Illuminate the Shadow: A Comprehensive Study of TLS Client Certificate Ecosystem in the Wild

Client certificate authentication (CCA) is gaining greater significance, as more and more security-critical private activities such like e-bank and e-health are being conducted online, posing strong needs for mutual authentication. Unlike server certificates, active measurement of client certificates via probing techniques is infeasible since CCA is non-mandatory in the TLS protocol. Passive measurement is technically feasible but requires consistent access to large-scale Internet traffic to be comprehensive and convincing, which puts very high requirements on the research conditions. In this paper, we present a comprehensive study of the client certificate ecosystem, as the outcome of by far the largest passive measurement of client certificates in literature. As many as 97 million unique client certificates have been collected from the top-level academic network in China during six months. We analyze the actual use of CCA and classify the client certificates into three categories according to purposes: device authentication, user authentication, and application authentication. We discuss the security of client certificates with respect to the certificate attributes and make comparisons between client and server certificates. We also evaluate the risk of privacy leakage caused by client certificates, indicating the severity and the culprit. We hope our work would benefit the community by depicting an intuitive overview of the client certificate ecosystem and inspiring new thoughts on certificate usage in all kinds of scenarios.