Characterization of clients-side revocation checks and their security-performance tradeoffs

Sammanfattning: There are several different methods for checking whether certificates on the web have been revoked, timely discovery of revoked certificates are important to ensure security when authentication within the HTTPS protocol is used. These methods have both advantages and disadvantages as they can contribute to security but at the same time worsen performance on the web browsers. This thesis examines these methods in more detail to identify the pros and cons and whether it is possible to find a good tradeoff between security and performance. This is important as a user is exposed to major security flaws if the integrity of a domain cannot be verified. Our analysis includes to which extent OCSP and CRL are used, how much OCSP affects the browser Firefox's performance, and how many web servers implement methods to verify revoked certificates, such as OCSP staple and must-staple. We also compare web browsers own lists of revoked certificates and look for patterns and differences between them. The analysis shows that OCSP and CRL have largely been replaced by other methods of verifying revoked certificates such as OneCRL and CRLSet. It turned out that OneCRL and CRLSet only cover a small fraction of the total number of certificates available. Often, it takes several weeks for certificates to appear in these lists after being revoked. We also found that OCSP's impact on the web pages performance is minimal. We concluded that the existing methods for verifying revocation statuses are inadequately used by CAs, web browsers and web servers, which poses a major security risks for users. Many certificates are not checked at all. However, we believe that it is possible to increase the security without reducing performance if CAs, web browsers and web servers can collaborate in the development of improving and combining current methods for checking revoked certificates.