Politecnico di Torino (logo)

Certificate Validation and Domain Impersonation

Corrado Vecchio

Certificate Validation and Domain Impersonation.

Rel. Antonio Lioy, Diana Gratiela Berbecaru. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2021

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (6MB) | Preview

Security of the World Wide Web ecosystem depends on the ability of web browsers of detecting revoked certificates. TLS protocol ensures a secure connection between two entities, but it could not be enough in case browsers accept connection with web server hosting revoked certificates. In this work, I firstly analyse a X.509 certificate dataset corresponding to the Alexa Top 1M Sites. I find that more than 55% of certificate belonging to the data set has been issued by Let’s Encrypt and 4054 end-entity certificates does not provide a way for checking their revocation status. I also study the behaviour of 6 different web browsers on handling revocation information under different situations and operating systems. I surprisingly find out that browsers apply always a soft fail approach when revocation information are not available and some of them check revocation status of the entire certificates appearing in the chain only in presence of EV-certificates. Finally I tests TLS implementations of some libraries that provide a command line utility for emulating a TLS client and establishing a TLS connection with web server belonging to the Alexa Top 1M list. Results show TLS implementations validate differently certificate chains and some of them do not check the revocation status.

Relators: Antonio Lioy, Diana Gratiela Berbecaru
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 79
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/21174
Modify record (reserved for operators) Modify record (reserved for operators)