A talk about attacks against SSL that have been uncovered in the last 3-4 years. This talk delves into about what exactly was attacked and how it was attacked and how SSL is still a pretty useful piece of technology. This was given at null Bangalore April Meeting.

1. Believe it or not SSL
attacks
Akash Mahajan
That Web Application Security Guy

2. HTTP + SSL/TLS = HTTPS

3. http://www.trailofbits.com/resources/creating_a_rogue_ca_cert_slides.pdf

4. SSL/TLS
O Encrypted Communication –
Eavesdropping and Tampering
O Secure Identification of a
Network – Are you talking to the
right server?

5. Attacking The Encryption Algorithm
O Attack like the BEAST (Browser Exploit
Against SSL/TLS ) target the underlying
encryption.
O Usually the encryption has held against
attacks. Even BEAST requires injecting
client side JavaScript to work
O http://threatpost.com/en_us/blogs/new-
attack-breaks-confidentiality-model-ssl-
allows-theft-encrypted-cookies-091611

6. Attacking The Authenticity
O The low hanging fruit. Most of the times
when that sslstrip guy talks about SSL
issues he talks about attacking the
authenticity.
O Why is the authenticity important?
O How do you bypass it?

7. How is the authenticity maintained?
O A implicitly trusted certificate will tell you
that a server’s particular certificate is trust
worthy or not.
O When a server got a certificate trusted by
a root CA they get added to a list.
O If a server is removed from the trusted
listed they get added to a revocation list.

8. Is your browser checking the revocation
list?
O Chrome relies on frequent updates for
this.
O Firefox ?
O IE - Online Certificate List
O Online Certificate Status Protocol

9. Bad Things can Happen
O Comodo an affiliate of a root CA was
hacked.
O DigiNotar was hacked.
O Hundreds of certificates for google, yahoo,
mozilla, MS windows update were
released.
O SSL assumes that both end points aren’t
evil

10. I hacked the internet and all I
have is a t-shirt
O Attack against the PKI because of MD5
O The attack was against Intermediate CAs
O There were theoretical attacks against
MD5 since 2004
O They found out that RapidSSL had issued
97% certificates with MD5 hash.

11. I hacked the internet and all I
have is a t-shirt
O Also the certificate serial number was
sequential and time could be predicted
O Used 200 PS3s to generate a certificate
which had most parts from a legitimate
cert but something different.
O http://www.trailofbits.com/resources/creati
ng_a_rogue_ca_cert_paper.pdf

13. SSLStrip attacks HTTP
O Attacked correct attributes not being setup
in Certificates
O Now looks at HTTP traffic going by.
O Has a valid certificate for a weird looking
domain name whose puny code looks like
/?

14. Akash Mahajan | That Web
Application Security Guy
O akashmahajan@gmail.com
O @makash | akashm.com
O http://slideshare.net/akashm
O OWASP Bangalore Chapter
Lead
O Null Co-Founder and
Community Manager

15. References
O SSL Lock image from http://elie.im/blog/security/evolution-of-the-https-lock-icon-
infographic/
O http://arstechnica.com/business/news/2011/09/new-javascript-hacking-tool-can-
intercept-paypal-other-secure-sessions.ars
O http://technet.microsoft.com/en-us/library/cc962078.aspx
O https://freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-
authority-trust-model
O http://arstechnica.com/security/news/2011/08/earlier-this-year-an-iranian.ars
O http://arstechnica.com/security/news/2011/03/independent-iranian-hacker-claims-
responsibility-for-comodo-hack.ars
O http://en.wikipedia.org/wiki/Certificate_authority#cite_note-3
O http://vnhacker.blogspot.in/2011/09/beast.html
O http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-
theft-encrypted-cookies-091611