SlideShare une entreprise Scribd logo

SSL: Past, Present and Future

Luis Grangeia
Luis Grangeia
TechnologieFormation
1  sur  77
Télécharger pour lire hors ligne
SSL, or the Web's Pillar of Authentication and Confidentiality: Past, Present and Future Luis Grangeia, luis.grangeia@gmail.com Tiago Mendo, tiagomendo@gmail.com
What is SSL? Once upon a time…
History of SSL • Developed to protect communications between web browser and servers • 1st version by Netscape in 1994 • 18 years old!
History of SSL • Followed by SSL 2.0 (1995) and SSL 3.0 (1996) • IETF standardized the protocol – SSL (Secure Sockets Layer) to TLS (Transport Layer Security) – TLS 1.0 (1999), 1.1 (2006) and 1.2 (2008) • SSL 3.0 and TLS 1.0 are equivalent in security
History of SSL “Everybody knows SSL.TLS is more technically accurate but sounds like a cable TV network or a disease” -Brad Hill, Black Hat Briefings USA 2007
History of SSL: the PKI • PKI – Public Key Infrastructure – Hierarchy of trust anchors: X.509 certificates issued by CAs • X.509 dates from 1988 – 23 year old model! • SSL requires X.509 certificates with a PKI
What does SSL gives us? • Confidentiality – encrypts data in transit • Integrity – uses MACs to detect tampering • Authentication – public key cryptography to authenticate peers (X.509 certificates) • All dependent on the PKI trust model
Examples of usage • HTTPS – Provides secure web communication • Protects credentials and content from eavesdroppers • Ensures data is not tampered
Examples of usage • Code signing – Securely distribute software and updates
Examples of usage • Email certificates – Secure email communications with S/MIME • Digitally signed • Encrypted
Examples of usage • Communication tunnels – VPN • OpenVPN uses SSL extensively – stunnel • Multi-platform tool that provides SSL to peers that do not support it natively
Examples of usage • Mutual authentication – Client authenticates itself to the server with a X.509 certificate – Common situations: • HTTPS • IM • S/MIME • VPNs
Problems
Problems • SSL has problems – Many of them are technical problems AKA bugs – And most of them can be easily solved
Old SSL versions • Example: SSL 2.0 – Dumb-down attack • cipher downgrade to 40 bits – Padding • Padding-length field not authenticated • Increase value -> trim messages from the end – Easily solved -> disable SSL 2.0 at client and server
End user devices • Implementation bugs: – OS X v10.6.8 June 2011 update changelog: “An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid.This issue is mitigated as most EV certificates specify an OCSP URL.”
End user devices • Implementation bugs: – iOS 4.3.5 July 2011 update changelog: “A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” – Translates to “I can issue any certificate I want.”
End user devices • Even without bugs, you are missing features – Grab your pocket computer (yes, that thing that does phone calls) – Try to remove a root certificate. – Even if you can…which one do I remove?
(in Android ICS)
What about those bad certificates?
Revocation • CRL - Certificate Revocation List – “here, have a list of bad certificates” • OCSP - Online Certificate Status Protocol – “is this certificate still good?”
Revocation… is hard • Servers can be unreachable • Browsers ignore CRL and OCSP errors – Does this option really matter? • Browsers cache responses – For months. – So…
Revocation – the 3rd method • Update every browser in the planet. – Release new version – Test, approve, pack – Download – Install – Close the browser – Reboot the computer • OCSP Stapling?
Go to your homebanking Did you typed HTTPS Or HTTP?
First hit • First hit on HTTPS sites is usually…HTTP “I 0wn you “
First hit problems - sslstrip • s/https/http/g
First hit solutions- HSTS • HTTP Strict Transport Security – Server defined policy that browsers must honor • “Browser, convert all requests to my domain to HTTPS”
Certificate issuance • The “Microsoft Corporation” certificates • The “is this yours?” certificates “I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.” – one of the maintainers of Mozilla CA list • Insecure Security? Why?
It this a SSL or PKI problem? • Seems a PKI problem – These are design and structural problems – Hard to solve • Like replacing the pillars of a bridge without collapsing
The Trust Model of SSL today Or “what is a PKI”
SSL: The Trust Model 1. Root Certificate Authorities (CAs) rule. 2. CAs sell certificates to entrust companies and users. 3. CAs delegate trust to other CAs for a price (so they can do the same, creating a “chain of trust”). 4. There is a validation process when they sell you a certificate.
SSL: The Trust Model end user certificate validation (simplified) 1. Server: “this is my certificate, here is a chain of trust leading up to a root CA” 2. Client: “let’s see if any of these certificates have been revoked/expired…” (using OCSP, or checking a local CRL) 3. OK: “The story adds up, all the certificates in the chain are valid and linked to a trusted CA” Or… 4. NOT OK: “I don’t trust that CA, or some of these certificates have been revoked/expired, or the name of the certificate doesn’t match the hostname, etc.”
Chain of trust (in principle…) Root CAs Trust Intermediate CAs Trust Certified Entities
Chain of trust in practice
Source: EFF Observatory • Data from 2010 • Around 650 organizations in the chain of trust of Microsoft and Mozilla • Map Key: – Hexagon: root CA trusted by Microsoft only – Diamond: root CA trusted by Mozilla only – Box : root CA trusted by both – Ellipse: subordinate CA – Black : signed 0 leaves – Violet: signed 1-10 leaves – Blue : signed 11-100 leaves – Green : signed 101-1000 leaves – Yellow: signed 1001-10000 leaves – Orange: signed 10001-100000 leaves – Red : signed 100001-1000000 leaves
The Trust Model of SSL today sucks. Why?
The security of the Internet depends on the security of “Marks & Spencer”…
Current Trust Model Flaws • 650+ “single points of failure”: – CAs are hacked all the time, even root CAs: • Comodo, StartSSL, Diginotar – Malicious insiders – Malicious CAs selling certificates to governments – CAs are profit-driven, creating a “race to the bottom” in regards to reducing costs verifying authenticity of certificate requestors
Next up… • DigiNotar hack aftermath; • Atacker created “forged” certificates for Google, Facebook, Twitter; • Might have sold them to Iranian government (details not clear); • Next video shows real time use of these stolen certificates (data collected using OCSP queries made to DigiNotar server).
Remember, this is IRAN, people. What about: China Russia USA?
Current Trust Model Flaws (2) • The Model is Monolithic – Since the list of root CAs is centrally maintained, every user is affected the same way; • It is also, Not Agile: – Hacks are very hard to recover from, especially to root CAs: Diginotar was compromised in June 2011, it is still accepted as trusted by virtually the entire world. • The Model is Money and Power driven, not user driven: – Whoever has the more money and influence, gets to choose what can be trusted (big companies, governments.)
So, this is bad…
…so bad in fact, that Google is already starting to work around it: “Starting with Chrome 13, we'll have HTTPS pins for most Google properties [sites].This means that certificate chains for, say, https://www.google.com, must include a whitelisted public key. It's a fatal error otherwise.” “The whitelisted public keys for Google currently include Verisign, Google Internet Authority, Equifax and GeoTrust.Thus Chrome will not accept certificates for Google properties from other CAs.” - Adam Langley, Google
“Every man for himself.”
The Trust Model of SSL today sucks. Now what?
“Trust us.”
“Trust us.”
Organizations vs Individuals In general: • Organizations are evil: They only care about reputation if it brings an advantage (profit, votes, customers); • Individuals are good: We are biologically programmed to be honorable and to build a good reputation (everyone wants to be right). Would you rather trust a corporation (even a government) or your close group of friends?
Would you like to have a choice? Right now, you don’t. Or do you?
Solutions
“Trust is not bought. It is earned.”
“You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.” - Abraham Lincoln
Solutions • Decentralize the Trust Model: – Trust decisions should ultimately be the result of individual user choice, not imposed. The model should provide information so that every user decides in the most informed way. • Democratize the Trust Model: – Give it the ability to take into account the trust decisions of individuals;
Solutions: they’re on the way Alternatives already exist: • Perspectives Project: Based on academic research from Adrian Perrig (Carnegie Mellon) – http://perspectives-project.org/ • Convergence: Similar implementation by Moxie Marlinspike – http://convergence.io/
Similar approaches • Replace CAs with notaries; • Notaries do not certify, they just validate; • A user can consult with a subset, or all the notaries; • The user can decide based on the results from notaries (accept only a unanimous decision, a majority decision, etc.)
Network Notary Architecture Network Notaries Gmail certificate https://gmail.com
Advantages • Can work alongside current PKI (although Convergence chooses not to); • Notaries can provide a timeline of changes of certificates; • Provide network perspective against based Man-in-the-Middle attacks (remember Iran and Diginotar).
Problems • Notaries must be authenticated first; • No incentive for notaries to “behave”; • Does not address certificate revocation; • Privacy problems for users (notaries can look at your web browsing habits).
We thought of a different solution.
Premises • Do not impose a specific model – We’re going to provide the tools to help the user decide who/when to trust, the final decision can be his. This means we should be able to play well with the current PKI model or the newer notary model. • Design is user centric – User initiates trust relations and decides when to strengthen or terminate them. • Locality – As in the real world, the “closer” someone is to you, the easier for you to trust them. Use this to our advantage. • Versatility – You can use our model to trust individuals or sites/corporations
Locality breeds trust Compare This: Process of accepting a friend request on Facebook To This: Process of issuing a SSL certificate with Verisign
Design Decisions • Explore social presence and connections (aka “friendsourcing”): We’ll attempt to capitalize on the increasing number of social links “declared” on the Internet; • Explicit user feedback: Only share trust relations between individuals/sites if the user wants to do it (prevent privacy issues); • Use Social Networks as a transport medium: Treat them as an untrusted medium but a way to easily broadcast messages to your friend circles.
SSL Connection Gmail certificate Bob https://gmail.com
• “Is this certificate OK? Let’s see…” – Check my friend’s walls for references to this certificate; – Check PKI’s chain of trust and other certificate parameters; • Possible Answers: – “The chain of trust is valid. Also, 4 of your friends have visited this site recently and vouched for it” – “while there is a valid chain of trust, none of your friends seen this certificate before. Also, 2 of your friends have seen a different certificate for this site” – “There is a valid chain of trust, but 4 of your friends consider this certificate forged and do not recommend you to continue.”
Compare readability to this…
Use Case 1 1. Bob wants to access gmail.com for the first time on this computer. 2. Bob’s browser contacts gmail.com, gets the certificate. 3. Bob’s browser looks at Bob’s various social networks to see what his friends have asserted about that certificate (signed XML messages on friends Walls, for instance). 4. Using that information, as well as PKI chain of trust data, Bob chooses to accept and save that certificate for subsequent accesses.
Use Case 2 1. After using Gmail.com for a couple of times, Bob is pretty confident that it is the real deal, so he chooses to vouch for that certificate, and display that information on his Facebook Wall. 2. The message is in XML (for machine parsing), signed using his personal certificate, and displayed only for his select group of friends (or to the public, if he chooses so). 3. The message contains: serial and hash of Gmail certificate, date of access, level of trust assigned (negative trust is possible too).
Bonus Feature • You can also reinforce trust in your friends by signing their certificates and vouching for them; – Does this seem familiar?
Remember PGP’s “Web of Trust”? (aka the oldest social network of the Internet.)
Final Thoughts • SSL has a bunch of protocol flaws, that are being addressed: – BEAST attack (with cipher suite changes); – SSLstrip (with HSTS); – Renegotiation bug (upgrade protocol version); • But all of these flaws pale in comparison with how much the PKI trust model sucks. • To change the trust model, we need to change the paradigm.
We want to change the paradigm from this: Trust
We want to change the paradigm to this: Trust Distrust
Conclusion • SSL Trust Model is Broken. • Make it less centered on “the 1%” and more centered on “the 99%”. • Help us turn this idea into practice! Web of Trust + Social Networks = New Trust Model for the Internet
Thank you! Q&A Luis Grangeia, luis.grangeia@gmail.com Tiago Mendo, tiagomendo@gmail.com

Recommandé

Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
Luis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupEC-Council
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_cccDan Kaminsky
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 

Recommandé

Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Man vs Internet - Current challenges and future tendencies of establishing tr...
Man vs Internet - Current challenges and future tendencies of establishing tr...Luis Grangeia
 
Luis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia
 
Heartbleed && Wireless
Heartbleed && WirelessHeartbleed && Wireless
Heartbleed && WirelessLuis Grangeia
 
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure
BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure BlueHat Security Conference
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupA (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC GroupEC-Council
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_cccDan Kaminsky
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug huntingKirill Ermakov
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityPriyanka Aash
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud SecuritySBWebinars
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Clare Nelson, CISSP, CIPP-E
 
Security Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up SecuritySecurity Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up SecurityChristopher Grayson
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsLuis Grangeia
 
RSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do InfosecRSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do InfosecLuis Grangeia
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 

Contenu connexe

Tendances

Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug huntingKirill Ermakov
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityPriyanka Aash
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud SecuritySBWebinars
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Clare Nelson, CISSP, CIPP-E
 
Security Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up SecuritySecurity Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up SecurityChristopher Grayson
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloudPeter Wood
 

Tendances (19)

Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to Black
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug hunting
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defense
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
 
Security Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up SecuritySecurity Compensation - How to Invest in Start-Up Security
Security Compensation - How to Invest in Start-Up Security
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
Confidence web
Confidence webConfidence web
Confidence web
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
 
Red teaming in the cloud
Red teaming in the cloudRed teaming in the cloud
Red teaming in the cloud
 

En vedette

RSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do InfosecRSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do InfosecLuis Grangeia
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Luis Grangeia
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointLuis Grangeia
 
Confraria Security And IT - End Point Security
Confraria Security And IT - End Point SecurityConfraria Security And IT - End Point Security
Confraria Security And IT - End Point SecurityLuis Grangeia
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
 

En vedette (6)

Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
RSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do InfosecRSA, A Vaca Sagrada do Infosec
RSA, A Vaca Sagrada do Infosec
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's Standpoint
 
Confraria Security And IT - End Point Security
Confraria Security And IT - End Point SecurityConfraria Security And IT - End Point Security
Confraria Security And IT - End Point Security
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2
 

Similaire à SSL: Past, Present and Future

Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Масштабируя TLS
Масштабируя TLSМасштабируя TLS
Масштабируя TLSQrator Labs
 
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)Ontico
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Zoompf
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
[4developers2016] - Security in the era of modern applications and services (...
[4developers2016] - Security in the era of modern applications and services (...[4developers2016] - Security in the era of modern applications and services (...
[4developers2016] - Security in the era of modern applications and services (...PROIDEA
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsDavid Ochel
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 

Similaire à SSL: Past, Present and Future (20)

Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Масштабируя TLS
Масштабируя TLSМасштабируя TLS
Масштабируя TLS
 
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)Масштабируя TLS / Артём Гавриченков (Qrator Labs)
Масштабируя TLS / Артём Гавриченков (Qrator Labs)
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)Maximizing SPDY and SSL Performance (June 2014)
Maximizing SPDY and SSL Performance (June 2014)
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
State of the Web
State of the WebState of the Web
State of the Web
 
[4developers2016] - Security in the era of modern applications and services (...
[4developers2016] - Security in the era of modern applications and services (...[4developers2016] - Security in the era of modern applications and services (...
[4developers2016] - Security in the era of modern applications and services (...
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 

Dernier

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Dernier (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

SSL: Past, Present and Future

  • 1. SSL, or the Web's Pillar of Authentication and Confidentiality: Past, Present and Future Luis Grangeia, luis.grangeia@gmail.com Tiago Mendo, tiagomendo@gmail.com
  • 2. What is SSL? Once upon a time…
  • 3. History of SSL • Developed to protect communications between web browser and servers • 1st version by Netscape in 1994 • 18 years old!
  • 4. History of SSL • Followed by SSL 2.0 (1995) and SSL 3.0 (1996) • IETF standardized the protocol – SSL (Secure Sockets Layer) to TLS (Transport Layer Security) – TLS 1.0 (1999), 1.1 (2006) and 1.2 (2008) • SSL 3.0 and TLS 1.0 are equivalent in security
  • 5. History of SSL “Everybody knows SSL.TLS is more technically accurate but sounds like a cable TV network or a disease” -Brad Hill, Black Hat Briefings USA 2007
  • 6. History of SSL: the PKI • PKI – Public Key Infrastructure – Hierarchy of trust anchors: X.509 certificates issued by CAs • X.509 dates from 1988 – 23 year old model! • SSL requires X.509 certificates with a PKI
  • 7. What does SSL gives us? • Confidentiality – encrypts data in transit • Integrity – uses MACs to detect tampering • Authentication – public key cryptography to authenticate peers (X.509 certificates) • All dependent on the PKI trust model
  • 8. Examples of usage • HTTPS – Provides secure web communication • Protects credentials and content from eavesdroppers • Ensures data is not tampered
  • 9. Examples of usage • Code signing – Securely distribute software and updates
  • 10. Examples of usage • Email certificates – Secure email communications with S/MIME • Digitally signed • Encrypted
  • 11. Examples of usage • Communication tunnels – VPN • OpenVPN uses SSL extensively – stunnel • Multi-platform tool that provides SSL to peers that do not support it natively
  • 12. Examples of usage • Mutual authentication – Client authenticates itself to the server with a X.509 certificate – Common situations: • HTTPS • IM • S/MIME • VPNs
  • 14. Problems • SSL has problems – Many of them are technical problems AKA bugs – And most of them can be easily solved
  • 15. Old SSL versions • Example: SSL 2.0 – Dumb-down attack • cipher downgrade to 40 bits – Padding • Padding-length field not authenticated • Increase value -> trim messages from the end – Easily solved -> disable SSL 2.0 at client and server
  • 16. End user devices • Implementation bugs: – OS X v10.6.8 June 2011 update changelog: “An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid.This issue is mitigated as most EV certificates specify an OCSP URL.”
  • 17. End user devices • Implementation bugs: – iOS 4.3.5 July 2011 update changelog: “A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” – Translates to “I can issue any certificate I want.”
  • 18. End user devices • Even without bugs, you are missing features – Grab your pocket computer (yes, that thing that does phone calls) – Try to remove a root certificate. – Even if you can…which one do I remove?
  • 20. What about those bad certificates?
  • 21. Revocation • CRL - Certificate Revocation List – “here, have a list of bad certificates” • OCSP - Online Certificate Status Protocol – “is this certificate still good?”
  • 22. Revocation… is hard • Servers can be unreachable • Browsers ignore CRL and OCSP errors – Does this option really matter? • Browsers cache responses – For months. – So…
  • 23. Revocation – the 3rd method • Update every browser in the planet. – Release new version – Test, approve, pack – Download – Install – Close the browser – Reboot the computer • OCSP Stapling?
  • 24. Go to your homebanking Did you typed HTTPS Or HTTP?
  • 25. First hit • First hit on HTTPS sites is usually…HTTP “I 0wn you “
  • 26. First hit problems - sslstrip • s/https/http/g
  • 27. First hit solutions- HSTS • HTTP Strict Transport Security – Server defined policy that browsers must honor • “Browser, convert all requests to my domain to HTTPS”
  • 28. Certificate issuance • The “Microsoft Corporation” certificates • The “is this yours?” certificates “I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.” – one of the maintainers of Mozilla CA list • Insecure Security? Why?
  • 29. It this a SSL or PKI problem? • Seems a PKI problem – These are design and structural problems – Hard to solve • Like replacing the pillars of a bridge without collapsing
  • 30. The Trust Model of SSL today Or “what is a PKI”
  • 31. SSL: The Trust Model 1. Root Certificate Authorities (CAs) rule. 2. CAs sell certificates to entrust companies and users. 3. CAs delegate trust to other CAs for a price (so they can do the same, creating a “chain of trust”). 4. There is a validation process when they sell you a certificate.
  • 32. SSL: The Trust Model end user certificate validation (simplified) 1. Server: “this is my certificate, here is a chain of trust leading up to a root CA” 2. Client: “let’s see if any of these certificates have been revoked/expired…” (using OCSP, or checking a local CRL) 3. OK: “The story adds up, all the certificates in the chain are valid and linked to a trusted CA” Or… 4. NOT OK: “I don’t trust that CA, or some of these certificates have been revoked/expired, or the name of the certificate doesn’t match the hostname, etc.”
  • 33. Chain of trust (in principle…) Root CAs Trust Intermediate CAs Trust Certified Entities
  • 34. Chain of trust in practice
  • 35. Source: EFF Observatory • Data from 2010 • Around 650 organizations in the chain of trust of Microsoft and Mozilla • Map Key: – Hexagon: root CA trusted by Microsoft only – Diamond: root CA trusted by Mozilla only – Box : root CA trusted by both – Ellipse: subordinate CA – Black : signed 0 leaves – Violet: signed 1-10 leaves – Blue : signed 11-100 leaves – Green : signed 101-1000 leaves – Yellow: signed 1001-10000 leaves – Orange: signed 10001-100000 leaves – Red : signed 100001-1000000 leaves
  • 36.
  • 37. The Trust Model of SSL today sucks. Why?
  • 38. The security of the Internet depends on the security of “Marks & Spencer”…
  • 39. Current Trust Model Flaws • 650+ “single points of failure”: – CAs are hacked all the time, even root CAs: • Comodo, StartSSL, Diginotar – Malicious insiders – Malicious CAs selling certificates to governments – CAs are profit-driven, creating a “race to the bottom” in regards to reducing costs verifying authenticity of certificate requestors
  • 40. Next up… • DigiNotar hack aftermath; • Atacker created “forged” certificates for Google, Facebook, Twitter; • Might have sold them to Iranian government (details not clear); • Next video shows real time use of these stolen certificates (data collected using OCSP queries made to DigiNotar server).
  • 41.
  • 42. Remember, this is IRAN, people. What about: China Russia USA?
  • 43.
  • 44. Current Trust Model Flaws (2) • The Model is Monolithic – Since the list of root CAs is centrally maintained, every user is affected the same way; • It is also, Not Agile: – Hacks are very hard to recover from, especially to root CAs: Diginotar was compromised in June 2011, it is still accepted as trusted by virtually the entire world. • The Model is Money and Power driven, not user driven: – Whoever has the more money and influence, gets to choose what can be trusted (big companies, governments.)
  • 45. So, this is bad…
  • 46. …so bad in fact, that Google is already starting to work around it: “Starting with Chrome 13, we'll have HTTPS pins for most Google properties [sites].This means that certificate chains for, say, https://www.google.com, must include a whitelisted public key. It's a fatal error otherwise.” “The whitelisted public keys for Google currently include Verisign, Google Internet Authority, Equifax and GeoTrust.Thus Chrome will not accept certificates for Google properties from other CAs.” - Adam Langley, Google
  • 47. “Every man for himself.”
  • 48. The Trust Model of SSL today sucks. Now what?
  • 51. Organizations vs Individuals In general: • Organizations are evil: They only care about reputation if it brings an advantage (profit, votes, customers); • Individuals are good: We are biologically programmed to be honorable and to build a good reputation (everyone wants to be right). Would you rather trust a corporation (even a government) or your close group of friends?
  • 52. Would you like to have a choice? Right now, you don’t. Or do you?
  • 54. “Trust is not bought. It is earned.”
  • 55. “You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.” - Abraham Lincoln
  • 56. Solutions • Decentralize the Trust Model: – Trust decisions should ultimately be the result of individual user choice, not imposed. The model should provide information so that every user decides in the most informed way. • Democratize the Trust Model: – Give it the ability to take into account the trust decisions of individuals;
  • 57. Solutions: they’re on the way Alternatives already exist: • Perspectives Project: Based on academic research from Adrian Perrig (Carnegie Mellon) – http://perspectives-project.org/ • Convergence: Similar implementation by Moxie Marlinspike – http://convergence.io/
  • 58. Similar approaches • Replace CAs with notaries; • Notaries do not certify, they just validate; • A user can consult with a subset, or all the notaries; • The user can decide based on the results from notaries (accept only a unanimous decision, a majority decision, etc.)
  • 59. Network Notary Architecture Network Notaries Gmail certificate https://gmail.com
  • 60. Advantages • Can work alongside current PKI (although Convergence chooses not to); • Notaries can provide a timeline of changes of certificates; • Provide network perspective against based Man-in-the-Middle attacks (remember Iran and Diginotar).
  • 61. Problems • Notaries must be authenticated first; • No incentive for notaries to “behave”; • Does not address certificate revocation; • Privacy problems for users (notaries can look at your web browsing habits).
  • 62. We thought of a different solution.
  • 63. Premises • Do not impose a specific model – We’re going to provide the tools to help the user decide who/when to trust, the final decision can be his. This means we should be able to play well with the current PKI model or the newer notary model. • Design is user centric – User initiates trust relations and decides when to strengthen or terminate them. • Locality – As in the real world, the “closer” someone is to you, the easier for you to trust them. Use this to our advantage. • Versatility – You can use our model to trust individuals or sites/corporations
  • 64. Locality breeds trust Compare This: Process of accepting a friend request on Facebook To This: Process of issuing a SSL certificate with Verisign
  • 65. Design Decisions • Explore social presence and connections (aka “friendsourcing”): We’ll attempt to capitalize on the increasing number of social links “declared” on the Internet; • Explicit user feedback: Only share trust relations between individuals/sites if the user wants to do it (prevent privacy issues); • Use Social Networks as a transport medium: Treat them as an untrusted medium but a way to easily broadcast messages to your friend circles.
  • 66. SSL Connection Gmail certificate Bob https://gmail.com
  • 67. • “Is this certificate OK? Let’s see…” – Check my friend’s walls for references to this certificate; – Check PKI’s chain of trust and other certificate parameters; • Possible Answers: – “The chain of trust is valid. Also, 4 of your friends have visited this site recently and vouched for it” – “while there is a valid chain of trust, none of your friends seen this certificate before. Also, 2 of your friends have seen a different certificate for this site” – “There is a valid chain of trust, but 4 of your friends consider this certificate forged and do not recommend you to continue.”
  • 69. Use Case 1 1. Bob wants to access gmail.com for the first time on this computer. 2. Bob’s browser contacts gmail.com, gets the certificate. 3. Bob’s browser looks at Bob’s various social networks to see what his friends have asserted about that certificate (signed XML messages on friends Walls, for instance). 4. Using that information, as well as PKI chain of trust data, Bob chooses to accept and save that certificate for subsequent accesses.
  • 70. Use Case 2 1. After using Gmail.com for a couple of times, Bob is pretty confident that it is the real deal, so he chooses to vouch for that certificate, and display that information on his Facebook Wall. 2. The message is in XML (for machine parsing), signed using his personal certificate, and displayed only for his select group of friends (or to the public, if he chooses so). 3. The message contains: serial and hash of Gmail certificate, date of access, level of trust assigned (negative trust is possible too).
  • 71. Bonus Feature • You can also reinforce trust in your friends by signing their certificates and vouching for them; – Does this seem familiar?
  • 72. Remember PGP’s “Web of Trust”? (aka the oldest social network of the Internet.)
  • 73. Final Thoughts • SSL has a bunch of protocol flaws, that are being addressed: – BEAST attack (with cipher suite changes); – SSLstrip (with HSTS); – Renegotiation bug (upgrade protocol version); • But all of these flaws pale in comparison with how much the PKI trust model sucks. • To change the trust model, we need to change the paradigm.
  • 74. We want to change the paradigm from this: Trust
  • 75. We want to change the paradigm to this: Trust Distrust
  • 76. Conclusion • SSL Trust Model is Broken. • Make it less centered on “the 1%” and more centered on “the 99%”. • Help us turn this idea into practice! Web of Trust + Social Networks = New Trust Model for the Internet
  • 77. Thank you! Q&A Luis Grangeia, luis.grangeia@gmail.com Tiago Mendo, tiagomendo@gmail.com