mashssl quick summary
play

MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. - PowerPoint PPT Presentation

Mar 25, 2023 •447 likes •639 views

MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. SafeMashups Inc. sbajaj@verisign.com ravi@safemashups.com www.verisign.com www.safemashups.com info@mashssl.org www.mashssl.org Outline Why do we need a new security

  1. MashSSL Quick Summary Siddharth Bajaj Ravi Ganesan VeriSign Inc. SafeMashups Inc. sbajaj@verisign.com ravi@safemashups.com www.verisign.com www.safemashups.com info@mashssl.org www.mashssl.org

  2. Outline Why do we need a new security standard • • Why is it preferable to start with TLS • What is MashSSL • How MashSSL and TLS work together • Some MashSSL innovations that TLS might want to consider Towards standardization… • • Back up slides 2 www.mashssl.org

  3. Why MashSSL: An Example • Site A “talks” through Alice to various other sites… • Site B provides a payment button. • Site C acts as Identity Provider using OpenID • Site D is an OAuth Service Provider to Site A • Site E wants to accept cross domain XHR request from Site A • And so on….web experiences are increasingly mashups… •But Alice could be Evil Eve! How do sites authenticate each other via browser? • Today for each problem different underlying crypto protocols are ginned up and credentials distributed. Site A has crypto s/w and credential management headache! Would be nice if we could build standard secure pipe from site to browser to site. 3 www.mashssl.org

  4. Why start with TLS? Pros: • – New protocols take years to mature. – TLS handshake is probably the world’s most carefully studied mutual authentication and key exchange protocol. – Very efficient: Only initial handshake needs PKI processing. – Trust infrastructure exists (get and manage SSL certificates) • Cons: – TLS does not allow MITMs. Our problem is multi-party. – TLS usually runs over TCP. For us the “transport” is HTTP. – TLS (for very good reason) is large and complex. World seems to want simple RESTful protocol… Very powerful “pros” suggest we start with TLS, and try and address the “cons”. 4 www.mashssl.org

  5. MashSSL in a nutshell Introduces concept of “friend in the middle” to make • TLS multi-party. • Takes RFC 5246 handshake messages and exchanges them as name value pairs over HTTP via browser. • Only implements core subset of TLS (e.g. no renego!) to keep it simple. In general never defines something already defined in • RFC 5246 and simply points to it. For example: – server_he er_hello .certificate .certificate_list • The Server’s certificate with the chain up until or including the root. The certificate must make sense in the context of the cipher-suite chosen. Further reference: RFC 5246, Page 46. 5 www.mashssl.org

  6. MashSSL in a picture Absolutely no change at user-agent, no add-ons, downloads, etc. MashSSL Web Toolkit MashSSL Web Toolkit Standard SSL cert Standard SSL cert Result: Secure pipe between two web apps over which any “mashup protocol” can be run. 6 www.mashssl.org

  7. MashSSL and TLS Likely scenario: • – Two independent TLS sessions over TCP pipes – Over which are two independent HTTP sessions – Over which is overlaid a MashSSL pipe – On top of which one can run OAUth, OpenID, cdXHR, etc. 7 www.mashssl.org

  8. Some aspects useful for TLS? It is expected that web apps will do MashSSL: • – “full handshake” occasionally (say once a day) directly between themselves. – “abbreviated handshake” (aka resume) through user browsers – PKI operations only once a day! • For this we have defined 2-legged MashSSL – Which could as easily run between browser and a server. – 2-legged MashSSL is kind of a HTTP binding for TLS. – Lots of advantages to authenticate and encrypt at Layer 7 (performance, avoid mobile gateway MITMs, etc.) • HTTP is inherently request response: – So MashSSL handshakes end up requiring two round trips. – MashSSL will have a single round trip optimization a Server can choose to accept (or not). This could be added to TLS . (see http://www.ietf.org/mail-archive/web/tls/current/msg05728.html) 8 www.mashssl.org

  9. Towards standardization For current specification and open source software • please visit MashSSL Alliance site: www.mashssl.org • Have formed W3C Incubator: www.w3.org/2005/Incubator/MashSSL • Welcome participation from all! Thank you! (back up slides follow) 9 www.mashssl.org

  10. SSL revisited sessionID, R1 R2, server_certificate, client_authentication_request encrypt(R3,server_public_key), sign(rhash, client_private_key), client_certificate, client.verify Client Cert Server Cert server.verify encrypt(data, master_secret) SERVER A conceptual view of the SSL handshake in the case where both parties CLIENT have digital certificates and will mutually authenticate. After the four messages, both sides can encrypt data using a shared master_secret which is derived from R1, R2 and R3. SSL protocol is widely used and trusted. Ability to reuse session without repeating PKI operations. Trust infrastructure CAs already exist. And is constantly being improved (TLS 1.2, EV certs). Many mashup apps already have SSL certs! 10 www.mashssl.org

  11. SSL revisited sessionID, R1 R2, server_certificate, client_authentication_request encrypt(R3,server_public_key), sign(rhash, client_private_key), client_certificate, client.verify Client Cert Server Cert server.verify encrypt(data, master_secret) SERVER A conceptual view of the SSL handshake in the case where both parties CLIENT have digital certificates and will mutually authenticate. After the four messages, both sides can encrypt data using a shared master_secret which is derived from R1, R2 and R3. And, it is believed that the protocol is secure even in the presence of one or more MITM(s). One of the strongest claims one can make of a crypto protocol! 11 www.mashssl.org

  12. Lets ask for the impossible… sessionID, R1 R2, server_certificate, client_authentication_request encrypt(R3,server_public_key), sign(rhash, client_private_key), client_certificate, client.verify Client Cert Server Cert server.verify encrypt(data, master_secret) SERVER A conceptual view of the SSL handshake in the case where both parties CLIENT have digital certificates and will mutually authenticate. After the four messages, both sides can encrypt data using a shared master_secret which is derived from R1, R2 and R3. Can we insert MITMs that manipulate protocol messages, but which 1. Allow successful execution of protocol 2. Do not compromise underlying security of protocol The very surprising non-intuitive answer is: YES WE CAN! 12 www.mashssl.org

  13. The impossible becomes possible if… sessionID, R1 R2, server_certificate, client_authentication_request encrypt(R3,server_public_key), sign(rhash, client_private_key), client_certificate, client.verify Client Cert Server Cert server.verify encrypt(data, master_secret) SERVER RIGHT LEFT CENTER CLIENT the changes the MITMs make cancel each other out en route! Example: • CLIENT sends random number R1. MITM-LEFT adds 100. • MITM-Center subtracts 50. MITM-Right subtracts another 50. • SERVER receives original random number R1! • So of what possible practical use is this insight??? 13 www.mashssl.org

  14. Introducing MashSSL MashSSL uses the browser as a “friend in the middle”. The two web apps generate SSL messages, then manipulate (scramble) them such that only Alice at her browser can unscramble them before reaching the other side. 14 www.mashssl.org

  15. Introducing MashSSL And, if they subsequently do mashup for another user Fran they simply use the SSL abbreviated handshake which avoids repeating the PKI operations. (Note in practice the web apps can do 2-legged MashSSL for full handshake) 15 www.mashssl.org

  16. How to scramble in MashSSL? Hundred of links in Google for “recipes for • scrambled eggs” ! • Similarly methods for scrambling in MashSSL are endless • Like with scrambled eggs not all results will be tasty! See white paper for guidelines on security. ( https://www.safemashups.com/download s/MashSSL_Towards_Multi_Party_Trust_i n_the_Internet.pdf) • E.g. can use any existing authentication method: passwords, OTPs, smartcards, etc. • Can even ‘scramble virtually’ if user is already logged in and a session cookie identifies session. 16 www.mashssl.org

  17. How does MashSSL stack up? 1. Single solution for all situations where problem manifests. • MashSSL is a fundamental Internet building block that has countless uses. 2. Lightweight RESTful application level protocol (HTTP). • Standard defined in simple RESTful fashion. 3. No new crypto protocol please. Takes up to a decade to build trust. • Reuses SSL. Reuses whatever authentication is in place for scrambling. 4. Trust browser as little as possible. Browser cannot spoof either web application! • 5. Don’t ask us to get and manage new credentials from new authorities. • Standard SSL certificates can be used. 6. Don’t use user authentication as proxy for B2B authentication. • Web applications authenticating each other (through browser) 7. Think scale. Do not repeat expensive PKI operations. • Reuses SSL abbreviated handshake to avoid repeating PKI operations. 17 www.mashssl.org

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 6 Inference for categorical data Huamei Dong 03/15/2016 1. Quick Summary 2. Sample

Chapter 6 Inference for categorical data Huamei Dong 03/15/2016 1. Quick Summary 2. Sample

Chapter 6 Inference for categorical data Huamei Dong 03/15/2016 1. Quick Summary 2. Sample Proportion 3. Sampling distribution of 4. Confidence interval for one proportion 5. Hypothesis test for one proportion 1. Quick summary about

416 views • 19 slides
You wanted More MARTA. Now its here! MORE MARTA ATLANTA: A QUICK SUMMARY What is it? How will

You wanted More MARTA. Now its here! MORE MARTA ATLANTA: A QUICK SUMMARY What is it? How will

You wanted More MARTA. Now its here! MORE MARTA ATLANTA: A QUICK SUMMARY What is it? How will it be funded? What will it do? Paid for by a half-penny $2.7 billion investment Expands accessibility, sales tax passed in 2016

391 views • 22 slides
Tactical Imperatives A quick summary of key tactical initiatives that will: Improve your

Tactical Imperatives A quick summary of key tactical initiatives that will: Improve your

TACTICS FOR TODAY, STRATEGIES FOR TOMORROW Steven J Tringale Estes Park Institute November 5, 2014 Tactical Imperatives A quick summary of key tactical initiatives that will: Improve your institutions short term performance, and strategic

292 views • 5 slides
Presentation at Scrutiny The basics of human rights and equality very quick summary Our

Presentation at Scrutiny The basics of human rights and equality very quick summary Our

Presentation at Scrutiny The basics of human rights and equality very quick summary Our starting point must be that any attempt to disadvantage disabled people, by charging large amounts of money to provide essential independent living

287 views • 8 slides
Gilberts Bay / Koshkonong Natural Area Project Quick Summary of data for discussion with DNR

Gilberts Bay / Koshkonong Natural Area Project Quick Summary of data for discussion with DNR

Gilberts Bay / Koshkonong Natural Area Project Quick Summary of data for discussion with DNR January 16, 2015 Location Wetland Areas Big Picture objectives Prompted by Feb 1 grant application deadline but this is a bigger picture and

423 views • 17 slides
Academic Leadership Retreat Enhanced Planning Tools Quick Summary of Activity to Date The

Academic Leadership Retreat Enhanced Planning Tools Quick Summary of Activity to Date The

Academic Leadership Retreat Enhanced Planning Tools Quick Summary of Activity to Date The Working Group and the Advisory Committee have been meeting for the past 18 months to develop A set of common criteria A possible list of

99 views • 9 slides
AS FINANCE COUCNIL A summary of proposed changes QUICK VIEW The AS Board of Directors (now

AS FINANCE COUCNIL A summary of proposed changes QUICK VIEW The AS Board of Directors (now

AS FINANCE COUCNIL A summary of proposed changes QUICK VIEW The AS Board of Directors (now Executive Board) traditionally managed every aspect of the AS, including the money. As a result of the AS restructure, the Executive Board (and Student

279 views • 14 slides
CSS Lab. Bases de Dados e Aplicaes Web MIEIC, FEUP 2010/11 Srgio Nunes 1 Summary

CSS Lab. Bases de Dados e Aplicaes Web MIEIC, FEUP 2010/11 Srgio Nunes 1 Summary

CSS Lab. Bases de Dados e Aplicaes Web MIEIC, FEUP 2010/11 Srgio Nunes 1 Summary Quick Overview The CSS Language CSS Selectors & Properties The Box Model CSS Positioning A Note on CSS3 2 Quick Overview 3

1.55k views • 112 slides
Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key

Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key

Feasibility Summary Workshop Agenda Review CNVC Timeline Feasibility Summary: Key Elements Dos and Donts Q&A Upcoming Events and Deadlines College Quick Pitches and Teambuilding Nov. 1 | 5-6 p.m. | Chicago Booth

530 views • 31 slides
Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort

Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort

Sorting Chapter 7 1 Quick Sort One of the most popular fast sorting algorithms Quick sort overcomes the drawback of merge sort of creating an additional array Generally, quick sort is the most efficient algorithm for large arrays 2 Quick

548 views • 35 slides
Mozilla Foundation Board Meeting December 2013 Section 0 summary A quick history Current MoFo

Mozilla Foundation Board Meeting December 2013 Section 0 summary A quick history Current MoFo

Mozilla Foundation Board Meeting December 2013 Section 0 summary A quick history Current MoFo work started in 2009 w/ Drumbeat. Have grown revenue from 0.2M in 2009 to $13M in 2013. And built contributor community of 10k+ people. Webmaker

582 views • 39 slides
Current AI A quick summary Issam June 22, 2016 University of British Columbia AlphaGo 1

Current AI A quick summary Issam June 22, 2016 University of British Columbia AlphaGo 1

Current AI A quick summary Issam June 22, 2016 University of British Columbia AlphaGo 1 AlphaGo has beaten human Figure 1: Playing against human Champion Lee Sedol 4-1 Lee Sedol is a 9 dan professional Korean Go champion who won 27

721 views • 24 slides
A first-order logic for string diagrams Aleks Kissinger David Quick Oxford Quantum Group CALCO

A first-order logic for string diagrams Aleks Kissinger David Quick Oxford Quantum Group CALCO

Introduction !-Logic Interpretation Example Summary A first-order logic for string diagrams Aleks Kissinger David Quick Oxford Quantum Group CALCO June 2015 Q UANTUM G ROUP Introduction !-Logic Interpretation Example Summary

1.43k views • 139 slides
multi media multi media why use multimedia? quick & direct delivery of information

multi media multi media why use multimedia? quick & direct delivery of information

multi media multi media why use multimedia? quick & direct delivery of information e.g.: a short video (< 2mins) with demo/summary of service ~ in addition to text ~ can quickly deliver core info catering to diverse user groups

532 views • 28 slides
Presentation at Scrutiny Jane Young The basics of human rights and equality very quick

Presentation at Scrutiny Jane Young The basics of human rights and equality very quick

Presentation at Scrutiny Jane Young The basics of human rights and equality very quick summary Our starting point must be that any attempt to disadvantage disabled people, by charging large amounts of money to provide essential

245 views • 8 slides
Database-enabled web technology Summary Instructor: C a gr C oltekin

Database-enabled web technology Summary Instructor: C a gr C oltekin

Database-enabled web technology Summary Instructor: C a gr C oltekin c.coltekin@rug.nl Information science/Informatiekunde Fall 2011/12 Previously in this course . . . Previous weeks W1: Quick introductions to PHP & git.

594 views • 34 slides
Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for

Post-quantum RSA We built a great, great 1-terabyte RSA wall, and we had the university pay for the electricity Daniel J. Bernstein Joint work with: Nadia Heninger Paul Lou Luke Valenta Post-quantum RSA Daniel J. Bernstein, Nadia Heninger,

788 views • 50 slides
Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work

Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work

Online Cryptography Course Dan Boneh Introduction Course Overview Dan Boneh Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My

961 views • 50 slides
Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018

Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018

Blockchain and Cryptoassets Alan Wunsche, MBA, CPA, CA, CBP Toronto, Canada November 15, 2018 OUR OBJECTIVE 1. Know Key Terms and Concepts 2. Understand Cryptoassets, Tokens Alan Wunsche 3. Highlight Regulatory Concerns CEO, TokenFunder 2

1.37k views • 43 slides
Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and

Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and

Part 1: Applica-ons: Digital Currencies (Bitcoin, Ethereum, and Ripple) Demelza Hays demelza.hays@uni.li November 14, 2017 1 Outline Quick review of

564 views • 43 slides
Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate

Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate

Securely Migrate Digital Identities from a Class PKI to a Blockchain Keywords : Certificate authority, Digital identity management, PKI, Blockchain Reading list: Bitcoin: A Peer-to-Peer Electronic Cash System https://bitcoin.org/bitcoin.pdf

464 views • 10 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides
EuroCamp A federated framework for secure videoconference Daniel Kouril, Michal Prochazka

EuroCamp A federated framework for secure videoconference Daniel Kouril, Michal Prochazka

EuroCamp A federated framework for secure videoconference Daniel Kouril, Michal Prochazka Acknowledgement This work is funded by CESNET Development Fund Masaryk University EuroCamp '08 - Stockholm 2 Outline Introduction

594 views • 23 slides

More recommend