certicate trans parency root explorer
play

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas - PowerPoint PPT Presentation

Dec 24, 2023 •152 likes •347 views

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key Infrastructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2

  1. Certicate Trans侅parency Root Explorer Nikita Korzhitskii Niklas Carlsson

  2. Web Public Key Infras侅tructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2 Root 3

  3. Web Public Key Infras侅tructure (WebPKI) Root CAs issue Intermediate certificates to themselves or other organizations. Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 McDonalds CA KTH CA Bar GmbH CA Intermediate 6 Intermediate 7 Telia CA Foo AB CA

  4. Web Public Key Infras侅tructure (WebPKI) Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 Intermediate 6 Intermediate 7 Leaf 1 Leaf 2 Leaf 3 Leaf 4 Leaf 5 Leaf 6 Leaf 7 Leaf 8 Leaf 9 google.com liu.se fb.me mozilla.org xkcd.com github.io kth.se mit.edu *.linkoping.se

  5. Web Public Key Infras侅tructure (WebPKI) Root store 1 Root store 2 Root store 3 Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 Intermediate 6 Intermediate 7 Leaf 1 Leaf 2 Leaf 3 Leaf 4 Leaf 5 Leaf 6 Leaf 7 Leaf 8 Leaf 9 google.com liu.se fb.me mozilla.org xkcd.com github.io kth.se mit.edu *.linkoping.se Client w/ Root Store 1: google.com, liu.se, fb.me, mozilla.org Client w/ Root Store 2: google.com, liu.se, fb.me, mozilla.org, xkcd.com, github.io, kth.se, mit.edu Client w/ Root Store 3: github.io, kth.se, mit.edu, *.linkoping.se

  6. Certicate Trans侅parency • An internet standard, RFC 6962 • Append-only logging of issued certificates Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 Intermediate 6 Intermediate 7 Leaf 1 Leaf 2 Leaf 3 Leaf 4 Leaf 5 Leaf 6 Leaf 7 Leaf 8 Leaf 9

  7. Certicate Trans侅parency • An internet standard, RFC 6962 • Append-only logging of issued certificates Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 Intermediate 6 Intermediate 7 Leaf 1 Leaf 2 Leaf 3 Leaf 4 Leaf 5 Leaf 6 Leaf 7 Leaf 8 Leaf 9 Log 1 Log 2 Log 3

  8. Certicate Trans侅parency (in practce) Root store 1 Root store 2 Root store 3 Root 1 Root 2 Root 3 Intermediate 1 Intermediate 2 Intermediate 3 Intermediate 4 Intermediate 5 Intermediate 6 Intermediate 7 Leaf 1 Leaf 2 Leaf 3 Leaf 4 Leaf 5 Leaf 6 Leaf 7 Leaf 8 Leaf 9 Log 1 /w Root Store 1 Log 2 /w Root Store 2 Log 3 /w Root Store 3

  9. Certicate Trans侅parency ● A CT log is侅 a s侅igned binary append-only Merkle tree of certicate chains侅 ● Any party can s侅ubmit certicates侅 ● Logs侅 can be checked for cons侅is侅tency ● Initally developed and adopted by Google ● Recently adopted by Apple ● Mos侅t CAs侅 log their certicates侅 upon is侅s侅uance ● CT extends侅 beyond WebPKI to RPKI

  10. Applicatons侅 of Certicate Trans侅parency ● Connecton veriicaton ● Detecton of mis侅is侅s侅ued certicates侅 ● Detecton of actvee phis侅hinge other domains侅 (privacy is侅s侅ues侅) ● Repres侅entaton of the Internet s侅tructure ● Many more… We are interes侅ted in end-to-end s侅ecurity applicatons侅 of CT

  11. Certicate Trans侅parency Root Explorer ...is a tool for exploring certificate stores. One can visualize intersections, compare, parse, search and export certificate information. An SQLite database of logs and roots could be imported and exported. CT logs could be scanned online. Available root stores (Snapshot from 27th December, 2018): Mozilla, Microsoft, Apple and multiple Certificate Transparency Logs. Requirements: Chrome or Chromium Browser. By default, only logs by Google are available for live log scanning. The rest of the logs have not explicitly configured response headers related to the CORS policy. GitHub: nikita-kun/certificate-transparency-root-explorer

  12. Certicate Trans侅parency Root Explorer GitHub: nikita-kun/certificate-transparency-root-explorer

  13. Certicate Trans侅parency Root Explorer GitHub: nikita-kun/certificate-transparency-root-explorer

  14. The datas侅et ● Collected on December 27 th , 2018 ● 56 CT logs (54 were mentioned in Google’s list of known logs) ● 3 Vendor Root Stores ● 802 Root/Intermediate Certificate GitHub: nikita-kun/certificate-transparency-root-explorer

  15. Certificates in root stores of CT logs and their relation to major vendor root stores In order to enable attribution of each logged certificate to its issuer, the log SHALL publish a list of acceptable root certificates ( this list might usefully be the union of root certificates trusted by major browser vendors ). RFC 6962

  16. Fraction of trusted vendor certificates not covered by CT logs In order to enable attribution of each logged certificate to its issuer, the log SHALL publish a list of acceptable root certificates ( this list might usefully be the union of root certificates trusted by major browser vendors ). RFC 6962

  17. Intersections of Logs’ root stores

  18. Conclus侅ion • Certificate Transparency is rapidly developing • As of January 2019, CT logs contained 3 billion entries • CT is already in your Chrome browser and Apple OSes • Many potential applications However: ● Internet is not fully covered by CT ● Google and Apple rely on logs maintained by 4 operators ➔ Cloudflare, DigiCert, Google and Sectigo Intersection of root stores by Mozilla, Microsoft and Apple (top); Argon2019, Nimbus2019 and Nessie/Yeti2019 logs (bottom)

  19. Thank you! www.liu.s侅e

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Funct Functiona nal Trans nspa parency ncy for r Struct ructur ured d Data: a a Gam

Funct Functiona nal Trans nspa parency ncy for r Struct ructur ured d Data: a a Gam

Funct Functiona nal Trans nspa parency ncy for r Struct ructur ured d Data: a a Gam ame-The heoretic c Appr pproach ch Gu Guang-He He Lee, Lee, We Wengong Jin Jin, , David d Alvarez Me Melis, , and nd Tom ommi S. S. Jaak

477 views • 24 slides
EXPLORER+300 Compact for individual usage EXPLORER+ 300 The smallest EXPLORER terminal:

EXPLORER+300 Compact for individual usage EXPLORER+ 300 The smallest EXPLORER terminal:

EXPLORER+300 Compact for individual usage EXPLORER+ 300 The smallest EXPLORER terminal: Weighs only 1.4 kg A single-user terminal: Ideal if your primarily need voice, or moderate speed internet access Compact:

203 views • 6 slides
THINK BIG. TM Projects Presentation Index certicate Project Team

THINK BIG. TM Projects Presentation Index certicate Project Team

THINK BIG. TM Projects Presentation Index certicate Project Team Page 8 Over Border Service Offerings Page 9 Completed & Current Projects Page 10 Contact Details

419 views • 12 slides
EXPLORER+325 COMPACT VOICE AND BROADBAND SOLUTION FOR VEHICLES EXPLORER+ 325 Instant

EXPLORER+325 COMPACT VOICE AND BROADBAND SOLUTION FOR VEHICLES EXPLORER+ 325 Instant

EXPLORER+325 COMPACT VOICE AND BROADBAND SOLUTION FOR VEHICLES EXPLORER+ 325 Instant communication: Simply place the antenna on the roof, connect the antenna and your PC to the EXPLORER terminal, switch on the IP Handset and the vehicle

270 views • 10 slides
Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710

Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710

Introducing EXPLORER 710 Slide 2 - the bar is raised Cobham plc 2 Introducing the EXPLORER 710 A state of the art BGAN setting new standards in terms of speed, size and features. Radical improvement in video quality - the first and

110 views • 8 slides
PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

Mario Vuksan & Tomislav PericinBlackHat USA 2013, Las Vegas PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO CONTINUE: CONTINUE: CONTINUE: CONTINUE:

690 views • 45 slides
EXPLORER+700 When versatility & high-speed matters EXPLORER+ 700 Versatility:

EXPLORER+700 When versatility & high-speed matters EXPLORER+ 700 Versatility:

EXPLORER+700 When versatility & high-speed matters EXPLORER+ 700 Versatility: Provides multiple interfaces to support a wide range of applications. Ideal for video streaming applications and large file transfer. Smaller

286 views • 10 slides
Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she?

Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she?

Sylvia Earle An American marine biologist, explorer, explorer, author, and lecturer Who is she? Since 1988 Dr. Sylvia Alice Earle has been a National Geographic explorer-in-residence. Earle was the first female chief scientist of the U.S

203 views • 8 slides
EXPLORER+500 Performance and portability combined EXPLORER+ 500 The most used BGAN terminal

EXPLORER+500 Performance and portability combined EXPLORER+ 500 The most used BGAN terminal

EXPLORER+500 Performance and portability combined EXPLORER+ 500 The most used BGAN terminal in the Inmarsat world: Unmatched in deployed quantities. Powerful: Ideal combination of performance and portability. Simultaneous

505 views • 14 slides
Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and volatility of the root zone Jaap Akkerhuis Lyman Chapin Patrik Fltstrm Glenn Kowack Bill Manning Lars-Johan Liman Summary of Findings Root Scaling

558 views • 20 slides
& Grid5000 Grid eXplorer eXplorer Grid Plates-formes de Grilles exprimentales

& Grid5000 Grid eXplorer eXplorer Grid Plates-formes de Grilles exprimentales

Grid'5000 and Grid eXplorer 1 GdX GdX Grid5000 & Grid5000 Grid eXplorer eXplorer Grid Plates-formes de Grilles exprimentales mutualises lchelle nationale ACI GRID & ACI MD Franck Cappello INRIA fci@lri.fr

415 views • 26 slides
EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed

EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed

EXPLORER+727 Comprehensive communication hub for vehicles EXPLORER+ 727 High-speed broadband-on-the-move: Automatically tracks satellite positions enabling high-speed connectivity while on-the-move. Simultaneous 432 kbps data and phone

412 views • 11 slides
Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national

Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national

Asia Pacific Review Trans-Asian pipe Building The Trans-ASEAN Gas Pipeline (TAGP) project envisages the creation of a trans-national pipeline network linking ASEANs major gas production and utilisation centres. Once realised the TAGP will

490 views • 5 slides
Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g

Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g

N-1 Nobel Lecture, December 8, 2010 Cross-Coupling Reactions of Organoboranes: p g g An Easy Way for Carbon-Carbon Bonding y y g Akira Suzuki S N-2 Conjugated Alkadienes R' R' R' R R R R R' R R trans trans trans-trans trans

727 views • 25 slides
Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to address a problem or non-conformance, in order to get to the root cause of the problem. It is used so we can correct or eliminate the cause,

389 views • 28 slides
Inclusive Growth: Creating Space for Trans Players Craig Kulyk (Marketing Manager) Tro Weston

Inclusive Growth: Creating Space for Trans Players Craig Kulyk (Marketing Manager) Tro Weston

Inclusive Growth: Creating Space for Trans Players Craig Kulyk (Marketing Manager) Tro Weston (League Manager) Jenna Weiner Why it's important Made fun of for being Trans 27% 73% Ref: Trans Pulse Survey (2006-2013) Heard Trans People

553 views • 38 slides
Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager http://www.mozilla.org/enUS/firefox/new/ https://addons.mozilla.org/enUS/firefox/addon/sqlitemanager/ Queries insert into Users (name, email) values

503 views • 3 slides
1 A typical bug report contains a lot of informaFon that

1 A typical bug report contains a lot of informaFon that

O"en when debugging, we find ourselves with the problem of having an input that crashes a program but not knowing what aspect of the input is

1.02k views • 65 slides
Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Andreas Zeller Software Systems Dept. Passau University Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) Portland, Oregon, August 23, 2000

673 views • 22 slides
Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller

Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller

Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller Security Advisory 2005-13 Security Advisory 2005-41 Security Advisory 2006-76 Security Advisory 2005-16 Security Advisory 2005-15 Security Advisory

268 views • 25 slides
The State of Icedove DebConf15 - Heidelberg Carsten Schoenert c.schoenert@t-online.de 18th

The State of Icedove DebConf15 - Heidelberg Carsten Schoenert c.schoenert@t-online.de 18th

Introducion Evolution of Icedove Current advantages and work flow How to go further Links The State of Icedove DebConf15 - Heidelberg Carsten Schoenert c.schoenert@t-online.de 18th August 2015 Introducion Evolution of Icedove Current

398 views • 23 slides
and Refinement Prediction Xin Xia Software Practices Lab University of British Columbia

and Refinement Prediction Xin Xia Software Practices Lab University of British Columbia

Automated Bug Report Field Reassignment and Refinement Prediction Xin Xia Software Practices Lab University of British Columbia xxia02@cs.ubc.ca 1 A Bug Report 2 Fields in A Bug Report Product Component Priority Severity

548 views • 38 slides
CS510 Software Engineering Delta Debugging and Statistical Debugging Asst. Prof. Mathias Payer

CS510 Software Engineering Delta Debugging and Statistical Debugging Asst. Prof. Mathias Payer

CS510 Software Engineering Delta Debugging and Statistical Debugging Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE

779 views • 24 slides
- Bug Tracking Credits: Carnegie-Mellon Alan Beccati Instructor: Peter Baumann email:

- Bug Tracking Credits: Carnegie-Mellon Alan Beccati Instructor: Peter Baumann email:

The Maintenance Phase - Bug Tracking Credits: Carnegie-Mellon Alan Beccati Instructor: Peter Baumann email: p.baumann@jacobs-university.de tel: -3178 office: room 88, Research 1 Error: Keyboard not attached. Press F1 to continue.

483 views • 12 slides

More recommend