The present invention relates to methods for inspecting security certificates by network security devices to detect and prevent the use of invalid certificates.
In recent years, security has become an increasing concern in information systems. This issue has become more significant with the advent of the Internet and the ubiquitous use of network environments (e.g. LAN and WAN). An important area of IT security is ensuring that a host system's identity is verified before other (secured) host systems are allowed to interact with it. Security certificates are used to certify the veracity of a security protocol's endpoints. For example, certificates are used for the SSL (Secure Sockets Layer) protocol, and its successor, TLS (Transport Layer Security).
It is critical to validate the certificate presented by a web server, otherwise the client is exposed to many security risks, including “phishing”, drive-by malware downloads, and cross-site scripting. In other words, the client system, and the person using it, must be assured of the authenticated identity of the server.
Certificates are normally issued by trustworthy Certificate Authorities (CAs), and thus can be relied upon. Such CAs may revoke certificates by issuing a certificate revocation list (CRL), and publishing the CRL at a well-known location (known as CRL distribution point, or CDP).
Technically, certificates comprise the CA's signature on a public key together with ancillary information (e.g. the end entity's domain name and key (certificate) usage constraints). The public key corresponds to a private key that typically remains in the possession of the end entity (i.e. the web server). Certificates usually form a “chain” in which a CA signs an end entity's certificate producing a new certificate, another CA signs that second certificate producing a third certificate, and the process can continue in that fashion. At the “top” of this chain is a highly-secure CA, known as a root CA.
There are cases where certificates cannot be relied upon. Some examples of unreliable certificates include the following.                (1) The private key may have been generated incorrectly. If this is a CA's private key, then all the certificates the CA has signed become vulnerable. For example, this occurred when the Debian operating system's random number generator was discovered to be badly flawed.        (2) Certificates may have been revoked, but for some reason (e.g. a CA going out of business) the revocation information is unavailable.        (3) Some certificates in the chain use cryptographic algorithms that have been (or are suspected to have been) broken.        
An end entity (also known as a relying party) is responsible to verify the certificate chain of any party which establishes a secure communication channel. This verification algorithm is typically embedded in web browsers, and can detect many cases of invalid certificates. However, the cases listed above, as well as others, are not detected by the standard verification mechanisms. These cases may be resolved by deeper inspection of the certificate chain.
Methods for inspecting security certificates have primarily enabled endpoint-level solutions. An example of such a solution is SSL Blacklist 4.0 (available from CodeFromThe70s.org) which is a plug in for the Firefox browser.
It would be desirable to have methods for inspecting security certificates by network security devices to detect and prevent the use of invalid certificates.