Search

EP-4449672-B1 - DEFENDING WEB BROWSERS AGAINST MAN-IN-THE-MIDDLE ATTACKS

EP4449672B1EP 4449672 B1EP4449672 B1EP 4449672B1EP-4449672-B1

Inventors

  • LEIBOVICH, ROI
  • LESHENKO, Nikita
  • DALAL, Ron
  • Amiga, Dan

Dates

Publication Date
20260506
Application Date
20221214

Claims (3)

  1. A computer network security method comprising: configuring a web browser (100) with a capability of determining whether a root certificate authority appears in a first list of trusted root certificate authorities (108) that is maintained by an operating system (106) of a host computer (102) that hosts the web browser; configuring the web browser with a capability of determining whether the root certificate authority was included in the first list at the time that the operating system was installed on the host computer or was thereafter included in the first list by the operating system; configuring the web browser with a capability of determining whether the root certificate authority appears in a second list of trusted root certificate authorities (116) that is provided to the web browser by an administrator (114); configuring the web browser to determine whether a certificate meets predefined invalidation criteria (118), wherein the predefined invalidation criteria includes the following criteria: the certificates' root certificate authority was not included in the first list at the time that the operating system was installed on the host computer, or was not included in the first list by the operating system after the operating system was installed on the host computer; and configuring the web browser to cease to communicate with a party that provided the certificate to the web browser responsive to the web browser determining that the certificate meets the predefined invalidation criteria.
  2. The computer network security method according to claim 1 and further comprising configuring the web browser to validate the certificate and thereafter determine whether the certificate meets the predefined invalidation criteria.
  3. The computer network security method according to any one of claims 1 or 2, wherein the predefined invalidation criteria further includes one or more of the following criteria: the certificate's root certificate authority does not appear in the first list; and the certificate's root certificate authority does not appear in the second list.

Description

BACKGROUND Computer network communications are often secured through the use of encryption and decryption keys and certificates issued by certificate authorities, such as those used by the Hypertext Transfer Protocol Secure (HTTPS) which employs the Transport Layer Security (TLS) or the Secure Sockets Layer (SSL) protocols. In accordance with such protocols, a certificate that is provided by a computer server to a web browser is validated by the web browser by tracing the certificate to a root certificate authority, typically along a chain of intermediate certificate authorities, and authenticating digital signatures provided by each certificate authority along the chain. Web browsers are supported in this task by consulting lists of "trusted" root certificate authorities that are maintained by the web browser, the operating system of the computer that hosts the web browser, or both. Unfortunately, existing systems are vulnerable to malicious actors that manipulate such lists, such as in support of man-in-the-middle attacks. Zhang Yiming et al: "Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem", PROCEEDINGS OF THE 32ND CONFERENCE ON L'INTERACTION HOMME-MACHINE, New York, November 2021, pages 1373-1387, XP058942345, discloses a client-side view of hidden root certificate authorities in the Web PKI ecosystem. SUMMARY In an aspect of the invention a computer network security method is provided, including configuring a web browser with a capability of determining whether a root certificate authority appears in a first list of trusted root certificate authorities that is maintained by an operating system of a host computer that hosts the web browser, configuring the web browser with a capability of determining whether the root certificate authority was included in the first list at the time that the operating system was installed on the host computer or was thereafter included in the first list by the operating system, configuring the web browser with a capability of determining whether the root certificate authority appears in a second list of trusted root certificate authorities that is provided to the web browser by an administrator, configuring the web browser to determine whether a certificate meets predefined invalidation criteria; and configuring the web browser to cease to communicate with a party that provided the certificate to the web browser responsive to the web browser determining that the certificate meets the predefined invalidation criteria. In some examples, the computer network security method further includes configuring the web browser to validate the certificate and thereafter determine whether the certificate meets the predefined invalidation criteria. The predefined invalidation criteria includes following criteria: the certificate's root certificate authority was not included in the first list at the time that the operating system was installed on the host computer, or was not included in the first list by the operating system after the operating system was installed on the host computer. BRIEF DESCRIPTION OF THE DRAWINGS Aspects of the invention will be understood and appreciated more fully from the following detailed description taken in conjunction with the appended drawings in which: Fig. 1A is a simplified conceptual illustration of a system for defending web browsers against man-in-the-middle attacks, constructed and operative in accordance with an embodiment of the invention;Fig. 1B is a simplified flowchart diagram of an exemplary method for use with the system of Fig. 1A, operative in accordance with an embodiment of the invention, andFig. 1C is a simplified conceptual illustration of a reporting system for use with the system of Fig. 1A, operative in accordance with an embodiment of the invention. DETAILED DESCRIPTION Reference is now made to Fig. 1A, which is a simplified conceptual illustration of a system for defending web browsers against man-in-the-middle attacks, constructed and operative in accordance with an embodiment of the invention, and additionally to Fig. 1B, which is a simplified flowchart diagram of an exemplary method for use with the system of Fig. 1A, operative in accordance with an embodiment of the invention. In the system of Fig. 1A and method of Fig. 1B, a web browser 100 is configured to incorporate the functionality of conventional web browsers, such as those based on the Google™ ChromiumTM architecture, and is additionally configured to operate as is described hereinbelow. Web browser 100 may be hosted by any computing device, such as by a host computer 102 that is connected to a computer network 104, such as the Internet. An operating system 106 of host computer 102 is configured to maintain a list 108 of trusted root certificate authorities in accordance with conventional techniques, such as where the root certificate authorities are issuers of certificates that may be validated in accordance with the Transport