IPSJ SIG Technical Report Vol.2017-CSEC-78 No.28 Vol.2017-SPT-24 No /7/14 TLS 1,a) 1,2,b) 1,c) Web SSL/TLS http Web Web Web SSL/TLS Web Web SSL

TLS 1,a) 1,2,b) 1,c) Web SSL/TLS http Web Web Web SSL/TLS Web Web SSL/TLS (1) Web Web (2) 3 (3) 3 Web TLS TLS Hiroshi Yamamoto 1,a) Masayuki Okada 1,2,b) Akira Kanaoka 1,c) 1. 1 (Single Point Of Failure) SPoF 1 Toho University 2 Japan Network Information Center a) 6516007m@nc.toho-u.ac.jp b) okadams@nic.ad.jp c) akira.kanaoka@is.sci.toho-u.ac.jp CPU (NIC) Web (Load Balancer) Global Server Load Balance(GSLB) GSLB Web Web http Web Web 1

https SSL/TLS https(ssl/tls) PKI SSL/TLS SSL/TLS Web Web (Certificate Policy) (Certificate Practice Statement) Web SPoF SPoF (Server Certificate Revocation Fault Tralance/SCRF T) SCRFT Linux/LVS Apache Web Web 2. Internet Society ISOCDeploy 360 Deploy 360 2014 Google [1] Deploy360 Gmail SSL Always On SSL/AOSSL) 2016 10 Google Chrome http [2] Chrome 2017 1 Chrome56 http http 2016 Online Trust Alliance(OTA) AOSSL [3]OTA Web 30% AOSSL Web Google, Microsoft, PayPal, Symantec, Face book and Twitter AOSSL http https HTTP Strict Transport Security(HSTS/RFC6797)[4] HSTS https http https http URL Rewrite http (Man In The Middle MITM) HSTS http https URI MITM AOSSL https http AOSSL [5] Web SSL/TLS Ralph [6] SMTPS/IMAPS/IRC over TLS 30% 60% 2

Web AOSSL Yahoo!JAPAN[7] AOSSL 2016 4 2017 3 AOSSL SSL/TLS AOSSL 3. Web TLS Web SSL/TLS http Web Web Web SSL/TLS Web 3.1 Let s Encrypt Web SSL/TLS CSR (Certification Authority) Web SSL/TLS Web SSL/TLS Let s Encrypt Let s Encrypt 1 90 Let s Encrypt Let s Encrypt ISRG(Internet Security Research Group) (Cisco Systems) Akamai (Electronic Frontier Foundation) (Mozilla Foundation) ISRG Let s Encrypt 2016 4 200 3.2 Web TLS Web SSL/TLS ( 1 ) Web Web ( 2 ) 3 ( 3 ) 3 3.2.1 [8] Web 3.2.2 3 3 DigiNotar 2011 9 5 ComodoHacker Web [9] DigiNotar 2011 9 20 3 3.2.3 3 (WoSign) 3

[10] WoSign Web 1 Firefox WoSign 3 3.3 (Certificate Transparency) 3.2 Google CT(Certificate Transparency) 3.3.1 CT CT 2013 RFC 6962(Experimental) CT 3 CT CT SCT(Signed Certificate Timestamp) CT SCT CT CT CT 3.3.2 CT CT CT 4. Web SSL/TLS Web SSL/TLS 4.1 3.3 CT CT 4.2 4.3 4.4 2 4.4.1 1 1 1 1 EV 1 TLS TLS 4

4.4.2 Apache Nginx Microsoft IIS 1 1 1 5. 4 4 SPoF 5.1 ( 1 ) SPoF ( 2 ) 1 TLS SPoF ( 3 ) 1 1 TLS SPoF ( 4 ) DNS DNS DNS DNS SPoF 5.2 1 2 ( 1 ) 5

2 (1) SPoF (2) (3) (4) DNS 1 6. 5 6.1 Web 2 VMware ESXi 3 OS CPU RAM 3 LVS Linux(Ubuntu 16.04 LTS) 1vCPU 1024MB (Lazy zeroed) 20GB 1 (1) ( 2 ) 1 1 2 2 https 2 (2) ( 3 ) CRL(Certificate Revovation List) CRL ( 4 ) 1 6.2 5.2 ( ) ( ) Cron 7. Apache Bench Requests per second 3 Apache Bench 1000 1 100 ( 1 ) LVS Apache Bench ( 2 ) LVS Apache Bench ( 3 ) LVS Web Web Apache Bench (1) (2) (3) LVS 6

8. 3 LVS Apache Behcn 4 LVS Apache Behcn 5 Apache Bench 4 5 6 4 5 (1) 1 Requests per second 283.47 (2) 242.41 Requests per second 4 (1) 4 610.6 (2) 608.2 (2) (3) LVS 8.1 ( 1 ) ( 2 ) ( 3 ) DNS (1) Web Apache Nginx (2) CRL (1) (1) Web (1) (3) DNS IP A CNAME DNS Web DNS Round Trip Time DNS TimeToLive(TTL DNS DNS 7

(1) (2) (3) 8.2 CRL CRL Web CRL CRL CRL CRL CA CRL CRL 8.3 Web Web Common Name(CN) CA CN CA CA Web CN CN CN Web 9. DNS AOSSL [1] ISOC http://www.internetsociety.org/deploy360/blog/2014/ 03/google-now-always-using-tlsssl-for-gmailconnections/ Google is Now Always Using TLS/SSL Google Chrome Root ca Policy https://www.chromium.org/home/chromiumsecurity/root-ca-policy Removal of Trust Root CA [2] Google Security Blog Moving towards a more secure web https://security.googleblog.com/2016/09/movingtowards-more-secure-web.html [3] Online Trust Alliance https://otalliance.org/resources/always-ssl-aossl Always On SSL(AOSSL) [4] HTTP Strict Transport Security (HSTS) RFC6797 https://www.rfc-editor.org/info/rfc6797 [5] Bootstrap MITM Vulnerability https://tools.ietf.org/html/rfc6797#section-14.6 [6] TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication [7] Yahoo!JAPAN AOSSL https://about.yahoo.co.jp/info/aossl/index.html [8] JPNICWeb.JP- NIC. https://www.nic.ad.jp/ja/topics/2016/20160804-01.html, ( 2016-08-04) [9].Joe s.http://joes.co.jp/2011/09/21/is-globalsignreally-safe-newsletter-2011-09/, ( 2011-09-21) [10] WoSign.Gigazine. http://gigazine.net/news/20160928-wosignfirefox-block/, ( 2016-09-01) Web SSL/TLS (Always On SSL/AOSSL) AOSSL Single Point of Failure AOSSL Let s Encrypt AOSSL Web SSL/TLS 8