The Prediction of Serial Number in OpenSSL’s X.509 Certificate
Author
Source
Security and Communication Networks
Issue
Vol. 2019, Issue 2019 (31 Dec. 2019), pp.1-11, 11 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2019-05-02
Country of Publication
Egypt
No. of Pages
11
Main Subjects
Information Technology and Computer Science
Abstract EN
In 2007, a real faked X.509 certificate based on the chosen-prefix collision of MD5 was presented by Marc Stevens.
In the method, attackers needed to predict the serial number of X.509 certificates generated by CAs besides constructing the collision pairs of MD5.
After that, the randomness of the serial number is required.
Then, in this case, how do we predict the random serial number? Thus, the way of generating serial number in OpenSSL was reviewed.
The vulnerability was found that the value of the field “not before” of X.509 certificates generated by OpenSSL leaked the generating time of the certificates.
Since the time is the seed of generating serial number in OpenSSL, we can limit the seed in a narrow range and get a series of candidate serial numbers and use these candidate serial numbers to construct faked X.509 certificates through Stevens’s method.
Although MD5 algorithm has been replaced by CAs, the kind of attack will be feasible if the chosen-prefix collision of current hash functions is found in the future.
Furthermore, we investigate the way of generating serial numbers of certificates in other open source libraries, such as EJBCA, CFSSL, NSS, Botan, and Fortify.
American Psychological Association (APA)
Wang, Jizhi. 2019. The Prediction of Serial Number in OpenSSL’s X.509 Certificate. Security and Communication Networks،Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210494
Modern Language Association (MLA)
Wang, Jizhi. The Prediction of Serial Number in OpenSSL’s X.509 Certificate. Security and Communication Networks No. 2019 (2019), pp.1-11.
https://search.emarefa.net/detail/BIM-1210494
American Medical Association (AMA)
Wang, Jizhi. The Prediction of Serial Number in OpenSSL’s X.509 Certificate. Security and Communication Networks. 2019. Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210494
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1210494