Paper 2013/538

Practical Issues with TLS Client Certificate Authentication

Arnis Parsovs

Abstract

The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server-side and browser implementations. In particular, we analyze Apache's mod_ssl implementation on the server side and the most popular browsers – Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on the client side. We complement our paper with a measurement study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations to improve the security and usability of TLS client certificate authentication.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. NDSS 2014
Keywords
identification protocolspublic-key cryptographyRSAsmart cards
Contact author(s)
arnis @ ut ee
History
2014-01-07: revised
2013-08-30: received
See all versions
Short URL
https://ia.cr/2013/538
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/538,
      author = {Arnis Parsovs},
      title = {Practical Issues with TLS Client Certificate Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2013/538},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/538}},
      url = {https://eprint.iacr.org/2013/538}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.