Malicious certificate detection method

A detection method and certificate technology, which is applied in the field of malicious certificate detection, can solve the problems of limited scope and low accuracy of malicious certificates, and achieve the effect of wide coverage and high accuracy

Active Publication Date: 2020-11-03
HARBIN INST OF TECH AT WEIHAI
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention aims at the low accuracy rate of existing methods for detecting malicious certificates and involves the technical problem that the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious certificate detection method
  • Malicious certificate detection method
  • Malicious certificate detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] Embodiment 1: as Figure 1-3 As shown in the figure, they are respectively the working flow chart of the model of the present invention, the building flow chart of the certificate chain and the flow chart of the certificate verification data.

[0043] The present invention first conducts basic content analysis and normative inspection on the certificate based on Cryptography and RFC 5280, initially obtains the basic information of the certificate and judges whether it conforms to some norms and constraints of RFC 5280, and records relevant information. This process mainly includes the following steps:

[0044] Step (1): Import, convert and store the certificates in pem and cer formats that may be entered.

[0045] Step (2): Obtain the basic information and possible extended information of the X.509 certificate according to Cryptography.

[0046] Step (3): Based on RFC 5280, check some normative constraints involved in the document and record related check information....

Embodiment 2

[0068] In the process of basic parsing and verification of the input X.509 certificate, in addition to extracting some basic information about the certificate subject, certificate issuer, certificate extension and public key usage stored in the certificate itself. Innovatively use some restrictions in RFC 5280, such as decipher_only and encipher_only in the use of the certificate public key are only allowed to be set in the use of the public key when the key_agreement is set to true, and whether the serial_number is represented by no more than 20 bytes The largest positive integer of , and so on. Carefully integrate and check the restrictions on canonical certificates in the RFC 5280 document, and record relevant information. This completes the basic parsing and information checking of the certificate.

Embodiment 3

[0070] The certificate chain is a complete list of certificates from the end certificate to the root certificate. The signatures of all certificates except the root certificate in the list can be verified by the public key of the upper-level certificate. In addition to the basic signature verification, the verification of the certificate chain also includes whether the purpose of the certificate matches, whether the certificate policy matches, whether it meets the name constraints of the certificate, and whether it meets the policy constraints of the certificate, etc. This information needs to be detected during the verification process of the certificate chain, and this also generates some related information. Doing this process for each certificate in the certificate chain can check whether there are some problems with the intermediate certificates.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a malicious certificate detection method, which solves the technical problems of low accuracy and narrow range of related malicious certificates in a malicious certificate detection method, and comprises the following steps of: performing basic content analysis and normative inspection on a certificate, and judging whether the certificate conforms to RFC 5280; obtaining atrusted root certificate and an intermediate certificate from a CCADB, constructing a complete certificate chain in combination with CERTISSUER in AIA expansion information of the certificates, verifying certificate signatures, and verifying the certificates on the whole certificate chain; carrying out feature extraction on the previously obtained certificate content and related verification information; collecting benign certificate data and malicious certificate data, and performing feature extraction on the certificate; and after data feature extraction, constructing a detection model and realizing verification of the malicious certificate. The method can be widely applied to detection of malicious X.509 certificates.

Description

technical field [0001] The invention relates to the field of certificate encryption, in particular to a malicious certificate detection method. Background technique [0002] The X.509 certificate is the basis of the HTTPS protocol. It is the authentication information of the public key used to encrypt the transmitted information issued by the certificate certification authority. The X.509 certificate contains the signature algorithm used by the certification authority, the signature processed by the certification authority's private key, and some basic information about the certification authority, the certification authority and the public key. When communicating based on the HTTPS protocol, the server sends its own X.509 certificate to the client during the handshake phase, and the client determines whether the certificate is credible after parsing the certificate information and building the certificate chain. The determined indicators generally include whether the certi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/32H04L29/06G06K9/62
CPCH04L9/3265H04L9/3247H04L63/1416G06F18/24323G06F18/214
Inventor 闫健恩李佳欣程亚楠张兆心黄俊凯姚雨辰
Owner HARBIN INST OF TECH AT WEIHAI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap