killed by proxy analyzing client end tls interception
play

Killed by Proxy: Analyzing Client-end TLS Interception Software - PowerPoint PPT Presentation

Mar 10, 2023 •16 likes •456 views

NDSS 2016 Presentation, Feb. 22, 2016 Killed by Proxy: Analyzing Client-end TLS Interception Software Xavier de Carn de Carnavalet Mohammad Mannan Madiba Security Research Group at Concordia University, Montreal, Canada X. de Carn de

  1. NDSS 2016 Presentation, Feb. 22, 2016 Killed by Proxy: Analyzing Client-end TLS Interception Software Xavier de Carné de Carnavalet Mohammad Mannan Madiba Security Research Group at Concordia University, Montreal, Canada X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 1 / 24

  2. What is this talk about? Strong movement by browsers to improve secure connections TLS 1.3 soon? Reports about tools undermining this effort, e.g., SuperFish What about antiviruses? Parental control applications? X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 2 / 24

  3. � � How to intercept/filter TLS traffic? Regular server-authenticated TLS connection: TLS 1.2 Client trusts or one of its issuers X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 3 / 24

  4. � � How to intercept/filter TLS traffic? Intercepted TLS connection by client-end proxy: � � TLS 1.2 TLS 1.0 Client trusts but, where is the private key? X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 4 / 24

  5. � � How to intercept/filter TLS traffic? Intercepted TLS connection by client-end proxy: client-end � � TLS 1.2 TLS 1.0 Client trusts but, where is the private key? Same system! X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 4 / 24

  6. Network appliance vs. client-end software (1/2) TLS filtering by network appliance: Not new, in enterprises 1 Appliances found to be vulnerable by Dell SecureWorks (2012) and 2 CMU CERT (2015) List of “common mistakes” 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 5 / 24

  7. Network appliance vs. client-end software (2/2) TLS filtering by client-end software: Relatively new, e.g., advertisement products 1 Scandal early 2015 because of SuperFish/PrivDog/Komodia 2 Problems: root certificate reuse, no site certificate validation 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 6 / 24

  8. Motivations Antivirus and parental control apps filter TLS connections, 1 shown to be significant Existing TLS test suites not adapted for these proxies 2 Bigger attack surface 3 Pre-installed by OEMs ⇒ millions of users 4 Antivirus = more security? 5 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 7 / 24

  9. Cannot just uninstall antiviruses Banks sometimes require antiviruses: X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 8 / 24

  10. Contributions X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 9 / 24

  11. Contributions Design a general hybrid framework: adapt existing + custom tests 1 Private key protection 1 Certificate validation 2 Cipher suites & protocols 3 Transparency 4 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 9 / 24

  12. Contributions Design a general hybrid framework: adapt existing + custom tests 1 Private key protection 1 Certificate validation 2 Cipher suites & protocols 3 Transparency 4 Review 14 {AntiVirus + Parental Control} apps for Windows 2 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 9 / 24

  13. Contributions Design a general hybrid framework: adapt existing + custom tests 1 Private key protection 1 Certificate validation 2 Cipher suites & protocols 3 Transparency 4 Review 14 {AntiVirus + Parental Control} apps for Windows 2 Found —sometimes major— flaws in all 14 products 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 9 / 24

  14. Analysis Initial list from Wikipedia, AV-comparatives.org, other ad-hoc 1 comparatives: 55 products 14 products, 12 proxies 2 Analyzed in March and August 2015: up to 2 versions/product 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 10 / 24

  15. Framework X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 11 / 24

  16. Threat model Attacker is an active Man-in-the-Middle (MitM). Motivations: Impersonate the server to the client Extract authentication cookies Two types of attacks: Generic MitM: no additional per-user effort 1 Targeted MitM: can launch unprivileged code on the target 2 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 12 / 24

  17. (1/4) Root certificate and private key X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  18. (1/4) Root certificate and private key Is the root certificate install-time generated or pre-generated? 1 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  19. (1/4) Root certificate and private key Is the root certificate install-time generated or pre-generated? 1 Imported in the OS/browser trusted stores? 2 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  20. (1/4) Root certificate and private key Is the root certificate install-time generated or pre-generated? 1 Imported in the OS/browser trusted stores? 2 Period of validity? Removed upon uninstallation? 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  21. (1/4) Root certificate and private key Is the root certificate install-time generated or pre-generated? 1 Imported in the OS/browser trusted stores? 2 Period of validity? Removed upon uninstallation? 3 Where/how is the private key stored? 4 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  22. (1/4) Root certificate and private key Is the root certificate install-time generated or pre-generated? 1 Imported in the OS/browser trusted stores? 2 Period of validity? Removed upon uninstallation? 3 Where/how is the private key stored? 4 Does the proxy accept site certificates signed by its own root cert? 5 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 13 / 24

  23. (2/4) Site certificate validation X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  24. (2/4) Site certificate validation Tests with a corpus of “tricky” certificates 1 9 invalid certificates/broken chain of trust MD5, SHA1, RSA512, RSA1024 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  25. (2/4) Site certificate validation Tests with a corpus of “tricky” certificates 1 9 invalid certificates/broken chain of trust MD5, SHA1, RSA512, RSA1024 How are errors propagated? 2 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  26. (2/4) Site certificate validation Tests with a corpus of “tricky” certificates 1 9 invalid certificates/broken chain of trust MD5, SHA1, RSA512, RSA1024 How are errors propagated? 2 How to make the proxy trust our test root certificate? 3 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  27. (2/4) Site certificate validation Tests with a corpus of “tricky” certificates 1 9 invalid certificates/broken chain of trust MD5, SHA1, RSA512, RSA1024 How are errors propagated? 2 How to make the proxy trust our test root certificate? 3 Which CAs does the proxy trust? OS or custom trusted store? 4 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  28. (2/4) Site certificate validation Tests with a corpus of “tricky” certificates 1 9 invalid certificates/broken chain of trust MD5, SHA1, RSA512, RSA1024 How are errors propagated? 2 How to make the proxy trust our test root certificate? 3 Which CAs does the proxy trust? OS or custom trusted store? 4 Used some network tricks to avoid caching of certificate 5 Other proposals can extend our tests (e.g., Frankencert) X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 14 / 24

  29. (3/4) Protocol, cipher suites and attacks X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 15 / 24

  30. (3/4) Protocol, cipher suites and attacks Are all domains filtered? All clients (browsers)? All ports? 1 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 15 / 24

  31. (3/4) Protocol, cipher suites and attacks Are all domains filtered? All clients (browsers)? All ports? 1 What library is the proxy using? 2 X. de Carné de Carnavalet NDSS’16 — Killed by Proxy: Analyzing Client-end TLS Interception Software 15 / 24

Recommend

System Structuring with Threads Example: A Transcoding Web Proxy Appliance Proxy clients

System Structuring with Threads Example: A Transcoding Web Proxy Appliance Proxy clients

System Structuring with Threads Example: A Transcoding Web Proxy Appliance Proxy clients Interposed between Web (HTTP) clients and servers. Masquerade as (represent) the server to the client. Masquerade as (represent) the client to the

617 views • 14 slides
Web kuohh Computer Center, CS, NCTU Outline Web hosting Basics Client-Server

Web kuohh Computer Center, CS, NCTU Outline Web hosting Basics Client-Server

Web kuohh Computer Center, CS, NCTU Outline Web hosting Basics Client-Server architecture HTTP protocol Static vs. dynamic pages Virtual hosts Proxy Forward proxy Reverse proxy 2 Computer Center, CS, NCTU

781 views • 34 slides
Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing Delays at Server Cache Content Locally at client Updates? Cache Content at proxies Proxy Server Client Proxy Server Content Server Proxy

781 views • 14 slides
Oscar Lizardi 943 casualties (221 killed, 722 wounded) 13 law enforcement killed 20 law

Oscar Lizardi 943 casualties (221 killed, 722 wounded) 13 law enforcement killed 20 law

Preparation is the key to success Oscar Lizardi 943 casualties (221 killed, 722 wounded) 13 law enforcement killed 20 law enforcement wounded 20 mass killings 50 shooters 13 committed suicide 11 killed by

427 views • 27 slides
Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net

Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net

Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net http://www.wormulon.net/ Agenda What is Lawful Interception (LI)? Terms, Laws Lawful Interception in PSTN networks Lawful Interception

658 views • 27 slides
I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing Anton Belka, antonbelka@gmail.com GUADEC 2013 The TM Conference GUADEC Proxy editing What is proxy editing? Proxy editing is the ability to

1.75k views • 143 slides
Generic Library Interception Generic Library Interception for Improved Performance Measurement

Generic Library Interception Generic Library Interception for Improved Performance Measurement

Generic Library Interception Generic Library Interception for Improved Performance Measurement for Improved Performance Measurement and Insight and Insight Ronny Brendel, Bert Wesarg, Ronny Tschter, Matthias Weber, Thomas Ilsche, Sebastian

419 views • 13 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
TRAINING PROGRAMME Lawful Interception & Data Retention ETSI/TC LI Lawful Interception

TRAINING PROGRAMME Lawful Interception & Data Retention ETSI/TC LI Lawful Interception

Statements on Standardisation (handover interface) Without standardisation each Service Provider can define its own mechanism / format for the delivery of the data (LI and/or DR) to the Monitoring Facility Without standardisation the

684 views • 57 slides
C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS

C# Design Patterns: Proxy APPLYING THE PROXY PATTERN Steve Smith FORCE MULTIPLIER FOR DEV TEAMS @ardalis | ardalis.com | weeklydevtips.com t h s What problems does proxy solve? Objectives How is the proxy pattern structured? Apply the

779 views • 23 slides
A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

Motivation Most client-server applications on the Internet A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores / banking for WWW Credentials web-based e-mail virtual market places,

69 views • 5 slides
and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell SecureWorks About this talk

and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell SecureWorks About this talk

SSL Interception Proxies and Transitive Trust Jeff Jarmoc Sr. Security Researcher Dell SecureWorks About this talk History & brief overview of SSL/TLS Interception proxies How and Why Risks introduced by interception

744 views • 36 slides
A Study of Prefix Hijacking and Interception in the internet Hitesh Ballani, Paul Francis,

A Study of Prefix Hijacking and Interception in the internet Hitesh Ballani, Paul Francis,

A Study of Prefix Hijacking and Interception in the internet Hitesh Ballani, Paul Francis, Xinyang Zhang Presented by: Tony Z.C Huang, Adapted from slides by Hitesh Ballani Prefix Hijacking/ Interception Internet AS CIA AS U Owning

873 views • 38 slides
Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre

Web Application Proxy (WAP) Remote Access Gateway Proxy for Web Applications 1 If youre WAPpy and you know it. UAG ? WAP ? eGov ? 2 Topics This Why the County invested in WAP presentation will share: Capabilities

427 views • 20 slides
January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here.

January 29, 2018 Proxy Statements under Maryland Law 2018 The 2018 proxy season is here. Based on our experience reviewing proxy statements for Maryland public companies, we would like to call your attention to certain matters of Maryland

272 views • 12 slides
Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client Client Client Client Client Client Client Google Client Client Client Client Client Client Many clients; 1 server Server starts and then

333 views • 6 slides
Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14

Entwurfsmuster und Frameworks Proxy Oliver Haase Oliver Haase Emfra Proxy 1/14 Description I Classification : Object-based structural pattern Also known as : Surrogate Purpose : Control access to a subject through

435 views • 14 slides
The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for

The Squid caching proxy Chris Wichura caw@cawtech.com What is Squid? A caching proxy for HTTP, HTTPS (tunnel only) FTP Gopher WAIS (requires additional software) WHOIS (Squid version 2 only) Supports transparent

592 views • 35 slides
MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is MySQL Proxy Started Feb 2007 Current: MySQL Proxy 0.7.0 Source available on launchpad.net $ bzr branch lp:mysql-proxy Foundation of

308 views • 17 slides
Analyzing Information Flow in JSEs Nick Taylor David

Analyzing Information Flow in JSEs Nick Taylor David

Analyzing Information Flow in JSEs Nick Taylor David Erichsen Introduction: JavaScript Dynamic computer programming language Generally used by client

609 views • 28 slides
Varnish A caching reverse proxy Liip AG, 25.8.2011, Stefan Paschke & David Buchmann

Varnish A caching reverse proxy Liip AG, 25.8.2011, Stefan Paschke & David Buchmann

Varnish A caching reverse proxy Liip AG, 25.8.2011, Stefan Paschke & David Buchmann Thursday, August 25, 2011 What is a reverse proxy again? Client Varnish Webserver Cache miss Cache hit Thursday, August 25, 2011 Configure Varnish:

544 views • 26 slides
GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument

GLM Proxy Data Monte Bateman Proxy Data Creator Introduction GLM is an optical instrument Closest analog is LIS LIS is LEO; has a limited time on station for a particular storm Have several ground-based, 24x7 networks;

133 views • 10 slides
DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011

DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011

powered by DNS(SEC) client analysis assisted by Bart Gijsen (TNO) DNS-OARC, San Francisco, March 2011 Overview DNS traffic analysis CLIENT [8], [9] Resolver [7] (DNS proxy) Authoritative Authoritative Applic. Root DNS ) Root

568 views • 20 slides
The Security Impact of HTTPS Interception NDSS 17 Z. Durumeric, Z. Ma, D. Springall, R.

The Security Impact of HTTPS Interception NDSS 17 Z. Durumeric, Z. Ma, D. Springall, R.

The Security Impact of HTTPS Interception NDSS 17 Z. Durumeric, Z. Ma, D. Springall, R. Barnes, N. Sullivan, E. Bursztein, M. Bailey, J. Alex Halderman, V. Paxson ! G R S N Presented by: Sanjeev Reddy o g Some Background How to TLS

696 views • 37 slides

More recommend