BA: Combinatorial Testing of OCSP and CRL in TLS servers

X.509 certificates are used in TLS connections to verify the identity of clients and servers. To this end, clients and servers have to check whether a certificate is valid and correctly signed. Furthermore, clients and servers can verify whether a specific certificate has been revoked by the issuing certificate authority. Two known and used revocation mechanism are OCSP and CRL. In this thesis, you evaluate different TLS server applications for their (in)correct handling of certificate revocation with OCSP and CRL.

To ascertain a thorough evaluation of the OCSP and CRL handling of TLS libraries, you will utilize the framework of TLS-Anvil. TLS-Anvil is a framework that utilizes combinatorial testing to reach the highest possible coverage of input data for its TLS server tests. Analogously, you will use combinatorial testing to evaluate how the combination of properties of X.509 certificates and OCSP/CRL can lead to errornous behavior in TLS servers.

Resources:

- TLS-Anvil

- OCSP

- CRL

What to bring:

- Programming Knowledge (Java)
- Interest in TLS/X.509
- Willingness to get used to Java Frameworks

What to gain:
- TLS-Anvil has been published on a Tier 1 conference for IT security last year and is part of an industry collaboration so you will be working on current research topics with a real world impact.

Further information :