revisiting the x 509 certification path validation
play

Revisiting the X.509 Certification Path Validation RuhrSec 2018, - PowerPoint PPT Presentation

Dec 01, 2023 •276 likes •826 views

Revisiting the X.509 Certification Path Validation RuhrSec 2018, Bochum Dr. Falko Strenzke cryptosource GmbH, Darmstadt fstrenzke@cryptosource.de cryptosource Cryptography. Security. June 6, 2018 cryptosource X.509 Path Validation Falko

  1. Revisiting the X.509 Certification Path Validation RuhrSec 2018, Bochum Dr. Falko Strenzke cryptosource GmbH, Darmstadt fstrenzke@cryptosource.de cryptosource Cryptography. Security. June 6, 2018 cryptosource X.509 Path Validation Falko Strenzke 1 / 53 Cryptography. Security.

  2. X.509 Certification Path Validation cryptosource X.509 Path Validation Falko Strenzke 2 / 53 Cryptography. Security.

  3. BSI Project on the Certification Path Validation X.509 certification path validation subject to many historical implementation errors creation of a test tool a test specification application to 10 test subjects cryptosource X.509 Path Validation Falko Strenzke 3 / 53 Cryptography. Security.

  4. Joint Work Armin Cordel Heike Hagemeier BSI BSI Evangelos Karatsiolis Falko Strenzke MTG AG cryptosource GmbH cryptosource X.509 Path Validation Falko Strenzke 4 / 53 Cryptography. Security.

  5. X.509 Certificates serial number subject name= A issuer name � subject public key private key validity period cert. extensions signature verify signature generate serial number signature subject name=xy.de issuer name = A TBS Data � subject public key X.509-Cert. validity period cert. extensions signature cryptosource X.509 Path Validation Falko Strenzke 5 / 53 Cryptography. Security.

  6. X.509 Certificate build-up X.509 Certificate: ASN.1/DER encoding (TLV) TBS-Data Version (v1,v2,v3) Serial number Signature algorithm Issuer (Issuer DN) Owner (Subject DN) notBefore (creation date) notAfter (expiration date) Public key Extensions (critical/non-critical(*)), e.g. Basic Constraints (CA certificate yes/no) Key Usage Pointers to revocation information Signature (*)Extension marked as critical: extension must be processed or cert. rejected cryptosource X.509 Path Validation Falko Strenzke 6 / 53 Cryptography. Security.

  7. Internet PKI root CA 0 root CA 1 trusted sub CA 0 sub CA 1 sub CA 2 root CA 1 CRL server 0 server 1 server 2 sub CA 1 CRL server 3 server 4 sub CA 2 CRL cryptosource X.509 Path Validation Falko Strenzke 7 / 53 Cryptography. Security.

  8. Certificate Chains Trust Anchor serial number = 1 verify subject name= super root intermediate CA issuer name = super root signature � subject public key validity period serial number = 1 cert. extensions subject name= subCA 1 target (end-entity) cert. issuer name = super root � subject public key validity period serial number = 23247293 signature cert. extensions: subject name= xy.de Basic Constr.: isCA=true issuer name = subCa 1 verify � subject public key signature validity period signature cert. extensions: historical vulnerabilities: ext. ABC (Crit) - accept any self-signed as trusted verify - failure to validate TLS hostname signature signature - accept target cert. as CA - ignoring unknown critical extensions cryptosource X.509 Path Validation Falko Strenzke 8 / 53 Cryptography. Security.

  9. Historical Vulnerabilities in X.509 Validation Further historical Vulnerabilities in the X.509 Certificate Validation Null-Prefix Attack certificate authority (CA) has to validate applicant’s ownership of the domain apply for certificate xy . de \ 0abc . com path validation routines see \ 0 as byte with value 0 in C language this is the string terminator and thus the certificate is considered valid for xy.de Cryptography related vulnerabilities Bleichenbacher’s low exponent attack: invalid parsing of “decrypted” RSA signatures empty signatures accepted etc. cryptosource X.509 Path Validation Falko Strenzke 9 / 53 Cryptography. Security.

  10. Existing Test Tools: Frankencerts research project 2014 “Frankencerts” idea: use the internet as a source for a diversity of X.509 certificates use an algorithm to create mutants (combinations of parts) of this corpus use differential testing to find deviating results for the same certificate chain differential testing: input the same test data into multiple test subjects and observe if any behaves differently Pros: no modelling of the test data or the validation algorithm necessary identifies a large number of (subtle) errors Cons: requires manual analysis when test results deviate generation of test data satisfying application specific requirements is not straight forward cryptosource X.509 Path Validation Falko Strenzke 10 / 53 Cryptography. Security.

  11. Existing Test Tools: NIST’s PKITS Test Suite PKITS Test Suite (NIST) Large number of static test cases Users must organise data themselves De-facto standard for libraries Pros: High test coverage especially for extensions Cons: static test data CommonName / SAN Signature algorithms cannot be varied cryptosource X.509 Path Validation Falko Strenzke 11 / 53 Cryptography. Security.

  12. New Test Specification and Tool Test Specification Test suite with covering the most important aspects “dynamic parametrization” e.g. instantiate the same test with different signature algorithms Test Tool Certification Path Validation Test Tool (CPT) Open Source (EUPL, Apache 2.0, . . . ) generate the test data from test specification execute the test against TLS, IPsec and S/MIME applications cryptosource X.509 Path Validation Falko Strenzke 12 / 53 Cryptography. Security.

  13. Test Specification Systematic derivation of the test specification: Rules from standards (RFC 5280 + Application specific) Historical errors: CVE Vulnerability database (https://cve.mitre.org/) Search terms (certificate validation, intermediate CA, ...) Publications Errors known to us (NULL character) cryptosource X.509 Path Validation Falko Strenzke 13 / 53 Cryptography. Security.

  14. Test Specification 76 test cases General Extensions Revocation Cryptographic aspects Email (S/MIME) IPsec TLS Server TLS Client cryptosource X.509 Path Validation Falko Strenzke 14 / 53 Cryptography. Security.

  15. Test Data Specification cryptosource X.509 Path Validation Falko Strenzke 15 / 53 Cryptography. Security.

  16. Test Data Specification cryptosource X.509 Path Validation Falko Strenzke 16 / 53 Cryptography. Security.

  17. Test Data Specification cryptosource X.509 Path Validation Falko Strenzke 17 / 53 Cryptography. Security.

  18. Test Data Specification cryptosource X.509 Path Validation Falko Strenzke 18 / 53 Cryptography. Security.

  19. <CRL id="CERT_PATH_CRL_09_SUB_CA_CRL"> <Location>http://cert_path_host/sub_ca_crl.crl</Location> <VerifiedBy>CERT_PATH_CRL_09_SUB_CA</VerifiedBy> <Version>1</Version> <Signature>1.2.840.113549.1.1.11</Signature> <IssuerDN encoding="UTF8">CN=Test Sub CA, C=DE</IssuerDN> <ThisUpdate>-8D</ThisUpdate> <NextUpdate>-1D</NextUpdate> <Extension oid="2.5.29.35" critical="false" name="AKI" type="pretty"></Extension> <Extension oid="2.5.29.20" critical="false" name="CRL Number" type="pretty">9</Extension> </CRL> cryptosource X.509 Path Validation Falko Strenzke 18 / 53 Cryptography. Security.

  20. Specification of a Certification Path <PKIObjects > <Certificate id=" CERT_PATH_CRL_09_ROOT_CA " refid="ROOT CA" overwrite =" false" type ="TA" /> <Certificate id=" CERT_PATH_CRL_09_SUB_CA_1 " refid =" SUB_CA" overwrite =" true"> ... </Certificate > <Certificate id=" CERT_PATH_CRL_09_SUB_CA_2 " refid =" SUB_CA" overwrite =" true"> ... </Certificate > <Certificate id=" CERT_PATH_CRL_09_EE " refid =" CRL_02_EE" overwrite =" true" type ="TC"> ... </Certificate > <CRL id=" CERT_PATH_CRL_09_ROOT_CRL "> ... </CRL > <CRL id=" CERT_PATH_CRL_09_SUB_CA_CRL "> ... </CRL > </PKIObjects > cryptosource X.509 Path Validation Falko Strenzke 19 / 53 Cryptography. Security.

  21. CPT Processing testcases pkiObjects mod common mod common test 1.xml PO test 1.xml refid test 2.xml PO test 2.xml mod crl mod crl test 3.xml PO test 2.xml CRL server is valid CPT basis tool (HTTP or LDAP) cert. chain? produce output output start server load test 2 CRL ....TA.crt (trust anchor) present test cert. ....CA.crt (intermediate CA) test execution data chain Test subject tool ....TC.crt (target cert (EE cert)) - library test tool crls/ - tls test tool - IPsec test tool test 3 ... cryptosource X.509 Path Validation Falko Strenzke 20 / 53 Cryptography. Security.

  22. Additional Test Tools library test tools C/C++ command line tool Java command line tool TLS test tool TLS test client TLS test server based on the Botan library additionally: Web frontend to test Browsers IPsec test tool based on strongSwan IPsec implementation cryptosource X.509 Path Validation Falko Strenzke 21 / 53 Cryptography. Security.

  23. Test Subjects Test subjects Cryptographic Libraries OpenSSL (C) Botan (C++) mbedTLS (C) Bouncy Castle (Java) OpenJDK (Java) Applications Apache (HTTP Server) Firefox (Browser) strongSwan (IPsec) OpenVPN (VPN) KMail (Email Client) cryptosource X.509 Path Validation Falko Strenzke 22 / 53 Cryptography. Security.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Revisiting the cardinality Operator and Introducing the cardinality-path Constraint Family

Revisiting the cardinality Operator and Introducing the cardinality-path Constraint Family

Revisiting the cardinality Operator and Introducing the cardinality-path Constraint Family Nicolas Beldiceanu and Mats Carlsson S I C S Lgerhyddsvgen 18 75237 Uppsala {nicolas,matsc}@sics.se ICLP 2001, Paphos, Cyprus Outline of

585 views • 55 slides
OPT : LIGHTWEIGHT SOURCE AUTHENTICATION &amp; PATH VALIDATION

OPT : LIGHTWEIGHT SOURCE AUTHENTICATION &amp; PATH VALIDATION

OPT : LIGHTWEIGHT SOURCE AUTHENTICATION &amp; PATH VALIDATION Tiffany Hyun-Jin Kim , 1 Cris(na Basescu, 2 Limin Jia, 1 Soo Bum Lee, 3 Yih-Chun Hu, 4 and Adrian

502 views • 26 slides
A Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV

A Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV

A Formal Model Approach for the Analysis and Validation of the Cooperative Path Planning of a UAV Team Antonios Tsourdos Brian White, Rafa bikowski, Peter Silson Suresh Jeyaraman and Madhavan Shanmugavel Guidance &amp; Control Group

826 views • 44 slides
Information Encoding for Impaired Optical Path Validation

Information Encoding for Impaired Optical Path Validation

Information Encoding for Impaired Optical Path Validation draft-bernstein-wson-impairment-encode-02.txt Greg Bernstein Grotto Networking Young Lee Huawei Xian Zhang Huawei 86 th IETF Orlando, FL, March 2013 Page - 1 Introduction

336 views • 8 slides
Information Model for Impaired Optical Path Validation

Information Model for Impaired Optical Path Validation

Information Model for Impaired Optical Path Validation draft-bernstein-wson-impairment-info-06.txt Greg Bernstein Grotto Networking Young Lee Huawei Xian Zhang Huawei 86 th IETF Orlando, FL, March 2013 Page - 1 Summary of the

218 views • 8 slides
Certification Best Practices and Challenges Key Considerations Sc Scope ope T

Certification Best Practices and Challenges Key Considerations Sc Scope ope T

Certification Best Practices and Challenges Key Considerations Sc Scope ope T Transpar ansparency ency A Accessibility essibility Go Governanc ernance e V Validation alidation M Monit onitoring oring

512 views • 13 slides
Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc.

Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc.

Implementing CertPath Validation: Lessons Learned Steve Hanna Sun Microsystems, Inc. steve.hanna@sun.com Cert Path Validation &amp; Building Widely needed S/MIME, TLS, IPsec, ... Very complex sonof2459 includes 18

155 views • 11 slides
1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training Inspection/Audit Establish MoC Status of Operator/ Maintainer Manual, Function Identify CRB Record and Interfaces Result of Form Ground/

618 views • 24 slides
CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO APPLY TO WRITE Once you have logged into the Then under Certification The Certification committee Application Forms may be CAPLA website using

687 views • 37 slides
1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA Certification is based on Dr. As Habits of Health Transformational System and is available to all Coaches who want to apply and reinforce their knowledge of

613 views • 19 slides
Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

ASHA Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the CFCC Presentation Overview What is Certification? CCC-A Certification Standards CCC-A Application Process FAQs Keep your

209 views • 19 slides
Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number,

284 views • 24 slides
Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far Various metrics (e.g., accuracy, F-measure, RMSE, ) Evaluation protocol setups Split Validation Cross Validation Special

1.04k views • 55 slides
Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang Contents Why Validate? Validation Approaches Domain Why is Validation Abstraction

724 views • 47 slides
Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation Experiment 2. Significant changes to the architectures 3. Work Breakdown Structure 4. Critical path on your schedule 5. Top 3 risks and planned mitigation

567 views • 19 slides
Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in all other positions (Descriptions in some of the following slides are as indicated in the rules, although it is not unusual for the referee to

378 views • 10 slides
Providing Infrastructure Functions for Virtual Networks by Applying Node Plug-in Architecture

Providing Infrastructure Functions for Virtual Networks by Applying Node Plug-in Architecture

Providing Infrastructure Functions for Virtual Networks by Applying Node Plug-in Architecture Yasusi Kanada Hitachi, Ltd., Japan Background VNode and VNode Infrastructure was developed in a collaborative project. VNode is a physical

609 views • 13 slides
Enabling Location Specific Real-time Mobile Applications Ravi Kokku, Karthik Sundaresan, Geoff

Enabling Location Specific Real-time Mobile Applications Ravi Kokku, Karthik Sundaresan, Geoff

Enabling Location Specific Real-time Mobile Applications Ravi Kokku, Karthik Sundaresan, Geoff Jiang NEC Laboratories America, Princeton 1 Trends in the Mobile Networking Domain Ubiquity of Mobile Devices Services and Verizon approved

356 views • 9 slides
Emergent Pfaffian Relations in Quasi-Planar Models Michael Aizenman Princeton Univ. joint works

Emergent Pfaffian Relations in Quasi-Planar Models Michael Aizenman Princeton Univ. joint works

Emergent Pfaffian Relations in Quasi-Planar Models Michael Aizenman Princeton Univ. joint works with: Hugo Duminil-Copin, Vincent Tassion, and Simone Warzel 2016 Charles River Lectures MIT, Sept. 30, 2016 1 / 15 Talk outline 1.

721 views • 20 slides
Linda Hall Library Collections : Expanding Access for CRL Members Center for Research Libraries

Linda Hall Library Collections : Expanding Access for CRL Members Center for Research Libraries

Linda Hall Library Collections : Expanding Access for CRL Members Center for Research Libraries March 5, 2014 Presenters James Simon, Director, Global Resources Network, CRL Kevin Wilks, Head, Access Services, CRL Jane Smith,

429 views • 9 slides
Undecidability of { , 1 , } -equations in subvarieties of commutative residuated latices.

Undecidability of { , 1 , } -equations in subvarieties of commutative residuated latices.

Undecidability of { , 1 , } -equations in subvarieties of commutative residuated latices. Gavin St.John Under the advisement of Nikolaos Galatos University of Denver Department of Mathematics Topology, Algebra, and Categories in Logic

1.3k views • 80 slides
A New Template for the Preservation of Electronic News IFLA Newspaper Section Satellite

A New Template for the Preservation of Electronic News IFLA Newspaper Section Satellite

A New Template for the Preservation of Electronic News IFLA Newspaper Section Satellite Conference Geneva, 2014 Bernard F. Reilly, Jr. Center for Research Libraries Chicago, USA PRESERVING NEWS IN THE DIGITAL ENVIRONMENT: MAPPING THE

494 views • 17 slides
Detecting Human Actions in Surveillance Videos Ming Yang, Shuiwang Ji, Wei Xu, Jinjun Wang,

Detecting Human Actions in Surveillance Videos Ming Yang, Shuiwang Ji, Wei Xu, Jinjun Wang,

Detecting Human Actions in Surveillance Videos Ming Yang, Shuiwang Ji, Wei Xu, Jinjun Wang, Fengjun Lv, Kai Yu, Yihong Gong NEC Laboratories America, Inc., Cupertino, CA, USA Mert Dikmen, Dennis J.Lin, Thomas S.Huang Dept. of ECE, UIUC,

450 views • 34 slides
Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of Financing Cars 30.0% F&amp;I Share of Dealer 20.0% Profits Presentation of Chris Kukla 10.0% NC State Bar Legal Assistance for Military Personnel

425 views • 5 slides

More recommend