The Impact of the Online Certificate Status Protocol on User Privacy

Abstract

In the current Internet Public Key Infrastructure (PKI), trusted third parties called Certificate Authorities (CAs) issue digitally-signed certificates affirming ownership of a domain. The Online Certificate Status Protocol (OCSP) was introduced to allow applications to verify that a given certificate had not been revoked, by querying an OCSP responder (server). By requiring applications to send unencrypted requests to third-party responders each time they wish to validate a certificate’s status, OCSP is generally understood to present a threat to user privacy, leaking information about user web behavior. Ironically, the publicity of this issue has not led to significant study of the nature and scope of this threat. In this work, we outline and conduct a large-scale measurement of OCSP traffic associated with visits to popular websites. We then use this data to assess the extent to which entities at three levels—CAs, Content Delivery Networks, and ASes—are capable of inferring the destination sites a user visits using passively-observed OCSP traffic. We also consider the ramifications of OCSP privacy leakage in the context of anonymous networks such as Tor, and propose a novel correlation attack that incorporates OCSP traffic.