Research On Measurement And Analysis Of Validity Of Digital Certificates For Large-scale Networks

In today's digital era,humans and the Internet have become inseparable.As a result,cyber security has attracted more and more attention.The network security protocol SSL/TLS has protected people's privacy in daily life,and the application layer HTTPS protocol using SSL/TLS is an important means to ensure secure communication between the user client and the web server,but it is safe in practical applications.The level of sexual protection is still relatively controversial^[1].This paper proposes to measure the validity of digital certificates under the large-scale Internet environment and analyze and research the collected certificate data,so as to solve the following two problems:First,the digital certificate scanning and measurement in large-scale networks,about how to be faster And more complete data collection requires effective technologies and methods;Second,the validity evaluation of digital certificates requires the establishment of data pre-processing index models and evaluation methods.For these two issues,this paper has completed the following three main tasks:?1?Research how to quickly and efficiently complete the digital certificate collection technology and methods in large-scale networks.Through the study of active measurement technology,compared with the previous NMap and the current ZMap measurement technology,it is found that ZMap is faster and more efficient.The deployment of the tools was completed on the Alibaba Cloud server,and the TOP one million popular websites that belong to the domestic IP were measured and data collection was completed.?2?Construct a validity index model for data preprocessing.Foreign scholars have proposed some validity indicators,but there is no uniform specification.According to the 5280 RFC standard documents of digital certificates,we combine the validity indexes proposed by foreign scholars,and study the collected digital certificate data samples,and finally build 12 Validity indicator model of dimensions.?3?Proposed the validity evaluation rules of digital certificates.Verifying the validity of a digital certificate is divided into two steps.First,a valid certificate is determined based on the core rules proposed in this paper.Then,an effective security certificate is determined according to the auxiliary rules.By analyzing the security status of digital certificates,data distribution presents a valid domestic certificate distribution.