concerto a methodology towards reproducible analyses of
play

concerto : A Methodology Towards Reproducible Analyses of TLS - PowerPoint PPT Presentation

Jul 13, 2023 •376 likes •679 views

concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence Tury and Nicolas Vivet ANSSI Real World Crypto January 6th 2017 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 1 / 16 SSL/TLS

  1. concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence Tury and Nicolas Vivet ANSSI Real World Crypto January 6th 2017 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 1 / 16

  2. SSL/TLS in a nutshell Client Server C l i e n t H e l l o l o e l r H v e e r S t e SSL/TLS: a security protocol providing c a f i r t i C e n e o D o l l H e e r r v ◮ server (and client) authentication S e C l i e n t K e y E x c ◮ data confidentiality and integrity h a n g e C h a n g e C i p h e r S p e c F i n i s h e d SSL/TLS is a fundamental basic block of c p e r S h e i p e C n g h a Internet security C e d s h n i F i Application Data Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 2 / 16

  3. SSL/TLS data collection Interesting criteria to study the ecosystem Client Server ◮ protocol features and cryptographic C l i e n t H e l l o capabilities o l l H e e r r v S e ◮ certificates and trust aspects e a t i c i f e r t C e o n l o D e l r H ◮ server behaviour v e e r S C l i e n t K e y E x c h a n g e C h a n g e C i p h e r S Different methodologies p e c F i n i s h e d ◮ Full IPv4 scans e c S p e r p h C i g e a n C h ◮ Domain Names scans d h e i s i n F ◮ Passive Observation Application Data Stimulus choice (version, suites, extensions) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 3 / 16

  4. concerto : motivation The tools used to produce the data for [ACSAC’12] ◮ parsifal , a home-made parser generator, to parse the answers ◮ (mostly undocumented or even not versionned) various scripts In 2015, we tried to run similar analyses on new campaigns ◮ problem: several criteria had to evolve (trust stores, weak suites) ◮ how to compare the situation now and then? ◮ how to include new, external, datasets? The concerto way, towards reproducible analyses ◮ keep the raw data and the associated metadata ◮ automate the analysis process ◮ run it from scratch when needed Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 4 / 16

  5. concerto , step by step Context preparation ◮ NSS certificate store extraction from source code ◮ metadata injection (stimuli, certificate store) Answer injection ◮ answer type analysis ◮ raw certificate extraction Certificate analysis ◮ certificate parsing ◮ building of all ⋆ possible chains Statistics production ◮ TLS parameters, certificate chain quality, server behavior Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 5 / 16

  6. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  7. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  8. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  9. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  10. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite E a ServerHello missing two bytes Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  11. Interlude: challenges with the data quality What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) ◮ sadly, this can be explained ◮ worth mentionning: some servers select the NULL ciphersuite E a ServerHello missing two bytes Our answers: ◮ parsifal , an open-source framework, to develop robust binary parsers ◮ use metadata (the used stimulus), to spot inconsistencies Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 6 / 16

  12. Evolution of TLS versions TLS hosts TLS 1.2 30 % TLS 1.1 47 % TLS 1.0 76 % 87 % SSLv3 98 % 67 % 49 % 24 % 13 % 2011 2014 2015 2015 2016 Full IPv4 TA 1M Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 7 / 16

  13. Certificate chains: theory and practice The Certificate message is specified as follows: ◮ the server certificate first ◮ each following CA cert must sign the preceding one ◮ the root CA may be ommited The reality is otherwise: ◮ unordered messages ◮ certificate repetition ◮ presence of useless certificates ◮ missing certificates (EFF calls such chains transvalid) TLS 1.3 relaxes the strict order constraint Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 8 / 16

  14. Evolution of certificate chain quality Trusted hosts RFC Compliant Unordered Transvalid 68 % 69 % 86 % 87 % 27 % 28 % 12 % 2010 2011 2014 2015 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 9 / 16

  15. Exemple of a certificate chain Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 10 / 16

  16. Challenges in the certificate chain building phase Actually, concerto does not build all possible chains, for two reasons ◮ X.509v1 certificates generated by appliances ◮ X.509v1 have no extension, so they used to be considered as CA ◮ however, we encounter too many of them in some campaigns ◮ 140,000 similar self-signed distinct certificates ◮ 20 billion signatures to check, for isolated self-signed certificates ◮ only X.509v1 trust roots are considered as CAs Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 11 / 16

  17. Challenges in the certificate chain building phase Actually, concerto does not build all possible chains, for two reasons ◮ X.509v1 certificates generated by appliances ◮ X.509v1 have no extension, so they used to be considered as CA ◮ however, we encounter too many of them in some campaigns ◮ 140,000 similar self-signed distinct certificates ◮ 20 billion signatures to check, for isolated self-signed certificates ◮ only X.509v1 trust roots are considered as CAs ◮ Crazy cross-certification ◮ there exist mutually cross-signed CAs... ◮ where each CA has emitted several distinct certificates with the same public key ◮ one way to go is to create an equivalence class of CAs ◮ the other is to limit the number of transvalid certificates Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 11 / 16

  18. Interlude: some figures about certificates RSA Key Sizes (full IPv4 scan in 2015) ◮ (TLS hosts) 384 - 16384 ◮ (Trusted hosts) 1024 - 4096 Maximum observed size of a Certificate messages (EFF data in 2010) ◮ 150 certificates ◮ including (only) one duplicate ◮ including 113 trusted roots Misc (from 2017 HTTPS TopAlexa 1M scans.io data) ◮ 9% RSA-SHA1 signatures (and 976 RSA-MD5) ◮ 5% X.509v1 certificates (and 3 X.509v4) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 12 / 16

  19. Server behaviour You can take advantage of multiple stimuli to grasp server behaviour Feature intolerance ◮ Using our IPv4 multi-stimuli campaigns (2011 and 2014) ◮ EC- and TLS 1.2-intolerance has regressed between 2011 and 2014 SSLv2 support ◮ 40% of HTTPS servers were still accepting SSLv2 in 2014 ◮ all vulnerable to DROWN attack ◮ the situation was worse in practice (SMTPS servers in particular) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 13 / 16

  20. Implementation choices, limitations and future work Current concerto design rationale ◮ store enriched data in CSV tables ◮ split data processing into simple tools ◮ avoid tools requiring a global view when possible Future work ◮ more sophisticated backends ◮ more polished statistics and report tools ◮ inclusion of other relevant data sources (e.g. revocation info, CT) Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 14 / 16

  21. Conclusion To analyse the SSL/TLS ecosystem, we need ◮ up-to-date high quality data ◮ with clean collection methodologies ◮ with associated metadata ◮ possibly using multiple stimuli ◮ methodologies and tools to allow for reproducible analyses ◮ to compare results regarding different datasets ◮ to understand trends on relatively long periods concerto is a first step to accomplish the second part ◮ parsifal and concerto v0.3 are available online ◮ there is some documentation on the GitHub repository ◮ don’t hesitate to drop a mail if you are interested in the tool Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 15 / 16

Recommend

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology Methodology Department London School of Economics and Political Science 1720 February 2020 Tools well see this week R, RStudio

2.03k views • 174 slides
SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented

SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented

SERVE Project Challenges, Data Collection Structure and Methodology Michael Bell, Presented By PJ McLoughlin 04 th October 2012 CONCERTO is co-funded by the European Commission Project Overview CONCERTO is co-funded by the European

467 views • 20 slides
Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens

Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens

Reproducible Analyses for the FCC Valentin Volkl, Tibor Simko, Lukas Heinrich, Clement Helsens Februar 8, 2019 University Innsbruck Valentin Volkl 1 Valentin Volkl 2 REANA: <reanahub.io> Presentations by Lukas Heinrich and Kyle

368 views • 4 slides
Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible

Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible

Towards Best Practices in Sociophonetics: Robust, Digital, Empirical, Reproducible Sociolinguistic Methodology Christopher Cieri, Stephanie Strassel Linguistic Data Consortium History 1963 Quantitative study of variation & change in

788 views • 51 slides
Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General

Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General

Micro Processor & Controller TMS320F28335 Concerto Concerto TMS320F28335 General Purpose I/O General Purpose I/O Features Features Module Overview (GPIO0- -GPIO27) GPIO27) Module Overview (GPIO0 GPIO Control Register

475 views • 8 slides
Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience

Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience

Introduction Corpus, Tools and Method Three analyses Conclusion Reproducible Identification of Pragmatic Universalia in CHILDES Transcripts GNU meets OpenScience Daniel Devatman Hromada 123 daniel@wizzion.com 1 Universit e Paris 8 / Lumi`

603 views • 26 slides
Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov. 17th, 2016 Reproducible Research with Stata Reproducible Analysis Overview Definition Figure 1: Reproducible

1.25k views • 42 slides
Evaluation methodology to assess the theoretical energy impact and the actual energy performance

Evaluation methodology to assess the theoretical energy impact and the actual energy performance

3rd April 2006 Helsinki, Finland Evaluation methodology to assess the theoretical energy impact and the actual energy performance for the 27 communities of the European CONCERTO initiative Olivier Pol, arsenal research ECEEE 2007 summer

109 views • 10 slides
Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d.

Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d.

In Search of Something-other-than-perfect Violin Virtuosity Maiko Kawabata Tchaikovsky Violin Concerto First movement, b. 219 Moscow: P . Jurgenson, n.d. [1888], 1st ed. Tchaikovsky Violin Concerto Autograph, First movement, b. 219

402 views • 8 slides
Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is the new paradigm Step 1: Configure Environment And more graphics should be interac@ve

329 views • 5 slides
When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software

When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software

When Grounded Theory Methodology is Not Enough Additions for Video-Based Analyses of Software Engineering Process Phenomena Franz Zieris zieris@inf.fu-berlin.de Qualitative Research in a Nutshell The Qualitative Approach: Grounded Theory

353 views • 12 slides
Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on

Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on

Pisendels annotations in the Concerto for two violins RV 507 by Vivaldi: an open window on improvisation in the work of the Red priest J AVIER L UPIEZ (Ensemble Scaramuccia, Spagna - Olanda) F ABRIZIO A MMETTO (Istituto Italiano

339 views • 19 slides
CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J.

CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J.

CONCERTO Conceptual indexing, querying and retrieval of digital documents J. McNaught , W.J. Black, F. Rinaldi, E. Bertino, A. Brasher, D. Deavin, B. Catania, D. Silvestri, B. Armani, P. Leo, A. Persidis, G. Semeraro, F. Esposito, V. Candela,

1.17k views • 40 slides
Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster

Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster

Reproducible research in practice ifgi Institute for Geoinformatics University of Mnster Edzer Pebesma Reproducible Research Workshop, UZH, Sep 13-14, 2016 1 / 23 Overview 1. Who am I? 2. What is reproducible research? What is

465 views • 25 slides
Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context

Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context

Tchaikovsky Violin Concerto in D An Introduction by Penny Backman A. Historical Cultural Context There was a turf war in Russia in the mid 19 th century. One school of thought held that Russian music must be based on the cadence of the Russian

201 views • 3 slides
Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of

Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of

Reproducible Research M ADAGASCAR Project Reproducible research in practice M ADAGASCAR software package Sergey Fomel Jackson School of Geosciences The University of Texas at Austin July 1, 2010 S. Fomel SciPy 2010 Reproducible Research M

431 views • 16 slides
Packrat: A Dependency Management System for R J.J. Allaire June 27, 2014 3/23 Reproducible

Packrat: A Dependency Management System for R J.J. Allaire June 27, 2014 3/23 Reproducible

Packrat: A Dependency Management System for R J.J. Allaire June 27, 2014 3/23 Reproducible Research Foundational as a basis for scientific claims "The goal of reproducible research is to tie specific instructions to data analysis

594 views • 21 slides
The Reproducible Computing package 07/08/09 Patrick Wessa, Ed van Stee 1 07/08/09 Patrick

The Reproducible Computing package 07/08/09 Patrick Wessa, Ed van Stee 1 07/08/09 Patrick

The Reproducible Computing package 07/08/09 Patrick Wessa, Ed van Stee 1 07/08/09 Patrick Wessa, Ed van Stee 2 Some References J. Buckheit and D. L. Donoho . Wavelab and reproducible research. In A. Antoniadis, editor, Wavelets and

968 views • 25 slides
Smartphone-based Qualitative Analyses of Social Activities During Family Time Kunchay Sahiti 1 ,

Smartphone-based Qualitative Analyses of Social Activities During Family Time Kunchay Sahiti 1 ,

About The Paper Methodology and System Design Results References Smartphone-based Qualitative Analyses of Social Activities During Family Time Kunchay Sahiti 1 , Lakshmi Manasa Kalanadhabhatta 1 , Suman Sankar Bhunia 2 , Akshit Singhal 3 ,

376 views • 18 slides
reproducible research in hydrology JAN SEIBERT & ILJA VAN MEERVELD UZH-GIUZ H2K Research

reproducible research in hydrology JAN SEIBERT & ILJA VAN MEERVELD UZH-GIUZ H2K Research

Our experiences with reproducible research in hydrology JAN SEIBERT & ILJA VAN MEERVELD UZH-GIUZ H2K Research Flow Field work for data collection 2 INNOPOOL WORKSHOP REPRODUCIBLE RESEARCH: SESSION 1 Can field measurements be

613 views • 8 slides
David Nickerson CellML Workshop 2012 Reproducible simula0on experiments with

David Nickerson CellML Workshop 2012 Reproducible simula0on experiments with

David Nickerson CellML Workshop 2012 Reproducible simula0on experiments with SED-ML 13.03.2012 Dagmar Waltemath www.sbi.uni-rostock.de The necessity for reproducible science

876 views • 23 slides
Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds What if you could always compile free software? Valerie Young (spectranaut) Linux Conf Australia 2016 Valerie Young F96E 6B8E FF5D 372F FDD1 DA43

743 views • 60 slides
A STEP TOWARD QUANTIFYING INDEPENDENTLY REPRODUCIBLE MACHINE LEARNING RESEARCH Edward Raff

A STEP TOWARD QUANTIFYING INDEPENDENTLY REPRODUCIBLE MACHINE LEARNING RESEARCH Edward Raff

A STEP TOWARD QUANTIFYING INDEPENDENTLY REPRODUCIBLE MACHINE LEARNING RESEARCH Edward Raff 12/2019, NEURAL INFORMATION PROCESSING SYSTEMS REPRODUCIBLE MACHINE LEARNING The machine learning community is rightfully putting a greater emphasis

702 views • 7 slides
Reproducible Geophysics Archiving Experiments in the M ADAGASCAR Project Sergey Fomel Jackson

Reproducible Geophysics Archiving Experiments in the M ADAGASCAR Project Sergey Fomel Jackson

Reproducible Geophysics Archiving Experiments in the M ADAGASCAR Project Sergey Fomel Jackson School of Geosciences The University of Texas at Austin May 25, 2010 Outline Computational Geophysics Reproducible Research M ADAGASCAR Project

325 views • 19 slides

More recommend