论文信息 - X.509 Check: A Tool to Check the Safety and Security of Digital Certificates

X.509 Check: A Tool to Check the Safety and Security of Digital Certificates

Digital certificates, the primary mechanism for providing secure communications in the Internet, have been widely deployed. In this paper, we propose X.509 Check, a tool designed to analyze the security properties and the quality of digital certificates. X.509 Check can be used to verify digital certificates and provide a deep analysis on the quality and configuration of any digital certificate using more than 30 security features. It can be useful for auditors, system administrators, and security officers. This paper aims to create a straightforward evaluation approach, allowing auditors and administrators to use the X.509 Check tool to examine any digital certificate without the need to become X.509 standard experts. We also report our findings of using this tool to check against one hundred X.509 digital certificates. Our results reveal the existence of many issues and problems that could lead to serious security risks.

Arwa Alrawais | Abdulrahman Alhothaily | Xiuzhen Cheng

[1] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[2] Bruce Schneier,et al. Ten Risks of PKI , 2004 .

[3] Phong Q. Nguyen. Public-key Cryptanalysis , 2008 .

[4] Raphael M. Reischuk,et al. Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS , 2015 .

[5] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[6] Christian Bauer. X.509 identity certificates with local verification , 2012, 2012 IEEE International Conference on Communications (ICC).

[7] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[8] Carlisle Adams,et al. Understanding PKI: Concepts, Standards, and Deployment Considerations , 1999 .

[9] Lein Harn,et al. Generalized Digital Certificate for User Authentication and Key Establishment for Secure Communications , 2011, IEEE Transactions on Wireless Communications.