Upload
sandra-sandy-dunn
View
309
Download
0
Embed Size (px)
Citation preview
The Certificate Farce
Boise BSides 11-21-2015
SANS Master’s Student
Sandra (Sandy) DunnHP Cybersecurity
[email protected] Twitter @subzer0girl
Thank you for data & research support !
Jim Lairmore, HP Inc.Kevin Bocek, VenafiDan DeSantis, Venafi
• You live where multiple organizations can issues driver license ID’s• Some of those organizations include ones that the governments have control and
are known to be untrustworthy• Some of these organizations don’t have great processes and accidently issue IDs
to people they shouldn’t (whoops)• The ID’s are the only way you know which business or individuals you can trust
with your private and financial data • There are criminals actively trying to trick you to get your data• When you ask for an ID there is a security officer that helps you check the ID.
He warns you if the driver’s license is out of date, if the license was written with bad ink, or if the name on the license doesn’t match the name the person or business told you. You ignore him a lot… You used to try to listen, but you can’t really understand what he is telling you and he used to say “it’s not safe it’s not safe” and it was safe the driver license was just out of date. The people forgot to get a new one.
• When someone has their ID stolen or bad guys steal people’s stuff after showing them their driver’s license then their ID is revoked.
• To see if a person ID was revoked you have to ask the organization for all the driver’s licenses that they have revoked. They send you back a book the size of set of encyclopedias and that can take several days. Sometimes it’s hard to know where to ask for the books because they change the address of where to go get them. It got too hard you mostly don’t ask any more.
How confident are you that you can trust the ID’s that people use to prove their identity?
• These driver’s licenses perform another very important task for you. They help you know what food is safe to eat because unfortunately there are people actively and aggressively trying to poison you.
• When you get food there is signature on the food that is signed by the people who made it. You determine if the food is safe based on whether you trust who made the food.
• The people who want to poison you know that you trust the signature and will eat anything if it is signed by someone you trust.
• They actively try to steal the special pens used to make the signatures you trust. Some businesses know this and protect the pen and lock them up. Some businesses just leave the pen laying around.
• The truth is the people trying to poison you don’t really need to work very hard to steal pens for the special signatures.
• The people who sell the special pens that make the signatures really need to make money and they will really sell them to anyone without asking too many questions.
How confident are you that you won’t get poisoned
Alexander Litvinenko
November 1 2006, Litvinenko suddenly fell ill and was hospitalized from poisoning by radioactive polonium-210. He died November 23.
https://en.wikipedia.org/wiki/Alexander_LitvinenkoAndrey Lugovo
Do free TLS certificate make the internet more secure?
https://letsencrypt.org/
http://www.infoworld.com/article/2984243/security/the-perils-of-free-digital-certificates.html#tk.ifw-infsb
At the end of this presentation
Know where to find data that supports how
often certificate
trust is broken
Less blind trust in code
signing
Hold people and sites
accountable for out of date / self signed certificates
Align with the urgency to
manage certificates in
your environment
Know about some tools
• TLS 1.3 RFC expected in April 2016
• SHA1 no longer supported January 1, 2016
• NIST December 2015• Google December 2015• Microsoft June 2016• Mozilla July 2016
Keynote: Alex Stamos
The Moral Imperatives and Challenges for Modern Application Security https://www.youtube.com/watch?v=_xVoBA1f4gY
Coming TLS changes
Common TLS Certificates Trust Anchors• Website• Code Signing Certificates• S/MIME email encryption • Digital ID / User Identity• SSH• RDP • Business to Business Applications• VOIP• VPN• IoT
Recent Code Signing Key Compromise News
10.28.15 Google to Symantec – “You have until June to fix this or we will flag Symantec issued certificates as vulnerable”
We issued 23 test
certificates
That seems low, we don’t believe you
Ok, your right it’s 2,458
Certificates
http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/
http://techcrunch.com/2015/11/12/all-mac-store-apps-stopped-working-due-to-expired-security-certificate/#.y37x7x:xhzD
More Certificate Pain
• Komodia TLS intercept libraries
• MITM HTTPS traffic
• EFF Recommends reinstalling a fresh OS
https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted
Considering that Lenovo implemented this intentionally and the potential damage, was this a criminal act ?
Netcraft research indicates Certificate Authorities aren’t flagging domains with names that are similar to common, high traffic sites.
Universal SSL certificates (free CloudFlare certificate) accounted for 40 percent of certificates used by phishing sites.
http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html
CRL (Certificate Revocation List ) • blacklist of revoked certificates
• Often hard coded in the url• Often disabled because of
the length of time to check
OCSP (Online Certificate Status Protocol) • Improvement over CRL lists but the soft fail defeats the purpose
OCSP Stapling best option • Requires implementation by Web Server Administrator to implement
• SSLLabs.com OCSP Stapling will become a factor in your grade
TLS Certificate Revocation
And the bad guys know it doesn’t really work....
8 % of the certificates being served had been revoked
SANS Internet Storm Center
https://isc.sans.edu/crls.html?token=e01d79423885ad9aac53ab92eb75274c116b548e&startdate=2014-10-04&enddate=2015-11-03&submit=Update
OCSP Certificate Pinning
OCSP Stapling requires the website administrators to enable it on their web server
Certificate Transparency
Add a layer of visibility to domain owners for CA issued TLS certificates. an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
TACK Dynamic certificate framework. TACK requires protocol changes for both the server and the client side of any SSL transaction which has been met with a cold reception.
Convergence Instead of hard coded CA’s. Convergence configures a dynamic set of Notaries. No incentive for the notary investment
Sovereign Keys Addressed issues like the ineffectiveness of browser certificate warnings. Ended up just really replacing one remote authority with another.
DANE DNS Authentication of Named Entities a proposal based on DNSSEC to eventually replace the CA system. It is based on the idea of using the DNS hierarchy to issue SSL certs the same way that domains are managed and resolved - with few root keys & individual organizations in charge. The challenge is that countries that have little trust would be required to trust the reliability of the DANE entry.
TLS Tools
OWASP OWASP Cheat SheetsOWASP Testing tools
OWASP.org
TLSSLed TLSSLed is Linux shell script to evaluate the security of target
Kali Linux
O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers
https://www.owasp.org/index.php/O-Saft
ssldump – An SSL/TLS network protocol analyzer
It identifies TCP connections on the chosen network interface and attempts to interpret them as SSL/TLS traffic. When it identifies SSL/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
http://ssldump.sourceforge.net/
SSLyze check for web SSL/TLS and also STARTTLS for smtp, xmpp, pop3, ftp, imap, ldap and rdp
https://github.com/nabla-c0d3/sslyze
SSL Server Test Provides a grade of a sites TLS implementation
https://www.ssllabs.com/ssltest/
SSL Client Test Client TLS information https://www.ssllabs.com/ssltest/viewMyClient.html
Prevention Ideal, Detection a Must !
But you won’t see this in your logs……
Censys Shodan
Alexa Netcraft
205,477
Censys
https://www.censys.io/
This doesn’t look good …
https://sonar.labs.rapid7.com/
Project Sonar
Sonar collects SSL Certificates, Web Server responses, DNS records, and responses from common UDP services. We use this data to identify large-scale misconfigurations and vulnerabilities in consumer, enterprise, and critical infrastructure systems.
All Sonar data is provided to the public free of charge in cooperation with the University of Michigan. You can find the data at Scans.IO.
SSL/TLS Filters
Cert VersionCert BitsCert IssuerCert Subject / Cert NameCheck for known issues (Heartbleed)Cipher Bits / Protocol
Grab cert for all services27
Searches and indexes by responses to queries
https://shodanio.wordpress.com/2014/06/16/kicking-the-shodan-api-up-a-notch/
Blue+Coat+PacketShaper
• What certificates are present on a given IP?• Which client IPs access a given service?
Flying Pig – TLS Knowledge Base
https://www.circl.lu/services/passive-ssl/
http://blog.squarelemon.com/
DerbyCon TLS Fingerprinting
Lee Brotherston @synackpse
• Recognizing a TLS Fingerprint is possible by Capturing client TLS initial hello packets
• Recognize SuperFish, PrivDog, and GeniusBox clients in network traffic
“Using TLS fingerprinting we can quickly and passively determine which client is being used, and apply strategies from both the attacker and defender perspectives. These strategies allow us to achieve smarter defending and stealthier attacking” Lee Brotherston
http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html
Netcraft TLS Certificate Services
Deceptive Domain Score
analyzes the likelihood that a domain name will be used for fraudulent activities.
Phishing Alert Service
sends an alert if your site / certificate is used for a phishing scam
Urgent need to proactively manage TLS Certificate
inside and outside your firewall
Think about code signing trust
Hold people and sites accountable for out of date /
self signed certificates
Start now it’s going to get worse
Summary
OWASP https://owasp.org Cheat Sheets Key Pinning, TLS testing,
CA Security Council https://casecurity.org/ is a multi-vendor industry advocacy group created to conduct research, promote Internet security standards and educate the public on Internet security issues.
CA Browser (CAB) forum, which is a group that includes both CAs and web browser vendors.
https://cabforum.org/ Voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications industry guidelines governing the issuance and management of X.509 v.3 digital certificates.
Online Trust Alliance https://otalliance.org/resources/SSL/CABestPractices.html
European Telecommunications Standards Institute (ETSI)
www.etsi.org independent, not-for-profit, standardization organization in the telecommunications industry) in Europe
W3C http://www.w3.org/2001/tag/doc/web-https TAG’s position on securing the Web through the use of cryptography, identifies some of the associated issues, and recommends further work to aid in its use.
Its primary audience is W3C participants
Title Link
PKI Trust Models: Whom Do You Trust https://www.sans.org/reading-room/whitepapers/vpns/pki-trust-models-trust-36112
Digital Certificate Revocation https://www.sans.org/reading-room/whitepapers/certificates/digital-certificate-revocation-35292
Building and Managing a PKI Solution for Small and Medium Size Business https://www.sans.org/reading-room/whitepapers/certificates/building-managing-pki-solution-small-medium-size-business-34445
SSl/TLS: What’s Under the Hood https://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-hood-34297
Windows Enforcement of Authenticode Code Signing and Timestamping http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx
The Scary and Terrible Code Signing Problem You Don’t Know You Have https://www.sans.org/reading-room/whitepapers/certificates/scary-terrible-code-signing-problem-don-039-t-36382
The Business Case For TLS Certificate Enterprise Key Management https://www.sans.org/reading-room/whitepapers/critical/business-case-tls-certificate-enterprise-key-management-web-site-certificates-wrangling-36392
http://wiki.cacert.org/Risk/History
History of Certificate Risks & Threats
More Fear Uncertainty and Doubt
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
We’ve focused on browser based TLS, there are many other applications that rely on TLS libraries and have validation challenges.
More Work To do
https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf
BGP HijackingThe problem is: the encryption is backed by SSL/TLS PKI
Sniffly
Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome
https://github.com/diracdeltas/sniffly
Highly classified decryption program run by the NSA
The British signals intelligence agency GCHQ has a similar program codenamed Edgehill.
http://www.spiegel.de/media/media-35531.pdf
Bullrun