An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of...
Transcript of An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of...
![Page 1: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/1.jpg)
An End-to-End Measurement of Certificate Revocation in the Web’s PKI
Yabing Liu*, Will Tome*, Liang Zhang*, David Choffnes*, Dave Levin†, Bruce Maggs‡, Alan Mislove*, Aaron Schulman§, Christo Wilson*
*Northeastern University †University of Maryland§Stanford University‡Duke University and Akamai Technologies
![Page 2: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/2.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
How can users truly know with whom they are communicating?
2
![Page 3: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/3.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
How can users truly know with whom they are communicating?
2
![Page 4: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/4.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
How can users truly know with whom they are communicating?
2
![Page 5: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/5.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
Certificate Authority
How can users truly know with whom they are communicating?
2
![Page 6: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/6.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
Certificate AuthorityVetting
How can users truly know with whom they are communicating?
2
![Page 7: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/7.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowser
Certificate
is indeed BoA
The owner of Certificate Authority
How can users truly know with whom they are communicating?
2
![Page 8: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/8.jpg)
Public Key Infrastructures (PKIs)
WebsiteBrowserCertificate
Certificate Authority
Certificate
How can users truly know with whom they are communicating?
2
![Page 9: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/9.jpg)
Certificate revocation
Browser
Certificate Authority
WebsiteCertificate
What happens when a certificate is no longer valid?
3
![Page 10: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/10.jpg)
Certificate revocation
Browser
Certificate Authority
WebsiteCertificate
What happens when a certificate is no longer valid?
AttackerCertificate
3
![Page 11: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/11.jpg)
Certificate revocation
Browser
Certificate Authority
What happens when a certificate is no longer valid?
Attacker
Certificate
3
![Page 12: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/12.jpg)
Certificate revocation
Browser
Certificate Authority
What happens when a certificate is no longer valid?
Attacker
CertificateCertificate
3
![Page 13: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/13.jpg)
Certificate revocation
Browser
Certificate Authority
What happens when a certificate is no longer valid?
Certificate✗
Attacker
CertificateCertificate
Pleaserevoke
Certificate Revocation
3
![Page 14: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/14.jpg)
Certificate revocation
Browser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
What happens when a certificate is no longer valid?
Attacker
CertificateCertificate
Pleaserevoke
3
![Page 15: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/15.jpg)
Certificate revocation
Browser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
What happens when a certificate is no longer valid?
Attacker
CertificateCertificate
Pleaserevoke
Periodicallypull / query
(CRL) (OCSP)
3
![Page 16: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/16.jpg)
Certificate revocation
BrowserCertificate
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
What happens when a certificate is no longer valid?
Attacker
CertificateCertificate
Pleaserevoke
Periodicallypull / query
(CRL) (OCSP)
✗✗
3
![Page 17: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/17.jpg)
Certificate revocation responsibilities
4
This talk: Do these entities do what they need to do?
Administrators must revoke certificateswhen keys are compromised
Certificate✗Certificate authorities must publish revocationsas quickly as possible
Browsers must check revocation statuson each connection
![Page 18: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/18.jpg)
Outline
5
Website admin behaviore.g., what is the frequency of revocation?
Certificate✗Certificate authorities behavior
e.g., how CAs serve revocations?
Client behaviore.g., do browsers check revocations?
![Page 19: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/19.jpg)
Dataset
Rapid7IPv4scans
38M certs(~1/wk for 18mos)
6
![Page 20: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/20.jpg)
Dataset
Rapid7IPv4scans
38M certs(~1/wk for 18mos)
Non-CA
38M certs
CA
1,946 certs
classify
6
![Page 21: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/21.jpg)
validate Leaf Set
5M valid certs
Dataset
Rapid7IPv4scans
38M certs(~1/wk for 18mos)
Non-CA
38M certs
CA
1,946 certs
classify
6
![Page 22: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/22.jpg)
validate Leaf Set
5M valid certs
Dataset
Rapid7IPv4scans
38M certs(~1/wk for 18mos)
Non-CA
38M certs
CA
1,946 certs
classify
Download revocation information daily
6
![Page 23: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/23.jpg)
How frequently are certificates revoked?
7
0.0
2.0
4.0
6.0
8.0
10.0
12.0
01/14 03/14 05/14 07/14 09/14 11/14 01/15 03/15
Perc
en
tag
e o
f F
resh
Cert
sth
at
are
Revo
ked
Date
![Page 24: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/24.jpg)
How frequently are certificates revoked?
7
Significant fraction of certificates revoked1% in steady state; more than 8% after Heartbleed
0.0
2.0
4.0
6.0
8.0
10.0
12.0
01/14 03/14 05/14 07/14 09/14 11/14 01/15 03/15
Perc
en
tag
e o
f F
resh
Cert
sth
at
are
Revo
ked
Date
![Page 25: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/25.jpg)
How frequently are certificates revoked?
8
Over 0.5% advertised certificates are revokedWebsite admins failed to update their servers
0.000
0.001
0.002
0.003
0.004
0.005
0.006
01/14 03/14 05/14 07/14 09/14 11/14 01/15 03/15
Fra
cti
on
of
Alive C
ert
sth
at
are
Revo
ked
Date
![Page 26: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/26.jpg)
CRLs, OCSP, and OCSP Stapling
WebsiteBrowserCertificate
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
CertificateCertificate
9
![Page 27: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/27.jpg)
CRLs, OCSP, and OCSP Stapling
WebsiteBrowserCertificate
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
CertificateCertificate
9
![Page 28: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/28.jpg)
CRLs, OCSP, and OCSP Stapling
WebsiteBrowserCertificate
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
CertificateCertificate
9
![Page 29: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/29.jpg)
CRLs, OCSP, and OCSP Stapling
WebsiteBrowserCertificate
Certificate Authority
Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
CertificateCertificate
9
![Page 30: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/30.jpg)
Cost of obtaining CRLs
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
1
0.1 1 10 100 1000 10000
CD
F
CRL Size (KB)
10
![Page 31: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/31.jpg)
Cost of obtaining CRLs
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
1
0.1 1 10 100 1000 10000
CD
F
CRL Size (KB)
76MB Apple CRL
10
![Page 32: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/32.jpg)
Cost of obtaining CRLs
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
1
0.1 1 10 100 1000 10000
CD
F
CRL Size (KB)
RawWeighted
Most CRLs small, but large CRLs downloaded more oftenResult: 50% of certs have CRLs larger than 45KB
76MB Apple CRL
10
![Page 33: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/33.jpg)
CRLs from different CAs
CA Unique CRLs
Certificates Avg. CRLsize (KB)Total Revoked
GoDaddy 322 1,050,014 277,500 1,184.0
RapidSSL 5 626,774 2,153 34.5
Comodo 30 447,506 7,169 517.6
PositiveSSL 3 415,075 8,177 441.3
Verisign 37 311,788 15,438 205.2
CAs use only a small number of CRLs11
![Page 34: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/34.jpg)
CRLs, OCSP, and OCSP Stapling
12
WebsiteBrowser
Certificate Authority
Certificate
![Page 35: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/35.jpg)
CRLs, OCSP, and OCSP Stapling
12
WebsiteBrowser
Certificate Authority
CertificateCertificate
![Page 36: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/36.jpg)
CRLs, OCSP, and OCSP Stapling
12
WebsiteBrowser
Certificate Authority
CertificateCertificate Certificate
![Page 37: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/37.jpg)
CRLs, OCSP, and OCSP Stapling
12
WebsiteBrowser
Certificate Authority
Certificate
Certificate
Certificate
Certific✗Certific /✔Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
![Page 38: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/38.jpg)
CRLs, OCSP, and OCSP Stapling
12
WebsiteBrowser
Certificate Authority
Certificate Certificate
Certific✗Certific /✔
Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
![Page 39: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/39.jpg)
OCSP prevalence
13
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
01/11 07/11 01/12 07/12 01/13 07/13 01/14 07/14 01/15
Frac
tion
of N
ew C
ertif
icat
esw
ith R
evoc
atio
n In
form
atio
n
Date Certificate Issued
CRL
OCSP
![Page 40: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/40.jpg)
OCSP prevalence
13
0.65
0.7
0.75
0.8
0.85
0.9
0.95
1
01/11 07/11 01/12 07/12 01/13 07/13 01/14 07/14 01/15
Frac
tion
of N
ew C
ertif
icat
esw
ith R
evoc
atio
n In
form
atio
n
Date Certificate Issued
CRL
OCSP
RapidSSL begins
supporting OCSP
OCSP now universally supported
![Page 41: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/41.jpg)
CRLs, OCSP, and OCSP Stapling
14
WebsiteBrowser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
![Page 42: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/42.jpg)
CRLs, OCSP, and OCSP Stapling
14
WebsiteBrowser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate
![Page 43: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/43.jpg)
CRLs, OCSP, and OCSP Stapling
14
WebsiteBrowser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate
Certific✔
![Page 44: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/44.jpg)
CRLs, OCSP, and OCSP Stapling
14
WebsiteBrowser
Certificate AuthorityCertificate✗ Certificate✗Certificate✗ Certificate✗
Certificate✗Certificate✗
Certificate✗ Certificate✗Certificate✗ Certificate✗
Certificate
Certific✔
![Page 45: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/45.jpg)
Limited OCSP Stapling Support
• IPv4 TLS Handshake scans by University of Michigan on 3/28/15• Every IPv4 server on port 443• Look for OCSP stapling support
• 2.2M valid certificates• 5.19% served by at least one server supports OCSP Stapling• 3.09% served by servers that all support OCSP Stapling
15
Website admins rarely enable OCSP Stapling
![Page 46: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/46.jpg)
Outline
16
Website admin behaviore.g., revocation is common ~8%
Certificate✗Certificate authorities behavior
e.g., high cost in distributing revocation info
Client behaviore.g., do browsers check revocations?
![Page 47: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/47.jpg)
Outline
16
Website admin behaviore.g., revocation is common ~8%
Certificate✗Certificate authorities behavior
e.g., high cost in distributing revocation info
Client behaviore.g., do browsers check revocations?
![Page 48: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/48.jpg)
What’s the concern of browsers?
17
WebsiteBrowser
Certificate
Certificate Authority
![Page 49: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/49.jpg)
What’s the concern of browsers?
17
WebsiteBrowser
Certificate
Certificate Authority
On the web, latency is king
Browsers face tension between security and speedMust contact CA to ensure cert not revoked
![Page 50: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/50.jpg)
Test harness
Goal: Test browser behavior under different combinations of:• Revocation protocols• Availability of revocation information• Chain lengths• EV/non-EV certificates
18
Normal
Extended Validation
Implement 244 tests using fake root certificate + Javascript• Unique DNS name, cert chain, CRL/OCSP responder, …
![Page 51: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/51.jpg)
Do browsers check revocations?
Supports CRLs
Desktop: Mobile:
Supports OCSP
Desktop: Mobile:
Supports OCSP Stapling
Desktop: Mobile:
19
![Page 52: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/52.jpg)
Do browsers check revocations?
Supports CRLs
Desktop: Mobile:
Supports OCSP
Desktop: Mobile:
Supports OCSP Stapling
Desktop: Mobile:
19
✗ ✗ ✗✗~EV
only
![Page 53: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/53.jpg)
Do browsers check revocations?
Supports CRLs
Desktop: Mobile:
Supports OCSP
Desktop: Mobile:
Supports OCSP Stapling
Desktop: Mobile:
19
✗ ✗ ✗✗~EV
only
✗ ✗ ✗~EV
only
![Page 54: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/54.jpg)
Do browsers check revocations?
Supports CRLs
Desktop: Mobile:
Supports OCSP
Desktop: Mobile:
Supports OCSP Stapling
Desktop: Mobile:
19
✗ ✗ ✗✗~EV
only
✗ ✗ ✗~EV
only
✗ ✗ ✗✗
![Page 55: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/55.jpg)
20
Check intermediate
Revocation unavailable
Desktop:
Do browsers check intermediates?
Desktop: Mobile:
Mobile:
![Page 56: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/56.jpg)
20
Check intermediate
Revocation unavailable
Desktop:
Do browsers check intermediates?
Desktop: Mobile:
Mobile:
✗ ✗ ✗EV EV
OCSP
![Page 57: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/57.jpg)
20
Check intermediate
Revocation unavailable
Desktop:
Do browsers check intermediates?
Desktop: Mobile:
Mobile:
✗ ✗ ✗EV EV
OCSP
✗ ✗ ✗✗EV CRL
CRL
![Page 58: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/58.jpg)
20
Check intermediate
Revocation unavailable
Desktop:
Do browsers check intermediates?
Desktop: Mobile:
Mobile:
✗ ✗ ✗EV EV
OCSP
✗ ✗ ✗✗EV CRL
CRL
No browser correctly checks all revocations
![Page 59: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/59.jpg)
Takeaways
Revocations common ~1% in steady state; more than 8% after Heartbleed
Obtaining revocation information can be expensive CRLs large, OCSP Stapling rarely supported
Many browsers don’t bother to check revocationMobile browsers completely lack of revocation checking
21
![Page 60: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/60.jpg)
CRLSet
22
Chrome pushes out list of select revocations, called CRLSet
Chromium developers only state:
The full list [of covered CRLs] isn’t public
CRLs on the list are fetched infrequently
Entries in the CRL are filtered by reason code.
Size limited to 250 KB
1
2
3
4
![Page 61: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/61.jpg)
CRLSet coverage
23
Only 0.35% of all revocations appear in CRLSet
Only 295 (10.5%) CRLs have any revocations covered
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 0.2 0.4 0.6 0.8 1
CD
F
Fraction of CRLs’ Entries in CRLSet
CRLSet Reason Codes
![Page 62: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/62.jpg)
CRLSet coverage
23
Only 0.35% of all revocations appear in CRLSet
Only 295 (10.5%) CRLs have any revocations covered
CRLSet only has a low coverage
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 0.2 0.4 0.6 0.8 1
CD
F
Fraction of CRLs’ Entries in CRLSet
CRLSet Reason Codes
![Page 63: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/63.jpg)
More results in the paper
• Analysis of EV certificate revocation
• Revoked but alive certificates
• Improve CRLSets with Bloom Filters and more …
24
![Page 64: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/64.jpg)
Summary
• An end-to-end measurement of certificate revocation in the web• Covers all parties: website administrators, CAs and browsers
• Key findings• Extensive inaction with respect to certificate revocation• Browsers fails to check certificate revocation• Mobile browsers are lack of revocation checking
• We can improve• CAs can maintain more small CRLs• Website admins can deploy OCSP stapling
25
![Page 65: An End-to-End Measurement of Certificate Revocation in the ... · An End-to-End Measurement of Certificate Revocation in the Web’s PKI Yabing Liu*, Will Tome*, Liang Zhang*, David](https://reader034.fdocuments.net/reader034/viewer/2022043008/5f966fa685075871ed688c9c/html5/thumbnails/65.jpg)
Summary
• An end-to-end measurement of certificate revocation in the web• Covers all parties: website administrators, CAs and browsers
• Key findings• Extensive inaction with respect to certificate revocation• Browsers fails to check certificate revocation• Mobile browsers are lack of revocation checking
• We can improve• CAs can maintain more small CRLs• Website admins can deploy OCSP stapling
25
Questions?
securepki.org