Files in this item
Files | Description | Format |
---|---|---|
application/pdf ![]() | (no description provided) |
Description
Title: | Tracking certificate misissuance in the wild |
Author(s): | Wang, Zhengping |
Advisor(s): | Bailey, Michael D |
Department / Program: | Electrical & Computer Eng |
Discipline: | Electrical & Computer Engr |
Degree Granting Institution: | University of Illinois at Urbana-Champaign |
Degree: | M.S. |
Genre: | Thesis |
Subject(s): | Certificate
Misissuance |
Abstract: | Certificate Authorities (CAs) are responsible for delegating trust in the TLS Public Key Infrastructure (PKI). Unfortunately, there is a long history of CAs abusing this responsibility, either due to negligence or in some cases, falling victim to attacks. As a result, the PKI community has established standards that define the correctness of certificates and how a well managed CA should operate. In this work, we evaluate a systematic approach to identifying whether certificates issued by CAs are compliant with community standards. To this end, we present ZLint, a system that determines whether a certificate is not conformant to standards, i.e., misissued. We find that while misissuance has decreased over time, there is still a long tail of non-conformant CAs in the ecosystem. Further, our results show that certificate misissuance serves as a reasonable indicator for mismanagement and untrustworthiness, suggesting that CAs that misissue more frequently pose a greater threat to security of the PKI. Community efforts thus far to curb these threats have been moderately successful, but the lack of a systematic approach to identifying these problems lets some classes of problems slip through the cracks. We argue that an automated and systematic approach to measuring misissuance in the ecosystem is a necessary first step in solving the problems that lie ahead. |
Issue Date: | 2018-02-01 |
Type: | Text |
URI: | http://hdl.handle.net/2142/100897 |
Rights Information: | Copyright 2018 Zhengping Wang |
Date Available in IDEALS: | 2018-09-04 |
Date Deposited: | 2018-05 |
This item appears in the following Collection(s)
-
Dissertations and Theses - Electrical and Computer Engineering
Dissertations and Theses in Electrical and Computer Engineering -
Graduate Dissertations and Theses at Illinois
Graduate Theses and Dissertations at Illinois