research-article

Public Access

An End-to-End Measurement of Certificate Revocation in the Web's PKI

Authors:

David Choffnes,

Aaron Schulman,

Christo WilsonAuthors Info & Claims

IMC '15: Proceedings of the 2015 Internet Measurement Conference

Pages 183 - 196

https://doi.org/10.1145/2815675.2815685

Published: 28 October 2015 Publication History

Abstract

Critical to the security of any public key infrastructure (PKI) is the ability to revoke previously issued certificates. While the overall SSL ecosystem is well-studied, the frequency with which certificates are revoked and the circumstances under which clients (e.g., browsers) check whether certificates are revoked are still not well-understood.

In this paper, we take a close look at certificate revocations in the Web's PKI. Using 74 full IPv4 HTTPS scans, we find that a surprisingly large fraction (8%) of the certificates served have been revoked, and that obtaining certificate revocation information can often be expensive in terms of latency and bandwidth for clients. We then study the revocation checking behavior of 30 different combinations of web browsers and operating systems; we find that browsers often do not bother to check whether certificates are revoked (including mobile browsers, which uniformly never check). We also examine the CRLSet infrastructure built into Google Chrome for disseminating revocations; we find that CRLSet only covers 0.35% of all revocations. Overall, our results paint a bleak picture of the ability to effectively revoke certificates today.

References

[1]

Network Security Services. Mozilla Developer Network, 2014. http://mzl.la/1DRKqGZ.

[2]

CRLSets. The Chromium Projects, 2015. http://bit.ly/1JPsUeC.

[3]

Network Stack. The Chromium Projects, 2015. http://bit.ly/1GYuMhE.

[4]

B. Andrei and M. Michael. Network applications of bloom filters: A survey. Int. Math., 1(4), 2004.

[5]

C. Arthur. DigiNotar SSL certificate hack amounts to cyberwar, says expert. The Guardian. http://www.theguardian.com/technology/2011/sep/05/diginotar-certificate-hack-cyberwar.

[6]

D. Akhawe and A. P. Felt. Alice in Warningland: A Large-scale Field Study of Browser Security Warning Effectiveness. USENIX Security, 2013.

Digital Library

[7]

D. Akhawe, B. Amann, M. Vallentin, and R. Sommer. Here's My Cert, So Trust Me, Maybe?: Understanding TLS Errors on the Web. WWW, 2013.

Digital Library

[8]

An Evaluation of the Effectiveness of Chrome's CRLSets. Gibson Research Corporation. https://www.grc.com/revocation/crlsets.htm.

[9]

A. Bates, J. Pletcher, T. Nichols, B. Hollembaek, and K. R.B. Butler. Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale. IMC, 2014.

Digital Library

[10]

C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations. IEEE S&P, 2014.

Digital Library

[11]

D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, IETF, 2008.

[12]

Convergence. http://convergence.io.

[13]

Z. Durumeric, J. Kasten, D. Adrian, J. A. Halderman, M. Bailey, F. Li, N. Weaver, J. Amann, J. Beekman, M. Payer, and V. Paxson. The Matter of Heartbleed. IMC, 2014.

Digital Library

[14]

Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman. Analysis of the HTTPS Certificate Ecosystem. IMC, 2013.

Digital Library

[15]

C. Ellison and B. Schneier. Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure. Computer Security Journal, 16(1), 2000.

[16]

EFF SSL Observatory. https://www.eff.org/observatory.

[17]

P. Felix, S. Peter, and S. Johannes. Cache-, hash- and space-efficient bloom filters. Experimental Algorithms, Springer, 2007.

Digital Library

[18]

S. Fahl, M. Harbach, T. Muders, L. Baumgärtner, B. Freisleben, and M. Smith. Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security. CCS, 2012.

Digital Library

[19]

M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software. CCS, 2012.

Digital Library

[20]

P. Gutmann. Engineering Security. 2014. https://www.cs.auckland.ac.nz/ pgut001/pubs/book.pdf.

[21]

S. Gibson. Security Certificate Revocation Awareness Test. 2014. https://www.grc.com/revocation.htm.

[22]

R. Holz, L. Braun, N. Kammenhuber, and G. Carle. The SSL Landscape -- A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements. IMC, 2011.

Digital Library

[23]

ICSI SSL Notary. http://notary.icsi.berkeley.edu.

[24]

T. H.-J. Kim, L.-S. Huang, A. Perring, C. Jackson, and V. Gligor. Accountable Key Infrastructure (AKI): A Proposal for a Public-key Validation Infrastructure. WWW, 2013.

Digital Library

[25]

A. Langley. Smaller than Bloom filters. 2011. https://www.imperialviolet.org/2011/04/29/filters.html.

[26]

A. Langley. Revocation checking and Chrome's CRL. 2012. https://www.imperialviolet.org/2012/02/05/crlsets.html.

[27]

A. Langley. Revocation still doesn't work. 2014. https://www.imperialviolet.org/2014/04/29/revocationagain.html.

[28]

A. Langley. No, don't enable revocation checking. 2014. https://www.imperialviolet.org/2014/04/19/revchecking.html.

[29]

B. Laurie, A. Langley, and E. Kasper. Certificate Transparency. 2013. https://tools.ietf.org/html/rfc6962.

[30]

S. Matsumoto, P. Szalachowski, and A. Perrig. Deployment Challenges in Log-based PKI Enhancements. EuroSec, 2015.

Digital Library

[31]

Mozilla piles on China's SSL cert overlord: We don't trust you either. http://bit.ly/1GBPwfG.

[32]

NetCraft. How certificate revocation (doesn't) work in practice. 2013. http://news.netcraft.com/archives/2013/05/13/how-certificate-revocation-doesnt-work-in-practice.html.

[33]

NetCraft. OCSP Server Performance in April 2013. 2013. http://news.netcraft.com/archives/2013/05/23/ocsp-server-performance-in-april-2013.html.

[34]

D. Olivier. ASN. 1 communication between heterogeneous systems. Morgan Kaufmann, 2001.

Digital Library

[35]

OS X Yosemite: List of available trusted root certificates. https://support.apple.com/en-us/HT202858.

[36]

H. Perl, S. Fahl, and M. Smith. You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores. FC, 2014.

[37]

Y. Pettersen. The Transport Layer Security (TLS) Multiple Certificate Status Request Extension. RFC 6961 (Proposed Standard), IETF, 2013.

[38]

Qualys SSL Pulse. https://www.trustworthyinternet.org/ssl-pulse/.

[39]

M. D. Ryan. Enhanced Certificate Transparency and End-to-End Encrypted Mail. NDSS, 2014.

[40]

Rapid7 SSL Certificate Scans. https://scans.io/study/sonar.ssl.

[41]

Revoking Intermediate Certificates: Introducing OneCRL. Mozilla Security Blog. http://mzl.la/1zLFp7M.

[42]

A. Schulman, D. Levin, and N. Spring. RevCast: Fast, Private Certificate Revocation over FM Radio. CCS, 2014.

Digital Library

[43]

P. Szalachowski, S. Matsumoto, and A. Perrig. PoliCert: Secure and Flexible TLS Certificate Management. CCS, 2014.

Digital Library

[44]

S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960 (Proposed Standard), IETF, 2013.

[45]

StartSSL: Frequently Asked Questions. https://www.startssl.com/?app=25.

[46]

E. Topalovic, B. Saeta, L.-S. Huang, C. Jackson, and D. Boneh. Towards Short-Lived Certificates. W2SP, 2012.

[47]

The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. 2012. https://tools.ietf.org/html/rfc6698.

[48]

Trustwave to escape 'death penalty' for SSL skeleton key. http://bit.ly/1RbPlNe.

[49]

University of Michigan Daily Full IPv4 HTTPS Handshakes. https://scans.io/series/https-full-ipv4.

[50]

N. Vallina-Rodriguez, J. Amann, C. Kreibich, N. Weaver, and V. Paxson. A Tangled Mass: The Android Root Certificate Stores. CoNEXT, 2014.

Digital Library

[51]

S. Yilek, E. Rescorla, H. Shacham, B. Enright, and S. Savage. When Private Keys Are Public: Results from the 2008 Debian OpenSSL Vulnerability. IMC, 2009.

Digital Library

[52]

L. Zhang, D. Choffnes, T. Dumitras, D. Levin, A. Mislove, A. Schulman, and C. Wilson. Analysis of SSL certificate reissues and revocations in the wake of Heartbleed. IMC, 2014.

Digital Library

Cited By

Halder RDas Roy DShin D(2024)A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of TrustJournal of Cybersecurity and Privacy10.3390/jcp40200104:2(196-222)Online publication date: 31-Mar-2024
https://doi.org/10.3390/jcp4020010
Kemmoe VLysyanskaya ALuo BLiao XXu JKirda ELie D(2024)RSA-Based Dynamic Accumulator without Hashing into PrimesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690199(4271-4285)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690199
Durumeric ZAdrian DStephens PWustrow EHalderman JVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Ten Years of ZMapProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689012(139-148)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689012
Show More Cited By

Index Terms

An End-to-End Measurement of Certificate Revocation in the Web's PKI

Recommendations

Analysis of the HTTPS certificate ecosystem
IMC '13: Proceedings of the 2013 conference on Internet measurement conference

We report the results of a large-scale measurement study of the HTTPS certificate ecosystem---the public-key infrastructure that underlies nearly all secure web communications. Using data collected by performing 110 Internet-wide scans over 14 months, ...
Analysis of SSL certificate reissues and revocations in the wake of heartbleed
IMC '14: Proceedings of the 2014 Conference on Internet Measurement Conference

Central to the secure operation of a public key infrastructure (PKI) is the ability to revoke certificates. While much of users' security rests on this process taking place quickly, in practice, revocation typically requires a human to decide to reissue ...
Measuring and Applying Invalid SSL Certificates: The Silent Majority
IMC '16: Proceedings of the 2016 Internet Measurement Conference

SSL and TLS are used to secure the most commonly used Internet protocols. As a result, the ecosystem of SSL certificates has been thoroughly studied, leading to a broad understanding of the strengths and weaknesses of the certificates accepted by most ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '15: Proceedings of the 2015 Internet Measurement Conference

October 2015

550 pages

ISBN:9781450338486

DOI:10.1145/2815675

General Chairs:
Kenjiro Cho
IIJ/Keio University
,
Kensuke Fukuda
NII/Sokendai
,
Program Chairs:
Vivek Pai
Google
,
Neil Spring
University of Maryland

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMETRICS: ACM Special Interest Group on Measurement and Evaluation
SIGCOMM: ACM Special Interest Group on Data Communication
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

IMC '15

Sponsor:

SIGMETRICS
SIGCOMM
USENIX Assoc

IMC '15: Internet Measurement Conference

October 28 - 30, 2015

Tokyo, Japan

Acceptance Rates

IMC '15 Paper Acceptance Rate 31 of 96 submissions, 32%;

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
1,345
Total Downloads

Downloads (Last 12 months)276
Downloads (Last 6 weeks)31

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Halder RDas Roy DShin D(2024)A Blockchain-Based Decentralized Public Key Infrastructure Using the Web of TrustJournal of Cybersecurity and Privacy10.3390/jcp40200104:2(196-222)Online publication date: 31-Mar-2024
https://doi.org/10.3390/jcp4020010
Kemmoe VLysyanskaya ALuo BLiao XXu JKirda ELie D(2024)RSA-Based Dynamic Accumulator without Hashing into PrimesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690199(4271-4285)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690199
Durumeric ZAdrian DStephens PWustrow EHalderman JVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Ten Years of ZMapProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3689012(139-148)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3689012
Dadi SWazan ATaj I(2024)Authenticating HTTPS Connection without Relying on Certification Authorities2024 15th Annual Undergraduate Research Conference on Applied Computing (URC)10.1109/URC62276.2024.10604609(1-7)Online publication date: 24-Apr-2024
https://doi.org/10.1109/URC62276.2024.10604609
Luo MFeng BLu LKirda ERen K(2024)On the Complexity of the Web’s PKI: Evaluating Certificate Validation of Mobile BrowsersIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325586921:1(419-433)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3255869
Zhang CAn CYu TZheng ZWang J(2024)Investigate and Improve the Certificate Revocation in Web PKINOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575605(1-5)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575605
Zhang HChen YRen WLi T(2024)CertRV: an Efficient Certificate Revocation Scheme via Consortium Blockchain, Chameleon Hash and Cuckoo Filter2024 IEEE International Conference on Web Services (ICWS)10.1109/ICWS62655.2024.00162(1338-1340)Online publication date: 7-Jul-2024
https://doi.org/10.1109/ICWS62655.2024.00162
Sosnowski MZirngibl JSattler PAulbach JLang JCarle G(2024)An Internet-Wide View on HTTPS Certificate Revocations: Observing the Revival of CRLs via Active TLS Scans2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00038(297-306)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00038
Sunahara SJin YIida KYamai NTakai Y(2024)Privacy Preserved Achievement Method for OCSP Status and Supported Protocols in Full-DoH Architecture2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC61105.2024.00235(1554-1555)Online publication date: 2-Jul-2024
https://doi.org/10.1109/COMPSAC61105.2024.00235
Herbke PCory TMigliardi M(2024)Decentralized Credential Status Management: A Paradigm Shift in Digital Trust2024 6th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)10.1109/BRAINS63024.2024.10732832(1-10)Online publication date: 9-Oct-2024
https://doi.org/10.1109/BRAINS63024.2024.10732832
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten