certificate transparency logs in practice
play

Certificate Transparency Logs in Practice Josef Gustafsson, Linkping - PowerPoint PPT Presentation

A First Look at the CT Landscape: Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier, Linkping University Martin Arlitt, University of Calgary, Canada Niklas Carlsson, Linkping University Proc. PAM


  1. A First Look at the CT Landscape: Certificate Transparency Logs in Practice Josef Gustafsson, Linköping University Gustaf Overier, Linköping University Martin Arlitt, University of Calgary, Canada Niklas Carlsson, Linköping University Proc. PAM , Sydney, Australia, Mar. 2017

  2. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) E.g., HTTPS does HTTP over TLS

  3. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  4. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  5. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) User need to trust FB’s public key is FBs E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  6. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) User need to trust FB’s public key is FB’s E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  7. Motivation and high-level problem • Private and confidential communication important • Billions of devices • Millions of services • Certification Authorities (CAs) issue certificates • Proof of identity (signed with their private key) E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  8. Motivation and high-level problem • If CAs in our trust (root) store (e.g., Symantec/ Verisign) tells us that a public key belongs to Google, our browsers (and us) trust that this is the case E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  9. Motivation and high-level problem • If CAs in our trust (root) store (e.g., Symantec/ Verisign) tells us that a public key belongs to Google, our browsers (and us) trust that this is the case This is Google’s public key … Trusted CA E.g., HTTPS does HTTP over TLS User need to trust Google’s public key is Google’s

  10. Motivation and high-level problem • However, mistakes happen ... • E.g., in Oct. 2015, Google discovered (using CT) that Symantec had issued test certificates for 76 domains that they did not own (including Google domains) and another 2,458 unregistered domains … This is Google’s public key … Symantec (Trusted CA) E.g., HTTPS does HTTP over TLS Some server User need to trust Google’s public key is Google’s

  11. CT: Emerging trust-monitoring solution • Since then, Google has demanded that Symantec logs all their certificates in public (append-only) CT logs • Since Jan. 2015, the Chrome browser requires all EV certificates be logged in 1 Google log and 1 other log • Mozilla planning to make similar demands • Both Chrome and Mozilla expected policies to DV certificates too …

  12. CT: Emerging trust-monitoring solution • Since then, Google has demanded that Symantec logs all their certificates in public (append-only) CT logs • Since Jan. 2015, the Chrome browser requires all EV certificates be logged in 1 Google log and 1 other log • Mozilla planning to make similar demands • Both Chrome and Mozilla expected policies to DV certificates too … • In this paper, we present the first large-scale characterization of the CT landscape

  13. Certification of public keys

  14. Certification of public keys

  15. Certification of public keys Server Browser

  16. Certification of public keys • Browsers have trust stores with root certs (of CAs) R CA Server Browser R

  17. Certification of public keys • Browsers have trust stores with root certs (of CAs) R R CA CA Server Browser R R

  18. Certification of public keys • Browsers have trust stores with root certs (of CAs) R CA Server Browser R

  19. Certification of public keys • Browsers have trust stores with root certs (of CAs) • CAs use private key to sign certs for servers/domains • Certs are proof that public key belongs to server/domain L CA Server Browser L R

  20. Certification of public keys • Browsers have trust stores with root certs (of CAs) • CAs use private key to sign certs for servers/domains • Certs are proof that public key belongs to server/domain • Signature of certs can be validated using keys in root store CA Server Browser L L R

  21. Certification of public keys • Browsers have trust stores with root certs (of CAs) • CAs use private key to sign certs for servers/domains • Certs are proof that public key belongs to server/domain • Signature of certs can be validated using keys in root store R L CA Server Browser L L R

  22. Certification of public keys This is server X’s public key, signed with private key of CA Trust store include CA’s root cert (and public key) R L CA Server Browser L L R

  23. Certification of public keys • Browsers have trust stores with root certs (of CAs) • CAs use private key to sign certs for servers/domains • Certs are proof that public key belongs to server/domain • Signature of certs can be validated using keys in root store • In practice, many • Many CAs, servers • Varying trust+security

  24. Certification of public keys • Browsers have trust stores with root certs (of CAs) • CAs use private key to sign certs for servers/domains • Certs are proof that public key belongs to server/domain • Signature of certs can be validated using keys in root store • In practice, many • Many CAs, servers • Varying trust+security • Trust can be undermined • Human error • Intentional fraud • Compromised CAs • …

  25. Trust landscape • Delegation of trust to intermediates (Ii) • Browsers trust that the servers that can present certs (Li) that map to (trusted) root certs are who they claim to be • Impersonation • Any trusted CA (Ri) or intermediate (Ii) can issue rogue certs • Very difficult to know all certs issued in ones name

  26. Certification Transparency (CT) CA CA CA R L CA CA CA R CA L CA CA CA CA CA CA Browser L CA CA CA R R R CA CA L CA R R Server

  27. Certification Transparency (CT)

  28. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  29. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  30. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  31. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  32. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  33. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  34. Certification Transparency (CT) Log Log Log Log Log Log Log Log Log Monitor Auditor Log • Logs • Public record of certs L S • Append only (Merkle trees) • Servers get SCTs S • SCTs proof cert is logged • Monitors • Assert log content • Auditors S • Assert log behavior

  35. Methodology

  36. Methodology • Created CT monitor Log Monitor Log Log • Monitored all public logs Log • 3 Google L • 7 CA-based S • Plausible (NORDUnet) • Campus measurements S • All HTTPS sessions for a week • 232 million HTTPS sessions S

Recommend


More recommend