Skip to main content
SpringerLink
Log in

Tracking adoption of revocation and cryptographic features in X.509 certificates

  • regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

SSL certificates hold immense importance when it comes to the security of the WebPKI. The trust in these certificates is driven by the strength of their cryptographic attributes and the presence of revocation features. In this paper, we perform a historical measurement study of cryptographic strength and the adoption of revocation mechanisms in the X.509 SSL certificates. In particular, it provides a real-world picture of the adoption of new certificate features and pushing new changes to the WebPKI ecosystem. We analyze the features like Online Certificate Status Protocol (OCSP) Stapling, RSA public key collisions, and the strength of certificate serial numbers. We observe the improvement in the adoption and reliability of these features for 2011–2020. Our analysis helps in identifying weaknesses and negligence in certificate issuance practices of Certificate Authorities such as lack of revocation, weak serial numbers, and issuance of the same public key across different certificates for different entities on the web known as the public key collision problem. Our results show that there is an overall increase of up to 97% in the adoption of OCSP-Stapling and OCSP extensions. Along with this, there are also significant improvements in the certificate serial number length with the top 6 CAs in our dataset issuing the majority of certificates with serial byte count greater than 30. We also discovered 803 public key collision sets in our dataset. To distinguish public key collisions, we provide a working criterion to distinguish permissible, safe collisions from unsafe, risky ones. Analysis of these features holds immense importance as weakness in any of these features could allow an adversary to forge certificate(s) and conduct several attacks examples of which include Flame malware, breach of the DigiNotar and Comodo certificate authorities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://www.ietf.org/.

  2. RFC 7633 does not mention the name Must-Staple and hence can cause some confusion.

  3. https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.8.pdf.

  4. https://heartbleed.com/.

  5. https://opendata.rapid7.com/about/.

  6. https://www.rapid7.com/research/project-sonar/.

  7. https://www.lifewire.com/pem-file-4147928.

  8. https://www.mongodb.com/.

  9. https://www.tbs-certificates.co.uk/FAQ/en/604.html.

  10. https://geotrust.tbs-certificates.co.uk/index.html.en.

  11. https://www.geeksforgeeks.org/runs-test-of-randomness-in-python/.

  12. https://www.abetterinternet.org/.

  13. https://www.educba.com/digital-signature-algorithm/.

  14. https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/.

  15. https://www.geocerts.com/symantec-ssl-certificates.

References

  1. Huang, L.S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged ssl certificates in the wild. In: 2014 IEEE Symposium on Security and Privacy, pp. 83–97 (2014)

  2. NameCheap: What is an SSL certificate and what is it used for? (2019). https://www.namecheap.com/support/knowledgebase/article.aspx/786/33/what-is-an-ssl-certificate-and-what-is-it-used-for/?utm_source=CJ&utm_medium=Affiliate&utm_campaign=6161663&ref=cj&affnetwork=cj&cjevent=b88fb9ae162111ec835202860a18050e. Accessed 05 Oct 2021

  3. Gañán, C., Muñoz, J.L., Esparza, O., Mata-Díaz, J., Alins, J.: Impact of the revocation service in PKI prices. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security, pp. 22–32. Springer, Berlin, Heidelberg (2012)

  4. Hallam-Baker, P., Chadwick, D.W.: Web PKI operations: revocation and status. Technical report, Internet Engineering Task Force (2014). https://datatracker.ietf.org/doc/html/draft-wpkops-revocation-00. Work in Progress

  5. Huston, G.: Revocation: is there a better way to secure certificates? APNIC Blog (2020). https://blog.apnic.net/2020/03/16/revocation-is-there-a-better-way-to-secure-certificates/. Accessed 10 Sept 2021

  6. Szalachowski, P., Chuat, L., Lee, T., Perrig, A: Ritm: revocation in the middle. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS) (2016). http://dx.doi.org/10.1109/ICDCS.2016.91

  7. Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., Cooper, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (2008). https://doi.org/10.17487/RFC5280. https://rfc-editor.org/rfc/rfc5280.txt

  8. Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 internet public key infrastructure online certificate status protocol-ocsp. RFC 6960, RFC Editor (2013). http://www.rfc-editor.org/rfc/rfc6960.txt

  9. Rajakumar, J., Subrahmanya, K.N.: Overview of tls certificate revocation mechanisms. Int. J. Adv. Res. Comput. Sci. 10(3) (2019)

  10. Berbecaru, D., Lioy, A., Marian, M.: Security aspects in standard certificate revocation mechanisms: a case study for ocsp. In: Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications, pp. 484–489 (2002). https://doi.org/10.1109/ISCC.2002.1021719

  11. Corda: Certificate revocation and expiry (2017). https://www.corda.net/blog/certificate-revocation-and-expiry/. Accessed 15 Sept 2021

  12. Huang, L. S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged SSL certificates in the wild. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP ‘14, pp. 83–97. IEEE Computer Society, USA (2014). https://doi.org/10.1109/SP.2014.13

  13. Common SSL Attacks: SSL & TLS Key Vulnerability. Venafi. https://www.venafi.com/education-center/ssl/common-ssl-attacks. Accessed 15 Sept 2021

  14. Pierluigi, P.: How Cybercrime Exploits Digital Certificates. Infosec Resources (2014). https://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/. Accessed 15 Sept 2021

  15. Adams, C., Lloyd, S.: Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd edn. Addison-Wesley Longman Publishing Co., Inc, New York (2002)

    Google Scholar 

  16. Venafi: How does PKI work. https://www.venafi.com/education-center/pki/how-does-pki-work. Accessed 15 Sept 2021

  17. Benantar, M.: Access Control Systems: Security. Identity Management and Trust Models. Springer, Berlin, Heidelberg (2005)

    MATH  Google Scholar 

  18. Munindar, P.: Singh: The Practical Handbook of Internet Computing. CRC Press Inc, New York (2004)

    Google Scholar 

  19. Yu, J., Ryan, M: Chapter 7–Evaluating Web PKIs. In: Mistrik, I., Bahsoon, R., Ali, N., Heisel, M., Maxim, B (eds) Software Architecture for Big Data and the Cloud, pp. 105 – 126. Morgan Kaufmann, Boston (2017). https://doi.org/10.1016/B978-0-12-805467-3.00007-7. http://www.sciencedirect.com/science/article/pii/B9780128054673000077

  20. Vanderburg, E.: A Certified Lack of Confidence: The Threat of Rogue Certificate Authorities. TCDI (2012). https://www.tcdi.com/the-threat-of-rogue-certificate-authorities/. Accessed 08 May 2020

  21. Wang, J.: The prediction of serial number in OpenSSL‘s X.509 certificate. Security and Communication Networks 2019 (2019)

  22. Ness, J.: Flame malware collision attack explained. Microsoft Security Response Center (2012). https://blogs.technet.microsoft.com/srd/2012/06/06/flame-malware-collision-attack-explained/. Accessed 10 Sept 2021

  23. Dennis Fisher: DigiNotar Says Its CA Infrastructure Was Compromised. Threatpost (2011). https://threatpost.com/diginotar-says-its-ca-infrastructure-was-compromised-083011/75594/. Accessed 15 Sept 2021

  24. Comodo Cybersecurity Blog: Comodo SSL Affiliate The Recent RA Compromise (2011). https://blog.comodo.com/other/the-recent-ra-compromise/. Accessed 15 Oct 2020

  25. Wang, W.: Comodo Forums Hack Exposes 245,000 Users’ Data-Recent vBulletin 0-day Used. The Hacker News (2019). https://thehackernews.com/2019/10/Comodo-vbulletin-hacked.html. Accessed 20 Apr 2020

  26. Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J, Beekman, J., Payer, M., Paxson, V.: The matter of heartbleed. In: IMC 2014—Proceedings of the 2014 ACM, Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 475–488. Association for Computing Machinery (2014). https://doi.org/10.1145/2663716.2663755

  27. Russell, A.: What is an X.509 certificate? SSL.COM (2019). https://www.ssl.com/faqs/what-is-an-x-509-certificate/. Accessed 03 Mar 2020

  28. Laurie, B., Langley, A., Kasper, E: Certificate Transparency. RFC 6962 (2013). https://doi.org/10.17487/RFC6962. https://rfc-editor.org/rfc/rfc6962.txt

  29. Transparency, C.: How certificate transparency works http://www.certificate-transparency.org/how-ct-works. Accessed 1 Sept 2021

  30. Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, Arjen K., Molnar, D., Osvik, D.A., Weger, B.: MD5 considered harmful today, creating a rogue CA certificate (2008)

  31. Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for md5 and the creation of a rogue ca certificate. In: Halevi, S. (ed) Advances in cryptology-CRYPTO 2009, pp. 55–69. Springer, Berlin, Heidelberg (2009)

  32. Keyfactor: What is the Certificate Chain of Trust? (2020). https://www.keyfactor.com/blog/certificate-chain-of-trust/. Accessed 24 Aug 2021

  33. Grimes, R.A.: Revoke certificates when you need to—the right way. CSO United States (2014). https://www.csoonline.com/article/2607448/revoke-certificates-when-you-need-to----the-right-way.html. Accessed 21 Mar 2020

  34. Munoz, J. L., Forne, J., Castro, J. C.: Evaluation of certificate revocation policies: OCSP vs. Overissued-CRL. In: Proceedings. 13th International Workshop on Database and Expert Systems Applications, pp. 511–515 (2002). https://doi.org/10.1109/DEXA.2002.1045949

  35. Chen, L., Yi, M., Susilo, W.: Information Security Practice and Experience: 4th International Conference, ISPEC 2008 Sydney, Australia, April 21–23, 2008 Proceedings, vol. 4991. Springer (2008)

  36. Slagell, A. J., Bonlia, R.: PKI scalability issues. CoRR cs.CR/0409018 (2004). http://arxiv.org/abs/cs.CR/0409018

  37. CodeNotary: The Failure of the Certificate Revocation List (CRL) SHAttered: Cracks in Certificate Revocation List Protocols and How to Move Beyond Their Limitations. https://www.codenotary.com/blog/the-failure-of-the-certificate-revocation-list-crl/. Accessed 05 May 2020

  38. Peter, C.: Gutmann: PKI: it’s not dead, just resting. Computer 35(8), 41–49 (2002). https://doi.org/10.1109/MC.2002.1023787

  39. Samoshkin, A.: SSL certificate revocation and how it is broken in practice. Medium (2018). https://medium.com/@alexeysamoshkin/how-ssl-certificate-revocation-is-broken-in-practice-af3b63b9cb3. Accessed 08 May 2020

  40. Kim, D., Jun, B., Kristián, K., Christopher, K., Tudor, G, Dumitras: The Broken Shield: Measuring revocation effectiveness in the windows code-signing PKI. In: 27th USENIX Security Symposium (USENIX Security 18). pp. 851–868. USENIX Association, Baltimore, MD (2018). https://www.usenix.org/conference/usenixsecurity18/presentation/kim

  41. Eastlake, D.E.: Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066 (2011). https://doi.org/10.17487/RFC6066. https://rfc-editor.org/rfc/rfc6066.txt

  42. Hanno‘s Blog: The problem with OCSP Stapling and Must Staple and why Certificate Revocation is still broken (2017). https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html. Accessed 09 Mar 2020

  43. Gruschka, N.: CA Authorization: Fixing a problem or Shifting it Elsewhere? (2018). https://wiki.uio.no/mn/ifi/AFSecurity/images/a/a8/AFSec20180227-Gruschka-UiO.pdf

  44. Chung, T., Lok, J., Chandrasekaran, B., Choffnes, D., Levin, D., Maggs, B., Alan, M., John, M., Nick, R., Christo, S., Wilson: Is the web ready for OCSP Must-Staple? In: Proceedings of the Internet Measurement Conference 2018, IMC ’18, p. 105-118. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3278532.3278543

  45. Hallam-Baker, P.: X.509v3 Transport Layer Security (TLS) Feature Extension. RFC 7633 (2015). https://doi.org/10.17487/RFC7633. https://rfc-editor.org/rfc/rfc7633.txt

  46. Helme, S.: OCSP Must-Staple. Scott Helme Blog (2017). https://scotthelme.co.uk/ocsp-must-staple/. Accessed 21 Apr 2020

  47. Docs, M.: Microsoft Security Advisory 2982792: Improperly Issued Digital Certificates Could Allow Spoofing (2014). https://docs.microsoft.com/en-us/security-updates/securityadvisories/2014/2982792. Accessed 15 Oct 2020

  48. The H Security: Trustwave issued a man-in-the-middle certificate (2012). http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html

  49. Clark, J., Van Oorschot, P. C.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: 2013 IEEE Symposium on Security and Privacy, pp. 511–525 (2013). https://doi.org/10.1109/SP.2013.41

  50. Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC ‘11, pp. 427–444. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2068816.2068856

  51. CA/Browser Forum: Information for Site Owners and Administrators. https://cabforum.org/information-for-site-owners-and-administrators/. Accessed 05 Aug 2020

  52. Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC ‘13, pp. 291–304. ACM, New York (2013). https://doi.org/10.1145/2504730.2504755

  53. Hoffman, P.E., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698 (2012). https://doi.org/10.17487/RFC6698. https://rfc-editor.org/rfc/rfc6698.txt

  54. Rose, S., Larson, M., Massey, D., Austein, R., Arends, R: DNS security introduction and requirements. RFC 4033 (2005). https://doi.org/10.17487/RFC4033. https://rfc-editor.org/rfc/rfc4033.txt

  55. Internet Society: The DANE Protocol–DNS-Based Authentication of Named Entities. https://www.internetsociety.org/resources/deploy360/dane/. Accessed 04 Jan 2021

  56. Kumar, D., Wang, Z., Hyder, M., Dickinson, J., Beck, G., Adrian, D., Mason, J., Durumeric, Z., Halderman, J.A., Bailey, M.: Tracking certificate misissuance in the wild. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 288–301 (2018). https://doi.org/10.1109/SP-2018.00015

  57. Zhang, L., Choffnes, D., Levin, D., Dumitras, T., Mislove, A., Schulman, A., Wilson, C: Analysis of SSL certificate reissues and revocations in the wake of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, IMC ‘14, pp. 489–502. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2663716.2663758

  58. Hastings, M., Fried, J., Heninger, N.: Weak keys remain widespread in network devices. In: Proceedings of the 2016 Internet Measurement Conference, IMC ’16, pp. 49-63. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2987443.2987486

  59. Kilgallin, J., Vasko, R.: Factoring rsa keys in the IoT era. In: 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 184–189 (2019)

  60. Delignat-Lavaud, A., Abadi, M., Birrell, A., Mironov, I., Wobber, T., Xie, Y.: Web pki: closing the gap between guidelines and practices. In: NDSS (2014)

  61. Rapid7: Rapid7 Labs-SSL Certificates. https://opendata.rapid7.com/sonar.ssl/. Accessed 17 Oct 2020

  62. Amazon Web Services, I.: Alexa top sites. https://aws.amazon.com/alexa-top-sites/. Accessed 17 Sept 2018

  63. CA/Browser Forum: Baseline Requirements Documents (SSL/TLS Server Certificates) (2020). https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.7.0-1.pdf. Accessed 13 Sept 2021

  64. Charette, R.N.: DigiNotar Certificate Authority Breach Crashes e-Government in the Netherlands. IEEE Spectrum (2011). https://spectrum.ieee.org/riskfactor/telecom/security/diginotar-certificate-authority-breach-crashes-egovernment-in-the-netherlands. Accessed 09 Sept 2018

  65. Ballot 164-Certificate Serial Number Entropy (2016). https://cabforum.org/2016/03/31/ballot-164/. Accessed 04 Apr 2020

  66. Neil, M.: Details of the february 22nd 2013 Windows Azure storage disruption. Microsoft Azure (2013). https://azure.microsoft.com/en-ca/blog/details-of-the-february-22nd-2013-windows-azure-storage-disruption/. Accessed 20 May 2020

Download references

Acknowledgements

This work is supported by National Centre for Cyber Security (NCCS) Blockchain Security Lab, ITU, Pakistan.

Author information

Authors and Affiliations

  1. Department of Computer Science, Information Technology University, Lahore, Pakistan

    Maryam Zulfiqar, Muhammad Umar Janjua, Muhammad Hassan, Talha Ahmad & Tania Saleem

  2. Microsoft Research, Redmond, USA

    Jack W. Stokes

Authors
  1. Maryam Zulfiqar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Umar Janjua
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Talha Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tania Saleem
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jack W. Stokes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tania Saleem.

Ethics declarations

Conflict of interest

This research work was funded by the NCCS Blockchain Security Lab at Information Technology University of Punjab (ITU), Lahore, Pakistan. Affiliation of the authors with the lab are as follows: Maryam Zulfiqar work as Research Assistant; Dr. Muhammad Umar Janjua is the Principal Investigator of the lab; Hassan Raza is the Team Lead; Talha Ahmad and Tania Saleem work as Research Associates at the lab.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zulfiqar, M., Janjua, M.U., Hassan, M. et al. Tracking adoption of revocation and cryptographic features in X.509 certificates. Int. J. Inf. Secur. 21, 653–668 (2022). https://doi.org/10.1007/s10207-021-00572-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-021-00572-5

Keywords

Search

Navigation