and
play

and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell - PowerPoint PPT Presentation

Apr 23, 2023 •377 likes •744 views

SSL Interception Proxies and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell SecureWorks About this talk History & brief overview of SSL/TLS Interception proxies How and Why Risks introduced by interception

  1. SSL Interception Proxies and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell SecureWorks

  2. About this talk • History & brief overview of SSL/TLS • Interception proxies – How and Why • Risks introduced by interception • Failure modes and impact to risk • Tools to test • Disclosure of vulnerable platforms • Recommendations

  3. Properties of Encryption • Privacy • Integrity • Authenticity

  4. History of SSL • SSL / TLS – SSL v2.0 - Netscape Draft, 1994 – SSL v3.0 - IETF Draft, 1996 – TLS v1.0 - RFC 2246, 1999 – TLS v1.1 - RFC 4346, 2006 – TLS v1.2 - RFC 5246, 2008 • Related — HTTP Over TLS - RFC 2818, 2000 — X.509 and CRL - RFC 5280, 2008 — OCSP - RFC5019, 2007

  5. SSL Session Establishment Client Hello Server Hello Certificate Server Hello Done C l i e n t K e y E x c h a n g e h a n g e C i p h e r S p e c C d F i n i s h e Client Server ChangeCipherSpec endpoint Endpoint Finished ApplicationData

  6. X.509 Certificate Validation Responsible for validating certificate trust • Verify certificate integrity – Compare signature to cert hash • Check for expiration – Issue time < Current time < Expiration time • Check Issuer – Trusted? Follow chain to root • Check revocation via CRL and/or OCSP

  7. Result Typical Uses Malicious uses • Privacy • Privacy – Cipher Suite prevents – Cipher Suite bypasses sniffing detection • Integrity • Integrity – Cipher Suite prevents – Cipher Suite bypasses modification prevention • Authenticity • Authenticity – Certificate validation – Certificate validation ensures identity ensures identity

  8. Enterprise Response • Intercept, Inspect, Filter – DLP – Web Content Filters – Anti-Malware Solutions – IDS / IPS – NG / DPI Firewalls – Endpoint Security Suites • Broadly termed ‘SSL Interception Proxies’

  9. SSL / TLS Interception Proxies • Man In The Middle • Negotiate two sessions – Act as Client on Server Side – Act as Server on Client Side – Generate new server key pair on client side • Disrupt Authenticity to Effect Privacy/Integrity • End-to-end session becomes two point-to- point sessions

  10. SSL / TLS Interception Proxies Server Hello Server Hello Certificate Certificate Server Hello Done Server Hello Done Client Interception Server endpoint Proxy Endpoint ApplicationData ApplicationData P l a i n t e x t Disrupt Authenticity to Effect Privacy/Integrity

  11. Establishing endpoint trust • Private CA – Must be added as trust root to all endpoints – Can pose a logistical challenge • Public SubCA – Delegated public root authority – These are sometimes available • Trustwave disclosed this, reversed course • GeoTrust previously advertise it as GeoRoot – Signing Key exposure risks are significant

  12. Unintended side effects • Two separate cipher-suite negotiations – May use weaker crypto than endpoints support • Proxy becomes high-value target – Access to clear-text sessions – Contains Private Keys • Legalities – disclosure, user expectations • Transitive Trust – Client cannot independently verify server identity – Client relies on Proxy’s validation of server -side certificate

  13. Untrusted Root • Client does not trust server certificate’s CA www.example.com Client Issuer: commonName = DigiNotar Public CA Subject: commonName = Trust: Corporate CA www.example.com Don’t Trust : Diginotar Public CA

  14. Transitive Root Trust • Proxy trusts Server Certificate’s CA • Client trusts Proxy Certificate’s CA SSL Interception Proxy www.example.com Client Issuer: Issuer: commonName = DigiNotar commonName = Corporate Public CA CA Subject: Subject: commonName = commonName = www.example.com www.example.com Trust: Corporate CA Trust: DigiNotar Public Don’t Trust : Diginotar CA Public CA • Therefore, Client trusts Server Certificate’s CA

  15. Transitive Trust – X.509 • X.509 Validation flaws can also be transitive – Self-signed certificates – Expired certificates – Revoked certificates – Basic constraints • Moxie Marlinspike, 2002 – Null prefix injection • Moxie Marlinspike, 2009 • Dan Kaminsky, 2009

  16. Key pair caching • Dynamically generating SSL key pairs is computationally expensive • Network-based interception proxies handle large numbers of connections • Caching generated key pairs helps performance • How cached key pairs are indexed is important

  17. Key pair caching – First visit Key Pair Cache Issuer: commonName = Corporate CA Subject: commonName = www.example.com Fingerprint: 0x0A0B0C0D0E0F0102 Write SSL Interception Proxy www.example.com Client Issuer: Issuer: commonName = Real Public CA commonName = Corporate CA Subject: Subject: commonName = www.example.com commonName = www.example.com Fingerprint: Fingerprint: Trust: Corporate CA 0x0A0B0C0D0E0F0102 0x0102030405060708 Trust: Real Public CA

  18. Key pair caching – later visits Key Pair Cache Issuer: commonName = Corporate CA Subject: commonName = www.example.com Fingerprint: 0x0A0B0C0D0E0F0102 Read SSL Interception Proxy www.example.com Client Issuer: Issuer: commonName = Corporate CA commonName = Real Public CA Subject: Subject: commonName = www.example.com commonName = www.example.com Fingerprint: Fingerprint: Trust: Corporate CA 0x0A0B0C0D0E0F0102 0x0102030405060708 Trust: Real Public CA

  19. Key pair caching – attack Key Pair Cache Issuer: commonName = Corporate CA Subject: commonName = www.example.com Fingerprint: 0xABCDEF12 Attacker Read www.example.com SSL Interception Proxy Client Issuer: Issuer: commonName = Corporate CA commonName = Other Public CA Subject: Subject: commonName = www.example.com commonName = www.example.com Fingerprint: Fingerprint: Trust: Corporate CA 0xABCDEF12 0xDEADBEEF Trust: Other Public CA

  20. Failure Modes • If a certificate is invalid, how do we proceed? • No RFC specification for MITM interception • Three common approaches – Fail Closed – Friendly Error – Passthrough • Each has trade offs.

  21. Failure Modes – Fail Closed • Terminate both sessions immediately. – Security++; • No reason given – User_Experience--; • Out of band agents – Provide info – Deployment burden

  22. Failure Modes – Friendly Error • Terminate server side session immediately • Provide friendly message on client side session – In context of requested site – Include content from the certificate? • Malformed certificate as web attack vector • XSS in context of requested page via invalid cert? – Allow user override? • CSRF to disable validation?

  23. Failure Modes – Passthrough • Most common for name and expiry failures • Continue server side session • Client-side Certificate uses identical data – Relies on client-side validation routines – Downstream interception or unusual user-agents can combine to cause unexpected behaviors – Generally preserves user-experience / warnings • But without visibility into the original cert • Users often make poor choices

  24. Testing for common issues https://ssltest.offenseindepth.com • Visit from a client behind proxy – Table lists vulnerabilities – CSS includes from host for each vuln – Host certs are invalid to demonstrate vuln – If vulnerable, CSS loads and flags vulnerability • Shows request headers • Certificate warnings – In passthrough failure mode decision will affect results.

  25. Client visiting directly

  26. Same client via proxy

  27. Cisco IronPort Web Security Appliance • Self-Signed Certificates Accepted – No CVE, Cisco Bug ID 77544 for mitigations • Unknown CA Roots Accepted – No CVE, Cisco Bug ID 77544 for mitigations

  28. Cisco IronPort Web Security Appliance • Lack of CRL or OCSP checking – CVE-2012-1316 – Cisco Bug ID 71969 • Basic Constraints not validated – CVE-2012-1326 • Keypair Cache weaknesses – CVE-2012-0334 – Cisco Bug ID 78906

  29. Cisco IronPort Web Security Appliance • All findings apply to version 7.1.3-014 • Patches forthcoming – V7.5 - 07/2012 – V7.7 - 07/2012 • No UI for managing trust roots – Patches addressed recent revocations – Passthrough Failure Mode – Problems in combination with certain downstream validators

  30. Astaro Security Gateway • Lack of CRL or OCSP checking – Firmware 8.300 Pattern 23977 • Sophos / Astaro Security Team Response – Design Decision – CRL / OCSP is broken in general – Monitoring ongoing developments for future response

  31. Astaro Security Gateway • Friendly Error failure mode • Includes support for managing trust roots • Includes support for managing certificate blacklists • Updates to both pushed frequently

  32. No known issues • Checkpoint Security Gateway R75.20 • Microsoft Forefront TMG 2010 SP2 • Include support for managing trust roots • Fail Closed in all tested scenarios

  33. Recommendations - Implementers • Patch regularly • Test proxies prior to deployment • Consider security and user-experience • Inform end users of interception • Be aware of trust roots, be ready to adapt • Harden hosts running proxies, monitor closely • Consider failure modes • Realize that interception has consequences

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1945: Vannevar Bush The Internet End-End As we may think, Atlantic The Web Monthly,

1945: Vannevar Bush The Internet End-End As we may think, Atlantic The Web Monthly,

10/12/2019 1945: Vannevar Bush The Internet End-End As we may think, Atlantic The Web Monthly, July, 1945. Describes the idea of a 15-441 Fall 2019 distributed hypertext system Profs Peter Steenkiste &amp; Justine Sherry A

359 views • 11 slides
HTTP HTTP: HyperText Transfer Protocol Basis for fetching Web pages request Network CSE 461

HTTP HTTP: HyperText Transfer Protocol Basis for fetching Web pages request Network CSE 461

HTTP HTTP: HyperText Transfer Protocol Basis for fetching Web pages request Network CSE 461 University of Washington 2 Sir Tim Berners-Lee (1955) Inventor of the Web Dominant Internet app since mid 90s He now directs the W3C

443 views • 41 slides
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science steen@cs.vu.nl Chapter 12: Distributed Web-Based Systems Version: December 10, 2012 Distributed Web-Based Systems 12.1 Architecture

441 views • 19 slides
Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions:

Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions:

Web Caching based on: Web Caching , Geoff Huston Web Caching and Zipf-like Distributions: Evidence and Implications , L. Breslau, P. Cao, L. Fan, G. Phillips, S. Shenker On the scale and performance of cooperative Web proxy caching ,

640 views • 24 slides
Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Structure of HTTP Messages Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt CRLF [ message-body ] Universitt Karlsruhe start-line =

289 views • 12 slides
Current Status of CVMFS Fast, scalable, and reliable software distribution Jakob Blomer July

Current Status of CVMFS Fast, scalable, and reliable software distribution Jakob Blomer July

Current Status of CVMFS Fast, scalable, and reliable software distribution Jakob Blomer July 3rd, 2009 1 / 20 Outline 1 Overview 2 Recent Development 3 Benchmarks 4 Next Steps 2 / 20 1 Overview 2 Recent Development 3 Benchmarks 4 Next Steps 3

586 views • 29 slides
Web API DOs and DONTs Oliver Wolf @owolf Oliver Wolf www.innoQ.com @owolf @innoQ

Web API DOs and DONTs Oliver Wolf @owolf Oliver Wolf www.innoQ.com @owolf @innoQ

Web API DOs and DONTs Oliver Wolf @owolf Oliver Wolf www.innoQ.com @owolf @innoQ Disclaimer Some of the discussions around REST and Web APIs are merely a matter of taste and personal preference I think the topics Im going to

993 views • 52 slides
Distributed Document-Based Systems Chi Zhang czhang@cs.fiu.edu The World Wide Web Overall

Distributed Document-Based Systems Chi Zhang czhang@cs.fiu.edu The World Wide Web Overall

COP 6611 Advanced Operating System Distributed Document-Based Systems Chi Zhang czhang@cs.fiu.edu The World Wide Web Overall organization of the Web. HTML HTTP TCP HTTP is a stateless application-layer protocol 1 Document Types Type

572 views • 11 slides
Global Software Distribution with CernVM-FS Jakob Blomer CERN 2016 CCL Workshop on Scalable

Global Software Distribution with CernVM-FS Jakob Blomer CERN 2016 CCL Workshop on Scalable

Global Software Distribution with CernVM-FS Jakob Blomer CERN 2016 CCL Workshop on Scalable Computing October 19th, 2016 jblomer@cern.ch CernVM-FS 1 / 15 The Anatomy of a Scientific Software Stack (In High Energy Physics) jblomer@cern.ch

721 views • 34 slides
C D N G A E L A N L L O Y D W O R D P R E S S M E E T U P S E A T T L E 2 0 1 6 MARK ROTHKO

C D N G A E L A N L L O Y D W O R D P R E S S M E E T U P S E A T T L E 2 0 1 6 MARK ROTHKO

C D N G A E L A N L L O Y D W O R D P R E S S M E E T U P S E A T T L E 2 0 1 6 MARK ROTHKO UNTITLED, 1969 Overview Learn about and get started with your fjrst Content Delivery Network. What a CDN is and how it works. Where to get one

614 views • 29 slides
Deploying Large Scale Webapps Thierry Sans Users respond to speed Amazon found every 100ms of

Deploying Large Scale Webapps Thierry Sans Users respond to speed Amazon found every 100ms of

Deploying Large Scale Webapps Thierry Sans Users respond to speed Amazon found every 100ms of latency cost them 1% in sales Google found an extra . 5 seconds in search page generation time dropped traffic by 20% A broker could

559 views • 20 slides
A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner, Yinglian Xie, Weiqiang Zhuang, Hui Zhang Infocom 2001 Caching Cache Server Clients 30-40% reduction in bandwidth at ISP Reduced waiting

587 views • 26 slides
Helping Hand or Hidden Hurdle: Proxy-assisted HTTP-based Adaptive Streaming Performance

Helping Hand or Hidden Hurdle: Proxy-assisted HTTP-based Adaptive Streaming Performance

Helping Hand or Hidden Hurdle: Proxy-assisted HTTP-based Adaptive Streaming Performance Vengatanathan Krishnamoorthi 1 , Niklas Carlsson 1 , Derek Eager 2 , Anirban Mahanti 3 , Nahid Shahmehri 1 1 Linkping University, Sweden 2 University of

1.21k views • 77 slides
Accelerating YouTube &amp; Google Search Andreas Terzis YouTube Statistics YouTube is a large

Accelerating YouTube &amp; Google Search Andreas Terzis YouTube Statistics YouTube is a large

Accelerating YouTube &amp; Google Search Andreas Terzis YouTube Statistics YouTube is a large fraction of Internet traffic globally 1 17% NA, 25% Europe, 33% LATAM, 23% APAC of fixed-line traffic Mobile makes ~40% of YouTubes

382 views • 15 slides
DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a

DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a

DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a Cloud Storage Networks 3: Distributed Hash Tables - Virtualization without Index Database Christian Schindelhauer Technical Faculty

797 views • 27 slides
Distributed Systems Principles and Paradigms Chapter 12 (version October 15, 2007 ) Maarten van

Distributed Systems Principles and Paradigms Chapter 12 (version October 15, 2007 ) Maarten van

Distributed Systems Principles and Paradigms Chapter 12 (version October 15, 2007 ) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel: (020) 598 7784

228 views • 22 slides
Time Sensitive Application Data loss Bandwidth

Time Sensitive Application Data loss Bandwidth

s P t t s s

179 views • 6 slides
Wikipedias CDN Research, Engineering, Free Software Emanuele Rocca Wikimedia Foundation

Wikipedias CDN Research, Engineering, Free Software Emanuele Rocca Wikimedia Foundation

Wikipedias CDN Research, Engineering, Free Software Emanuele Rocca Wikimedia Foundation March 26th 2018 1 How does Wikipedia end up on my screen? 1 Outline 2 Wikimedia Foundation CDN Ingredients In Practice Wikimedia

872 views • 65 slides
Error Control for Real-Time Audio-Visual Services Georg Carle Institut EURECOM Sophia-Antipolis

Error Control for Real-Time Audio-Visual Services Georg Carle Institut EURECOM Sophia-Antipolis

Error Control for Real-Time Audio-Visual Services Georg Carle Institut EURECOM Sophia-Antipolis FRANCE carle@eurecom.fr http://www.eurecom.fr/~carle/ (Joint work with E. Biersack, J. Nonnenmacher and S. Rsli) D a g s t u h l , J u n

644 views • 10 slides
Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing Delays at Server Cache Content Locally at client Updates? Cache Content at proxies Proxy Server Client Proxy Server Content Server Proxy

781 views • 14 slides
1 Hybrid of client-server and P2P Processes communicating Client process: process that Process:

1 Hybrid of client-server and P2P Processes communicating Client process: process that Process:

Some network apps E-mail Internet telephone Application Layer Overview and Web Real-time video conference Instant messaging Web/HTTP Massive parallel Remote login computing P2P file sharing Multi-user network

425 views • 7 slides
Performance comparison of Performance comparison of distributed architectures for distributed

Performance comparison of Performance comparison of distributed architectures for distributed

Performance comparison of Performance comparison of distributed architectures for distributed architectures for content adaptation and delivery content adaptation and delivery of Web resources of Web resources Claudia Canali Valeria

376 views • 22 slides
Drupal Cache Luis F. Ribeiro Ci&amp;T Inc. 2013 Introduction Caio Ciao Luppi Software

Drupal Cache Luis F. Ribeiro Ci&amp;T Inc. 2013 Introduction Caio Ciao Luppi Software

The importance of Drupal Cache Luis F. Ribeiro Ci&amp;T Inc. 2013 Introduction Caio Ciao Luppi Software Architect at Ci&amp;T Inc. More than 4 years of experience with Drupal Development Experience with Application Development

723 views • 30 slides
Application Protocols and HTTP 14-740: Fundamentals of Computer Networks Bill Nace Material from

Application Protocols and HTTP 14-740: Fundamentals of Computer Networks Bill Nace Material from

Application Protocols and HTTP 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia Lab #0 due in a week Next time: Paper

813 views • 49 slides

More recommend