SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations

Sze Yiu Chau; Omar Chowdhury; Endadul Hoque; Huangyi Ge; Aniket Kate; Cristina Nita-Rotaru; Ninghui  Li

doi:10.1109/SP.2017.40

Back

Conference proceeding

SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations

Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru and Ninghui Li

2017 IEEE Symposium on Security and Privacy (SP), pp.503-520

05/2017

DOI: 10.1109/SP.2017.40

View Online

Abstract

The X.509 Public-Key Infrastructure has long been used in the SSL/TLS protocol to achieve authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint SSL/TLS libraries for secure communication has further propelled its prominence. The security guarantees provided by X.509 hinge on the assumption that the underlying implementation rigorously scrutinizes X.509 certificate chains, and accepts only the valid ones. Noncompliant implementations of X.509 can potentially lead to attacks and/or interoperability issues. In the literature, black-box fuzzing has been used to find flaws in X.509 validation implementations, fuzzing, however, cannot guarantee coverage and thus severe flaws may remain undetected. To thoroughly analyze X.509 implementations in small footprint SSL/TLS libraries, this paper takes the complementary approach of using symbolic execution. We observe that symbolic execution, a technique proven to be effective in finding software implementation flaws, can also be leveraged to expose noncompliance in X.509 implementations. Directly applying an off-the-shelf symbolic execution engine on SSL/TLS libraries is, however, not practical due to the problem of path explosion. To this end, we propose the use of SymCerts, which are X.509 certificate chains carefully constructed with a mixture of symbolic and concrete values. Utilizing SymCerts and some domain-specific optimizations, we symbolically execute the certificate chain validation code of each library and extract path constraints describing its accepting and rejecting certificate universes. These path constraints help us identify missing checks in different libraries. For exposing subtle but intricate noncompliance with X.509 standard, we cross-validate the constraints extracted from different libraries to find further implementation flaws. Our analysis of 9 small footprint X.509 implementations has uncovered 48 instances of noncompliance. Findings and suggestions provided by us have already been incorporated by developers into newer versions of their libraries.

Protocols

Libraries

Explosions

Computer bugs

Authentication

Standards

Details

Title: Subtitle: SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations
Creators: Sze Yiu Chau - Purdue Univ., West Lafayette, IN, USA
Omar Chowdhury - Univ. of Iowa, Iowa City, IA, USA
Endadul Hoque - Purdue Univ., West Lafayette, IN, USA
Huangyi Ge - Purdue Univ., West Lafayette, IN, USA
Aniket Kate - Purdue Univ., West Lafayette, IN, USA
Cristina Nita-Rotaru - Northeastern Univ., Boston, MA, USA
Ninghui Li - Purdue Univ., West Lafayette, IN, USA
Resource Type: Conference proceeding
Publication Details: 2017 IEEE Symposium on Security and Privacy (SP), pp.503-520
Publisher: IEEE
DOI: 10.1109/SP.2017.40
ISSN: 1081-6011
eISSN: 2375-1207
Language: English
Date published: 05/2017
Academic Unit: Computer Science
Record Identifier: 9984002330402771

Metrics

15 Record Views

29 Times Cited - Web of Science