SSL and TLS
DigiNotar Break-In
"ComodoHacker" broke into a Dutch certificate authority, DigiNotar Rogue certificates issued for *.google.com, Skype, Facebook, www.cia.gov, and 527 other domains DigiNotar filed for bankruptcy
RansomPKP attack
1. Bad guys get access to server 2. Push new valid certificate with new pinning - Anyone who can prove domain ownership can get a certificate for that domain 3. Good guys get back control of their website 4. Now they need the right certificate that the attackers created because their users cannot connect to them 5. Attackers can sell them the certificate for the "right" price
SSL handshake protocol
A process that creates the first secure communications session between a client and a server
HTTP Public Key Pinning (HPKP)
A security mechanism delivered via an HTTP header which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
Comodo Break-In
An Iranian hacker broke into instantSSL.it and globalTrust.it resellers, decompiled their certificate issuance program, learned the credentials of their reseller account and how to use Comodo API Wrote his own program for submitting orders and obtaining Comodo certificates
certificate authority (CA)
An agency responsible for certifying public keys - Browsers are pre-configured with 100+ of trusted CAs - A public key for any website in the world will be accepted by the browser if certified by one of these CAs
Certificate revocation list (CRL)
CA periodically issues a signed list of revoked certificates - Can issue a "delta CRL" containing only updates
Extended Validation (EV) Certificates
Certificate request must be approved by a human lawyer at the certificate authority
SSL 2.0 Weaknesses
Cipher suite preferences are not authenticated Weak MAC construction, MAC hash uses only 40 bits in export mode SSL 2.0 uses padding when computing MAC in block cipher modes, but padding length field is not authenticated No support for certificate chains or non-RSA algorithms
SSL goals
Detect alterations done by a MitM Ensure data confidentiality
SSL / TLS Guarantees
End-to-end secure communications in the presence of a network attacker
Certificate Transparency
Experimental open standard for monitoring and auditing digital certificates A CA that participates in Certificate Transparency adds to a global append-only log an entry for each new certificate that it issues
"Flame" malware
Fake intermediate CA certificate was created using an MD5 chosen-prefix collision against an obscure Microsoft Terminal Server Licensing Service certificate that was enabled for code signing and still used MD5
why Certificate Authorities are not supposed to be content watchdogs
HTTPS guarantees "secure" but does not say anything about "safe"
Downsides of HPKP
If your certificate expires, or accidentally deleted, or is compromised and you get a new one without having sent the right fingerprint for that certificate ahead of time, you are effectively DoS-ing yourself This can also be abused by attackers who get access to your server (RansomPKP attack)
Version Rollback Attack
Middle man change client's SSL version to previous /unsafe version
SSL / TLS
Secure Sockets layer / Transport Layer Security - An encryption layer of HTTP that uses public key cryptography to establish a secure connection.
HTTPS Security Guarantees
The origin of the page is what it says in the address bar Contents of the page have not been viewed or modified by a network attacker
Root Stores
The place where all the certificates of trusted certificate authorities (root CA certificates) are held is called a _____
Let's Encrypt
a certificate authority that provides free domain-verified certificates make installation of a certificate, essentially automatic
HTTPS (Hypertext Transfer Protocol Secure)
end-to-end secure protocol for Web provides encryption, authentication (usually for server only), and integrity checking
Goto Fail
if(x) goto fail; goto fail; Goto fail unconditionally, skip SSL verification, implementation err, any certificate was valid by Mac OS Complete Fail Against MITM
MITM
man-in-the-middle attack
job of TCP
resending lost packets and reordering packets
SSL Record Protocol
responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the plaintext prior to transmission
Colliding Certificates
rogue CA certificate using (generated) MD5 collisions to verify as signed certificate
