Using Frankencerts for Automated Adversarial Testing of Certificate - - PowerPoint PPT Presentation

using frankencerts for automated adversarial testing of
SMART_READER_LITE
LIVE PREVIEW

Using Frankencerts for Automated Adversarial Testing of Certificate - - PowerPoint PPT Presentation

Jul 12, 2023 21 likes •205 views

Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Chad Brubaker Suman Jana Baishakhi Ray Sarfraz Khurshid Vitaly Shmatikov 116033910063 Content SSL/TLS

slide-1
SLIDE 1

Using Frankencerts for Automated Adversarial Testing

  • f Certificate Validation

in SSL/TLS Implementations

Chad Brubaker Suman Jana Baishakhi Ray Sarfraz Khurshid Vitaly Shmatikov 116033910063 黄中月

slide-2
SLIDE 2

Content

  • SSL/TLS Protocol
  • Implementation Correctness
  • Certificate Generation
  • Differential Testing
  • Conclusion
slide-3
SLIDE 3

SSL/TLS Protocol

  • End-to-end security even if the network is insecure
  • Authentication = certificate validation
  • Confidentiality
  • Integrity
slide-4
SLIDE 4

SSL/TLS Protocol

  • Server authentication
  • X.509 certificate validation
  • Chain of trust
  • Basic constraints
  • Name constraints
  • Key usage
  • Hostname
  • Time
slide-5
SLIDE 5

Implementation Correctness

  • Problem1: generating test inputs
  • Structurally complex data = Huge input space
  • Approach
  • Simple automated technique (Ex: random fuzzing)
  • A fuzzed string won't even parse as an X.509 cert
  • Manually creating certificates
  • Manually creating a high-quality suite is simply infeasible
slide-6
SLIDE 6

Implementation Correctness

  • Problem2: interpreting test results

test certificate SSL/TLS implementation accept/reject

slide-7
SLIDE 7

Implementation Correctness

  • Problem1: generating test inputs
  • Frankencerts
  • Problem2: interpreting test results
  • Differential Testing
slide-8
SLIDE 8

Certificate Generation

  • Requirements
  • Syntactically correct
  • Semantically bad
  • Scale to millions of certs
  • X.509 certificate structure
  • Multilayered structured data
  • Syntactic constraints
  • Ex: Version must be an integer
  • Semantic constraints
  • Ex: Version must be 0, 1, or 2
slide-9
SLIDE 9

Certificate Generation

  • Step 1: collect 243,246 certificates
slide-10
SLIDE 10

Certificate Generation

  • Step 2: generate 8,127,600 frankencerts
slide-11
SLIDE 11

Certificate Generation

  • Step 3: mutate a few pieces
slide-12
SLIDE 12

Differential Testing

  • 9 open-source SSL/TLS libraries
  • 6 Web browsers
slide-13
SLIDE 13

Differential Testing

  • Results
  • 15 root causes
  • 208 discrepancies
  • 62,022 frankencerts
  • Error Reporting
  • Expired (E)
  • Bad issuer (I)
  • Bad name (N)
slide-14
SLIDE 14

Differential Testing

  • Results
slide-15
SLIDE 15

Differential Testing

  • Error Reporting
slide-16
SLIDE 16

Differential Testing

  • Ex. Google Chrome
slide-17
SLIDE 17

Conclusion

  • Differential testing with frankencerts is an effective technique for

finding flaws in SSL/TLS implementations

  • The code is available at: https://github.com/sumanj/frankencert
slide-18
SLIDE 18

Thanks

Q&A