View
454
Download
1
Category
Preview:
DESCRIPTION
Understand the coding error behind Apple's #gotofail. How one line of code undermined the use of SSL/TLS to secure iOS and Mac OS X communications.
Citation preview
Inside Apple’s SSL Vulnerability
Mike Chapple
mchapple@nd.edu
@mchapple
Digital Certificates
• Digital Certificates use asymmetric cryptography to facilitate the secure exchange of public keys.
• Rely upon the use of trusted Certificate Authorities– Certificate Authorities responsible for vouching for identity of
certificate “subjects”.– Usually used for servers, can also be used by individuals.– Organization proves its identity to the CA and the CA provides a
signed certificate that can be used to prove identity to others.
• To a CA, trust is essential!
What’s in a Digital Certificate?
3
• Name of the certificate subject• Subject’s public key• Name of the CA• Serial number• Signature algorithm• Validity period• CA’s digital signature
Source: Apple Computer
Using Certificates in HTTPS
• HTTPS uses digital certificates to ensure secure web communications
• It supplements the standard HTTP protocol with SSL/TLS encryption
1. You access a secure site using your web browser
2. Your browser retrieves the site certificate and verifies it• What does a certificate error mean?
3. Your browser then chooses a symmetric key, encrypts it with the server’s public key and sends it to the server
• Why don’t they just communicate using the server’s public key?
4. Everything from that point forward is encrypted with the symmetric key
4
Apple’s Code
Source: The Guardian
The repeated “goto fail;” is the #fail
Apple’s Code
Source: The Guardian
Because it is always executed, bypassing this check
Simpler Version of the Same Flaw
Source: imperialviolet.org
Default return value set to 1
Goto bypasses attempt to change return value
Default value (1) always returned by function
Impact• Digital signatures on ephemeral keys not
verified
• Certificate itself is verified
• Link between certificate and key not checked
• Clients always trust presented ephemeral keys because the certificate checked out OK
gotofail.com
Fixes
• For iOS, upgrade to 7.0.6
• No fix yet available for OS X
• In the meantime, use Chrome for partial fix
Questions?
Mike Chapplemchapple@nd.edu
@mchapple
Recommended