Upload
venkatesh-chinta
View
234
Download
0
Embed Size (px)
Citation preview
OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability
By Venkatesh Chinta
1) SSL
2) OpenSSL
3) Digital Certificates
4) Certificate Authentication
5) Certificate Chains
6) Vulnerability in OpenSSL
7) Countermeasures
Index
SSL
What is SSL?
It is used to keep sensitive information sent across the Internet is encrypted, so that only the intended recipient can understand it.
Example:
Cipher-Suites
Key Exchange Algorithm Ex: RSA, Diffie-Hellman, ECDH and etc.
It is used to determine if and how the client and server will authenticate during the handshake.
Encryption Algorithm Ex: AES, 3DES and etc.
It is used to encrypt the data between two client and server.
Message Authentication Ex: MD5,SHA and etc.
It is used to provide integrity to data between client and server.
OpenSSL
A toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide.
Digital Certificates
Public-Key Cryptography
Scenario
Digital certificates are electronic credentials that are used to assert the online identities of individuals, computers, and other entities on a network.
Digital certificates function similarly to identification cards such as passports and drivers licenses.
Public-Key Certificate Validation Process
Windows maintains a database of CA’s1)Microsoft2)VeriSign3)Global-Signand lot of CA certificates
Microsoft Publisher
Operating System
Certificates in our Windows OS
Trust Validation
ABCRoot Certificate (Server)
ABCRoot Certificate
(Client)
Trust Established
ABCRoot Certificate (Server)
NoABC Root Certificate in Client OS
Un-trusted
Certificates in SSL
Certificate Chains
CA1
CA3
CA2
Alice
Bob
Public key of CA2
CA1
Public key of CA3
CA2
Public key of Bob
CA3
When Alice wants to check the authenticity of Bob’s public key she must verify each link in the chain:
Scenario
Vulnerability in OpenSSL
During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails.
An error in the implementation of this logic can mean that an attacker could causecertain checks on un-trusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.
The issue, which was reported to OpenSSL on June 24 , 2015 by Adam Langley and David Benjamin of Google/Boring-SSL, is known to affect versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o. It can be used to compromise any application that verifies certificates including SSL and TLS.(CVE ID: 2015-1793)
Exploit Available at: https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy
Attack Scenario
Attacker
1) Example.comCertified by Global Sign(Private Key, Public Key)
AttackerVictim
www.bank.comCertified by Global Sign(Private key, Public Key)
2) Man in the Middle Attack Launched
3) Victim tries a SSL to bank.com
4) Attacker Signs Bank Certificate using his private key
and address is example.com/cert.crt
5)Victim Checks the Certificate ,Chain validation is failed
and constructs alternative Chains
6) Alternate Chains construct new certificates based on url (retrieves attacker certificate) sent by attacker. External, Trusted Certificates also retrieved. Certificate Chain Created.
7) Session Compromised
Countermeasures
1) Update OpenSSL to latest versions
2) Verify certificates by CA flag when creating new certificates.
Thank You