guess the correct log ct insights
play

GUESS THE CORRECT LOG CT INSIGHTS 1 2 3 4 5 Content TLS + - PowerPoint PPT Presentation

Jul 06, 2023 •175 likes •729 views

create your own exercise Berkay Kozan, Jan Krol Group 202 GUESS THE CORRECT LOG CT INSIGHTS 1 2 3 4 5 Content TLS + Vulnerabilities CA + Black Tulip How Certificate Transparency Works SCT delivering methods Merkle

  1. create your own exercise Berkay Kozan, Jan Krol Group 202 GUESS THE CORRECT LOG – CT INSIGHTS 1

  2. 2

  3. 3

  4. 4

  5. 5

  6. Content ⚫ TLS + Vulnerabilities ⚫ CA + Black Tulip ⚫ How Certificate Transparency Works ⚫ SCT delivering methods ⚫ Merkle Tree 6

  7. TLS ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7

  8. How can we be sure that we are really TLS connecting to the lab system? Certificate = public key + domain name ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7

  9. How can we be sure that we are really TLS connecting to the lab system? Certificate = public key + domain name ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7

  10. Vulnerabilites of SSL ⚫ Structural flaws ⚫ Vulnerabilities: Domain validation ⚫ End-to-end encryption ⚫ Chains of trust set up by certificate authorities ⚫ ⚫ CT is used to make CAs accountable 8

  11. Security Attacks ⚫ Website spoofing ⚫ Server impersonation ⚫ Man-in-the-middle attacks. 9

  12. Certificate Authorities ⚫ WE TRUST CAs to issue digital certificates. But should we? 10

  13. Black Tulip YOU 11

  14. Black Tulip YOU 11

  15. CA handshake 12

  16. CA handshake 12

  17. CA handshake 12

  18. CA handshake 12

  19. CA handshake YOU 12

  20. CA handshake YOU 12

  21. CA handshake YOU 12

  22. CA handshake YOU 12

  23. CA handshake YOU 12

  24. CA handshake YOU 12

  25. CA handshake YOU 12

  26. CA handshake YOU 12

  27. How CT Works 13

  28. How CT Works Log Server 13

  29. How CT Works Log Server Every new certifacte will be uploaded to the Log Server Watch for: • suspicious certificates • unauthorized certificates • unusual certificate extensions • certificates with strange permissions 13

  30. CT logs ⚫ CT log = network service which maintains entries of SSL certificates ⚫ Logs are independent ⚫ Qualities: − Append-only − Cryptographically assured − Publicly auditable 14

  31. CT logs ⚫ CT log = network service which maintains entries of SSL certificates thou shalt not hack – ⚫ Logs are independent RFC 69:62 ⚫ Qualities: − Append-only − Cryptographically assured − Publicly auditable 14

  32. SCT 15

  33. SCT Log Server 15

  34. SCT Log Server Certificate Authority 15

  35. SCT Log Server Certificate Submission Certificate Authority 15

  36. SCT Log Server Certificate SCT Submission Certificate Authority 15

  37. SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority 15

  38. SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority Maximum Merge Delay 15 (Appending musst happen within a reasonable time frame)

  39. SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority Maximum Merge Delay 15 (Appending musst happen within a reasonable time frame)

  40. SCT Delivering Methods: X.509v3 Extension 16

  41. SCT Delivering Methods: X.509v3 Extension Client (browser) 16

  42. SCT Delivering Methods: X.509v3 Extension fingernails4cash.com Client (browser) 16

  43. SCT Delivering Methods: X.509v3 Extension Certificate Authority fingernails4cash.com Client (browser) 16

  44. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Authority fingernails4cash.com Client (browser) 16

  45. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission (Precertificate) Certificate Authority fingernails4cash.com Client (browser) 16

  46. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority fingernails4cash.com Client (browser) 16

  47. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com Client (browser) 16

  48. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com TLS handshake (SCT embedded cert) Client (browser) 16

  49. SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com TLS handshake (SCT embedded cert) Client (browser) 16

  50. Merkle Tree • Simple binary tree Merkle Tree Hash • Once an hour a log server appends all new certs Node Hash t s to its log • Consistency Proof Leaf Hash a b c d • Merkle Audit Proof Certificate c1 c2 c3 c4 17

  51. Merkle Audit Proof t s a b c d c1 c2 c3 c4 Audit Proof 18

  52. Learning Goals The Following Learning Goals are Covered in the Lecture PreLab Lab Students understand CT operation X X X Students understand the vulnerabilities of SSL. X X Students understand how log proof works X X Students will fetch SCTs from TLS extension and analyze it X X Students write code to do an InclusionProof that verifies X that a cert is logged based on SCT X Students write code to perform an Merkle Audit Proof 19

  53. Teaser Practical Part Team 20

  54. References https://upload.wikimedia.org/wikipedia/commons/thumb/2/22/Symantec_logo10.svg/20 ⚫ 00px-Symantec_logo10.svg.png https://upload.wikimedia.org/wikipedia/commons/7/7d/Comodo-Secure-DNS.jpg ⚫ https://upload.wikimedia.org/wikipedia/commons/thumb/4/48/DigiCert_logo.svg/2000p ⚫ x-DigiCert_logo.svg.png https://pixabay.com/de/jesus-christus-religion-christentum-1340401/ ⚫ https://www.certificate-transparency.org/how-ct-works ⚫ https://www.certificate-transparency.org/log-proofs-work ⚫ Microsoft Office inbuilt Pictograms ⚫ Unsplash.com (License: All photos published on Unsplash can be used for free. You ⚫ can use them for commercial and noncommercial purposes. You do not need to ask permission from or provide credit to the photographer or Unsplash, although it is appreciated when possible.) 21

  55. Summary ⚫ TLS + Vulnerabilities ⚫ CA + Black Tulip ⚫ How Certificate Transparency Works ⚫ SCT delivering methods ⚫ Merkle Tree 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1 Guess 0 Guess 1 Guess 0 Guess 1 2 ATM Alternating Turing Machine Guess 0 Guess 1 Guess 0 Guess 1

1.35k views • 120 slides
CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get!

CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get!

CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get! Guess a 1/2! The expected value. Win X, 100 times. How much will you win the 101st. Guess average! Lets Guess! How much does random person

410 views • 27 slides
INSTILLING A DESIRE TO STRUGGLE IN PROBLEM SOLVING CAN YOU GUESS THE RULE? CAN YOU GUESS THE

INSTILLING A DESIRE TO STRUGGLE IN PROBLEM SOLVING CAN YOU GUESS THE RULE? CAN YOU GUESS THE

MATHEMATICAL PERSEVERANCE: INSTILLING A DESIRE TO STRUGGLE IN PROBLEM SOLVING CAN YOU GUESS THE RULE? CAN YOU GUESS THE RULE? 4, 6, 8 10, 12, 14 Guess the rule that applies to both sequences OR You can guess a set of three numbers you

544 views • 25 slides
Dont guess your user needs: start with what we know Hi! Richard Smith Lead User Researcher

Dont guess your user needs: start with what we know Hi! Richard Smith Lead User Researcher

Dont guess your user needs: start with what we know Hi! Richard Smith Lead User Researcher @RichSmiths We want to become the most user centered team in the country There was no common way for insights and data to be stored and shared

1.84k views • 23 slides
Financial Literacy CFA Society of Buffalo Introduction 1 Guess ss their net worth: $320

Financial Literacy CFA Society of Buffalo Introduction 1 Guess ss their net worth: $320

Financial Literacy CFA Society of Buffalo Introduction 1 Guess ss their net worth: $320 Million Guess ss their net worth: $440 Million Guess ss their net worth: $3.2 Billion https://www.youtube.com/watch?v=ib-0_N9G0Lo Guess ss their

1.71k views • 145 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Guess Whos Coming to Dinner? Luke 7:36-50 (Psalm 23) Guess Whos Coming to Dinner?

Guess Whos Coming to Dinner? Luke 7:36-50 (Psalm 23) Guess Whos Coming to Dinner?

Guess Whos Coming to Dinner? Luke 7:36-50 (Psalm 23) Guess Whos Coming to Dinner? HOSPITALITY Jesus the Lover and Host Passover The Lords Supper (Eucharist) The Marriage Feast of the Lamb Jesus the Stranger and Guest

274 views • 10 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13

I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13

I/O 2 / Filesystems 1 1 Changelog Changes made in this version not seen in fjrst lecture: 13 November: Correct cluster number on FAT directory entry slide. 1 last time page replacement modifjcations for scanning Linux: guess fjle pages used

2.03k views • 95 slides
Guess Whos Coming to Dinner? Psalm 23 Luke 7:36 50 In 1967, Spencer Tracy and Katherine

Guess Whos Coming to Dinner? Psalm 23 Luke 7:36 50 In 1967, Spencer Tracy and Katherine

Belmont UMC / Missions Month April 22, 2018 Guess Whos Coming to Dinner? Psalm 23 Luke 7:36 50 In 1967, Spencer Tracy and Katherine Hepburn made their ninth and final film together. In Guess Whos Coming to Dinner? , the famous pair

328 views • 5 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) <0.001 Good and Bad Microbes 48 86 36 (32, 40) <0.001 Spread

427 views • 29 slides
Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper

Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper

Goulburn Broken Regional Insights Paper Overview Presentation Purpose of the GB Regional Insights Paper Stimulate conversation Provides key insights from background info: RCS Review Socio-economic analysis Engagement with

310 views • 12 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
Doesnt, Whats Next? QUOTES GUESS WHO SAID WHAT? Thats been one of my mantras

Doesnt, Whats Next? QUOTES GUESS WHO SAID WHAT? Thats been one of my mantras

Key Thoughts Events, What Works, What Doesnt, Whats Next? QUOTES GUESS WHO SAID WHAT? Thats been one of my mantras focus and simplicity. Simple can be harder than complex: you have to work hard to get your thinking clean to

237 views • 7 slides
Certificates Noah Zani, Tim Strasser, Andrs Baumeler Overview Motivation Introduction

Certificates Noah Zani, Tim Strasser, Andrs Baumeler Overview Motivation Introduction

Certificates Noah Zani, Tim Strasser, Andrs Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate market

777 views • 49 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 11: Public-Key Infrastructure Main Topics of this Lecture 1. Digital

433 views • 25 slides
Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano

Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano

Verifying the SET Protocol G Bella & L C Paulson Cambridge F Massacci Siena P Tramontano Rome Inductive Protocol Verification Define systems operational semantics Include honest parties and an attacker Model each

465 views • 22 slides
Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate

377 views • 10 slides
Web Security, Summer Term 2012 Secure HyperText Transfer Protocol Dr. E. Benoist Sommer Semester

Web Security, Summer Term 2012 Secure HyperText Transfer Protocol Dr. E. Benoist Sommer Semester

IIG University of Freiburg Web Security, Summer Term 2012 Secure HyperText Transfer Protocol Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 3 Secure HyperText Transfer Protocol 1 Table of Contents Attacks using HTTP

486 views • 25 slides
Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin

Encrypt ALL the things with LetsEncrypt Created by : Justin W. Flory Solomon Rubin License : CC-BY-SA 4.0 Introduction What is TLS and why do I need it? TLS stands for Transport Layer Security Difference between https and

360 views • 23 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 February 2014 its335y13s2l09,

446 views • 31 slides
CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /spring2018/cs683/cs683_main.htm (https://goo.gl/t396Fw) 1 Le Lect cture 14 14 Public Key

857 views • 47 slides

More recommend