Cryptology ePrint Archive: Report 2013/538

Practical Issues with TLS Client Certificate Authentication

Arnis Parsovs

Abstract: The most widely used secure Internet communication standard TLS (Transport Layer Security) has an optional client certificate authentication feature that in theory has significant security advantages over HTML form-based password authentication. In this paper we discuss practical security and usability issues related to TLS client certificate authentication stemming from the server-side and browser implementations. In particular, we analyze Apache's mod_ssl implementation on the server side and the most popular browsers – Mozilla Firefox, Google Chrome and Microsoft Internet Explorer on the client side. We complement our paper with a measurement study performed in Estonia where TLS client certificate authentication is widely used. We present our recommendations to improve the security and usability of TLS client certificate authentication.

Category / Keywords: implementation / identification protocols, public-key cryptography, RSA, smart cards

Original Publication (in the same form): NDSS 2014

Date: received 27 Aug 2013, last revised 7 Jan 2014

Contact author: arnis at ut ee

Available format(s): PDF | BibTeX Citation

Version: 20140107:144858 (All versions of this report)

Short URL: ia.cr/2013/538

Discussion forum: Show discussion | Start new discussion