TUM Logo

ParsEval: Evaluation of Parsing Behavior using Real-world Out-in-the-wild X.509 Certificates

X.509 certificates play a crucial role in establishing secure communication over the internet by enabling authentication and data integrity. Equipped with a rich feature set, the X.509 standard is defined by multiple, comprehensive ISO/IEC documents. Due to its internet-wide usage, there are different implementations in multiple programming languages leading to a large and fragmented ecosystem. This work addresses the research question “Are there user-visible and security-related differences between X.509 certificate parsers?”. Relevant libraries offering APIs for parsing X.509 certificates were investigated and an appropriate test suite was developed. From 34 libraries 6 were chosen for further analysis. The X.509 parsing modules of the chosen libraries were called with 186,576,846 different certificates from a real-world dataset and the observed error codes were investigated. This study reveals an anomaly in wolfSSL’s X.509 parsing module and that there are fundamental differences in the ecosystem. While related studies nowadays mostly focus on fuzzing techniques resulting in artificial certificates, this study confirms that available X.509 parsing modules differ largely and yield different results, even for real-world out-in-the-wild certificates.

ParsEval: Evaluation of Parsing Behavior using Real-world Out-in-the-wild X.509 Certificates

ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

Authors: Stefan Tatschner, Sebastian N. Peters, Michael P. Heinl, Tobias Specht, and Thomas Newe
Year/month: 2024/7
Booktitle: ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Pages: 1 - 9
Fulltext: click here

Abstract

X.509 certificates play a crucial role in establishing secure communication over the internet by enabling authentication and data integrity. Equipped with a rich feature set, the X.509 standard is defined by multiple, comprehensive ISO/IEC documents. Due to its internet-wide usage, there are different implementations in multiple programming languages leading to a large and fragmented ecosystem. This work addresses the research question “Are there user-visible and security-related differences between X.509 certificate parsers?”. Relevant libraries offering APIs for parsing X.509 certificates were investigated and an appropriate test suite was developed. From 34 libraries 6 were chosen for further analysis. The X.509 parsing modules of the chosen libraries were called with 186,576,846 different certificates from a real-world dataset and the observed error codes were investigated. This study reveals an anomaly in wolfSSL’s X.509 parsing module and that there are fundamental differences in the ecosystem. While related studies nowadays mostly focus on fuzzing techniques resulting in artificial certificates, this study confirms that available X.509 parsing modules differ largely and yield different results, even for real-world out-in-the-wild certificates.

Bibtex:

@inproceedings {
author = { Stefan Tatschner and Sebastian N. Peters and Michael P. Heinl and Tobias Specht and Thomas Newe},
title = { ParsEval: Evaluation of Parsing Behavior using Real-world Out-in-the-wild X.509 Certificates },
year = { 2024 },
month = { July },
booktitle = { ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security },
pages = { 1 - 9 },
url = { https://doi.org/10.1145/3664476.3669935 },

}