The SSL Landscape. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber. Network Architectures and Services Technische Universität München

Size: px
Start display at page:

Download "The SSL Landscape. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber. Network Architectures and Services Technische Universität München"

Transcription

1 The SSL Landscape Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber Network Architectures and Services Technische Universität München Hagenberg, 15 Mar 2012 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 1

2 Significance of SSL/TLS and X.509 SSL/TLS The backbone protocols for securing the WWW and Authentication, confidentiality, integrity Public-key cryptography X.509: Public Key Infrastructure standard Certification Authorities (CAs) certify Web sites Non-forgeable signature: Cert(X) = Sig CA (id X, pubkey X ) Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 2

3 Browser Panic (but AT is pretty good) Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 3

4 Basic Idea of X.509 PKI: Hierarchy R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 5 E 6 E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 4

5 Basic Idea of X.509 R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 6 I 3 E 5 E 6 Root Certificates E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 5

6 Basic Idea of X.509 R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 3 E 4 E 5 E 6 Host Certificates Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 6

7 Basic Idea of X.509 R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 6 I 3 E 5 E 6 Intermediate Certificates E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 7

8 Basic Idea of X.509 R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 Cross signing I 6 E 5 E 6 E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 8

9 Basic Idea of X.509 R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 5 E 6 E 3 E 4 One CA, two different trees Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 9

10 Basic Idea of X.509 CAs in Root Store R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 1 E 2 I 5 I 3 E 7 CA not in Root Store I 6 E 5 E 6 E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 10

11 Basic Idea of X.509 Root certificate not in Root Store R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 5 E 6 E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 11

12 An X.509 Certificate X509v3 Certificate Version Serial no. Sig. algo. Validity Issuer Not Before Not After Subject Subject Public Key Info Algorithm Public Key X509 v3 Extensions CA Flag, EV, CRL, etc. Signature Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 12

13 Root Stores Contain CA Certificates CAs in Root Store R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 5 E 6 E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 13

14 Browser (Client) Root Stores Your browser chooses the trusted CAs. Not you. Any CA may issue a certificate for any domain. This means the weakest CA determines the strength of the whole PKI. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 14

15 Development of Mozilla Root Store More than 150 trustworthy Root Certificates Number of certificates /1/2001 1/1/2002 1/1/2003 1/1/2004 1/1/2005 1/1/2006 1/1/2007 1/1/2008 1/1/2009 1/1/2010 1/1/2011 1/1/2012 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 15

16 Certificate Issuance How is a certificate issued in practice? Domain Validation: Send to (CA-chosen) mail address with code Confirmed ownership of mail address = ownership of domain Organisational Validation (OV, rare) Extended Validation (later, rare) Race to the bottom CAs have incentive to lower prices Translates into incentive to control less, not more Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 16

17 How This Got Our Interest PKI weaknesses in 2008 Early December 2008: Error in Comodo CA: no identity check Reported by Eddy Nigg of StartSSL (a CA) A regional sub-seller just took the credit card number and gave you a certificate No real reaction by Mozilla Late December 2008: whitehat hacks StartSSL CA Technical report: simple flaw in Web front-end Certificate for mozilla.com issued Caught by 2nd line of defence: human checks for high-value domains Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 17

18 How This Got Our Interest PKI weaknesses in 2008 Early December 2008: Error in Comodo CA: no identity check Reported by Eddy Nigg of StartSSL (a CA) A regional sub-seller just took the credit card number and gave you a certificate No real reaction by Mozilla Late December 2008: whitehat hacks StartSSL CA Technical report: simple flaw in Web front-end Certificate for mozilla.com issued Caught by 2nd line of defence: human checks for high-value domains Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 17

19 How This Got Our Interest PKI weaknesses in 2008 Early December 2008: Error in Comodo CA: no identity check Reported by Eddy Nigg of StartSSL (a CA) A regional sub-seller just took the credit card number and gave you a certificate No real reaction by Mozilla Late December 2008: whitehat hacks StartSSL CA Technical report: simple flaw in Web front-end Certificate for mozilla.com issued Caught by 2nd line of defence: human checks for high-value domains Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 17

20 How This Got Our Interest In 2011, the foundations of X.509 were rocked. March 2011: Comodo CA hacked (a sub-seller, again) Attacker claims to come from Iran 10 certificates for high-value domains issued Browser reaction: blacklisting of those certificates in code Neither CRLs nor OCSP trusted enough to work for victims July 2011: DigiNotar CA hacked Attacker claims to be the same one as in March 531 fake certificates, high-value domains E.g., Google, Facebook, Mozilla, CIA, Mossad, Skype Some hints pointed at Man-in-the-middle attack in Iran The Netherlands PKI was operated by DigiNotar... For the first time, a Root CA is removed from a browser for being compromised Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 18

21 How This Got Our Interest In 2011, the foundations of X.509 were rocked. March 2011: Comodo CA hacked (a sub-seller, again) Attacker claims to come from Iran 10 certificates for high-value domains issued Browser reaction: blacklisting of those certificates in code Neither CRLs nor OCSP trusted enough to work for victims July 2011: DigiNotar CA hacked Attacker claims to be the same one as in March 531 fake certificates, high-value domains E.g., Google, Facebook, Mozilla, CIA, Mossad, Skype Some hints pointed at Man-in-the-middle attack in Iran The Netherlands PKI was operated by DigiNotar... For the first time, a Root CA is removed from a browser for being compromised Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 18

22 How This Got Our Interest In 2011, the foundations of X.509 were rocked. March 2011: Comodo CA hacked (a sub-seller, again) Attacker claims to come from Iran 10 certificates for high-value domains issued Browser reaction: blacklisting of those certificates in code Neither CRLs nor OCSP trusted enough to work for victims July 2011: DigiNotar CA hacked Attacker claims to be the same one as in March 531 fake certificates, high-value domains E.g., Google, Facebook, Mozilla, CIA, Mossad, Skype Some hints pointed at Man-in-the-middle attack in Iran The Netherlands PKI was operated by DigiNotar... For the first time, a Root CA is removed from a browser for being compromised Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 18

23 And the latest entrant to the contest... Trustwave issued MitM certs for companies Goal: transparent SSL proxying Defence against industry espionage Defeats whole end-to-end authentication OK for companies? What about nation states? Iran? China? Early 2012: Mozilla asks all CAs to report and revoke MitM certs Quite a few CAs admit to having issued them, but cite contractual obligation Are you happy to trust those contracts? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 19

24 And the latest entrant to the contest... Trustwave issued MitM certs for companies Goal: transparent SSL proxying Defence against industry espionage Defeats whole end-to-end authentication OK for companies? What about nation states? Iran? China? Early 2012: Mozilla asks all CAs to report and revoke MitM certs Quite a few CAs admit to having issued them, but cite contractual obligation Are you happy to trust those contracts? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 19

25 And the latest entrant to the contest... Trustwave issued MitM certs for companies Goal: transparent SSL proxying Defence against industry espionage Defeats whole end-to-end authentication OK for companies? What about nation states? Iran? China? Early 2012: Mozilla asks all CAs to report and revoke MitM certs Quite a few CAs admit to having issued them, but cite contractual obligation Are you happy to trust those contracts? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 19

26 Can We Assess the Quality of this PKI? A good PKI should... allow HTTPs on all WWW hosts... contain only valid certificates... offer good cryptographic security Long keys, only strong hash algorithms, have a sensible setup Short validity periods (1 year) Short certificate chains (but use intermediate certificates) Number of issuers should be reasonable (weakest link!) Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 20

27 Acquiring Our Data Sets Active scans to measure deployed PKI Scan hosts on Alexa Top 1 million Web sites Nov 2009 Apr 2011: scanned 8 times from Germany March 2011: scans from 8 hosts around the globe Passive monitoring to measure user-encountered PKI Munich Research Network, monitored all SSL/TLS traffic Two 2-week runs in Sep 2010 and Apr 2011 EFF scan of IPv4 space in 2010 Scan of 2-3 months, no domain information Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 21

28 Our Data Sets Active Scans Passive Monitoring EFF IPv4 scan Location Time (run) Type Certificates Tuebingen, DE November 2009 Active scan 833,661 Tuebingen, DE December 2009 Active scan 819,488 Tuebingen, DE January 2010 Active scan 816,517 Tuebingen, DE April 2010 Active scan 816,605 Munich, DE September 2010 Active scan 829,232 Munich, DE November 2010 Active scan 827,366 Munich, DE April 2011 Active scan 829,707 Munich, DE April 2011 Active scan with SNI 826,098 Shanghai, CN April 2011 Active scan 798,976 Beijing, CN April 2011 Active scan 797,046 Melbourne, AU April 2011 Active scan 833,571 İzmir, TR April 2011 Active scan 825,555 São Paulo, BR April 2011 Active scan 833,246 Moscow, RU April 2011 Active scan 830,765 Santa Barbara, US April 2011 Active scan 834,173 Boston, US April 2011 Active scan 834,054 Munich, DE September 2010 Passive monitoring 183,208 Munich, DE April 2011 Passive monitoring 989,040 EFF servers March June 2010 Active IPv4 scan 11,349, million certificates to evaluate. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 22

29 Our Data Sets Active Scans Passive Monitoring EFF IPv4 scan Location Time (run) Type Certificates Tuebingen, DE November 2009 Active scan 833,661 Tuebingen, DE December 2009 Active scan 819,488 Tuebingen, DE January 2010 Active scan 816,517 Tuebingen, DE April 2010 Active scan 816,605 Munich, DE September 2010 Active scan 829,232 Munich, DE November 2010 Active scan 827,366 Munich, DE April 2011 Active scan 829,707 Munich, DE April 2011 Active scan with SNI 826,098 Shanghai, CN April 2011 Active scan 798,976 Beijing, CN April 2011 Active scan 797,046 Melbourne, AU April 2011 Active scan 833,571 İzmir, TR April 2011 Active scan 825,555 São Paulo, BR April 2011 Active scan 833,246 Moscow, RU April 2011 Active scan 830,765 Santa Barbara, US April 2011 Active scan 834,173 Boston, US April 2011 Active scan 834,054 Munich, DE September 2010 Passive monitoring 183,208 Munich, DE April 2011 Passive monitoring 989,040 EFF servers March June 2010 Active IPv4 scan 11,349, million certificates to evaluate. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 22

30 Our Data Sets Active Scans Passive Monitoring EFF IPv4 scan Location Time (run) Type Certificates Tuebingen, DE November 2009 Active scan 833,661 Tuebingen, DE December 2009 Active scan 819,488 Tuebingen, DE January 2010 Active scan 816,517 Tuebingen, DE April 2010 Active scan 816,605 Munich, DE September 2010 Active scan 829,232 Munich, DE November 2010 Active scan 827,366 Munich, DE April 2011 Active scan 829,707 Munich, DE April 2011 Active scan with SNI 826,098 Shanghai, CN April 2011 Active scan 798,976 Beijing, CN April 2011 Active scan 797,046 Melbourne, AU April 2011 Active scan 833,571 İzmir, TR April 2011 Active scan 825,555 São Paulo, BR April 2011 Active scan 833,246 Moscow, RU April 2011 Active scan 830,765 Santa Barbara, US April 2011 Active scan 834,173 Boston, US April 2011 Active scan 834,054 Munich, DE September 2010 Passive monitoring 183,208 Munich, DE April 2011 Passive monitoring 989,040 EFF servers March June 2010 Active IPv4 scan 11,349, million certificates to evaluate. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 22

31 Our Data Sets Active Scans Passive Monitoring EFF IPv4 scan Location Time (run) Type Certificates Tuebingen, DE November 2009 Active scan 833,661 Tuebingen, DE December 2009 Active scan 819,488 Tuebingen, DE January 2010 Active scan 816,517 Tuebingen, DE April 2010 Active scan 816,605 Munich, DE September 2010 Active scan 829,232 Munich, DE November 2010 Active scan 827,366 Munich, DE April 2011 Active scan 829,707 Munich, DE April 2011 Active scan with SNI 826,098 Shanghai, CN April 2011 Active scan 798,976 Beijing, CN April 2011 Active scan 797,046 Melbourne, AU April 2011 Active scan 833,571 İzmir, TR April 2011 Active scan 825,555 São Paulo, BR April 2011 Active scan 833,246 Moscow, RU April 2011 Active scan 830,765 Santa Barbara, US April 2011 Active scan 834,173 Boston, US April 2011 Active scan 834,054 Munich, DE September 2010 Passive monitoring 183,208 Munich, DE April 2011 Passive monitoring 989,040 EFF servers March June 2010 Active IPv4 scan 11,349, million certificates to evaluate. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 22

32 Our Data Sets Active Scans Passive Monitoring EFF IPv4 scan Location Time (run) Type Certificates Tuebingen, DE November 2009 Active scan 833,661 Tuebingen, DE December 2009 Active scan 819,488 Tuebingen, DE January 2010 Active scan 816,517 Tuebingen, DE April 2010 Active scan 816,605 Munich, DE September 2010 Active scan 829,232 Munich, DE November 2010 Active scan 827,366 Munich, DE April 2011 Active scan 829,707 Munich, DE April 2011 Active scan with SNI 826,098 Shanghai, CN April 2011 Active scan 798,976 Beijing, CN April 2011 Active scan 797,046 Melbourne, AU April 2011 Active scan 833,571 İzmir, TR April 2011 Active scan 825,555 São Paulo, BR April 2011 Active scan 833,246 Moscow, RU April 2011 Active scan 830,765 Santa Barbara, US April 2011 Active scan 834,173 Boston, US April 2011 Active scan 834,054 Munich, DE September 2010 Passive monitoring 183,208 Munich, DE April 2011 Passive monitoring 989,040 EFF servers March June 2010 Active IPv4 scan 11,349, million certificates to evaluate. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 22

33 Errors in TLS Connection Setup Scans from Germany, Nov 2009 and Apr 2011 % of all connections 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Other failure Unknown protocol Success Apr2011 Top 1k Nov2009 Top 1k Aug2011 Top 10k Nov2009 Top 10k Apr2011 Top 100k Nov2009 Top 100k Apr2011 Top 1m Nov2009 Top 1m Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 23

34 Validity of End-Hosts Certificates R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 3 I 6 E 3 E 4 E 5 E 6 Host Certificates Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 24

35 Validation of Certificate Chains Just check chains, not host names Chain valid Expired Self signed end host certificate Root certificate not in root store No root certificate found Germany.Nov09 Germany.Apr11 China.Apr11 EFF MON1.Sep10 MON2.Apr11 % of all certificates 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 25

36 Correct Domain Name in Certificate Now also check host names Look in Common Name (CN) and Subject Alternative Name (SAN) Munich, April 2011, only valid chains: 12.2% correct CN 5.9% correct SAN Only 18% of certificates are fully verifiable Positive trend : from 14.9% in 2009 to 18% in 2011 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 26

37 Unusual Host Names CN=plesk or similar Found in 7.3% of certificates Verified: Plesk/Parallels panels CN=localhost 4.7% of certificates Very common: redirection to HTTP after HTTPs Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 27

38 Host Names in Self-signed Certificates Self-signed means: Issuer the same as subject of certificate Requires out-of-band distribution of certificate Active scan 2.2% correct Common Name (CN) 0.5% correct Subject Alternative Name Top 3 most frequent CNs account for > 50% plesk or similar in 27.3% localhost or similar in 25.4% standard installations? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 28

39 Certificate Occurrences Many certificates valid for more than one domain Domains served by same IP Some certificates issued for dozens of domains Certificate reuse on multiple machines increases options for attacker Often found on hosters E. g. *.blogger.com, *.wordpress.com Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 29

40 Certificate Occurrences How often does a certificate occur on X hosts? 0.1 all certificates only valid certificates Pr[ #hosts > X ] e 4 1e Number of hosts per certificate =: X Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 30

41 Certificate Chains R 1 Root Store R 2 CA 3 CA 1 I 1 I 4 CA I 2 2 R 3 E 7 E 1 E 2 I 5 I 6 I 3 E 5 E 6 Intermediate Certificates E 3 E 4 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 31

42 Certificate Chain Lengths 70% Apr11 Nov09 60% MON1 Share in certificates 50% 40% 30% 20% 10% 0% and greater Chain length Finding more positive than negative: Trend to use intermediate certificates more often Allows to keep Root Certificates offline But chains still reasonably short Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 32

43 Validity Periods CDF of validity periods, scans and monitoring Pr[X < validity] Nov2009 Apr2011 MON2, Apr Validity (years) Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 33

44 Public Key Properties Key types RSA: 99.98% (rest is DSA) About 50% have length 1,024 bit About 45% have length 2,048 bit Clear trend from 1,024 to 2,048 bit ( ) Weird encounters 1,504 distinct certificates that share another certificate s key Could be traced to a handful of hosting companies Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 34

45 Signature Algorithms MD5 is being phased out 100% 90% Prevalence in signatures 80% 70% 60% 50% 40% 30% 20% 10% 0% RSA/SHA1 RSA/MD5 Active scans from Germany Monitoring Active scans from China 1/1/2010 Date 1/1/2011 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 35

46 Certificate Issuers Very few CAs account for > 50% of certificates GoDaddy Equifax (several root certificates) Verisign (several roots) plesk' Thawte (several roots) localhost' or similar GeoTrust (several roots) USERTRUST Comodo GlobalSign Share (%) But there are 150+ Root Certificates in Mozilla. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 36

47 Certificate Quality We defined 3 categories Good : Correct chains, correct host name Chain 2 No MD5, strong key of > 1024 bit Validity 13 months Acceptable Chain 3, validity 25 months Rest as above Poor : the remainder Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 37

48 Certificate Quality Share in rank range 50% 40% 30% 20% 10% Valid but poor Acceptable Good Top 1024 Top 2048 Top 4096 Top 8192 Top Top Top Top Top Top Top 1m 0% Validity correlates with rank Share of poor certificates higher among high-ranking sites Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 38

49 What to do about these problems? No silver bullet known Part of the problem: SSL meant to protect stuff like credit card numbers But state-scale attacks were not in scope back in the 1990s Several proposals: Extended Validation, Base Line Requirements Pinning Information Keys in DNSSEC (DANE) Perspectives/Convergence Public Log schemes: Sovereign Keys, Auditable CAs Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 39

50 PKI-me-harder Extended Validation CAs to require state-issued documents before certification More expensive Rarely bought by customers Base Line Requirements CA/Browser forum standard Absolute minimum requirements for validation Audit-based, rules for audits Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 40

51 Pinning Information Idea Browser stores last-seen public key of a site Alternatively: store issuing CA Recognise again upon next visit Discussion Does not help against attack on first contact False alarms when certificates change (not rare!) How many certs to store? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 41

52 Keys in DNSSEC: DANE Idea DNSSEC already a hierarchical state-level PKI Verification from Root Server down to end-host Resolve DNS name to IP address New Resource Record in DNSSEC: public key of site Discussion Straight-forward and strong Performance? Caching? Countries control their own TLDs. Think bit.ly! Defence against country-level attack? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 42

53 Perspectives and Convergence Idea: Notaries Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 43

54 Perspectives and Convergence Reconfirm with notaries Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 44

55 Discussion of Notary System Advantages Works well against MitM in the network Reinforcement of CAs system Possible problems Privacy! False positives: some sites change certificates frequently Content Distribution Networks? Indication of site identity still necessary Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 45

56 Public Log Store information Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 46

57 Public Log Retrieve information Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 47

58 Public Log Schemes Idea: store information publicly and append-only Sovereign Keys Sites stores authoritative key to cross-sign its certificates Goal: cross-certification and cross-validation of keys Auditable CAs CAs store info about whom they certify Goal: detect rogue CA issuing key for a site Schemes are very new Both from November 2011 Sovereign Keys to be presented at 28C3 in 2 weeks Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 48

59 Sovereign Keys (EFF) Sites store information on < 30 timeline servers timestamp name key protocols evidence A 0x427E8A https, smtps Sig CA (A, ) B 0x7389FB https:8080 Sig B (B, ) C 0x49212A imaps Sig C (C, ) A 0x427E8A https, smtps Sig CA (A, ) Work-in-progress Timeline is auditable by clients Mirrors proposed https://www.eff.org/sovereign-keys Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 49

60 Sovereign Keys: Discussion Pros Does not need CA support Evidence can be based on DANE DNSSEC, CAs,... Performance and bandwidth? Cons Continous monitoring of timeline server needed Maintain list of timeline servers Entries are not space-efficient Privacy (suggested remedy: TOR-like proxying) Key loss Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 50

61 Auditable CAs (Ben Laurie et al.) CAs store certification proof on public servers timestamp name cert evidence A Cert by Verisign M Sig(hashes) B Cert by GoDaddy M Sig(hashes) C Cert by CACert M Sig(hashes) MSig(hashes) Very-much-work-in-progress (IANAC!) Log = certificates, periodically Merkle signatures Induces small latency CertificateAuthorityTransparencyandAuditability.pdf Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 51

62 Discussion of Auditable CAs Pros Protects against rogue/hacked CAs Efficient data structure Cons CAs do not like to disclose their customers Requires continous monitoring of logs Revocation unclear Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 52

63 Crossbear: hunting the MitM Our own contribution: find the MitM Idea: combine Notary concept with tracerouting Goal: gain reliable data about MitM How often do they occur? Are they common? Where are the attackers located? Maybe: who are the attackers? Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 53

64 Alice is surfing... Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 54

65 Man-in-the-middle Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 55

66 Alice queries CrossBear Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 56

67 CrossBear checks the server Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 57

68 CrossBear reports result Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 58

69 Alice traceroutes to server Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 59

70 Alice reports to CrossBear Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 60

71 Distribute hunting tasks Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 61

72 Bob goes hunting Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 62

73 Bob reports Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 63

74 There are many Bobs Perspectives Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 64

75 Crossbear summary Status Running 150 hunters deployed on PlanetLab, waiting for action Project needs Bobs (and Bobinas) now Get it from https://github.com/crossbear/crossbear Contact us WWW: https://pki.net.in.tum.de Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 65

76 Summary In great part, the X.509 PKI is in a sorry state Only 18% of the Top 1 Million Web sites show fully valid certificates Much carelessness Some positive developments Slight trend towards fully valid certificates Crypto OK Remedies? Remains to be seen. Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 66

77 Thank you! Crossbear: https://github.com/crossbear/crossbear Web presence (download datasets!): https://pki.net.in.tum.de Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 67

78 Errors in TLS Connection Setup UNKNOWN PROTOCOL Rescanned those hosts and manual sampling Always plain HTTP and always an index.html with HTML 2... Hypothesis: old servers, old configurations More likely to happen in the lower ranks Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 68

79 Symmetric Ciphers Results from monitoring RSA_WITH_RC4_128_MD5 (!) RSA_WITH_AES_128_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_RC4_128_SHA RSA_WITH_3DES_EDE_CBC_SHA (!) RSA_WITH_NULL_SHA DHE_RSA_WITH_CAMELLIA_256_CBC_SHA RSA_WITH_NULL_MD5 (!) DHE_RSA_WITH_AES_128_CBC_SHA others MON1 MON % of connection ciphers (Mostly) in line with results from 2007 by Lee et al. Order of AES and RC4 has shifted, RC4-128 most popular Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 69

80 Public Key Lengths CDF for RSA key lengths double-log Y axis Pr[X < length] e 04 1e 05 Tue Nov2009 TUM Sep2010 TUM April Key length (bits) Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 70

81 Debian Weak Keys (1) Bug of 2008 Generation of random numbers weak (bad initialisation) Only 2 16 public/private key-pairs generated Allows pre-computation of private keys Debian ships blacklist of keys Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 71

82 Debian Weak Keys (2) Weak randomness in key generation serious bug of % Share of weak keys 0.6% 0.5% 0.4% 0.3% 0.2% 0.1% 0 1/1/2010 Date 1/1/2011 Ralph Holz, Thomas Riedmaier, Lothar Braun, Nils Kammenhuber: The SSL Landscape 72

Public Key Infrastructures

Public Key Infrastructures Public Key Infrastructures Ralph Holz Network Architectures and Services Technische Universität München November 2014 Ralph Holz: Public Key Infrastructures 1 Part 2: Recent results or: the sorry state

More information

The SSL Landscape A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements

The SSL Landscape A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements The SSL Landscape A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements Ralph Holz, Lothar Braun, Nils Kammenhuber, Georg Carle Technische Universität München Faculty of Informatics

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information

Managing security-relevant data from measurements on Internet scale

Managing security-relevant data from measurements on Internet scale Managing security-relevant data from measurements on Internet scale (Tales from the road) Ralph Holz 9 June 2015 About the speaker PhD from Technische Universität München, 2014 Dissertation on measurement

More information

Should You Trust the Padlock? Web Security and the HTTPS Value Chain. Keeping Current 20 November 2013 Ken Calvert

Should You Trust the Padlock? Web Security and the HTTPS Value Chain. Keeping Current 20 November 2013 Ken Calvert Should You Trust the Padlock? Web Security and the HTTPS Value Chain Keeping Current 20 November 2013 Ken Calvert Outline 1. What are we afraid of? 2. Countermeasures: Securing the Web 3. Public-key Crypto

More information

Public Key Infrastructures

Public Key Infrastructures Public Key Infrastructures Chapter 5 Public Key Infrastructures Content by Ralph Holz Network Architectures and Services Version: November 2014, updated January 7, 2016 IN2101, Network Security 1 Public

More information

SSL and Browsers: The Pillars of Broken Security

SSL and Browsers: The Pillars of Broken Security SSL and Browsers: The Pillars of Broken Security Ivan Ristic Wolfgang Kandek Qualys, Inc. Session ID: TECH-403 Session Classification: Intermediate SSL, TLS, And PKI SSL (or TLS, if you prefer) is the

More information

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB Scott Rea DigiCert, Inc. Session ID: SEC-T02 Session Classification: Intermediate BACKGROUND: WHAT IS A CERTIFICATION AUTHORITY? What is a certification

More information

Bugzilla ID: Bugzilla Summary:

Bugzilla ID: Bugzilla Summary: Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

SSL BEST PRACTICES OVERVIEW

SSL BEST PRACTICES OVERVIEW SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%

More information

Alternatives and Enhancements to CAs for a Secure Web

Alternatives and Enhancements to CAs for a Secure Web Alternatives and Enhancements to CAs for a Secure Web Ben Wilson Digicert, Inc. - CA/Browser Forum Eran Messeri Google Session Classification: Intermediate Current Web PKI System OS / Browsers have Managed

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

SSL: Paved With Good Intentions. Richard Moore rich@westpoint.ltd.uk

SSL: Paved With Good Intentions. Richard Moore rich@westpoint.ltd.uk SSL: Paved With Good Intentions Richard Moore rich@westpoint.ltd.uk Why do we need SSL? Privacy Online shopping Online banking Identity Protection Data Integrity Early SSL First public version was SSLv2

More information

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Certificate Management. PAN-OS Administrator s Guide. Version 7.0 Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

ARPKI: Attack Resilient Public-Key Infrastructure

ARPKI: Attack Resilient Public-Key Infrastructure ARPKI: Attack Resilient Public-Key Infrastructure David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski ETH Zurich, University of Oxford, CMU 1 PUBLIC KEYS AND CERTIFICATES

More information

A Study of What Really Breaks SSL HITB Amsterdam 2011

A Study of What Really Breaks SSL HITB Amsterdam 2011 A Study of What Really Breaks SSL HITB Amsterdam 2011 v1.0 Ivan Ristic Michael Small 20 May 2011 Agenda 1. State of SSL 2. Quick intro to SSL Labs 3. SSL Configuration Surveys 4. Survey of Actual SSL Usage

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

Websense Content Gateway HTTPS Configuration

Websense Content Gateway HTTPS Configuration Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco

More information

CSC574 - Computer and Network Security Module: Public Key Infrastructure

CSC574 - Computer and Network Security Module: Public Key Infrastructure CSC574 - Computer and Network Security Module: Public Key Infrastructure Prof. William Enck Spring 2013 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes an association

More information

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7. Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa 7. [N b ] PKb B Here,

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

NIST ITL July 2012 CA Compromise

NIST ITL July 2012 CA Compromise NIST ITL July 2012 CA Compromise Prepared for: Intelligent People paul.turner@venafi.com 1 NIST ITL Bulletin on CA Compromise http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf These

More information

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust SSL Interception Proxies Jeff Jarmoc Sr. Security Researcher Dell SecureWorks and Transitive Trust About this talk History & brief overview of SSL/TLS Interception proxies How and Why Risks introduced

More information

Attacks against certification service providers and their ramifications

Attacks against certification service providers and their ramifications Federal IT Steering Unit FITSU Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI www.melani.admin.ch Technological consideration Attacks against certification

More information

Is Your SSL Website and Mobile App Really Secure?

Is Your SSL Website and Mobile App Really Secure? Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電

More information

Analysis of the HTTPS Certificate Ecosystem

Analysis of the HTTPS Certificate Ecosystem Analysis of the HTTPS Certificate Ecosystem, James Kasten, Michael Bailey, J. Alex Halderman University of Michigan HTTPS and TLS How does HTTPS and the CA ecosystem fit into our daily lives? Nearly all

More information

Asymmetric cryptosystems fundamental problem: authentication of public keys

Asymmetric cryptosystems fundamental problem: authentication of public keys Network security Part 2: protocols and systems (a) Authentication of public keys Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Asymmetric cryptosystems fundamental

More information

PKI : state of the art and future trends

PKI : state of the art and future trends PKI : state of the art and future trends David Chadwick d.w.chadwick@truetrust.co.uk 25 Sept 2013 2010-13 TrueTrust Ltd 1 Contents Review of X.509 state of the art to date What is new in X.509 (2016) What

More information

SSL Server Rating Guide

SSL Server Rating Guide SSL Server Rating Guide version 2009j (20 May 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

Breaking the Myths of Extended Validation SSL Certificates

Breaking the Myths of Extended Validation SSL Certificates BlackHat Briefings, 2009 Breaking the Myths of Extended Validation SSL Certificates Alexander Sotirov phmsecurity.com Mike Zusman intrepidusgroup.com Introduction Chosen-prefix MD5 collisions allowed us

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

Internet SSL Survey 2010! Black Hat USA 2010

Internet SSL Survey 2010! Black Hat USA 2010 Internet SSL Survey 2010! Black Hat USA 2010 Ivan Ristic Director of Engineering, Web Application Firewall and SSL iristic@qualys.com / @ivanristic July 29th, 2010 (v1.6) Agenda 1. Why do we care about

More information

Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs OWASP AppSec APAC 2012 The OWASP Foundation http://www.owasp.org Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

More information

Number of relevant issues

Number of relevant issues Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may

More information

MD5 Considered Harmful Today

MD5 Considered Harmful Today MD5 Considered Harmful Today Creating a rogue CA certificate Alexander Sotirov Marc Stevens Jacob Appelbaum Arjen Lenstra David Molnar Dag Arne Osvik Benne de Weger New York, USA CWI, Netherlands Noisebridge/Tor,

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

Certificates and network security

Certificates and network security Certificates and network security Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline X.509 certificates and PKI Network security basics: threats and goals Secure socket layer

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Computer and Network Security. Outline

Computer and Network Security. Outline Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A

More information

Public Key Infrastructure

Public Key Infrastructure UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported

More information

Securing End-to-End Internet communications using DANE protocol

Securing End-to-End Internet communications using DANE protocol Securing End-to-End Internet communications using DANE protocol Today, the Internet is used by nearly.5 billion people to communicate, provide/get information. When the communication involves sensitive

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Server Certificates based on DNSSEC

Server Certificates based on DNSSEC Server Certificates based on DNSSEC Audun Jøsang and Kashif Sana Dar University of Oslo josang@mn.uio.no and kashifd@ifi.uio.no Abstract. Globally unique domain names and IP addresses that are provided

More information

Web Security. Mahalingam Ramkumar

Web Security. Mahalingam Ramkumar Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting

More information

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA) Computer Science CSC/ECE 574 Computer and Network Security Topic 7.2 Public Key Infrastructure (PKI) CSC/ECE 574 Dr. Peng Ning 1 What Is PKI Informally, the infrastructure supporting the use of public

More information

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1 KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data

More information

Microsoft Trusted Root Certificate: Program Requirements

Microsoft Trusted Root Certificate: Program Requirements Microsoft Trusted Root Certificate: Program Requirements 1. Introduction The Microsoft Root Certificate Program supports the distribution of root certificates, enabling customers to trust Windows products.

More information

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Djigzo S/MIME setup guide

Djigzo S/MIME setup guide Author: Martijn Brinkers Table of Contents...1 Introduction...3 Quick setup...4 Create a CA...4 Fill in the form:...5 Add certificates for internal users...5 Add certificates for external recipients...7

More information

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure

More information

CALIFORNIA SOFTWARE LABS

CALIFORNIA SOFTWARE LABS ; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite

More information

Certificates, Revocation and the new gtld's Oh My!

Certificates, Revocation and the new gtld's Oh My! Certificates, Revocation and the new gtld's Oh My! Dan Timpson sales@digicert.com www.digicert.com +1 (801) 877-2100 Focus What is a Certificate Authority? Current situation with gtld's and internal names

More information

Search for Trust: An Analysis and Comparison of CA System Alternatives and Enhancements

Search for Trust: An Analysis and Comparison of CA System Alternatives and Enhancements 1 Search for Trust: An Analysis and Comparison of CA System Alternatives and Enhancements Alexandra C. Grant Senior Honors Thesis Advisor: Charles C. Palmer Dartmouth Computer Science Technical Report

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Ciphermail S/MIME Setup Guide

Ciphermail S/MIME Setup Guide CIPHERMAIL EMAIL ENCRYPTION Ciphermail S/MIME Setup Guide September 23, 2014, Rev: 6882 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 S/MIME 3 2.1 PKI...................................

More information

ADDITIONAL Information Security Review, 3b/2011. 28 November 2011 On vulnerabilities in the certificate system

ADDITIONAL Information Security Review, 3b/2011. 28 November 2011 On vulnerabilities in the certificate system ADDITIONAL Information Security Review, 3b/2011 28 November 2011 On vulnerabilities in the certificate system 1 CERT-FI Information Security Review 3b/2011 On vulnerabilities in the certificate system

More information

State of PKI for SSL/TLS

State of PKI for SSL/TLS State of PKI for SSL/TLS NIST Workshop on Improving Trust in the Online Marketplace Russ Housley Vigil Security, LLC Introduction State of the PKI for SSL/TLS: Mostly working, but too fragile Facing motivated

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

Understanding digital certificates

Understanding digital certificates Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk

More information

SSL, PKI and Secure Communication

SSL, PKI and Secure Communication SSL, PKI and Secure Communication Aditya Marella 20 th March, 2014 03/19/2014 Usable Privacy and Security 1 Secure Sockets Layer (SSL) Developed by Netscape Sits on top of TCP and below application level

More information

SSL/TLS and MITM attacks. A case study in Network Security By Lars Nybom & Alexander Wall

SSL/TLS and MITM attacks. A case study in Network Security By Lars Nybom & Alexander Wall SSL/TLS and MITM attacks A case study in Network Security By Lars Nybom & Alexander Wall SSL/TLS Background SSL/TLS Secure Socket Layer/Transport Layer Security (rfc 2246) SSL/TLS Background SSL/TLS Secure

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

Lesson 10: Attacks to the SSL Protocol

Lesson 10: Attacks to the SSL Protocol Lesson 10: Attacks to the SSL Protocol Luciano Bello - luciano@debian.org Chalmers University Dr. Alfonso Muñoz - amunoz@diatel.upm.es T>SIC Group. Universidad Politécnica de Madrid Security of the SSL

More information

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure CSE543 - Introduction to Computer and Network Security Module: Public Key Infrastructure Professor Trent Jaeger 1 Meeting Someone New Anywhere in the Internet 2 What is a certificate? A certificate makes

More information

SSL Report: ebfl.srpskabanka.rs (91.240.6.48)

SSL Report: ebfl.srpskabanka.rs (91.240.6.48) Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > SSL Report: (91.240.6.48) Assessed on: Sun, 03 Jan 2016 15:46:07 UTC HIDDEN Clear cache Scan Another» Summary Overall

More information

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key

More information

Certificate Management

Certificate Management Certificate Management Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Application Security: Threats and Architecture

Application Security: Threats and Architecture Application Security: Threats and Architecture Steven M. Bellovin smb@cs.columbia.edu http://www.cs.columbia.edu/ smb Steven M. Bellovin August 4, 2005 1 We re from the Security Area, and We re Here to

More information

Breaking the Security Myths of Extended Validation SSL Certificates

Breaking the Security Myths of Extended Validation SSL Certificates Breaking the Security Myths of Extended Validation SSL Certificates Alexander Sotirov phreedom.org Mike Zusman intrepidusgroup.com Introduction SSL certificate authorities have been thoroughly broken in

More information

Configuring SSL Termination

Configuring SSL Termination CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL

More information

CERTIFICATION PRACTICE STATEMENT UPDATE

CERTIFICATION PRACTICE STATEMENT UPDATE CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.

More information

Analyzing DANE's Response to Known DNSsec Vulnerabilities

Analyzing DANE's Response to Known DNSsec Vulnerabilities Analyzing DANE's Response to Known DNSsec Vulnerabilities Matthew Henry Joseph Kirik Emily Scheerer UMBC UMBC UMBC henmatt1@umbc.edu joskir1@umbc.edu semily1@umbc.edu May 9, 2014 Abstract: SSL/TLS is currently

More information

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In)

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In) DNSSEC: A Vision Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Outline DNS Today DNS Attacks DNSSEC: An Approach Countering DNS Attacks Conclusion 2 DNS Today DNS is

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors. Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner

Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors. Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner Current Initiatives in Global PKI Establishing Trust in Public and Private Sectors Donald E. Sheehy, CA*CISA, CRISC, CIPP/C Associate Partner This session will discuss Brief introduction of Public Key

More information

Certificate Authority Transparency and Auditability

Certificate Authority Transparency and Auditability Certificate Authority Transparency and Auditability Ben Laurie Adam Langley 22 Nov 2011 Goal The goal is to make it impossible (or at least very difficult) for a Certificate

More information

7 Key Management and PKIs

7 Key Management and PKIs CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.

More information

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0 Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark

More information

The Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. Duisburg, June 19, 2015

The Impact of DNSSEC. Matthäus Wander. on the Internet Landscape. <matthaeus.wander@uni-due.de> Duisburg, June 19, 2015 The Impact of DNSSEC on the Internet Landscape Matthäus Wander Duisburg, June 19, 2015 Outline Domain Name System Security problems Attacks in practice DNS Security Extensions

More information

Running head: SSL CERTIFICATE AUTHORITY ISSUES 1. Investigating Implementations Designed. to Resolve SSL Certificate Authority Issues.

Running head: SSL CERTIFICATE AUTHORITY ISSUES 1. Investigating Implementations Designed. to Resolve SSL Certificate Authority Issues. Running head: SSL CERTIFICATE AUTHORITY ISSUES 1 Investigating Implementations Designed to Resolve SSL Certificate Authority Issues Michael Ham Stefani Kokel Josh Stroschein Dakota State University SSL

More information

Overview. Certification Authority. PKI Clients. Registration Authority. Public Key Infrastructure. Public Key Infrastructure

Overview. Certification Authority. PKI Clients. Registration Authority. Public Key Infrastructure. Public Key Infrastructure Public Key Infrastructure Overview Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-07/ Public

More information

IPv4 Shortage Multiple SSL Certificates on a single IP address

IPv4 Shortage Multiple SSL Certificates on a single IP address GlobalSign. A GMO Internet Inc group company. IPv4 Shortage Multiple SSL Certificates on a single IP address Paul van Brouwershaven EMEA Business Development Director GLOBALSIGN SOLUTIONS Visible Trust

More information

A quick overview of the DANE WG. * DNS-based Authentication of Named Entities

A quick overview of the DANE WG. * DNS-based Authentication of Named Entities A quick overview of the DANE WG * DNS-based Authentication of Named Entities Some background... When you connect to https://www.example.com you use SSL (actually TLS) to secure your connection. Need a

More information

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol SSL/TLS TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol HTTPS SSH SSH Protocol Architecture SSH Transport Protocol Overview SSH User Authentication Protocol SSH Connection Protocol

More information

Key Management and Distribution

Key Management and Distribution Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

How to configure SSL proxying in Zorp 3 F5

How to configure SSL proxying in Zorp 3 F5 How to configure SSL proxying in Zorp 3 F5 June 14, 2013 This tutorial describes how to configure Zorp to proxy SSL traffic Copyright 1996-2013 BalaBit IT Security Ltd. Table of Contents 1. Preface...

More information

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer

More information

More on SHA-1 deprecation:

More on SHA-1 deprecation: Dear PTC Axeda Customer, This message specifies Axeda and IDM Agent upgrade requirements and timelines for transitioning Axeda Enterprise Server, Global Access Server (GAS), Policy Server, and Questra

More information