Analysis of SSL certificate reissues and revocations in the wake of heartbleed

Zhang, Liang; Choffnes, David; Levin, Dave; Dumitraş, Tudor; Mislove, Alan; Schulman, Aaron; Wilson, Christo

doi:10.1145/2663716.2663758

Cited by 59 publications

(23 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our results show that: (1) 96% of the time RevCast can transmit all revocations within 10 seconds, (2) the nothing-since attestations are remarkably effective at eliminating CRL checks, and (3) when there were extreme revocation rates as a result of the widespread Heartbleed vulnerability [30], 70% of the time RevCast could transmit all revocations within 10 seconds. Further, we reinforce the validity of the tracedriven simulation by studying the CA revocation behavior our dataset.…”

Section: Trace-based Evaluationmentioning

confidence: 86%

“…The dataset of certificate revocations that we analyze were collected by Zhang et al [30] from the CRLs for public-facing SSL servers on the Internet. Rapid7 2 collected SSL certificates from the entire IPv4 address space from October 2013 to April 2014.…”

Section: Crl Datasetmentioning

confidence: 99%

“…The number of revocations in each hour also exhibits a diurnal pattern, confirming that many certificate revocations are issued during business hours. This could be explained by the fact that most revocations are likely benign (e.g., a CA issuing a certificate to supersede one that is nearing expiry), though Zhang et al also find that even compromised certificates are typically only revoked during traditional business hours [30].…”

Section: Crl Datasetmentioning

confidence: 99%

See 2 more Smart Citations

RevCast

Schulman

Levin

Spring

2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

The ability to revoke certificates is a fundamental feature of a public key infrastructure. However, certificate revocation systems are generally regarded as ineffective and potentially insecure: Some browsers bundle revocation updates with more general software updates, and may go hours, days, or indefinitely between updates; moreover, some operating systems make it difficult for users to demand recent revocation data. This paper argues that this sad state of affairs is an inexorable consequence of relying on unicast communication to distribute revocation information.We present RevCast, a broadcast system that disseminates revocation data in a timely and private manner. RevCast is not emulated broadcast over traditional Internet links, but rather a separate metropolitan-area wireless broadcast link; specifically, we have designed RevCast to operate over existing FM radio, although the principles apply to alternative implementations. We present the design, implementation, and initial deployment of RevCast on a 3 kW commercial radio station using the FM RDS protocol. With the use of two types of receivers (an RDS-to-LAN bridge that we have prototyped and an RDS-enabled smartphone), we show that, even at a low bitrate, RevCast is able to deliver complete and timely revocation information, anonymously, even for receivers who do not receive all packets all the time.

show abstract

Section: Trace-based Evaluationmentioning

confidence: 86%

Section: Crl Datasetmentioning

confidence: 99%

Section: Crl Datasetmentioning

confidence: 99%

See 1 more Smart Citation

RevCast

Schulman

Levin

Spring

2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Consequently, thousands of certificates were revoked over a few days. The detailed analysis of this event is presented by Durumeric et al [19] and Zhang et al [46]. Fig.…”

Section: A Dataset Usedmentioning

confidence: 99%

RITM: Revocation in the Middle

Szałachowski¹,

Chuat²,

Lee³

et al. 2016

2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS)

View full text Add to dashboard Cite

Abstract-Although TLS is used on a daily basis by many critical applications, the public-key infrastructure that it relies on still lacks an adequate revocation mechanism. An ideal revocation mechanism should be inexpensive, efficient, secure, and privacypreserving. Moreover, rising trends in pervasive encryption pose new scalability challenges that a modern revocation system should address. In this paper, we investigate how network nodes can deliver certificate-validity information to clients. We present RITM, a framework in which middleboxes (as opposed to clients, servers, or certification authorities) store revocation-related data. RITM provides a secure revocation-checking mechanism that preserves user privacy. We also propose to take advantage of content-delivery networks (CDNs) and argue that they would constitute a fast and cost-effective way to disseminate revocations. Additionally, RITM keeps certification authorities accountable for the revocations that they have issued, and it minimizes overhead at clients and servers, as they have to neither store nor download any messages. We also describe feasible deployment models and present an evaluation of RITM to demonstrate its feasibility and benefits in a real-world deployment.

show abstract

“…As a consequence, in mid-April 2014 we observed the highest frequency of certificate re-issuance and revocation ever. This unique event and its impact on the TLS ecosystem has been thoroughly analyzed [16], [44]. We evaluated the bandwidth required by PKISN during normal operations (i.e., a few months before Heartbleed) and during what we will refer to as the peak time (i.e., right after Heartbleed was announced).…”

Section: Bandwidthmentioning

confidence: 99%

PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

Szałachowski¹,

Chuat²,

Perrig³

2016

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we redesign the current revocation system with a novel approach that we call PKI Safety Net (PKISN), which uses publicly accessible logs to store certificates (in the spirit of Certificate Transparency) and revocations. The proposed system extends existing mechanisms, which enables simple deployment. Moreover, we present a complete implementation and evaluation of our scheme.

show abstract

Analysis of SSL certificate reissues and revocations in the wake of heartbleed

Cited by 59 publications

References 13 publications

RevCast

RevCast

RITM: Revocation in the Middle

PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

Contact Info

Product

Resources

About