X.509DoS - Exploiting and Detecting Denial-of-Service Vulnerabilities in Cryptographic Libraries using Crafted X.509 Certificates

Explore a comprehensive research presentation from USENIX Security '25 that investigates denial-of-service vulnerabilities in cryptographic libraries through crafted X.509 certificates. Learn about the novel X.509DoS attack methodology developed by researchers from Alibaba Group and Indiana University Bloomington, which addresses a significant gap in cryptographic security research by focusing on availability rather than the traditionally studied confidentiality and integrity aspects. Discover how the research team developed specialized tools for rapid generation of crafted certificates and automated detection of DoS vulnerabilities, leading to the identification of 18 new vulnerabilities and 12 previously known CVEs across seven mainstream cryptographic libraries. Understand the widespread nature of this previously understudied threat and examine real-world case studies demonstrating that strict adherence to textbooks and standards does not guarantee security. Gain insights into the practical implications for cryptographic library developers and the importance of considering availability attacks in security assessments, while exploring the technical details of how X.509 certificates can be weaponized as attack vectors against cryptographic implementations.