concerto a methodology towards reproducible analyses of
play

concerto : A Methodology Towards Reproducible Analyses of TLS - PowerPoint PPT Presentation

Jul 13, 2023 •376 likes •679 views

concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence Tury and Nicolas Vivet ANSSI Real World Crypto January 6th 2017 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 1 / 16 SSL/TLS

  1. concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence Tury and Nicolas Vivet ANSSI Real World Crypto January 6th 2017 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 1 / 16

  2. SSL/TLS in a nutshell Client Server C l i e n t H e l l o l o e l r H v e e r S t e SSL/TLS: a security protocol providing c a f i r t i C e n e o D o l l H e e r r v ◮ server (and client) authentication S e C l i e n t K e y E x c ◮ data confidentiality and integrity h a n g e C h a n g e C i p h e r S p e c F i n i s h e d SSL/TLS is a fundamental basic block of c p e r S h e i p e C n g h a Internet security C e d s h n i F i Application Data Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 2 / 16

  3. SSL/TLS data collection Interesting criteria to study the ecosystem Client Server ◮ protocol features and cryptographic C l i e n t H e l l o capabilities o l l H e e r r v S e ◮ certificates and trust aspects e a t i c i f e r t C e o n l o D e l r H ◮ server behaviour v e e r S C l i e n t K e y E x c h a n g e C h a n g e C i p h e r S Different methodologies p e c F i n i s h e d ◮ Full IPv4 scans e c S p e r p h C i g e a n C h ◮ Domain Names scans d h e i s i n F ◮ Passive Observation Application Data Stimulus choice (version, suites, extensions) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 3 / 16

  4. concerto : motivation The tools used to produce the data for [ACSAC’12] ◮ parsifal , a home-made parser generator, to parse the answers ◮ (mostly undocumented or even not versionned) various scripts In 2015, we tried to run similar analyses on new campaigns ◮ problem: several criteria had to evolve (trust stores, weak suites) ◮ how to compare the situation now and then? ◮ how to include new, external, datasets? The concerto way, towards reproducible analyses ◮ keep the raw data and the associated metadata ◮ automate the analysis process ◮ run it from scratch when needed Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 4 / 16

  5. concerto , step by step Context preparation ◮ NSS certificate store extraction from source code ◮ metadata injection (stimuli, certificate store) Answer injection ◮ answer type analysis ◮ raw certificate extraction Certificate analysis ◮ certificate parsing ◮ building of all ⋆ possible chains Statistics production ◮ TLS parameters, certificate chain quality, server behavior Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 5 / 16

  6. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  7. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  8. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  9. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  10. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite E a ServerHello missing two bytes Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  11. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite E a ServerHello missing two bytes Our answers: ◮ parsifal , an open-source framework, to develop robust binary parsers ◮ use metadata (the used stimulus), to spot inconsistencies Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  12. Evolution of TLS versions TLS hosts TLS 1.2 30 % TLS 1.1 47 % TLS 1.0 76 % 87 % SSLv3 98 % 67 % 49 % 24 % 13 % 2011 2014 2015 2015 2016 Full IPv4 TA 1M Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 7 / 16

  13. Certificate chains: theory and practice The Certificate message is specified as follows: ◮ the server certificate first ◮ each following CA cert must sign the preceding one ◮ the root CA may be ommited The reality is otherwise: ◮ unordered messages ◮ certificate repetition ◮ presence of useless certificates ◮ missing certificates (EFF calls such chains transvalid) TLS 1.3 relaxes the strict order constraint Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 8 / 16

  14. Evolution of certificate chain quality Trusted hosts RFC Compliant Unordered Transvalid 68 % 69 % 86 % 87 % 27 % 28 % 12 % 2010 2011 2014 2015 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 9 / 16

  15. Exemple of a certificate chain Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 10 / 16

  16. Challenges in the certificate chain building phase Actually, concerto does not build all possible chains, for two reasons ◮ X.509v1 certificates generated by appliances ◮ X.509v1 have no extension, so they used to be considered as CA ◮ however, we encounter too many of them in some campaigns ◮ 140,000 similar self-signed distinct certificates ◮ 20 billion signatures to check, for isolated self-signed certificates ◮ only X.509v1 trust roots are considered as CAs Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 11 / 16

  17. Challenges in the certificate chain building phase Actually, concerto does not build all possible chains, for two reasons ◮ X.509v1 certificates generated by appliances ◮ X.509v1 have no extension, so they used to be considered as CA ◮ however, we encounter too many of them in some campaigns ◮ 140,000 similar self-signed distinct certificates ◮ 20 billion signatures to check, for isolated self-signed certificates ◮ only X.509v1 trust roots are considered as CAs ◮ Crazy cross-certification ◮ there exist mutually cross-signed CAs... ◮ where each CA has emitted several distinct certificates with the same public key ◮ one way to go is to create an equivalence class of CAs ◮ the other is to limit the number of transvalid certificates Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 11 / 16

  18. Interlude: some figures about certificates RSA Key Sizes (full IPv4 scan in 2015) ◮ (TLS hosts) 384 - 16384 ◮ (Trusted hosts) 1024 - 4096 Maximum observed size of a Certificate messages (EFF data in 2010) ◮ 150 certificates ◮ including (only) one duplicate ◮ including 113 trusted roots Misc (from 2017 HTTPS TopAlexa 1M scans.io data) ◮ 9% RSA-SHA1 signatures (and 976 RSA-MD5) ◮ 5% X.509v1 certificates (and 3 X.509v4) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 12 / 16

  19. Server behaviour You can take advantage of multiple stimuli to grasp server behaviour Feature intolerance ◮ Using our IPv4 multi-stimuli campaigns (2011 and 2014) ◮ EC- and TLS 1.2-intolerance has regressed between 2011 and 2014 SSLv2 support ◮ 40% of HTTPS servers were still accepting SSLv2 in 2014 ◮ all vulnerable to DROWN attack ◮ the situation was worse in practice (SMTPS servers in particular) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 13 / 16

  20. Implementation choices, limitations and future work Current concerto design rationale ◮ store enriched data in CSV tables ◮ split data processing into simple tools ◮ avoid tools requiring a global view when possible Future work ◮ more sophisticated backends ◮ more polished statistics and report tools ◮ inclusion of other relevant data sources (e.g. revocation info, CT) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 14 / 16

  21. Conclusion To analyse the SSL/TLS ecosystem, we need ◮ up-to-date high quality data ◮ with clean collection methodologies ◮ with associated metadata ◮ possibly using multiple stimuli ◮ methodologies and tools to allow for reproducible analyses ◮ to compare results regarding different datasets ◮ to understand trends on relatively long periods concerto is a first step to accomplish the second part ◮ parsifal and concerto v0.3 are available online ◮ there is some documentation on the GitHub repository ◮ don’t hesitate to drop a mail if you are interested in the tool Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 15 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology Methodology Department London School of Economics and Political Science 1720 February 2020 Tools well see this week R, RStudio

2.03k views • 174 slides
SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented

SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented

SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented By PJ McLoughlin 04 th October 2012 CONCERTO is co-funded by the European Commission Project Overview CONCERTO is co-funded by the European

467 views • 20 slides
Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens

Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens

Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens Februar 8, 2019 University Innsbruck Valentin Volkl 1 Valentin Volkl 2 REANA: <reanahub.io> Presentations by Lukas Heinrich and Kyle

368 views • 4 slides
Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible

Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible

Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible Sociolinguistic Methodology Christopher Cieri, Stephanie Strassel Linguistic Data Consortium History 1963 Quantitative study of variation & change in

788 views • 51 slides
Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General

Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General

Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General Purpose I/O General Purpose I/O Features Features Module Overview (GPIO0- -GPIO27) GPIO27) Module Overview (GPIO0 GPIO Control Register

475 views • 8 slides
Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience

Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience

Introduction Corpus, Tools and Method Three analyses Conclusion Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience Daniel Devatman Hromada 123 daniel@wizzion.com 1 Universit e Paris 8 / Lumi`

603 views • 26 slides
Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov. 17th, 2016 Reproducible Research with Stata Reproducible Analysis Overview Definition Figure 1: Reproducible

1.25k views • 42 slides
Evaluation methodology to assess the theoretical energy impact and the actual energy performance

Evaluation methodology to assess the theoretical energy impact and the actual energy performance

3rd April 2006 Helsinki, Finland Evaluation methodology to assess the theoretical energy impact and the actual energy performance for the 27 communities of the European CONCERTO initiative Olivier Pol, arsenal research ECEEE 2007 summer

109 views • 10 slides
Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d.

Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d.

In Search of Something-other-than-perfect Violin Virtuosity Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d. [1888], 1st ed. Tchaikovsky Violin Concerto Autograph, First movement, b. 219

402 views • 8 slides
Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is the new paradigm Step 1: Configure Environment And more graphics should be interac@ve

329 views • 5 slides
When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software

When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software

When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software Engineering Process Phenomena Franz Zieris zieris@inf.fu-berlin.de Qualitative Research in a Nutshell The Qualitative Approach: Grounded Theory

353 views • 12 slides
Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on

Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on

Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on improvisation in the work of the Red priest J AVIER L UPIEZ (Ensemble Scaramuccia, Spagna - Olanda) F ABRIZIO A MMETTO (Istituto Italiano

339 views • 19 slides
CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J.

CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J.

CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J. Black, F. Rinaldi, E. Bertino, A. Brasher, D. Deavin, B. Catania, D. Silvestri, B. Armani, P. Leo, A. Persidis, G. Semeraro, F. Esposito, V. Candela,

1.17k views • 40 slides
Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster

Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster

Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster Edzer Pebesma Reproducible Research Workshop, UZH, Sep 13-14, 2016 1 / 23 Overview 1. Who am I? 2. What is reproducible research? What is

465 views • 25 slides
Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context

Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context

Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context There was a turf war in Russia in the mid 19 th century. One school of thought held that Russian music must be based on the cadence of the Russian

201 views • 3 slides
Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of

Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of

Reproducible Research M ADAGASCAR Project Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of Geosciences The University of Texas at Austin July 1, 2010 S. Fomel SciPy 2010 Reproducible Research M

431 views • 16 slides
EQANIE GOALS & ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE

EQANIE GOALS & ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE

EQANIE GOALS & ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE PRESIDENT ECSS 2016 - Oct, 2016. Budapest WHY ACCREDITATION? WHY INFORMATICS ACCREDITATION? THE EURO-INF QUALITY LABEL EUROPEAN

514 views • 36 slides
A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and

A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and

First Section A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and Harvard University connelly@math.cornell.edu and sjg@cs.harvard.edu Retrospective Workshop on Discrete Geometry, Optimization, and

648 views • 27 slides
Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format

Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format

Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format Two parts - Part I: Fifty minutes, in-class Short answer questions Probably an attack problem - Part II: Ninety minutes, online

783 views • 29 slides
UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, Xinyu Xing, Taesoo Kim, Wenke

UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, Xinyu Xing, Taesoo Kim, Wenke

UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, Xinyu Xing, Taesoo Kim, Wenke Lee Georgia Institute of Technology 1 Private Browsing Mode Private Browsing Incognito Mode Guest Mode InPrivate Private Window 2 Private

645 views • 46 slides
WELCOME! S.T.E.P. UP CERTIFICATE SERIES Safety Training & Engagement Program S.T.E.P.

WELCOME! S.T.E.P. UP CERTIFICATE SERIES Safety Training & Engagement Program S.T.E.P.

S.T.E.P. UP TO A SAFER WORKPLACE SAFETY TRAINING & ENGAGEMENT PROGRAM CER TIFICA TE S ER IES DO MORE" TO STEP UP YOUR SAFETY PROGRAMS! WELCOME! S.T.E.P. UP CERTIFICATE SERIES Safety Training & Engagement Program S.T.E.P.

998 views • 52 slides
10/11/19 I have no relevant financial relationships Disclosure with any companies related to

10/11/19 I have no relevant financial relationships Disclosure with any companies related to

10/11/19 I have no relevant financial relationships Disclosure with any companies related to the content of this course. Gayle Tang, MSN, RN Communic Com ication ion Barrie iers: s: 8 th Asian Health Symposium Go Good Medicine Poorly

550 views • 8 slides
Housing Counselor Certification for Minnesota PHAs, HRAs, HCAs, and CPD Stakeholders Audio is

Housing Counselor Certification for Minnesota PHAs, HRAs, HCAs, and CPD Stakeholders Audio is

Housing Counselor Certification for Minnesota PHAs, HRAs, HCAs, and CPD Stakeholders Audio is available only by conference call Please call : (800) 260-0712 Participant Access Code: 420332 to join the conference call portion of the webinar 1

438 views • 42 slides
Certified Optimization for System Verification Victor Magron , CNRS 3 Avril 2018 ENS Cachan, LSV

Certified Optimization for System Verification Victor Magron , CNRS 3 Avril 2018 ENS Cachan, LSV

Certified Optimization for System Verification Victor Magron , CNRS 3 Avril 2018 ENS Cachan, LSV Seminar Victor Magron Certified Optimization for System Verification 0 / 46 Personal Background 2008 2010: Master at Tokyo University H

1.41k views • 124 slides

More recommend