let s revoke public key infrastructure prevents man in
play

Lets Revoke Public key infrastructure prevents Man-in-the-Middle - PowerPoint PPT Presentation

Oct 08, 2022 •258 likes •544 views

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

  1. Let’s Revoke

  2. Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2

  3. ○ Certificate Revocation Lists (CRLs) ○ Lists of Revoked Certificates ○ Include Revocation Dates and Reasons ○ Online Certificate Status Protocol (OCSP) ○ On Demand Revocation Status Request to the CA 3

  4. ○ CRLs and OCSP are Relatively Inefficient ○ No Mobile Browsers Perform Revocation Checking Heartbleed Vulnerability (2014) ○ Compromised Many Certificates ○ Increased Revocation Percentage to 11% ○ Cost Cloudflare an Additional $400,000 per Month 4

  5. “The community needs to develop methods for scalable revocation that can gracefully accommodate mass revocation events, as seen in the aftermath of Heartbleed” - Zakir Durumeric et al. (2014) 5

  6. ○ Soft Failing ○ Accepting Certificates with Unknown Revocation Statuses ○ Primarily used by CRLs and OCSP to Avoid Availability Issues ○ Active Attackers Can Trivially Block Revocation Requests Man-in-the-Middle Attacks are Undetected ○ 6

  7. “Soft-fail revocation checks are like a seat-belt that snaps when you crash. Even though it works 99% of the time, it's worthless because it only works when you don't need it.” - Adam Langley (2012) 7

  8. ○ CRLSets ○ More Efficient Version of CRLs ○ Removes Unnecessary Data Selective Revocation Coverage (~ 40,000 Revocations) ○ ○ CRLite Cascading Bloom Filter ○ Revocation Status Aggregator ○ ○ Efficient Global Revocation Coverage 8

  9. ○ Inspired by CRLite ○ Uses Bit Vectors to Improve Efficiency ○ Eliminates Need for an Aggregator ○ Maintains Global Revocation Coverage 9

  10. ○ Dynamically-Sized Bit Vectors ○ Each Bit Represents a Revocation Status ○ “1” Indicates the Certificate is Revoked 0 0 0 1 0 0 0 1 1 0 0 0 0 0 0 1 ... Valid Revoked 10

  11. ○ New X.509 Extension CA ○ Sequentially Issued per CA ○ Unsigned 32-Bit Integer ○ Index of a Bit in a CRV 0 1 2 3 4 5 ... 0 0 0 1 0 0 ... 11

  12. ○ Separate CRVs based Revocation Numbers on Expiration Date 0 1 2 3 4 5 6 7 ... CA 1: January 1, 2021 0 0 1 0 0 0 0 0 ... CA 1: February 1, 2021 0 0 0 0 1 0 0 0 ... CRV IDs CA 2: January 1, 2021 0 0 0 0 0 0 1 0 ... CA 2: February 1, 2021 0 0 0 1 0 0 0 0 ... 12

  13. ○ Expand CRV as Necessary Revocation Numbers ○ Set the Corresponding Bit 0 1 2 3 4 5 6 7 ... Initially Empty CRV 1. Revoke 3 0 0 0 1 New Unrevoked Bits New Revoked Bits 2. Revoke 7 0 0 0 1 0 0 0 1 Old Revoked Bits 3. Revoke 2 0 0 1 1 0 0 0 1 3. Revoke 0 1 0 1 1 0 0 0 1 13

  14. ○ Updated CRVs Must be Sent to Clients 0 0 0 0 1 0 0 1 ... Original CRV 0 1 1 0 1 0 0 1 ... Updated CRV ○ 3 Methods for Sending Updates {1, 2} ADD - Send List of New RNs 0 1 1 0 0 0 0 0 ... OR - Send CRV with Only New RNs 0 1 1 0 1 0 0 1 ... NEW - Send Current CRV 14

  15. ○ Revocation Number Enable Efficiency ○ Smaller Identifier - 32 bits vs 128-256 bits ○ CRVs are Computationally Efficient ○ Querying Revocation Statuses Updating Stored Statuses ○ ○ CRVs are Highly Compressible Saves Network Bandwidth ○ ○ Saves Client Storage 15

  16. ○ Not Backwards Compatible ○ New Certificate Field ○ Only Provides Revocation Statuses ○ No Revocation Date No Revocation Reason ○ However, CRVs can be used in tandem with other revocation systems that address these limitations 16

  17. ○ Compared Let’s Revoke to Other Revocation Systems ○ Used 6 Criteria Outlined in CRLite Proposal 1. Efficiency 2. Timeliness 3. Failure Model 4. Privacy 5. Deployability 6. Auditability 17

  18. ○ Let’s Revoke Designed for Efficiency Minimize Client Storage ○ ○ Minimize Network Bandwidth ○ Compared Storage Requirements ○ Compared Bandwidth Requirements ○ Difficult to Directly Compare Some Strategies ○ Compared an Approximated Model of these Strategies 18

  19. 1. RN Listing Strategy ○ A highly efficient version of CRLs 2. CRLite ○ State of the art for efficiency 3. CRVs 4. Combinadics Representation Lower bound for representing a combination of values ○ ○ Not used because computationally expensive 19

  20. ○ CRLite is more efficient than RN Listing ○ CRVs are more efficient than CRLite CRVs approach the lower bound ○ ○ CRVs are near optimal for storing revocation statuses 1 Million Certificates 20

  21. ○ Measured Bandwidth for: ○ 100 Million Certificates ○ 2% Revocation Rate ○ 2 Million Revocations Note: CRLSets, which only cover around 40,000 revocations, require 250KB for daily updates. 21

  22. Failure Privacy Efficiency Timeliness Model Preserving Deployability Auditability CRLs 173 KB per CRL 7 Days Soft Yes Deployed Yes OCSP 1.3 KB per request 4 Days Soft No Deployed Yes CRLSets 250 KB per day 1 Day Soft Yes Deployed No RN Listing * 5.1 MB + 114 KB per day 1 Day Hard Yes Incremental Yes CRLite * 3.1 MB + 408 KB per day 1 Day Hard Yes Incremental Yes Let’s Revoke * 2.2 MB + 114 KB per day 1 Day Hard Yes Incremental Yes 22 * Efficiency measured using 100 Million Certificates and 2% Revocation Rate

  23. ○ Used List of all Trusted Certificates from Censys.io (March 21, 2018) ○ Acquired all Revocation Statuses using CRLs and OCSP . Trusted Valid Status Revoked Status Unknown Certificates Status From CRL 26,772,989 25,983,705 789,284 (2.90%) 0 OCSP Let’s Encrypt 53,196,388 52,946,338 250,050 (0.47%) 0 OCSP Symantec 2,483,288 2,446,508 36,780 (1.48%) 0 OCSP DigiCert 1,157,956 1,149,840 8,116 (0.70%) 0 OCSP Other 542,641 541,807 807 (0.15%) 27 Total 84,153,262 83.068,198 1,085,037 (1.29%) 27 23

  24. ○ 42 CA Entities ○ 84.1 Million Certificates ○ 1.29% Revocation Percentage ○ 0.007% New Revocations per Day 5.0 MB Storage 25 KB Bandwidth per Day The Google home page requires 400 KB of bandwidth 24

  25. ○ 42 CA Entities ○ 84.1 Million Certificates ○ 10.0% Revocation Percentage ○ 0.06% New Revocations per Day 10.8 MB Storage 150 KB Bandwidth per Day 25

  26. Certificates Revocation Compressed Uncompressed Daily Update Percentage Storage Storage Bandwidth 100 Million 1% 1.3 MB 12.5 MB 62.6 KB 100 Million 10% 6.2 MB 12.5 MB 429.2 KB 1 Billion 1% 12.2 MB 125 MB 611.5 KB 1 Billion 10% 60.1 MB 125 MB 4.1 MB 10 Billion 1% 121.3 MB 1.25 GB 7.4 MB 10 Billion 10% 605 MB 1.25 GB 41.5 MB 1 Large CA with 100 CRVs 26

  27. Efficient Revocation Checking is Important! ○ Rapidly Increasing Certificate Space ○ January 2017: 30 Million Certificates ○ January 2020: 434 Million Certificates ○ Enable Revocation Checking in Constrained Environments Mobile Devices ○ ○ IoT Devices Contact Info: tsmith@isrl.byu.edu 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Public-key Infrastructure Computer Center, CS, NCTU Public-key Infrastructure A set of

Public-key Infrastructure Computer Center, CS, NCTU Public-key Infrastructure A set of

Public-key Infrastructure Computer Center, CS, NCTU Public-key Infrastructure A set of hardware, software, people, policies, and procedures. To create, manage, distribute, use, store, and revoke digital certificates. Encryption,

906 views • 34 slides
A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure

A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure

A Distributed X.509 Public Key Infrastructure Backed by a Blockchain A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage

248 views • 23 slides
PUBLIC INFRASTRUCTURE UPDATE CITY COMMISSION PRESENTATION May 23, 2018 PUBLIC INFRASTRUCTURE

PUBLIC INFRASTRUCTURE UPDATE CITY COMMISSION PRESENTATION May 23, 2018 PUBLIC INFRASTRUCTURE

UNDERGROUND UTILITIES & PUBLIC INFRASTRUCTURE PUBLIC INFRASTRUCTURE UPDATE CITY COMMISSION PRESENTATION May 23, 2018 PUBLIC INFRASTRUCTURE UPDATE Orange Avenue Capital Circle SE 2-Lane Southwood TIMES HAVE CHANGED TALLAHASSEE IS

422 views • 31 slides
Ambulation speeds healing Prevents muscle atrophy Prevents abscesses 12 minutes walking 12

Ambulation speeds healing Prevents muscle atrophy Prevents abscesses 12 minutes walking 12

Promotes blood flow Increases aerobic capacity Ambulation speeds healing Prevents muscle atrophy Prevents abscesses 12 minutes walking 12 minutes walking 2 fewer hospital days Limited Mobility Inadequate Support Tripping Hazard Limited

751 views • 45 slides
Examining Racial and Gender Wealth Inequity: How Public Policy Promotes and Prevents Shared

Examining Racial and Gender Wealth Inequity: How Public Policy Promotes and Prevents Shared

Examining Racial and Gender Wealth Inequity: How Public Policy Promotes and Prevents Shared Prosperity in Our Communities California Budget and Policy Centers Policy Insights 2019 THANK YOU TO OUR FOUNDING SUPPORTERS: March 27 th , 2019 |

465 views • 10 slides
Privileges Grant and Revoke Grant Diagrams A file system:

Privileges Grant and Revoke Grant Diagrams A file system:

Privileges Grant and Revoke Grant Diagrams A file system: Identifies certain privileges on the objects (files) it manages. Typically read, write, execute. Identifies certain participants to whom

722 views • 30 slides
PKI Milan Sova, CESNET EuroCAMP, Porto, 2005-11-07 Public Key Infrastructure Public key

PKI Milan Sova, CESNET EuroCAMP, Porto, 2005-11-07 Public Key Infrastructure Public key

PKI Milan Sova, CESNET EuroCAMP, Porto, 2005-11-07 Public Key Infrastructure Public key cryptography pair of keys public key (encryption, signature verification) private key (decryption, signing) Infrastructure binding

560 views • 35 slides
The role of government is to provide public h l f d bl infrastructure for further public

The role of government is to provide public h l f d bl infrastructure for further public

The role of government is to provide public h l f d bl infrastructure for further public purpose The national payments system is an element of public infrastructure. Banking functions to provide access to the k f d h payments

560 views • 36 slides
Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

Public Key Infrastructure A system to securely distribute & manage public keys. Important for wide-area trust management (for Public Key Infrastructure e-government, e-commerce, e-mail, etc.) Ideally consists of a

402 views • 3 slides
"A Request to Revoke the City of Kenai's Zoning Power" Presented By: Charles Winegarden

"A Request to Revoke the City of Kenai's Zoning Power" Presented By: Charles Winegarden

PRESENTATION WITH PRIOR NOTICE (10 minutes) "A Request to Revoke the City of Kenai's Zoning Power" Presented By: Charles Winegarden ----.~ Sec. 29.40.010. ALASKA STATUTES Sec. 29.40.030. Chapter 40. Planning, Platting, and Land Use

390 views • 3 slides
COUNTY OF MAUI PUBLIC INFRASTRUCTURE FINANCING WATER AND INFRASTRUCTURE COMMITTEE COMMUNITY

COUNTY OF MAUI PUBLIC INFRASTRUCTURE FINANCING WATER AND INFRASTRUCTURE COMMITTEE COMMUNITY

COUNTY OF MAUI PUBLIC INFRASTRUCTURE FINANCING WATER AND INFRASTRUCTURE COMMITTEE COMMUNITY FACILITIES DISTRICTS NOVEMBER 18, 2019 Curt de Crinis, Managing Director Columbia Capital Management LLC cdecrinis@columbiacapital.com CFD PROJECTS

165 views • 12 slides
Public vs Private Infrastructure & Regulation June 08 Public vs Private Infrastructure &

Public vs Private Infrastructure & Regulation June 08 Public vs Private Infrastructure &

Public vs Private Infrastructure & Regulation June 08 Public vs Private Infrastructure & Regulation K Peter Kolf General Manager & CEO Economic Regulation Authority 23 June 2008 Overview Issues Economic Regulation Authority

563 views • 31 slides
enamel from corrosion thus greatly tanked which prevents corrosion from enhancing its life hard

enamel from corrosion thus greatly tanked which prevents corrosion from enhancing its life hard

Glass lined Heating Element Glass lined inner tank A special anode that prevents heating Especially designed enamel coated enamel from corrosion thus greatly tanked which prevents corrosion from enhancing its life hard water Improved Energy

502 views • 17 slides
Public Infrastructure Partners LP: Managers Update Presented to NZ Social Infrastructure Fund:

Public Infrastructure Partners LP: Managers Update Presented to NZ Social Infrastructure Fund:

Public Infrastructure Partners LP: Managers Update Presented to NZ Social Infrastructure Fund: 20 th August 2012 STRICTLY CONFIDENTIAL PRESENTATION STRUCTURE Summary Of Fund Activities During Period Portfolio Review Investment

394 views • 23 slides
Public Investment in infrastructure effects in Public Investment in infrastructure effects in the

Public Investment in infrastructure effects in Public Investment in infrastructure effects in the

Public Investment in infrastructure effects in Public Investment in infrastructure effects in the growth and human development of the growth and human development of Nicaragua Nicaragua Expert Group Meeting Macroeconomic Chalanges to

413 views • 13 slides
Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip

Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip

Blended Cryptography: Public Key Infrastructure for Devices that dont Public key Phillip Hallam-Baker Principal Scientist VeriSign Inc. Small is not beautiful Not When you write the code PIC 16F88 368 bytes RAM 4K Word ROM 20MHz

390 views • 21 slides
Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47

Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47

Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47 Optional: only use where needed sl -Latn -IT -fonipa EXTENSIONS Variant(s) [digit4/alphanum5..8] Italy - ISO 3166 [alpha2] or UN M49* [digit3]

550 views • 10 slides
MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins

MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins

MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins spencer@wonderhamster.org March 2010 IETF 77 - Anaheim, CA, USA 1 Note Well Any submission to the IETF intended by the Contributor for publication as all or

219 views • 5 slides
Constructing Orthogonal Latin Squares from Linear CA Luca Mariot 1 , 2 , Enrico Formenti 2 ,

Constructing Orthogonal Latin Squares from Linear CA Luca Mariot 1 , 2 , Enrico Formenti 2 ,

Constructing Orthogonal Latin Squares from Linear CA Luca Mariot 1 , 2 , Enrico Formenti 2 , Alberto Leporati 1 1 Dipartimento di Informatica, Sistemistica e Comunicazione (DISCo) Universit degli Studi Milano - Bicocca 2 Laboratoire

355 views • 19 slides
Lecture 22 CAs and HTTPS Attacks Stephen Checkoway University of Illinois at Illinois CS

Lecture 22 CAs and HTTPS Attacks Stephen Checkoway University of Illinois at Illinois CS

Lecture 22 CAs and HTTPS Attacks Stephen Checkoway University of Illinois at Illinois CS 487 Fall 2017 Slides from Miller and Baileys ECE 422 Certificates Make use of trusted Certificate Authorities (CA) This public

472 views • 29 slides
1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized,

1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized,

1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized, location responsive website. PleasePrEPMe launched in June 2015 as the California PrEP Provider directory, expanding in December 2016 to a national

472 views • 4 slides
De-identification of the HHP Data Khaled El Emam, CHEO RI & uOttawa Todays Presentation

De-identification of the HHP Data Khaled El Emam, CHEO RI & uOttawa Todays Presentation

De-identification of the HHP Data Khaled El Emam, CHEO RI & uOttawa Todays Presentation Provide overview of rationale and methods P id i f ti l d th d used to de-identify the HHP data set, as well as lessons learnt The

455 views • 14 slides
Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016

Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016

Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016 Introduction The Title 15 Explained Who is held to the Title 15? Does the Title 15 apply to solitary confinement? Title 15 and prisoner

277 views • 11 slides
Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Risk-Limiting Audits Defined Risk-Limiting Audits in CA Discussion Simpler Risk-Limiting Audits? Conclusions Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B. Stark 3 M. Briones 4 E. Ginnold 4

631 views • 23 slides

More recommend