# Systematic Parsing of X.509: Eradicating Security Issues with a Parse   Tree

**Authors:** Alessandro Barenghi, Nicholas Mainardi, Gerardo Pelosi

arXiv: 1812.04959 · 2018-12-13

## TL;DR

This paper presents a formal grammar-based parser for X.509 certificates that guarantees unambiguous parsing, identifies widespread syntactic invalidity, and demonstrates security risks caused by incorrect parsing in existing libraries.

## Contribution

It introduces a grammar-driven parser for X.509 certificates with strong termination guarantees and shows its effectiveness in detecting invalid certificates and security flaws.

## Key findings

- 21.5% of certificates are syntactically invalid
- Existing TLS libraries accept up to 10.5% invalid certificates
- Demonstrated impersonation attack exploiting parsing flaws

## Abstract

X.509 certificate parsing and validation is a critical task which has shown consistent lack of effectiveness, with practical attacks being reported with a steady rate during the last 10 years. In this work we analyze the X.509 standard and provide a grammar description of it amenable to the automated generation of a parser with strong termination guarantees, providing unambiguous input parsing. We report the results of analyzing a 11M X.509 certificate dump of the HTTPS servers running on the entire IPv4 space, showing that 21.5% of the certificates in use are syntactically invalid. We compare the results of our parsing against 7 widely used TLS libraries showing that 631k to 1,156k syntactically incorrect certificates are deemed valid by them (5.7%--10.5%), including instances with security critical mis-parsings. We prove the criticality of such mis-parsing exploiting one of the syntactic flaws found in existing certificates to perform an impersonation attack.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.04959/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1812.04959/full.md

## References

39 references — full list in the complete paper: https://tomesphere.com/paper/1812.04959/full.md

---
Source: https://tomesphere.com/paper/1812.04959