some tales about tls
play

Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 - PowerPoint PPT Presentation

Jul 03, 2023 •612 likes •1.23k views

Introduction Certificate Authorities Algorithms Attacks HTTPS by default Future Final remarks Some tales about TLS Hanno B ock https://hboeck.de/ 1 / 60 Introduction Certificate Authorities Algorithms How broken is TLS? Attacks

  1. Introduction Certificate Authorities Algorithms Attacks HTTPS by default Future Final remarks Some tales about TLS Hanno B¨ ock https://hboeck.de/ 1 / 60

  2. Introduction Certificate Authorities Algorithms How broken is TLS? Attacks Why care? HTTPS by default Future Final remarks Last year Last year: ”How broken is TLS?” The good news: Things are definitely improving 2 / 60

  3. Introduction Certificate Authorities Algorithms How broken is TLS? Attacks Why care? HTTPS by default Future Final remarks Why care? TLS is *the* most important cryptographic protocol in the Internet TLS is under attack: BEAST, CRIME, Lucky Thirteen, Heartbleed, BERserk, POODLE, FREAK 3 / 60

  4. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks CA issues all the time June 2013: ANSSI issues certs for Google March 2014: India CCA intermediate compromised and issued certs for Yahoo and Google Feb 2015: Superfish / Privdog / Komodia breaking certificate authentication March 2015: Comodo cert for live.fi through hostmaster@live.fi March 2015: Same thing for xs4all March 2015: Google found bad certs issued by MCS Holdings / CNNICa April 2015: Google and Mozilla remove CNNIC 4 / 60

  5. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Too many CAs There are hundreds of browser-accepted CAs and an unknown number of subordinate CAs Each of them can break TLS security It does not matter how good your CA is - the only thing that matters is the worst CA from all of them 5 / 60

  6. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks CNNIC CNNIC issued intermediate certificate to egyptian company MCS Holdings MCS used it in a Man-in-the-Middle-TLS-Proxy in violation of policy Google and Mozilla kick CNNIC out 6 / 60

  7. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Domain Validation via E-Mail Domain Validation: CA sends mail to defined aliases (admin, administrator, webmaster, hostmaster, postmaster, see Baseline Requirements) If you offer E-Mail you must make sure that noone can register such an address One can argue if this is a sane system, but it’s clearly documented (Baseline Requirements) live.fi / xs4all.nl issues were their fault 7 / 60

  8. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Revocation is broken Two revocation mechanisms: CRL (impractical) and OCSP Browsers used insecure soft-fail mode in the past Chrome and Firefox distribute their own blocklists, but they don’t scale OCSP stapling could help, but needs a mechanism to indicate its use (muststaple draft) 8 / 60

  9. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Man in the Middle Proxies Superfish: Created a TLS Man in the Middle Proxy, private key was static and part of the Software (Komodia) Privdog: Just disabled TLS verification completely (Privdog is founded by the CEO of Comodo) Several Antiviruses do the same. Not fully broken, but all decrease the security of TLS This is not directly a problem of CAs or TLS TLS Man in the Middle Proxies are a bad idea 9 / 60

  10. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Alternatives and Mitigations It is easy to point out the flaws of the CA system, much harder to offer an alternative Complaining and using no encryption at all doesn’t help With all its downsides, there is one pretty strong argument for the CA system: It’s usable 10 / 60

  11. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks DNSSEC/DANE DANE won’t provide you any security today It is very uncertain if it will ever do that 11 / 60

  12. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks DNSSEC - too many pieces For DNSSEC to work you need A signed root A signed Top Level Domain A domain broker that supports DNSSEC A DNS operator that supports DNSSEC A client that verifies DNSSEC Only if you have all 5 you have security 12 / 60

  13. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks Working DNSSEC deployment is near zero DNSSEC propaganda: ”xx % of all TLDs are signed”, ”there are already XX.XXX signed domains” Completely irrelevant statements Cryptographic signatures aren’t worth anything if nobody is checking them Client deployment of DNSSEC is very close to zero 13 / 60

  14. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks DNSSEC client So how exactly does a client verify DNSSEC signatures? (Most common today: Not at all) DNSSEC verification happens in the DNS resolver - but clients usually don’t have DNS resovlers 14 / 60

  15. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks DNSSEC client Should we trust our providers? (No!) Should operating systems ship DNS resolvers? Should applications ship their own DNS resolvers? It’s not even clear how DNSSEC should be deployed on clients 15 / 60

  16. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks More DNSSEC problems Reflection / amplification attacks (fixable, but people don’t fix it) Bad crypto (fixable, but people don’t fix it) Still hiearchical, moving trust to TLD operators (essentially that means nation states) Almost impossible to revoke trust 16 / 60

  17. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks So what is DANE Idea of DANE: If we already have a secure DNS through DNSSEC we can add certificate information to the DNS The problem: We don’t have working DNSSEC Building something on top of something that does not work is pointless 17 / 60

  18. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks DNSSEC - other voices ”DNSSEC is undeployable in practice. It is a state far worse than IPv6, and no amount of wishing or application activism is going to change this - it’s a problem of economy, not education.” Ryan Sleevi, Chrome-developer, Google ”DNSSEC is dead”, ”DNSSEC is not maintainable at scale and not end-to-end.”, ”I looked into what we would have to do to run DNSSEC on our millions of domains. Not fun, no benefit, we become DDoS source.” Alex Stamos, Yahoo CSIO ”If you’re running systems carefully today, no security problem you have gets solved by deploying DNSSEC.” Thomas Ptacek, crypto expert 18 / 60

  19. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks HTTP Public Key Pinning (HPKP) Webpage sends a header with hashes of public keys for the browser to pin Browser stores these hashes Always needs at least two keys - because you need to be able to change your certificates in the future Adds a ”Trust on First use” (ToFU) protection 19 / 60

  20. Introduction Certificate Authorities CA issues Algorithms DNSSEC/DANE Attacks HTTP Public Key Pinning (HPKP) HTTPS by default Certificate Transparency Future Free certificates Final remarks HTTP Public Key Pinning (HPKP) HPKP header: max-age=31536000;pin- sha256=”HD3EpAqgxJWKGiSuuXPyipmL33IwYlwhLUgF1gKYOuc=”;pin- sha256=”dwUkkREEnv6pEtNJoRzlBHJm3IlUvPhgy0mdYFOM6V8=”; includeSubDomains; report-uri=”/hpkp.php” Browser pins the two hashes for [max-age] seconds report-uri is unimplemented today 20 / 60

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EXCITING ADVENTURES WITH ANIMALS AROUND THE WORLD- 6 TANTALIZING TALES 1 6 TANTALIZING TALES

EXCITING ADVENTURES WITH ANIMALS AROUND THE WORLD- 6 TANTALIZING TALES 1 6 TANTALIZING TALES

EXCITING ADVENTURES WITH ANIMALS AROUND THE WORLD- 6 TANTALIZING TALES 1 6 TANTALIZING TALES 1.MAGICAL ELEPHANTS APPEARING OUT OF NOWHERE IN KENYA,AFRICA, WITH A FEW BIRDS GETTING ALL OF THE ATTENTION! 2.UNINHIBITED CAVORTING MONKEYS IN

578 views • 41 slides
Learning to Live in Exile Week Two: Court Tales Welcome! Please fill out a name tag and help

Learning to Live in Exile Week Two: Court Tales Welcome! Please fill out a name tag and help

Learning to Live in Exile Week Two: Court Tales Welcome! Please fill out a name tag and help yourself to refreshments. Approaches and Expectations Newspaper History Folk Article? Text Book? Tales? Winter rain and snow slowly chipping away

376 views • 9 slides
No Time to Cry: Tales of a Leicester Bouncer Jeff Shaw Who Am I? 15 years experience as a

No Time to Cry: Tales of a Leicester Bouncer Jeff Shaw Who Am I? 15 years experience as a

No Time to Cry: Tales of a Leicester Bouncer Jeff Shaw Who Am I? 15 years experience as a Doorman I didnt and dont like to be called a Bouncer Too many negative images Look at the tales of Geoff Thompson, Stilks, Cas

229 views • 22 slides
GUIDELINES FOR CANTERBURY TALES PRESENTATIONS Presentations begin Thursday, October 13 In the

GUIDELINES FOR CANTERBURY TALES PRESENTATIONS Presentations begin Thursday, October 13 In the

GUIDELINES FOR CANTERBURY TALES PRESENTATIONS Presentations begin Thursday, October 13 In the General Prologue to The Canterbury Tales, Geoffrey Chaucer introduces a group of travelers making a pilgrimage to Canterbury. Each of you will present

165 views • 4 slides
English Traditional Tales: Hansel and Gretel English I Year 3 I Literacy I Traditional Tales

English Traditional Tales: Hansel and Gretel English I Year 3 I Literacy I Traditional Tales

English Traditional Tales: Hansel and Gretel English I Year 3 I Literacy I Traditional Tales Hansel and Gretel I Letter Writing I Witchs Advert I Lesson 1 of 6 Aim I can plan a formal letter. Success Criteria I can plan a formal

319 views • 13 slides
Gr Grie ief ~ L f ~ Los oss ~ Cha s ~ Chang nge and other tales from the quarantine

Gr Grie ief ~ L f ~ Los oss ~ Cha s ~ Chang nge and other tales from the quarantine

Gr Grie ief ~ L f ~ Los oss ~ Cha s ~ Chang nge and other tales from the quarantine Julia Ellifritt, LISW-S Cornerstone of Hope Bereavement Center Obj Object ective ives Grief COVID-19 Self-care If a tree falls in a

488 views • 34 slides
Tuesday 16th June Lesson 1 1. What are tales? 2. Which tales do you know or have you heard of?

Tuesday 16th June Lesson 1 1. What are tales? 2. Which tales do you know or have you heard of?

Slides for the first two weeks.notebook June 11, 2020 Tuesday 16th June Lesson 1 1. What are tales? 2. Which tales do you know or have you heard of? 3. What or where is suburbia? 1 Slides for the first two weeks.notebook June 11, 2020

379 views • 19 slides
The Canterbury Tales . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. .

The Canterbury Tales . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. .

. .. .. . . .. . . .. . . .. . . . . . .. . . .. . . .. . . .. . The Canterbury Tales . .. .. . . . .. . . .. . . .. . . .. . .. . . . .. . . .. . . .. . . .. . Figure: Opening of The

236 views • 10 slides
Agenda Context: Libraries and DLs ETD setting Design issues Tales functionality

Agenda Context: Libraries and DLs ETD setting Design issues Tales functionality

Community Tales : An Infrastructure for the Collaborative Construction of Digital Theses Repositories Lourdes Fernandez, J. Alfredo Snchez Libraries Division Universidad de las Amricas, Puebla Mxico ETD 2003, Berlin, Germany, May 2003

636 views • 26 slides
Ridiculously Preliminary Bassetto, Huo, Mateos-Planas, R os-Rull Two Tales of Time

Ridiculously Preliminary Bassetto, Huo, Mateos-Planas, R os-Rull Two Tales of Time

Two Tales of Time Consistency: The Generalized Euler Equation and the BankruptcySovereign Default Problem Organizational Equilibrium with Capital joint work with Marco Bassetto, Zhen Huo and Xavier Mateos-Planas Jos e-V ctor R

1.29k views • 89 slides
The Obstacle is the Way: The Timeless Art of Turning Trials into Triumph: A Book Tales

The Obstacle is the Way: The Timeless Art of Turning Trials into Triumph: A Book Tales

The Obstacle is the Way: The Timeless Art of Turning Trials into Triumph: A Book Tales Presentation By Book Tales The Obstacle is the Way: The Timeless Art of Turning Trials into Triumph: A Book Tales Presentation By Book Tales The ancient

294 views • 5 slides
The Wanderer of Liverpool And other Tales Lessons to consider ? ? Some musings by Ken Croasdale

The Wanderer of Liverpool And other Tales Lessons to consider ? ? Some musings by Ken Croasdale

The Wanderer of Liverpool And other Tales Lessons to consider ? ? Some musings by Ken Croasdale SNAME Arctic Section Christmas Lunch Dec 19, 2018 The beginning of the story I was originally an aeronautical engineer So was Neville

259 views • 24 slides
Save Saskatchewan Libraries! Tales of a Fearless Facebook Campaign

Save Saskatchewan Libraries! Tales of a Fearless Facebook Campaign

Save Saskatchewan Libraries! Tales of a Fearless Facebook Campaign Presented by Mary Cavanagh, Associate Professor School of Information Studies, University of Ottawa @Ontario

246 views • 24 slides
It's just a %$#@ing BOOK!!! A bunch of ancient myths! You believe in fairy tales,

It's just a %$#@ing BOOK!!! A bunch of ancient myths! You believe in fairy tales,

It's just a %$#@ing BOOK!!! A bunch of ancient myths! You believe in fairy tales, huh? For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a

1.21k views • 107 slides
60 YEARS 0. Old tales 1. Ion dynamics 2. Electron dynamics 3. Perspectives U. Tokyo, STP

60 YEARS 0. Old tales 1. Ion dynamics 2. Electron dynamics 3. Perspectives U. Tokyo, STP

Plasma particle dynamics in collisionless magnetic reconnection Seiji ZENITANI Kyoto University 60 YEARS 0. Old tales 1. Ion dynamics 2. Electron dynamics 3. Perspectives U. Tokyo, STP (Solar Terrestrial Physics) group Super Terasawa

781 views • 49 slides
Combining Old and New Systems in Existing Buildings and Other Retrofit Tales By Paul Jewett CFAA

Combining Old and New Systems in Existing Buildings and Other Retrofit Tales By Paul Jewett CFAA

Combining Old and New Systems in Existing Buildings and Other Retrofit Tales By Paul Jewett CFAA Technician Number 11 Combining Old and New Systems in Existing Buildings and Other Retrofit Tales Disclaimer In this presentation all the job

655 views • 38 slides
Big Linked Data Storage and Query Processing Prof. Sherif Sakr ACM and IEEE Distinguished Speaker

Big Linked Data Storage and Query Processing Prof. Sherif Sakr ACM and IEEE Distinguished Speaker

Big Linked Data Storage and Query Processing Prof. Sherif Sakr ACM and IEEE Distinguished Speaker The 3rd KEYSTONE Training School on Keyword search in Big Linked Data Vienna, Austria August 21, 2017 http://www.cse.unsw.edu.au/~ssakr/

964 views • 78 slides
VLBI and Effelsberg: a long friendship Andrei Lobanov (on behalf of Eduardo Ros) Bonn,

VLBI and Effelsberg: a long friendship Andrei Lobanov (on behalf of Eduardo Ros) Bonn,

VLBI and Effelsberg: a long friendship Andrei Lobanov (on behalf of Eduardo Ros) Bonn, Effelsberg Conference February 20 th , 2018 20feb18 Ros: VLBI with Effelsberg 1 Outline VLBI at Effelsberg: history and present VLBI capabilities

850 views • 35 slides
EDONA / HMI EDONA / HMI Modelling of Advanced Modelling of Advanced Automotive Interfaces

EDONA / HMI EDONA / HMI Modelling of Advanced Modelling of Advanced Automotive Interfaces

EDONA / HMI EDONA / HMI Modelling of Advanced Modelling of Advanced Automotive Interfaces Automotive Interfaces O. Meunier S. Boisgrault, E. Vecchi Intempora Mines ParisTech J.-M. Temmos Visteon Software Technologies Visteon X-Wave

307 views • 17 slides
High pressure gas TPC simulation George Christodoulou DUNE ND Meeting 22/10/2015 Overview

High pressure gas TPC simulation George Christodoulou DUNE ND Meeting 22/10/2015 Overview

High pressure gas TPC simulation George Christodoulou DUNE ND Meeting 22/10/2015 Overview Benefits of high pressure (HP) gas TPC HP gas TPC simulation Status, tools available, repository First simulation results Event rates

722 views • 33 slides
of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes,

of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes,

Challenges of Word Sense Alignment: Portuguese Language Resources Ana Salgado, Sina Ahmadi, Alberto Simes, John Philip McCrae, Rute Costa 7th Workshop on Linked Data in Linguistics: Building tools and infrastructure 23rd June 2020 This

548 views • 37 slides
Science drivers for ERIS as a stepping stone for E-ELTs G. B ONO Setting the scene E-ELT in a

Science drivers for ERIS as a stepping stone for E-ELTs G. B ONO Setting the scene E-ELT in a

Science drivers for ERIS as a stepping stone for E-ELTs G. B ONO Setting the scene E-ELT in a nutshell First light instruments ERIS Paving the way for E-ELT Future Perspectives First Generation E-ELT Instruments First Light E-ELT -- CAM

554 views • 24 slides
KLCCP Stapled Group Financial Results 3rd Quarter ended 30 September 2015 11 November 2015

KLCCP Stapled Group Financial Results 3rd Quarter ended 30 September 2015 11 November 2015

KLCCP Stapled Group Financial Results 3rd Quarter ended 30 September 2015 11 November 2015 Disclaimer These materials contain historical information of the Company which should not be regarded as an indication of future performance or results.

543 views • 23 slides
Un Unin informed d Se Sear arch ch Com omputer Science c cpsc sc322, Lecture 5 5 (Te

Un Unin informed d Se Sear arch ch Com omputer Science c cpsc sc322, Lecture 5 5 (Te

Un Unin informed d Se Sear arch ch Com omputer Science c cpsc sc322, Lecture 5 5 (Te Text xtboo ook k Chpt 3.5) May ay 1 18, 2 2017 CPSC 322, Lecture 5 Slide 1 Recap ap Search is a key computational mechanism in many AI

633 views • 32 slides

More recommend