1 / 25

SoK : SSL and HTTPS:

SoK : SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. Presented by: Zhengyang Qu. Roadmap. Background Crypto Protocol Issues in HTTPS Trust Model Issues in HTTPS Security Enhancements to CA/B Model Discussion & On-going Research. Background.

renee-moreno
Download Presentation

SoK : SSL and HTTPS:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu

  2. Roadmap • Background • Crypto Protocol Issues in HTTPS • Trust Model Issues in HTTPS • Security Enhancements to CA/B Model • Discussion & On-going Research

  3. Background • Objectives • Confidentiality • Server Authentication, Client Authentication (Optional) • Protocol Specification and Implementation • HTTPS: combination of HTTP with SSL/TLS • Client-side (by OS or browser) • Firefox: Mozilla’s NSS, Chrome: underlying OS Windows, OS X, or NSS on Linux • Server-side • Apache (OpenSSL), Windows Server (ISS), Solaris (NSS)

  4. Roadmap • Background • Crypto Protocol Issues in HTTPS • Trust Model Issues in HTTPS • Security Enhancements to CA/B Model • Discussion & On-going Research

  5. Crypto Protocol Issues in HTTPS • Weakness in Cryptographic Primitives • Weak Encryption & Signature Key Lengths • Symmetric key encryption scheme with 40, 56, or 64 bit keys is subject to a brute-force attack. • Asymmetric encryption schemes like RSA are subject to factoring attacks when used with a 512 bit modulus. • Weak Hash Functions • Collision-resistance & Second Preimage Resistance • MD5, MD2

  6. Crypto Protocol Issues in HTTPS • Implementation Flaws & Related Attacks • Pseudorandom Generator (PRG) Seeding • Remote Timing Attack • Oracle Attacks • RSA Encoding • Cipher Block Chaining (CBC) Initialization • Chosen Plaintext Attacks • Compression • CBC Padding

  7. Crypto Protocol Issues in HTTPS • Protocol-level Attacks • Ciphersuite Downgrade Attack • Version Downgrade Attack • Renegotiation Attack • Cross-protocol Attack • Diffie-Hellmen or RSA • Not state which key agreement algorithm is used

  8. Roadmap • Background • Crypto Protocol Issues in HTTPS • Trust Model Issues in HTTPS • Security Enhancements to CA/B Model • Discussion & On-going Research

  9. Trust Model Issues in HTTPs • Certification • Domain Validated (DV) & Extended Validated (EV) • Security Issues • Hostname Validation (CAs) • E-mail validations: top-level domain (admin@domain) WhoIS record • Hostname Validation (Clients) • Parsing Attack (e.g. bank.comevil.com) • Mismatch between CA parsing and browser parsing • EV Downgrading

  10. Trust Model Issues in HTTPs • Anchoring Trust • Software Vendors • Private Networks (e.g. corporate environment) • Security Issues • CA Compromise • MITM attack (e.g. two compromised CAs Comodo & DigiNotar) • Compelled Certificates • Nation-states, government (e.g. connection to Facebook via ISPs in Syria)

  11. Trust Model Issues in HTTPs • Transitivity of Trust • Intermediate CA certificates • Path Validation Algorithm • Constraints: (1) CA: TRUE (2) pathlen: n • Lack of further chain discovery mechanism • Intermediate CAs are invisible to client before being encountered

  12. Trust Model Issues in HTTPs • Maintenance of Trust • Terminate the Validity of a certificate before expiration • Get Revocation Status: CRLs & OCSP (updated on-demand) • Responsive Revocation • Security Issues • Blocking Revocation • Ownership Transfer • Domain: fb.com

  13. Trust Model Issues in HTTPs • Indication and Interpretation of Trust • Browser Security Cues, Browser Security Warnings, Mixed Content, Mobile Browsers, HTTP Form Submit • Security Issues • Stripping SSL/TLS • Spoofing Browser Chrome • Conceding a Warning

  14. Roadmap • Background • Crypto Protocol Issues in HTTPS • Trust Model Issues in HTTPS • Security Enhancements to CA/B Model • Discussion & On-going Research

  15. Security Enhancements to CA/B Model • Security Properties Offered by Primitives • Detecting Certificate Substitution • Detecting SSL/TLS Stripping • PKI Improvements • Evaluation Criteria for Impact on HTTPS • Security & Privacy • Deployability • Usability

  16. Security Enhancements to CA/B Model • Evaluation of Proposed Primitives • Certificate Pinning (Client History) • Detection of certificate substitution attacks • Certificate Pinning (Server) • Better level of granularity • Certificate Pinning (Browser Platform) • Avoid blind TOFU approach • Certificate Pinning (DNS) • Who conduct the validation? • DNSSEC, DANE

  17. Security Enhancements to CA/B Model • Multipath Probing • Crowdsourcing • Objective information (time-based and space-based) • Subjective information (Omnibroker, Monkeysphere) • Convergence (Firefox), DoubleCheck, Certificate catalogue (Google)

  18. Security Enhancements to CA/B Model • Channel-bound Credentials • Modify the authentication value in cookies • Credential-bound Channels • Key Continuity/Manifest • Server-side changes • TACK, DANE, DVCert

  19. Security Enhancements to CA/B Model • HTTPS-only Pinning • Many primitives are never invoked unless an HTTPS connection is requested • Domain only supports HTTPS and communicates that with client via a pin • Request headers or TLS extensions • Pre-established in browser • DNS record of the site

  20. Security Enhancements to CA/B Model • Visual Cues for Secure POST (e.g. SSLight) • Browser-stored CRL • Certificate Status Stapling • Short-lived Certificates • List of Active Certificates, “Whitelist”

  21. Roadmap • Background • Crypto Protocol Issues in HTTPS • Trust Model Issues in HTTPS • Security Enhancements to CA/B Model • Discussion & On-going Research

  22. Discussion & On-going Research • Protocol-level TLS-Analysis & Modification • Trust Model Infrastructure • Realistic reflection of trust in the digital world? • Human Element & the Security User Interface • Raising the Bar • Combine the primitives into the infrastructure • Replace the functionality of CAs (e.g. DANE) • Provide recognizable assurance to users

  23. Thank you!

  24. Discussion & On-going Research • Important Orthogonal Problems • Gap between the user’s cognitive notion of what organization connected and the domain name in certificate • Condition for read/write access to cookies • Compromised client-platform

More Related