Practical Issues with TLS Client Certificate Authentication
نویسنده
چکیده
The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server side and browser implementations. In particular we analyze Apache mod_ssl implementation on server side and the most popular browsers – Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on client side. We complement our paper with a case study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations for TLS implementations on the client and server side to improve the security and usability of TLS client certificate authentication.
منابع مشابه
SSL Server Rating Guide for TLS Client Certificate Authentication Seminar Report for Research Seminar in Cryptography
This paper presents a list of tests that can be automatically run to verify the correct server configuration of TLS Client Certificate Authentication. A possible design for a testing engine with a web front-end is proposed to run these tests by a web browser without the need of browser extensions. Finally, a rating guide is proposed to summarize test results.
متن کاملSSL/TLS Session-Aware User Authentication: A Lightweight Alternative to Client-Side Certificates
Many SSL/TLS-based e-commerce applications employ traditional authentication mechanisms on the client side. These mechanisms—if decoupled from SSL/TLS session establishment—are vulnerable to man-in-the-middle attacks. In this article, we examine the feasibility of such attacks, survey countermeasures, and explain the rationale behind SSL/TLS session-aware user authentication as a lightweight an...
متن کاملRenegotiating TLS
Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical att...
متن کاملSelecting a Standard Outer Method for EAP
This paper outlines the problems in currently available authentication methods, such as EAP-TTLS, EAP-PEAP and EAP-FAST, and describes the desirable properties of a standard outer method. We examine the interaction between inner and outer methods and the types of issues that presently exist. We propose a new authentication method, EAP-PSK [PSK] with tunneling support (EAP-TLS-PSK), as an EAP pr...
متن کاملEnhanced TLS Handshake Authentication with Blockchain and Smart Contract (Short Paper)
Transport Layer Security (TLS) is the main standard designed for secure connections over the Internet. Security of TLS connections against active Man-in-the-Middle attacks relies on correctly validating public-key certificates during TLS handshake authentication. Although Certificate Transparency (CT) and further improved CT system—IKPmitigated the certificate authentication issues from the per...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013