TrustBase

TrustBase provides certificate-based authentication as an operating system service. TrustBase allows you to:

  • Transparently enforce best practices for certificate validation on all applications.
  • Configure a variety of authentication services to strengthen the CA system.
  • Set policy for how certificate validation should be handled on your machine.

TrustBase currently provides the following plugins:

  • CA Validation Enforces standard certificate validation using openssl functions and standard practices for validating hostnames, Basic Constraints, dates, etc.
  • Whitelist Stores a set of certificates that are always considered valid for their respective hosts, such as self-signed certificates.
  • Certificate Pinning Uses Trust On First Use to pin certificates for any host; expired certificates are replaced by the next certificate received by a connection to that domain.
  • Certificate Revocation
  • Checks OCSP to determine whether the certificate has been revoked.
  • CRLSet Blocking Checks Google’s CRLSet to determine whether the certificate has been blocked, extending Chrome’s protection to all apps.
  • DANE
  • Uses the DNS system to distribute public keys in a TLSA record.
  • Notary Based on ideas presented by Perspectives and Convergence, it connects securely to one or more notary servers to validate the certificate received by the client is the same one that is seen by the notaries.
  • Cipher Suite Auditor Uses Client Hello and Server Hello information, along with a configuration with secure defaults, to disallow weak cipher suites. It can also require that certain TLS extensions be employed (e.g., TACK).
USENIX Security Paper

The current state of certificate-based authentication is messy, with broken authentication in applications and proxies, along with serious flaws in the CA system. To solve these problems, we design TrustBase, an architecture that provides certificate-based authentication as an operating system service, with system administrator control over authentication policy. TrustBase transparently enforces best practices for certificate validation on all applications, while also providing a variety of authentication services to strengthen the CA system. We describe a research prototype of TrustBase for Linux, which uses a loadable kernel module to intercept traffic in the socket layer, then consults a userspace policy engine to evaluate certificate validity using a variety of plugins. We evaluate the security of TrustBase, including a threat analysis, application coverage, and hardening of the Linux prototype. We also describe prototypes of TrustBase for Android and Windows, illustrating the generality of our approach. We show that TrustBase has negligible overhead and universal compatibility with applications. We demonstrate its utility by describing eight authentication services that extend CA hardening to all applications.

Mark O'Neill, Scott Heidbrink, Scott Ruoti, Jordan Whitehead, Dan Bunker, Luke Dickinson, Travis Hendershot, Joshua Reynolds, Kent Seamons, and Daniel Zappala, TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication, USENIX Security, August 2017.

Code