The Broken Shield:
Measuring Revocation Effectiveness in the Windows Code-Signing PKI
Doowon Kim, Bum Jun Kwon, Kristián Kozák, Chris Gates, and Tudor Dumitraș.
Abstract
Recent measurement studies have highlighted security threats against
the code-signing public key infrastructure (PKI), such as certificates
that had been compromised or issued directly to the malware authors.
The primary mechanism for mitigating these threats is to revoke
the abusive certificates. However, the distributed yet closed nature of
the code signing PKI makes it difficult to evaluate the effectiveness of
revocations in this ecosystem. In consequence, the magnitude of signed
malware threat is not fully understood.
In this paper, we collect seven datasets, including the largest corpus
of code-signing certificates, and we combine them to analyze the revocation
process from end to end. Effective revocations rely on three roles:
(1) discovering the abusive certificates, (2) revoking the certificates effectively,
and (3) disseminating the revocation information for clients.
We assess the challenge for discovering compromised certificates
and the subsequent revocation delays. We show that erroneously setting
revocation dates causes signed malware to remain valid even after
the certificate has been revoked. We also report failures in disseminating
the revocations, leading clients to continue trusting the revoked certificates.
Media
Data sets
CRLs
CRL URL | Issuer |
---|---|
CRL URL | Issuer |
Revocation publication date
Serial number | Issuer | Effective revocation date | Revocation pubication date | Revocation reason |
---|---|---|---|---|
Serial number | Issuer | Effective revocation date | Revocation pubication date | Revocation reason |