create your own exercise Berkay Kozan, Jan Krol Group 202 GUESS THE CORRECT LOG – CT INSIGHTS 1
2
3
4
5
Content ⚫ TLS + Vulnerabilities ⚫ CA + Black Tulip ⚫ How Certificate Transparency Works ⚫ SCT delivering methods ⚫ Merkle Tree 6
TLS ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7
How can we be sure that we are really TLS connecting to the lab system? Certificate = public key + domain name ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7
How can we be sure that we are really TLS connecting to the lab system? Certificate = public key + domain name ⚫ Cryptographic protocol ⚫ Secures website-browser connection ⚫ Main cryptographic system that underlies all HTTPS connections 7
Vulnerabilites of SSL ⚫ Structural flaws ⚫ Vulnerabilities: Domain validation ⚫ End-to-end encryption ⚫ Chains of trust set up by certificate authorities ⚫ ⚫ CT is used to make CAs accountable 8
Security Attacks ⚫ Website spoofing ⚫ Server impersonation ⚫ Man-in-the-middle attacks. 9
Certificate Authorities ⚫ WE TRUST CAs to issue digital certificates. But should we? 10
Black Tulip YOU 11
Black Tulip YOU 11
CA handshake 12
CA handshake 12
CA handshake 12
CA handshake 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
CA handshake YOU 12
How CT Works 13
How CT Works Log Server 13
How CT Works Log Server Every new certifacte will be uploaded to the Log Server Watch for: • suspicious certificates • unauthorized certificates • unusual certificate extensions • certificates with strange permissions 13
CT logs ⚫ CT log = network service which maintains entries of SSL certificates ⚫ Logs are independent ⚫ Qualities: − Append-only − Cryptographically assured − Publicly auditable 14
CT logs ⚫ CT log = network service which maintains entries of SSL certificates thou shalt not hack – ⚫ Logs are independent RFC 69:62 ⚫ Qualities: − Append-only − Cryptographically assured − Publicly auditable 14
SCT 15
SCT Log Server 15
SCT Log Server Certificate Authority 15
SCT Log Server Certificate Submission Certificate Authority 15
SCT Log Server Certificate SCT Submission Certificate Authority 15
SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority 15
SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority Maximum Merge Delay 15 (Appending musst happen within a reasonable time frame)
SCT Promise that the cert Log Server will be appended to the log. Certificate SCT Submission Certificate Authority Maximum Merge Delay 15 (Appending musst happen within a reasonable time frame)
SCT Delivering Methods: X.509v3 Extension 16
SCT Delivering Methods: X.509v3 Extension Client (browser) 16
SCT Delivering Methods: X.509v3 Extension fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Certificate Authority fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Authority fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission (Precertificate) Certificate Authority fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com TLS handshake (SCT embedded cert) Client (browser) 16
SCT Delivering Methods: X.509v3 Extension Log Server Certificate Submission SCT (Precertificate) Certificate Authority Certificate Issuance (SSL cert w/SCT) fingernails4cash.com TLS handshake (SCT embedded cert) Client (browser) 16
Merkle Tree • Simple binary tree Merkle Tree Hash • Once an hour a log server appends all new certs Node Hash t s to its log • Consistency Proof Leaf Hash a b c d • Merkle Audit Proof Certificate c1 c2 c3 c4 17
Merkle Audit Proof t s a b c d c1 c2 c3 c4 Audit Proof 18
Learning Goals The Following Learning Goals are Covered in the Lecture PreLab Lab Students understand CT operation X X X Students understand the vulnerabilities of SSL. X X Students understand how log proof works X X Students will fetch SCTs from TLS extension and analyze it X X Students write code to do an InclusionProof that verifies X that a cert is logged based on SCT X Students write code to perform an Merkle Audit Proof 19
Teaser Practical Part Team 20
References https://upload.wikimedia.org/wikipedia/commons/thumb/2/22/Symantec_logo10.svg/20 ⚫ 00px-Symantec_logo10.svg.png https://upload.wikimedia.org/wikipedia/commons/7/7d/Comodo-Secure-DNS.jpg ⚫ https://upload.wikimedia.org/wikipedia/commons/thumb/4/48/DigiCert_logo.svg/2000p ⚫ x-DigiCert_logo.svg.png https://pixabay.com/de/jesus-christus-religion-christentum-1340401/ ⚫ https://www.certificate-transparency.org/how-ct-works ⚫ https://www.certificate-transparency.org/log-proofs-work ⚫ Microsoft Office inbuilt Pictograms ⚫ Unsplash.com (License: All photos published on Unsplash can be used for free. You ⚫ can use them for commercial and noncommercial purposes. You do not need to ask permission from or provide credit to the photographer or Unsplash, although it is appreciated when possible.) 21
Summary ⚫ TLS + Vulnerabilities ⚫ CA + Black Tulip ⚫ How Certificate Transparency Works ⚫ SCT delivering methods ⚫ Merkle Tree 22
Recommend
More recommend
