certificate authorities and
play

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) - PowerPoint PPT Presentation

Sep 15, 2022 •166 likes •622 views

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Authenticity of Public Keys ? private key Bob Alice public key Problem: How does Alice know that the public key she received is really Bob’s public key? 11/2/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Announcements • Lab 2 (web security) will be coming out next Tuesday 11/2/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. RSA decryption • Based on feedback and interest, not in lecture • I’ve added a slide to lecture 12’s slides which explains it (it’s slide 18) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. RSA decryption • On the interest scale of 1-5… – ... someone answered 0 – ... someone answered 6 – …someone answered π – …someone answered 2 5 11/2/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Security mindset anecdote – Mining Your Ps and Qs • A 2012 study titled “Mining your Ps and Qs: Detection of Widespread Weak Keys in Network Devices” Scanned the entire internet to look for weak public keys 11/2/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. Mining Your Ps and Qs • They were able to determine the RSA private key for 0.5% of HTTPS servers and 0.03% of SSH servers • How? Insufficient randomness. 0.5% of keys shared a p or q with at least one other key (but not both). 11/2/16 CSE 484 / CSE M 584 - Fall 2016 7

  8. RSA Cryptosystem [Rivest, Shamir, Adleman 1977] • Key generation: – Generate random large primes p, q • Say, 1024 bits each – Compute n =pq and ϕ (n) =(p-1)(q-1) – Choose small e, relatively prime to ϕ (n) • Typically, e=2 16 +1=65537 – Compute unique d such that ed = 1 mod ϕ (n) • Modular inverse: d = e -1 mod ϕ (n) – Public key = (e,n); private key = (d,n) • Encryption of m: c = m e mod n • Decryption of c: c d mod n = (m e ) d mod n = m 11/2/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. Certificates • Public-key certificate – Signed statement specifying the key and identity • sig CA (“Bob”, PK B ) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Threat: Man-In-The-Middle (MITM) Google.com 11/2/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. You encounter this every day… SSL/TLS: Encryption & authentication for connections (More on this later!) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. Certificate Authority • Trusted organization that verifies who owns what keys out of band and tells everyone else whose keys are whose 11/2/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. Strawman CA design 1. You browse to www.cs.washington.edu 2. www.cs.washington.edu sends its key K 3. Your browser asks a trusted CA: “hey, key K the right key for UW CSE?” 4. CA replies “yes” or “no” Why is this a bad idea? (Q1) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. Real CA design • Think of a certificate as a cryptographically hard-to-forge piece of ID <proof that I’m UWCSE and PK UWCSE is my key> Certificate authority (e.g., Verisign www.cs.washington.edu or Let’s Encrypt) sig CA (“UWCSE”, PK UWCSE ) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. Example Certificate 11/2/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. Example Certificate 11/2/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. X.509 Certificate 11/2/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. Hierarchical Approach • Single CA certifying every public key is impractical • Instead, one or more trusted root authorities – Everybody must know the public key for verifying root authority’s signatures • CAs delegate to other authorities – What happens if root authority is ever compromised? 11/2/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. Hierarchical Approach • Single CA certifying every public key is impractical • Instead, use a trusted root authority – For example, Verisign – Everybody must know the public key for verifying root authority’s signatures • Root authority signs certificates for lower-level authorities, lower-level authorities sign certificates for individual networks, and so on – Instead of a single certificate, use a certificate chain • sig Verisign (“AnotherCA”, PK AnotherCA ), sig AnotherCA (“Alice”, PK A ) – What happens if root authority is ever compromised? 11/2/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. Many Challenges… • CAs make serious mistakes – Bad security practices, bad operational practices • Revocation is hard… • Users don’t notice when attacks happen – We’ll talk more about this later 11/2/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate -- an example certificate for demonstrating how to set up HTTPS • A study found >85k hosts on the internet (0.66% of all TLS hosts on the internet) actively using these keys! • 22 hosts had certificates using these keys THAT WERE SIGNED BY A CA! 11/2/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. Attacking CAs Security of DigiNotar servers: • All core certificate servers controlled by a single admin password (Pr0d@dm1n) • Software on public- facing servers out of date, unpatched • No anti-virus (could have detected attack) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. [Sotirov et al. “ Rogue Certificates ” ] Colliding Certificates serial number serial number set by the CA validity period validity period chosen prefix (difference) real cert rogue cert domain name domain name Hash to the same MD5 value! real cert ??? RSA key collision bits (computed) Valid for both certificates! X.509 extensions X.509 extensions identical bytes (copied from real cert) signature signature 11/2/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. Consequences of Hacking a CA • Attacker makes themself a fake certificate for a site (say, mail.yahoo.com): fakeCert = sig CA (“Yahoo”, <attacker’s key>) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 24

  25. Q2: Man-In-The-Middle (MITM) mail.yahoo.com 11/2/16 CSE 484 / CSE M 584 - Fall 2016 25

  26. Consequences of Hacking a CA • Attacker makes themselves a fake certificate for a site (say, mail.yahoo.com): fakeCert = sig CA (“Yahoo”, <attacker’s key>) • An attacker can pretend to be any real site – For example, use DNS to poison the mapping of mail.yahoo.com to an IP address • … “authenticate” as the real site • … decrypt all data sent by users – Email, phone conversations, Web browsing 11/2/16 CSE 484 / CSE M 584 - Fall 2016 26

  27. More Rogue Certs • In Jan 2013, a rogue *.google.com certificate was issued by an intermediate CA that gained its authority from the Turkish root CA TurkTrust – TurkTrust accidentally issued intermediate CA certs to customers who requested regular certificates – Ankara transit authority used its certificate to issue a fake *.google.com certificate in order to filter SSL traffic from its network • This rogue *.google.com certificate was trusted by every browser in the world 11/2/16 CSE 484 / CSE M 584 - Fall 2016 27

  28. Many Challenges… • CAs make serious mistakes – Bad security practices, bad operational practices • Revocation is hard… • Users don’t notice when attacks happen – We’ll talk more about this later 11/2/16 CSE 484 / CSE M 584 - Fall 2016 28

  29. Certificate Revocation (Q3) 11/2/16 CSE 484 / CSE M 584 - Fall 2016 29

  30. Certificate Revocation • Revocation is very important • Many valid reasons to revoke a certificate – Private key corresponding to the certified public key has been compromised – User stopped paying their certification fee to this CA and CA no longer wishes to certify him – CA’s private key has been compromised! • Expiration is a form of revocation, too – Many deployed systems don’t bother with revocation – Re-issuance of certificates is a big revenue source for certificate authorities 11/2/16 CSE 484 / CSE M 584 - Fall 2016 30

  31. Certificate Revocation Mechanisms • Certificate revocation list (CRL) – CA periodically issues a signed list of revoked certificates • Credit card companies used to issue thick books of canceled credit card numbers – Can issue a “delta CRL” containing only updates • Online revocation service – When a certificate is presented, recipient goes to a special online service to verify whether it is still valid • Like a merchant dialing up the credit card processor 11/2/16 CSE 484 / CSE M 584 - Fall 2016 31

  32. Keybase • Basic idea: – Rely on existing trust of a person’s ownership of other accounts (e.g., Twitter, GitHub, website) – Each user publishes signed proofs to their linked account https://keybase.io/ 11/2/16 CSE 484 / CSE M 584 - Fall 2016 32

  33. SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De facto standard for Internet security – “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications” • Deployed in every Web browser; also VoIP, payment systems, distributed systems, etc. 11/2/16 CSE 484 / CSE M 584 - Fall 2016 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

454 views • 30 slides
Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse

1.17k views • 63 slides
Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate

Introduction Certificate Authorities Algorithms Attacks HTTPS by default Future Final remarks Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate Authorities Algorithms How broken is TLS? Attacks

1.23k views • 60 slides
Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson,

Bamboozling Certificate Authorities with BGP Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal Autonomous System (AS) NTT 2914 Internet at the highest level Routing within an AS is completely autonomous

713 views • 29 slides
http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue certificates for any domain This means, most CAs are single point of failures, they might get hacked, or their power could get abused (by creating

534 views • 26 slides
Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse apo-CA-lypse Certificate Transparency

722 views • 30 slides
Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19

Operation Black tulip: Certificate authorities loose authority 24th Annual FIRST Conference 19 June 2012, Malta Dr. Marnix Dekker, CISA Security expert Information security officer ENISA www.enisa.europa.eu About ENISA o The European

461 views • 30 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

1 4/3/2015 AMEs In Your Area If You Decide to Renew Your Medical So Whats This Light Sport

4/3/2015 New Plastic Pilot Certificate So, Where Do I Start? What we will cover today Your old paper certificate is no longer valid. What it takes to be PIC again Google Search: Replacement of Airmen Certificate What has

485 views • 35 slides
Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety

Certificate of Recognition Certificate of Recognition - Defined COR is a health and safety certification program National standard supported by the Canadian Federation of Construction Safety Association (CFCSA) Aimed at driving

320 views • 10 slides
Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of

Certificate of Public Advantage Presentation to the House Select Committee on the Certificate of Need Process and Related Hospital Issues Research Division Staff, September 14, 2011 What is a COPA? An agreement among two or more hospitals

201 views • 19 slides
Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined

Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined

Certificate of Recognition Update February 19, 2016 1 Certificate of Recognition- Defined COR is a workplace health and safety certification program All Legislative elements require 100% achievement National standard supported by

374 views • 9 slides
Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo,

The 18 th International Conference on Electronic Business December 2-6, 2018, Guilin, China CERTIFICATE Certificate o Certi icate of Presentation Presentation This certificate is issued to Hong Guo, Anhui University, China Hong Guo, Anhui

1.04k views • 102 slides
A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status

A Distributed A Distributed Online Certificate Status Protocol Online Certificate Status Protocol Satoshi Koga, Kouichi Sakurai Satoshi Koga Kyushu University, Japan Background Background Certificate Revocation Problem Certificate

349 views • 10 slides
Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile

Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile

Mobile Payments Certificate 2 Mobile Payments Certificate Investment Case While the mobile payment infrastructure is now in place (NFC-enabled phones and POS terminals, various platforms such as Apple Pay), we are about to enter the second

467 views • 20 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Spoken Dialogue Management &amp; Natural Language Processing William Yang Wang Chia-che Tsai

Spoken Dialogue Management &amp; Natural Language Processing William Yang Wang Chia-che Tsai

A Language for Spoken Dialogue Management &amp; Natural Language Processing William Yang Wang Chia-che Tsai Xin Chen Zhou Yu Department of Computer Science, Columbia University COMS W4115 Programming Languages and

554 views • 24 slides
Building Java Programs Chapter 13 Sorting reading: 13.3, 13.4 2 Languages and Grammars 4

Building Java Programs Chapter 13 Sorting reading: 13.3, 13.4 2 Languages and Grammars 4

Building Java Programs Chapter 13 Sorting reading: 13.3, 13.4 2 Languages and Grammars 4 Languages and grammars (formal) language : A set of words or symbols. grammar : A description of a language that describes which sequences of

809 views • 32 slides
BEHIND THE CANNABIS: DRUG INTERACTIONS WITH PSYCHIATRIC MEDICATIONS Learning Objectives

BEHIND THE CANNABIS: DRUG INTERACTIONS WITH PSYCHIATRIC MEDICATIONS Learning Objectives

BEHIND THE CANNABIS: DRUG INTERACTIONS WITH PSYCHIATRIC MEDICATIONS Learning Objectives Discuss the most appropriate and effective way to communicate with patients about the use of cannabis Examine interactions between cannabis and

692 views • 38 slides
What role do broadband providers have in securing the residential IoT ecosystem? Steven Bauer

What role do broadband providers have in securing the residential IoT ecosystem? Steven Bauer

What role do broadband providers have in securing the residential IoT ecosystem? Steven Bauer James Loving Bill Lehr MIT Dec 9 th , 2016 Residential source identification problem: identify device(s) that are source of malicious traffic

356 views • 7 slides
Developing a Cancer Plan Resource Mobilization Strategy Anja Nitzsche-Bell, Head, Resource

Developing a Cancer Plan Resource Mobilization Strategy Anja Nitzsche-Bell, Head, Resource

Developing a Cancer Plan Resource Mobilization Strategy Anja Nitzsche-Bell, Head, Resource Mobilization IAEA Programme of Action for Cancer Therapy (PACT) Overview Introduction: resource mobilization and strategic planning for national

216 views • 17 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 3 December 2020 http://www.cs.ubc.ca/~tmm/courses/547-20 Today final presentations

830 views • 51 slides
Recommendations for enhancing the implementation and utility of shared digital health records in

Recommendations for enhancing the implementation and utility of shared digital health records in

Recommendations for enhancing the implementation and utility of shared digital health records in rural Australian communities H. ALMOND a, , E. CUMMINGS b , P. TURNER a a School of Engineering &amp; ICT, University of Tasmania b School of Health

309 views • 13 slides

More recommend