Introduc)on* X.509Cer)ficates X.509* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$

Size: px

Start display at page:

Download "Introduc)on* X.509*Cer)ficates* X.509* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$"

Jody Melton
8 years ago
Views:

1 Introduc)on* By:$Holz,$Braun,$Kammenhuber,$and$Carle$ Presented$by:$William$Garrard$! How$secure$is$our$online$communication?$! Transport$Layer$Security$(TLS)/Secure$Sockets$Layer$ (SSL)$infrastructure$! HTTPs$and$IMAPs$protocols$! X.509$Public$Key$Infrastructure$(PKI)$certificates$! Collected$certificates$for$1.5$years$! Estimated$quality$of$current$PKI$deployment$! Found$several$breaks$and$inconsistencies$ $ X.509*! ITUVT$format$standard$for$Public$Key$Certificates$! Issued$by$trusted$Certification$Authorities$(CA)$! Prevents$imposters$in$a$digital$exchange$! Human$factors$within$CA s$! Black$box$process$! Potential$for$mischief$here$! Issued$certificates$are$trusted$completely$! Mozilla$trusts$~150$authorities.$$Do$you?$ X.509*Cer)ficates*! Subject$Line $ $contains$entity$to$which$it$is$issued.$ (DNS$host$name)$! Validity$period$! Public$Key$! Domain$! CrossVreferenced$by$browser$to$domain$being$accessed$! Digital$Signature$

2 X.509*Cer)ficates*! Issued$in$trees,$descending$from$Root$Certificates$! Forms$ trust$chains $! Delegates$identification$work$to$local$registrars$! Creates$points$of$attack$! Do$we$know$the$intermediaries$and/or$trust$them$ too?$! Root$certificates$are$shipped$to$browser$vendors$! Compromised$roots$are$a$major$situation$! Even$so,$users$do$not$seem$to$care$when$alerted$ Scans*! Used$Alexa$Top$1$Million$Hosts$! Active$! Used$OpenSSL$! Attempted$handshake$with$hosts$on$port$443$! Extracted$certificates,$connection$data$where$successful$! Passive$! Took$first$15kB$of$random$handshakes$on$Munich$ research$link$in$first$try$! 400kB$in$second$try$by$parallelizing$the$monitoring$ software$ Dataset*! Data$was$taken$from:$ 1. Active$scans$in$Tuebingen$and$Muenchen,$Germany$ 2. Distributed$nodes$around$the$world$via$PlanetLab$ for$comparison$based$on$location$ 3. Passive$scans$ 4. Other$researchers $work$! Grid$computing$sessions$were$disregarded$when$ possible.$ Related*Work*! Electronic$Frontier$Foundation$(EFF)$and$iSEC$(2010)$! Scanned$IPv4,$extracting$certificates$! Looked$for$weirdly$structures$certificates$! Which$CA s$did$what$! Ristic$(2010)$! Similar$to$EFF/iSec$! Added$to$current$dataset$! Lee,$et$al.$(2007)$! Investigated$cryptography$within$TLS/SSL$! Ignored$Certificates$! Yitek,$et$al.$(2009)$! Investigated$OpenSSL$bug$! Ignored$Certificates$! Scans$performed$by$ Landscape s $authors$lasted$much$longer$than$any$of$ these.$

3 Analysis **! How$many$hosts$allowed$TLS/SSL$connections$on$the$ proper$port?$! 66%$of$all$hosts$! 90%+$of$the$top$1000$! Many$failures$came$from$unknown$protocols$on$443,$ which$turned$out$to$be$plain$http$! Higher$ranked$hosts$lacked$irregular$configurations$! Were$crypto$algorithms$and$keys$strong?$! Most$connections$used$RC4,$AES$with$128$or$256$bit$ keys$! TripleVDES$found$in$about$10%$of$cases$still$! Compared$to$2007$data,$RC4$V128$is$now$most$popular,$ overtaking$aesv256$! Some$(~1V3%)$connections$had$no$encryption$! Likely$grid$traffic,$which$omits$this$for$speed$! How$often$is$the$same$certificate$used$on$multiple$ hosts?$! In$theory$it$should$be$never$! Practical$factors$like$cost$change$this$! Some$(~1/10,000)$certificates$used$for$>$10,000$hosts$! 1%$of$certificates$used$for$~10$hosts$! Many$repeat$offenders$were$hosting$companies$

4 ! Are$Certification$Chains$Valid?$! This$means$a$chain$leads$to$a$root$in$the$browser s$root$ store$! Signatures$and$expiration$dates$all$check$out$! Only$60%$valid$! 18%$Expired$! 25%$SelfVsigned$! Ratios$did$not$change$over$time,$meaning$no$ improvement$! Do$certificates$have$the$correct$host$name?$! Only$18.07%,$when$constrained$by$also$having$a$valid$ chain,$21%$otherwise$! Many$sites$are$not$to$be$used$with$HTTPs$anyway,$so$ this$may$not$be$so$bad$

5 Analysis **! Are$common$names$correct?$! Part$of$the$subject$field$on$a$certificate$! 60k$instances$of$ plesk $(Parallels/Plesk$Virtualization$ and$web$hosting$environment)$! 39k$instances$of$ localhost $! None$of$those$had$valid$chains$! Are$self$signed$certificates $host$names$correct?$! Issued$by$servers$to$themselves$! Useful$for$personal$servers$! Users$need$to$determine$trust$for$themselves$! 97%+$of$names$do$not$match$! plesk $and$ localhost $variants$occur$in$>50%$! Self$signed$certificates$are$not$maintained$! Are$extended$validation$(EV)$certificates$used?$! Designed$to$give$users$more$information$about$who$ they$are$connecting$to$! Only$8.93%$of$top$10,000$! 5.17%$of$top$50,$thanks$to$Google$! How$long$are$certificate$chains?$! Only$counted$intermediate$links,$not$root$and$end$ nodes$! Most$chains$are$<4$$ $$$nodes$in$length$! >50%$of$chains$were$$ $$$of$length$0$

6 ! Are$signature$algorithms$secure?$! MD5,$once$popular,$was$to$begin$a$phase$out$! Occurred$about$17.3%$in$2009$! Dropped$to$7.3%$in$2011$! SHA1$rose$to$make$up$the$difference$! Are$public$keys$strong$enough?$! RSAV768$was$cracked$in$2009$! RSAV1024$margin$is$decreasing$! Between$2009$and$2011,$>1024$bit$keys$rose$20%$in$ frequency,$with$1024$bit$keys$falling$about$that$much$! Are$validity$periods$the$proper$length?$! Longer$periods$make$easier$cracking$through$advances$ in$technology$and$hardware$! Most$are$for$1$year$+0V5$months.$! Others$for$2,3,4,5,10,15,20,$or$30$years$! >5$years$are$very$rare$! Smallest$was$2$hours,$longest$was$8,000$years$! How$do$distinct$intermediate$certificates$compare$to$ distinct$certification$chains?$! Very$broad$at$the$leaves,$shrinks$rapidly$to$the$root$ CA s$! Magnitudes$much$closer$in$top$1$million$than$in$IPv4$! In$general,$this$leads$to$too$great$an$attack$surface$to$ feel$safe$about$

7 ! How$are$certificates$different$by$location?$! Man$in$the$middle$attacks$can$be$launched$by$ swapping$certificates$at$a$few$locations$! Identified$several$thousand$suspicious$hosts,$mainly$in$ China$and$Russia$! Did$not$find$evidence$of$any$attacks$taking$place$! However,$did$not$investigate$all$suspicious$domains$! Overall,$not$many$differences$by$location$! Who$issues$the$most$certificates?$! Entities$issuing$>2000$certificates$made$up$>50%$of$all$ distinct$certificates$issued.$! Are$there$any$duplicate$serial$number$in$certificates$ issued$by$the$same$ca?$! None$were$found$! What$version$of$X.509$is$being$used?$! Version$1$is$outdated$! 13.99%$of$certificates$are$in$Version$1.$$None$were$valid$ chainwise$and$most$were$self$signed.$$most$of$the$ others$were$from$one$russian$company.$ Discussion*! Host$rank$is$inversely$related$to$valid$certificate$ holding$! Number$of$totally$good$certificates$is$low$overall$! Good:$! Valid$chains,$host$names,$chain$length$<3,$no$MD5,$no$ weak$keys,$>1024$bit$keys,$validity$<13$months$! Acceptable:$! Chain$length$<4,$validity$<25$months$! Valid$but$bad:$! All$others$with$correct$chains$and$host$names$

8 Discussion* Discussion*! Comprehensive$analysis$of$the$state$of$X.509$ certificates$in$the$muck$of$the$real$world$! Generated$many$ sobering $findings$! Ended$with$strong$negative$opinion$on$certificate$ system$overall$! Did$not$provide$outline$or$ideas$for$an$alternative$or$ improvements$beyond$fixing$what$was$reported$to$be$ broken$$ Next*Steps*! Analysis$on$the$relative$safety$enjoyed$currently$ versus$the$theoretical$ideal$based$on$current$ technology$and$protocols$! Development$of$a$more$eccentricityVresistant$ certificate$system$from$the$groundvup$ Ques)ons*

Internet!of!Services! Project!IntroducMon!

Internet!of!Services! Project!IntroducMon! Prof.!Dr.!Küpper,!S.!Göndör,!S.!Zickau,!M.!Slawik,!et!al.! ServiceIcentric!Networking! Telekom!InnovaMon!Laboratories!and!TU!Berlin! Introduc)on* Project!OrganizaMon!!