C LOUD S TRIFE Mitigating the Security Risks of Domain-Validated Certificates Kevin Borgolte kevinbo@cs.ucsb.edu Tobias Fiebig t.fiebig@tude l ft.n l Shuang Hao shao@utda ll as.edu Christopher Kruegel chris@cs.ucsb.edu Giovanni Vigna vigna@cs.ucsb.edu Applied Networking Research Workshop (ANRW 2018) / IETF 102
S TALE DNS R ECORDS AND IP A DDRESS R E -U SE c l oudstrife.sec l ab.cs.ucsb.edu 34.215.255.68 • How to migrate DNS gracefully? • When to release 34.215.255.68 ? TTL? Longer? • What about failure and automatic scaling? Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 3
D OMAIN -V ALIDATED C ERTIFICATES • Standard TLS certificate • Trusted by major browsers and operating systems • Credited for the rise in HTTPS adoption • Cheap or free Top SSL Issuers • No identity verification Let’s Encrypt Comodo GeoTrust via https://nettrack.info/ssl_certificate_issuers.html Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 4
HTTP-B ASED D OMAIN -V ALIDATION Request certificate Request certificate Request certificate Request certificate 1 1 1 1 Respond with challenge Respond with challenge Respond with challenge 2 2 2 Client Client Client Client Client Host challenge Host challenge 3 3 ACME ACME ACME ACME Verify challenge at http://example.com at http://example.com CA CA CA CA 4 example.com example.com Webserver Webserver If you control the host behind the domain, then you can prove domain ownership successfully. Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) 5 �
I MPACT ? • Trusted TLS certificates (MitM) • Malicious and remote code loading • Subdomain attacks • Email (no MX = A record) • Spam & phishing (residual trust) Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 6
S CALE ? • How many active domains point to free IPs? • Looking at cloud IP address (AWS, Azure) • 1.6 million unique IPs, 14 million allocations • 130 million unique domains Time Between Reoccurence (Seconds) log 2weeks 1week • >700,000 domains can be 1day taken over within minutes by attacker 1hour 1min 10sec ap-northeast-1 ap-northeast-2 ap-south-1 ap-southeast-1 ap-southeast-2 ca-central-1 eu-central-1 eu-west-1 eu-west-2 sa-east-1 us-east-1 us-east-2 us-west-1 us-west-2 Availability Zone Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) 7 �
C LOUD S TRIFE • Assume takeovers can and will happen in the future • Major changes to DNS or deployment impractical • Aim to prevent attacks higher up • Focus on TLS services • Leverage existing standards when possible Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 8
M ITIGATING T AKEOVER A TTACKS • HTTP • HTTP , simple idea: , simple idea: • HTTPS with trusted certificates domain-validated certificates • HTTPS with trusted certificates • HTTP Strict Transport Security • HTTP Strict Transport Security • HTTP Public Key Pinning • HTTP Public Key Pinning deprecated since Chrome 67 Takeover attacks now require pinned certificate. Reduces takeover attacks to denial of service attacks. Doesn’t work for SMTP etc. though Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) 9 �
M ITIGATING T AKEOVER A TTACKS • HTTP , better idea: • HTTPS with trusted certificates • Prevent certificate issuance for domains (likely) taken over • HTTP Strict Transport Security No trusted certificate = also works for SMTP etc. How do you prevent certificate issuance? Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 10
C ERTIFICATE T RANSPARENCY L OGS • Public append-only log for issued certificates • Monitor for suspicious certificates • Real-time(ish) audit trail In itself: • Reactive: attacker’s window of opportunity remains • Must be actively monitored (by domain owners) Can be used for historic lookups Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 11
P REVENTIVE HTTP-B ASED D OMAIN -V ALIDATION Check for existing Check for existing Check for existing Check for existing Request certificate Request certificate Request certificate Request certificate Request certificate 1 1 1 1 1 2 2 2 2 certificates certificates certificates certificates Respond with challenge Respond with challenge Respond with challenge 3 3 3 Verify challenge and CT CT CT CT Client Client Client Client Client Client Host challenge Host challenge 4 4 ACME ACME ACME ACME ACME existing certificate Logs Logs Logs Logs at https://example.com at https://example.com CA CA CA CA CA 5 example.com example.com Webserver Webserver 1 2 If an old certificate was found, require it to be current HTTPS certificate. Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) 12 �
C LOUD S TRIFE • Prevents TLS certificates to be issued for takeovers • No certificate = takeover attacks less useful (= DoS) • Drawbacks for users only for disaster recovery • Re-bootstrap chain of trust • ACME validation challenge draft next? Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) � 13
Thank you! Questions? seclab kevinbo@cs.ucsb.edu https://kevin.borgo l te.me twitter: @caovc THE COMPUTER SECURITY GROUP AT UC SANTA BARBARA
Recommend
More recommend