Abstract
This article considers problems with security of applications based on the TLS protocol. Scenarios, when these applications fall under attacks using revoked certificates, are described. The current methods of checking the status of X.509 public key infrastructure certificates used together with the TLS protocol are compared, and their strong and weak points are specified.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Dierks, T. and Rescorla, E., The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, 2008. https://tools.ietf.org/pdf/rfc5246.pdf. Cited July 13, 2016.
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Houseley, R., and Polk, W., Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280, 2008. https://tools.ietf.org/pdf/rfc5280.pdf. Cited July 13, 2016.
Nightingale, J., Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority, Mozilla Security Blog, 2011. https://blog.mozilla.org/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediatecertificate-authority/. Cited July 13, 2016.
Interim-report on DigiNotar digital breach published, National Cyber Security Centre, Ministry of Security and Justice, 2011. https://www.ncsc.nl/english/current-topics/news/interim-report-on-diginotar-digital-breach-published. html. Cited July 13, 2016.
Clarifying The Trustwave CA Policy Update, SpiderLabs Blog, Trustwave SpiderLabs, 2012. https://www.trustwave. com/Resources/SpiderLabs-Blog/Clarifying-The-Trustwave-CA-Policy-Update/. Cited July 13, 2016.
Half a million widely trusted websites vulnerable to Heartbleed bug, Netcraft Ltd., 2014. http://news.netcraft. com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html. Cited July 13, 2016.
Average CRL size and download time, 2013. https://unmitigatedrisk.com/?p=351. Cited July 13, 2016.
Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., and Adams, C., X.509 Internet Public Key Infrastructure Online Certificate Status Protocol–OCSP, RFC 6960, 2013. https://tools.ietf.org/pdf/rfc6960.pdf. Cited July 13, 2016.
Deacon, A. and Hurst, R., The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments, RFC 5019, 2007. https://tools.ietf.org/pdf/rfc5019.pdf. Cited July 13, 2016.
Eastlake, D., 3rd, Transport Layer Security (TLS) Extensions: Extension Definitions, RFC 6066, 2011. https://tools.ietf.org/pdf/rfc6066.pdf. Cited July 13, 2016.
Pettersen, Y., The Transport Layer Security (TLS) Multiple Certificate Status Request Extension, RFC 6961, 2013. https://tools.ietf.org/pdf/rfc6961.pdf. Cited July 13, 2016.
Hallam-Baker, P., X.509v3 Transport Layer Security (TLS) Feature Extension, RFC 7633, 2015. https://tools.ietf.org/pdf/rfc7633.pdf. Cited July 13, 2016.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © A.G. Busygin, A.S. Konoplev, M.O. Kalinin, 2016, published in Problemy Informatsionnoi Bezopasnosti, Komp’yuternye Sistemy.
About this article
Cite this article
Busygin, A.G., Konoplev, A.S. & Kalinin, M.O. Approaches to protection of applications based on the TLS protocol against attacks using revoked certificates. Aut. Control Comp. Sci. 50, 743–748 (2016). https://doi.org/10.3103/S0146411616080290
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411616080290