Matteo Simone
Certificate Validation and TLS Interception.
Rel. Antonio Lioy, Diana Gratiela Berbecaru. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022
|
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (8MB) | Preview |
Abstract: |
Transport Layer Security (TLS) is the protocol mostly used nowadays to protect communications between a client and a server. It cooperates with the Public Key Infrastructure (PKI) to guarantee server authentication by means of an X.509 certificate chain, sent during the TLS handshake, from the server leaf certificate to the root Certification Authority (CA) certificate (trusted a priori). It is the client, who connects to the server, that must validate it. TLS affected all those legal, security and performance use cases that required access to plain HTTP traffic. That led to the introduction of TLS interception solutions. This thesis aims to study the different behavior of TLS clients and TLS interception products facing misconfigured X.509 certificates in a testing/enterprise environment. Additionally, wants to collect the actual Certificate Transparency (CT) usage, the TLS version negotiated, OCSP Stapling and OCSP Must-Staple support in the top 1 million domains. Since the PKI standards state only whether a certificate should be considered valid or not and there is not a universal set of rules to follow when an invalid certificate is obtained during the TLS handshake, it is up to the client’s programmer to choose how to deal with it. For this reason, after a theoretical insight of certificate validation process and TLS interception, this work’s tests have been run against a multitude of desktop/mobile browsers (Google Chrome, Mozilla Firefox, Safari, Opera, Microsoft Edge) and TLS interception products (Mitmproxy, Squid, Kaspersky Total Security, ESET Smart Security) running on the major operating systems (Windows, macOS, Ubuntu, iOS, Android). To be more exhaustive in the analysis, an Apache, Nginx and Lighttpd server have been configured for each test. Tests consist in a set of certificates generated assigning values to their attributes and extensions which do not respect the state-of-the-art configuration suggested by the RFC 5280 and/or the CA/Browser Forum. The extensions involved are: Subject Alternative Name, Basic Constraints, Key Usage, Extended Key Usage, TLS Feature, Authority Information Access and CRL Distribution Point. Tests and their server configurations are generated automatically through a set of Python scripts, using PyOpenSSL and cryptography libraries. All the possible connection combinations among the clients, servers and TLS interception products have been analyzed to observe if the misconfigured certificate passes anyway the validation process or, as expected, get rejected. A further Python script is used to connect to the top 1 million domains. For each of them, retrieving the TLS version negotiated, OCSP Stapling and OCSP Must-staple support and all the Signed Certificate Timestamps (SCTs) embedded in its leaf certificate. SCTs are used by browsers to verify that the certificate is valid and has not been issued by a compromised CA. Those data are used to produce graphs of the percentage of TLS versions, OCSP Stapling and OCSP Must-staple support distribution all over the world. Moreover, this thesis wants to discover how many SCTs are embedded in each certificate and which log server they refer to. This report can be taken as a good analysis on the current state of certificate validation process by major browsers and TLS interception products, but also as the base for further analysis in the future. |
---|---|
Relators: | Antonio Lioy, Diana Gratiela Berbecaru |
Academic year: | 2022/23 |
Publication type: | Electronic |
Number of Pages: | 99 |
Subjects: | |
Corso di laurea: | Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering) |
Classe di laurea: | New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING |
Aziende collaboratrici: | Politecnico di Torino |
URI: | http://webthesis.biblio.polito.it/id/eprint/25598 |
Modify record (reserved for operators) |