SlideShare a Scribd company logo

Alternatives and Enhancements to CAs for a Secure Web

CASCouncil
CASCouncil

The document summarizes alternatives and enhancements to traditional certification authorities for a more secure web. It discusses DANE, which uses DNSSEC to authenticate domain certificates; Certificate Transparency to provide public logs of issued certificates; CAA to allow domains to specify authorized CAs; and public key pinning to bind domains to specific certificates. While these approaches aim to strengthen security, challenges include deploying new technologies and integrating existing practices. The panel discussed trends that may impact SSL/TLS in the next 5 years.

1 of 39
Download to read offline
ALTERNATIVES AND ENHANCEMENTS TO CERTIFICATION AUTHORITIES FOR A SECURE WEB Kirk Hall Adam Langley Quentin Liu Trend Micro SSL Google Symantec Yngve Pettersen Wayne Thayer Opera Software ASA Go Daddy Session ID: TECH-T18 Session Classification: Intermediate
BACKGROUND: WHAT IS A CERTIFICATION AUTHORITY? Kirk Hall Trend Micro
What is a certification authority? ► CA generates “roots” in secure environment – script, video recorded, audited ► CA distributes to browsers to include in trusted root store ► Browsers check for compliance with root store rules, contract, audit ► Browsers distribute CA roots to clients in software updates
What is a certification authority? ► CA sells certs to customers from trusted roots ► Customers install certs on their servers for secure web pages ► Clients go to secure web pages https://, client checks for root in browser trusted root store ► If root is in client’s trusted root store for the browser – encrypted session, favorable padlock UI (including EV green bar)
What is a certification authority? ► If root not in client trusted root store for browser – warning displayed ► If certificate revoked or expired – warning displayed ► CAs and browsers have the ability to revoke roots, sub-roots, and certificates for problems ► CAs must complete annual audits, follow CA/B Forum rules to remain in browser trusted root stores ► Stronger rules, higher CA standards for green Extended Validations or “EV” display
RECENT CA SECURITY ISSUES AND THEIR CONSEQUENCES Kirk Hall Trend Micro
(2001) Problem: Erroneous authentication for code signing certificate in name of “Microsoft” Harm: None detected Response: Browsers “untrusted” the bad cert, authentication team member terminated
(2011) Problem: CA’s system hacked through external RA/Reseller portal; 9 fake certs issued for various top domains Harm: Unknown. Hacking claims by “Iranian hacker” never verified Response: Certs quickly revoked by CA and “untrusted” by browsers
(2011) Problem: Hacking/complete compromise of CA system over many months; cert issuance logs erased (no record); 531 or more fake certs issued Harm: Potentially great (many OCSP checks from Iran). Hacking claims by “Iranian hacker” never verified Response: Some certs revoked by CA (no complete list). DigiNotar roots “untrusted” by browsers; CA out of business
Independent Malaysian Sub-CA (2011) Problem: Independent Sub-CA issued 22 512-bit certs off chained root - too weak, no EKU limiting extension to TLS server certs, violated CA/Browser Forum rules Harm: Cert stolen from Malaysian government, compromised, used to sign malware Response: Browsers issued patch to “untrust” the Sub-CA, all certs; new rules to audit sub- CAs
(2012) Problem: Customer cert issued with wrong extensions – customer had powers of a sub-CA, could issue certs in other domain names Harm: None detected. Unintentionally used by customer at firewall in MITM configuration; accidentally issued “google.com” cert – never used. Response: Cert revoked and “untrusted” by browsers, all CAs scanned past certs
(2012) Problem: CA issued Sub-CA cert to enterprise for MITM security screening of enterprise email and web communications; could be used to create certs for top domains Harm: None detected. However, controversial practice, now deprecated by several browsers Response: Trustwave revoked MITM Sub-CA and discontinued issuing them to enterprise customers
Myth Busting Myth: “There are more than 600 trusted CAs in the browsers – too Alleged Problem: many to handle, any of these CAs can issue (fake) certs, there is no regulation of CAs” Fact: Not true – Many “CAs” detected by SSL Observatory and others are only sub-CAs of major CAs, all subject to the same controls by the parent. The Mozilla root store has only 65 trusted root holders (with their various sub-CAs). Plus, some of “600 CAs” in studies are self-signed only, not trusted in browsers All CAs in browsers must follow the browser rules, CA/Browser Forum rules, audit regimes.
Summary and Conclusion ► Relatively few CA security issues over 15 years ► Most breaches resulted in no known harm ► Quickly remediated ► Industry practices constantly improved by CAs, browsers – without government regulation ► Browser root program requirements raise the bar ► CA/Browser Forum (2005 to date) – raised the bar: ► EV Guidelines (2007), Baseline Requirements (2011), Network and Security Controls (2013) ► WebTrust, ETSI audit requirements (2000 - date) ► New: CA Security Council www.casecurity.org
Summary and Conclusion ► Putting it in perspective: ► Certs issued worldwide: 2,000,000 per year ► Bad certs issued: maybe 1,000 over 11 years (~91 bad certs per year) – mostly DigiNotar incident ► Accuracy ratio for certs issued each year: 99.995% (Error rate 0.005%) – are Passport Office and state Departments of Motor Vehicles more accurate? [No] ► Significant harm from bad certs? Only likely in DigiNotar case (actual harm unknown) ► CAs are continuously improving security, processes
ALTERNATIVES AND ENHANCEMENTS TO CERTIFICATION AUTHORITIES FOR A SECURE WEB
Alternatives and Enhancements to Certification Authorities for a Secure Web ► DANE – DNS based Authentication of Named Entities (Yngve Pettersen, Opera Software ASA and Quentin Liu, Symantec) ► CT – Certificate Transparency (Adam Langley, Google) ► CAA – DNS Certification Authority Authorization (Quentin Liu, Symantec and Yngve Pettersen, Opera Software ASA ) ► Public Key Pinning (Wayne Thayer, Go Daddy) ► SSL/TLS Trends Next 5 Years (All) ► Audience Comments/Questions
DANE – DNS Based Authentication of Named Entities Yngve Pettersen, Opera Software ASA Quentin Liu, Symantec
DANE ► DANE is a DNSSEC based protocol defined by the IETF proposal RFC 6698 ► It allows the owner of a domain to signal: ► Which site certificates can be used? ► Which CAs can be used? ► Which public keys can be used? for a given SSL/TLS server hosted in the domain.
DANE Benefits ► Similar to HTTP Public Key Pinning, but application protocol independent ► Independent of the Client Rootstore ► CA limitation is similar to CAA, but checked by the client, not the CA
DANE Problems 1 ► DNSSEC is not yet widely deployed, in clients or domains, especially natively ► Trustworthiness of domain registry? ► Security of original domain information?
DANE Problems 2 ► How would fraud and revocation be handled? ► What checks of server certificate keys when no CA is involved? ► CA-issued certs: Could lead to tighter integration between CAs, server and DNS hosting. ► Is DANE and DV equal security-wise?
CT – Certificate Transparency Adam Langley, Google
Certificate Transparency ► Certificates should be public record so that you can see what CAs are asserting about your organization.
Certificate Transparency
Certificate Transparency ► Internal CAs are not impacted: internal certificates do not need to be logged. ► Internal hostnames in public certificates don't need to be logged - clients can be configured with a list of internal domains or intermediate CAs can be name constrained.
Certificate Transparency Pros ► Enhances the current CA infrastructure rather than replacing it. ► Doesn't require any actions by sites in the vast majority of cases.
Certificate Transparency Cons ► Requires all CAs to be updated. ► Deployment will take many years. ► Public records require vigilance to be useful.
CAA – DNS Certification Authority Authorization Quentin Liu, Symantec Yngve Pettersen, Opera Software ASA
Certification Authority Authorization ► Certification Authority Authorization (CAA) ► IETF RFC 6844 drafted by Comodo ► Mechanism for preventing and detecting mis-issued certificates from CAs ► Mechanism ► Based on DNS resource record that lists CAs authorized to issue certs for a domain ► PRIOR to issuing a certificate, CA checks for a CAA record to ensure CA is allowed to issue cert for that domain
Certification Authority Authorization ► Context and Key Points ► Benefit similar to DANE in that it’s a verification to see whether a CA should be associated with a cert for a specific domain ► Different from DANE in that this is a “preventative” approach to issuing rogue certs ► CAA record doesn’t say which key must be in the end-entity cert (as DANE does) – entry is at the CA level ► Supports wildcard certs ► More than one CA may be specified for each DNS record ► CABF is starting discussions on CAA for potential usage by CAs
Certification Authority Authorization Benefits ► Good complement to existing ecosystem to prevent and detect mis-issuance from CAs ► Low barrier for deployment for CAs – CAs need to check CAA record ► Does not require big-bang adoption – can be phased per CA and per certificate customer ► Raises the bar on CA security – bad actor must be able to attack DNS or suppress CA’s CAA check
Certification Authority Authorization Risks ► DNSSEC is recommended but not required, opening up potential for DNS record manipulation ► CA and customer opt-in nature makes CAA non- deterministic ► Potential perception of CAA being a mechanism for CAs to “lock in” customers
Public Key Pinning Wayne Thayer Go Daddy
Key Pinning ► Client (browser) tracks what certs are used by a website ► Can be preloaded into browser Or (in a more scalable implementation) ► Web server makes assertion about what certificate(s) it will use ► Generate an alert or block the connection if a different cert is used ► Two current IETF drafts: ► Trust Assertions for Certificate Keys ► Public Key Pinning Extension for HTTP
Key Pinning Benefits ► Reduces attack surface for a given site from approx. 65 roots (and potentially hundreds of intermediates) down to 1-2 roots, or less ► Proven value in detecting compromise ► Enhances existing ecosystem ► Doesn't suffer from CAA's potential "lock in" issue
Key Pinning Issues ► Trust on First Use – doesn’t protect initial connection ► Doesn’t protect against key compromise ► Creates operational challenges with key exchanges ► May be best as a reporting mechanism ► Long deployment horizon ► Impact of false positives in "hard fail" mode
SSL/TLS Trends for the Next 5 Years (Panel Members)
Audience Comments and Questions

Recommended

New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling BlindspotBrian A. McHenry
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebCASCouncil
 
GSEC-Exam
GSEC-ExamGSEC-Exam
GSEC-ExamDan Ross
 

Recommended

New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017
100 Percent Encrypted Web New Challenges For TLS RSA Conference 2017CASCouncil
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling BlindspotBrian A. McHenry
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebCASCouncil
 
GSEC-Exam
GSEC-ExamGSEC-Exam
GSEC-ExamDan Ross
 
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesBecoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesAdam Pennington
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Cybera Inc
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018MarketingArrowECS_CZ
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionRadware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionAndy Ellis
 
Novinky F5
Novinky F5Novinky F5
Novinky F5MarketingArrowECS_CZ
 
Attack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREAttack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREDeivid Toledo
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
 
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoSDSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoSAndris Soroka
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Andreas Taudte
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Why Web Security Matters!
Why Web Security Matters!Why Web Security Matters!
Why Web Security Matters!Philippe De Ryck
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!CASCouncil
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID AccessMarketingArrowECS_CZ
 

More Related Content

What's hot

Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesBecoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesAdam Pennington
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Cybera Inc
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionRadware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionAndy Ellis
 
Attack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREAttack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREDeivid Toledo
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
 
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoSDSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoSAndris Soroka
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Andreas Taudte
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 

What's hot (20)

Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesBecoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle Database
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transition
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2Clear Pci Vulnerability Scans Web2
Clear Pci Vulnerability Scans Web2
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS ProtectionRadware Hybrid Cloud Web Application Firewall and DDoS Protection
Radware Hybrid Cloud Web Application Firewall and DDoS Protection
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Attack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREAttack Prevention Solution for RADWARE
Attack Prevention Solution for RADWARE
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
 
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoSDSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
DSS ITSEC 2013 Conference 07.11.2013 -Radware - Protection against DDoS
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Why Web Security Matters!
Why Web Security Matters!Why Web Security Matters!
Why Web Security Matters!
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 

Similar to Alternatives and Enhancements to CAs for a Secure Web

Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!CASCouncil
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made EasyJason Newell
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Cyber Security - Boundary Defense Mechanisms
Cyber Security - Boundary Defense MechanismsCyber Security - Boundary Defense Mechanisms
Cyber Security - Boundary Defense MechanismsJim Kaplan CIA CFE
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Security Proposal
Security ProposalSecurity Proposal
Security Proposalchris20854
 
CAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCASCouncil
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile Devices
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile DevicesDecrease Your Circle of Trust: An Investigation of PKI CAs on Mobile Devices
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile DevicesBlueboxer2014
 
ContinuousSecurity, Beyond Automation.pdf
ContinuousSecurity, Beyond Automation.pdfContinuousSecurity, Beyond Automation.pdf
ContinuousSecurity, Beyond Automation.pdfNeelu Tripathy
 
Info On All Certificates
Info On All CertificatesInfo On All Certificates
Info On All CertificatesPedro Santos
 
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Siena Perry
 
The Global Fight for Internet Trust
The Global Fight for Internet TrustThe Global Fight for Internet Trust
The Global Fight for Internet TrustPECB
 

Similar to Alternatives and Enhancements to CAs for a Secure Web (20)

Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!Certificates, Revocation and the new gTLD's Oh My!
Certificates, Revocation and the new gTLD's Oh My!
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made Easy
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Cyber Security - Boundary Defense Mechanisms
Cyber Security - Boundary Defense MechanismsCyber Security - Boundary Defense Mechanisms
Cyber Security - Boundary Defense Mechanisms
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Security Proposal
Security ProposalSecurity Proposal
Security Proposal
 
CAs And The New Paradigm Shift
CAs And The New Paradigm ShiftCAs And The New Paradigm Shift
CAs And The New Paradigm Shift
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile Devices
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile DevicesDecrease Your Circle of Trust: An Investigation of PKI CAs on Mobile Devices
Decrease Your Circle of Trust: An Investigation of PKI CAs on Mobile Devices
 
ContinuousSecurity, Beyond Automation.pdf
ContinuousSecurity, Beyond Automation.pdfContinuousSecurity, Beyond Automation.pdf
ContinuousSecurity, Beyond Automation.pdf
 
Info On All Certificates
Info On All CertificatesInfo On All Certificates
Info On All Certificates
 
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
 
The Global Fight for Internet Trust
The Global Fight for Internet TrustThe Global Fight for Internet Trust
The Global Fight for Internet Trust
 
NAC_p3.pptx
NAC_p3.pptxNAC_p3.pptx
NAC_p3.pptx
 

More from CASCouncil

Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastSix Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastCASCouncil
 
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?CASCouncil
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowCASCouncil
 
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly CASCouncil
 
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor RollCASCouncil
 
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebSymantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebCASCouncil
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CASCouncil
 
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumUpdate on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumCASCouncil
 
Extended Validation Builds Trust
Extended Validation Builds TrustExtended Validation Builds Trust
Extended Validation Builds TrustCASCouncil
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements CASCouncil
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesTrust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesCASCouncil
 
CA Self Regulation
CA Self RegulationCA Self Regulation
CA Self RegulationCASCouncil
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
Nation-State Attacks On PKI
Nation-State Attacks On PKI Nation-State Attacks On PKI
Nation-State Attacks On PKI CASCouncil
 

More from CASCouncil (17)

Six Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the PastSix Reasons http Will Become a Thing of the Past
Six Reasons http Will Become a Thing of the Past
 
What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?What Kind of SSL/TLS Certificate Do I Need?
What Kind of SSL/TLS Certificate Do I Need?
 
Payments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to knowPayments Security – Vital Information all Payment Processors need to know
Payments Security – Vital Information all Payment Processors need to know
 
TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly TLS Certificates on the Web – The Good, The Bad and The Ugly
TLS Certificates on the Web – The Good, The Bad and The Ugly
 
2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll2016 IRS Free e-File Audit & Honor Roll
2016 IRS Free e-File Audit & Honor Roll
 
Symantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the WebSymantec’s View of the Current State of ECDSA on the Web
Symantec’s View of the Current State of ECDSA on the Web
 
CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security CA/Browser Forum—To effect positive changes to improve internet security
CA/Browser Forum—To effect positive changes to improve internet security
 
Update on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser ForumUpdate on the Work of the CA / Browser Forum
Update on the Work of the CA / Browser Forum
 
Extended Validation Builds Trust
Extended Validation Builds TrustExtended Validation Builds Trust
Extended Validation Builds Trust
 
CA Day 2014
CA Day 2014 CA Day 2014
CA Day 2014
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
 
State of the Web
State of the WebState of the Web
State of the Web
 
Trust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory ProcessesTrust Service Providers: Self-Regulatory Processes
Trust Service Providers: Self-Regulatory Processes
 
CA Self Regulation
CA Self RegulationCA Self Regulation
CA Self Regulation
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of Opportunity
 
Nation-State Attacks On PKI
Nation-State Attacks On PKI Nation-State Attacks On PKI
Nation-State Attacks On PKI
 

Alternatives and Enhancements to CAs for a Secure Web

  • 1. ALTERNATIVES AND ENHANCEMENTS TO CERTIFICATION AUTHORITIES FOR A SECURE WEB Kirk Hall Adam Langley Quentin Liu Trend Micro SSL Google Symantec Yngve Pettersen Wayne Thayer Opera Software ASA Go Daddy Session ID: TECH-T18 Session Classification: Intermediate
  • 3. What is a certification authority? ► CA generates “roots” in secure environment – script, video recorded, audited ► CA distributes to browsers to include in trusted root store ► Browsers check for compliance with root store rules, contract, audit ► Browsers distribute CA roots to clients in software updates
  • 4. What is a certification authority? ► CA sells certs to customers from trusted roots ► Customers install certs on their servers for secure web pages ► Clients go to secure web pages https://, client checks for root in browser trusted root store ► If root is in client’s trusted root store for the browser – encrypted session, favorable padlock UI (including EV green bar)
  • 5. What is a certification authority? ► If root not in client trusted root store for browser – warning displayed ► If certificate revoked or expired – warning displayed ► CAs and browsers have the ability to revoke roots, sub-roots, and certificates for problems ► CAs must complete annual audits, follow CA/B Forum rules to remain in browser trusted root stores ► Stronger rules, higher CA standards for green Extended Validations or “EV” display
  • 6. RECENT CA SECURITY ISSUES AND THEIR CONSEQUENCES Kirk Hall Trend Micro
  • 7. (2001) Problem: Erroneous authentication for code signing certificate in name of “Microsoft” Harm: None detected Response: Browsers “untrusted” the bad cert, authentication team member terminated
  • 8. (2011) Problem: CA’s system hacked through external RA/Reseller portal; 9 fake certs issued for various top domains Harm: Unknown. Hacking claims by “Iranian hacker” never verified Response: Certs quickly revoked by CA and “untrusted” by browsers
  • 9. (2011) Problem: Hacking/complete compromise of CA system over many months; cert issuance logs erased (no record); 531 or more fake certs issued Harm: Potentially great (many OCSP checks from Iran). Hacking claims by “Iranian hacker” never verified Response: Some certs revoked by CA (no complete list). DigiNotar roots “untrusted” by browsers; CA out of business
  • 10. Independent Malaysian Sub-CA (2011) Problem: Independent Sub-CA issued 22 512-bit certs off chained root - too weak, no EKU limiting extension to TLS server certs, violated CA/Browser Forum rules Harm: Cert stolen from Malaysian government, compromised, used to sign malware Response: Browsers issued patch to “untrust” the Sub-CA, all certs; new rules to audit sub- CAs
  • 11. (2012) Problem: Customer cert issued with wrong extensions – customer had powers of a sub-CA, could issue certs in other domain names Harm: None detected. Unintentionally used by customer at firewall in MITM configuration; accidentally issued “google.com” cert – never used. Response: Cert revoked and “untrusted” by browsers, all CAs scanned past certs
  • 12. (2012) Problem: CA issued Sub-CA cert to enterprise for MITM security screening of enterprise email and web communications; could be used to create certs for top domains Harm: None detected. However, controversial practice, now deprecated by several browsers Response: Trustwave revoked MITM Sub-CA and discontinued issuing them to enterprise customers
  • 13. Myth Busting Myth: “There are more than 600 trusted CAs in the browsers – too Alleged Problem: many to handle, any of these CAs can issue (fake) certs, there is no regulation of CAs” Fact: Not true – Many “CAs” detected by SSL Observatory and others are only sub-CAs of major CAs, all subject to the same controls by the parent. The Mozilla root store has only 65 trusted root holders (with their various sub-CAs). Plus, some of “600 CAs” in studies are self-signed only, not trusted in browsers All CAs in browsers must follow the browser rules, CA/Browser Forum rules, audit regimes.
  • 14. Summary and Conclusion ► Relatively few CA security issues over 15 years ► Most breaches resulted in no known harm ► Quickly remediated ► Industry practices constantly improved by CAs, browsers – without government regulation ► Browser root program requirements raise the bar ► CA/Browser Forum (2005 to date) – raised the bar: ► EV Guidelines (2007), Baseline Requirements (2011), Network and Security Controls (2013) ► WebTrust, ETSI audit requirements (2000 - date) ► New: CA Security Council www.casecurity.org
  • 15. Summary and Conclusion ► Putting it in perspective: ► Certs issued worldwide: 2,000,000 per year ► Bad certs issued: maybe 1,000 over 11 years (~91 bad certs per year) – mostly DigiNotar incident ► Accuracy ratio for certs issued each year: 99.995% (Error rate 0.005%) – are Passport Office and state Departments of Motor Vehicles more accurate? [No] ► Significant harm from bad certs? Only likely in DigiNotar case (actual harm unknown) ► CAs are continuously improving security, processes
  • 17. Alternatives and Enhancements to Certification Authorities for a Secure Web ► DANE – DNS based Authentication of Named Entities (Yngve Pettersen, Opera Software ASA and Quentin Liu, Symantec) ► CT – Certificate Transparency (Adam Langley, Google) ► CAA – DNS Certification Authority Authorization (Quentin Liu, Symantec and Yngve Pettersen, Opera Software ASA ) ► Public Key Pinning (Wayne Thayer, Go Daddy) ► SSL/TLS Trends Next 5 Years (All) ► Audience Comments/Questions
  • 18. DANE – DNS Based Authentication of Named Entities Yngve Pettersen, Opera Software ASA Quentin Liu, Symantec
  • 19. DANE ► DANE is a DNSSEC based protocol defined by the IETF proposal RFC 6698 ► It allows the owner of a domain to signal: ► Which site certificates can be used? ► Which CAs can be used? ► Which public keys can be used? for a given SSL/TLS server hosted in the domain.
  • 20. DANE Benefits ► Similar to HTTP Public Key Pinning, but application protocol independent ► Independent of the Client Rootstore ► CA limitation is similar to CAA, but checked by the client, not the CA
  • 21. DANE Problems 1 ► DNSSEC is not yet widely deployed, in clients or domains, especially natively ► Trustworthiness of domain registry? ► Security of original domain information?
  • 22. DANE Problems 2 ► How would fraud and revocation be handled? ► What checks of server certificate keys when no CA is involved? ► CA-issued certs: Could lead to tighter integration between CAs, server and DNS hosting. ► Is DANE and DV equal security-wise?
  • 24. Certificate Transparency ► Certificates should be public record so that you can see what CAs are asserting about your organization.
  • 26. Certificate Transparency ► Internal CAs are not impacted: internal certificates do not need to be logged. ► Internal hostnames in public certificates don't need to be logged - clients can be configured with a list of internal domains or intermediate CAs can be name constrained.
  • 27. Certificate Transparency Pros ► Enhances the current CA infrastructure rather than replacing it. ► Doesn't require any actions by sites in the vast majority of cases.
  • 28. Certificate Transparency Cons ► Requires all CAs to be updated. ► Deployment will take many years. ► Public records require vigilance to be useful.
  • 29. CAA – DNS Certification Authority Authorization Quentin Liu, Symantec Yngve Pettersen, Opera Software ASA
  • 30. Certification Authority Authorization ► Certification Authority Authorization (CAA) ► IETF RFC 6844 drafted by Comodo ► Mechanism for preventing and detecting mis-issued certificates from CAs ► Mechanism ► Based on DNS resource record that lists CAs authorized to issue certs for a domain ► PRIOR to issuing a certificate, CA checks for a CAA record to ensure CA is allowed to issue cert for that domain
  • 31. Certification Authority Authorization ► Context and Key Points ► Benefit similar to DANE in that it’s a verification to see whether a CA should be associated with a cert for a specific domain ► Different from DANE in that this is a “preventative” approach to issuing rogue certs ► CAA record doesn’t say which key must be in the end-entity cert (as DANE does) – entry is at the CA level ► Supports wildcard certs ► More than one CA may be specified for each DNS record ► CABF is starting discussions on CAA for potential usage by CAs
  • 32. Certification Authority Authorization Benefits ► Good complement to existing ecosystem to prevent and detect mis-issuance from CAs ► Low barrier for deployment for CAs – CAs need to check CAA record ► Does not require big-bang adoption – can be phased per CA and per certificate customer ► Raises the bar on CA security – bad actor must be able to attack DNS or suppress CA’s CAA check
  • 33. Certification Authority Authorization Risks ► DNSSEC is recommended but not required, opening up potential for DNS record manipulation ► CA and customer opt-in nature makes CAA non- deterministic ► Potential perception of CAA being a mechanism for CAs to “lock in” customers
  • 34. Public Key Pinning Wayne Thayer Go Daddy
  • 35. Key Pinning ► Client (browser) tracks what certs are used by a website ► Can be preloaded into browser Or (in a more scalable implementation) ► Web server makes assertion about what certificate(s) it will use ► Generate an alert or block the connection if a different cert is used ► Two current IETF drafts: ► Trust Assertions for Certificate Keys ► Public Key Pinning Extension for HTTP
  • 36. Key Pinning Benefits ► Reduces attack surface for a given site from approx. 65 roots (and potentially hundreds of intermediates) down to 1-2 roots, or less ► Proven value in detecting compromise ► Enhances existing ecosystem ► Doesn't suffer from CAA's potential "lock in" issue
  • 37. Key Pinning Issues ► Trust on First Use – doesn’t protect initial connection ► Doesn’t protect against key compromise ► Creates operational challenges with key exchanges ► May be best as a reporting mechanism ► Long deployment horizon ► Impact of false positives in "hard fail" mode
  • 38. SSL/TLS Trends for the Next 5 Years (Panel Members)