an associate research scholar; and Mihir Kshirsagar, technology policy clinic lead for Princeton’s Center for Information Technology Policy and a lecturer in the Keller Center.
The Princeton and Let’s Encrypt teams convened a face-to-face meeting, inviting dozens of the world’s leading encryption experts to discuss the internet’s most urgent vulnerabilities. Among the problems discussed: the single-source loophole described in Birge-Lee’s 2017 paper.
At one point, Birge-Lee and Cimaszewski demonstrated their attack live, exploiting the loophole using tools that group had developed, before their very eyes. It took practically no time at all.
“Everyone was surprised how easy it was,” Cimaszewski said. “And how quick it was.”
Ryan Dickson, representing Google Chrome’s interests, was bowled over.
“I remember walking away with this real sense of urgency,” Dickson said. On the drive home from the meeting, he called his Google colleague Chris Clements, who works on the same class of problems. “The general tone of that call was like, we just spent two days talking about an active internet vulnerability. I know it’s a problem and I know we need to solve it.”
With years of data from Let’s Encrypt, technical expertise from the Princeton team, and the motivation to fix this problem not only for Chrome users but for the entire internet, Dickson and Clements spent the next two years leading a process for the CA/Browser Forum that several of the participants compared to passing difficult legislation. The Princeton team’s ability to clarify the problem and simplify the solution was essential throughout that process.
“At no point did people say, ah, but this is not real, this is not a likely outcome,” Dickson said. “And I think largely that’s because [Birge-Lee and Cimaszewski] showed it happen in real time.”