The Certificate Farce

Boise BSides 11-21-2015

SANS Master’s Student

Sandra (Sandy) DunnHP Cybersecurity

subzer0girl@gmail.com Twitter @subzer0girl

Thank you for data & research support !

Jim Lairmore, HP Inc.Kevin Bocek, VenafiDan DeSantis, Venafi

• You live where multiple organizations can issues driver license ID’s• Some of those organizations include ones that the governments have control and

are known to be untrustworthy• Some of these organizations don’t have great processes and accidently issue IDs

to people they shouldn’t (whoops)• The ID’s are the only way you know which business or individuals you can trust

with your private and financial data • There are criminals actively trying to trick you to get your data• When you ask for an ID there is a security officer that helps you check the ID.

He warns you if the driver’s license is out of date, if the license was written with bad ink, or if the name on the license doesn’t match the name the person or business told you. You ignore him a lot… You used to try to listen, but you can’t really understand what he is telling you and he used to say “it’s not safe it’s not safe” and it was safe the driver license was just out of date. The people forgot to get a new one.

• When someone has their ID stolen or bad guys steal people’s stuff after showing them their driver’s license then their ID is revoked.

• To see if a person ID was revoked you have to ask the organization for all the driver’s licenses that they have revoked. They send you back a book the size of set of encyclopedias and that can take several days. Sometimes it’s hard to know where to ask for the books because they change the address of where to go get them. It got too hard you mostly don’t ask any more.

How confident are you that you can trust the ID’s that people use to prove their identity?

• These driver’s licenses perform another very important task for you. They help you know what food is safe to eat because unfortunately there are people actively and aggressively trying to poison you.

• When you get food there is signature on the food that is signed by the people who made it. You determine if the food is safe based on whether you trust who made the food.

• The people who want to poison you know that you trust the signature and will eat anything if it is signed by someone you trust.

• They actively try to steal the special pens used to make the signatures you trust. Some businesses know this and protect the pen and lock them up. Some businesses just leave the pen laying around.

• The truth is the people trying to poison you don’t really need to work very hard to steal pens for the special signatures.

• The people who sell the special pens that make the signatures really need to make money and they will really sell them to anyone without asking too many questions.

How confident are you that you won’t get poisoned

Alexander Litvinenko

November 1 2006, Litvinenko suddenly fell ill and was hospitalized from poisoning by radioactive polonium-210. He died November 23.

https://en.wikipedia.org/wiki/Alexander_LitvinenkoAndrey Lugovo

Do free TLS certificate make the internet more secure?

https://letsencrypt.org/

http://www.infoworld.com/article/2984243/security/the-perils-of-free-digital-certificates.html#tk.ifw-infsb

At the end of this presentation

Know where to find data that supports how

often certificate

trust is broken

Less blind trust in code

signing

Hold people and sites

accountable for out of date / self signed certificates

Align with the urgency to

manage certificates in

your environment

Know about some tools

• TLS 1.3 RFC expected in April 2016

• SHA1 no longer supported January 1, 2016

• NIST December 2015• Google December 2015• Microsoft June 2016• Mozilla July 2016

Keynote: Alex Stamos

The Moral Imperatives and Challenges for Modern Application Security https://www.youtube.com/watch?v=_xVoBA1f4gY

Coming TLS changes

Common TLS Certificates Trust Anchors• Website• Code Signing Certificates• S/MIME email encryption • Digital ID / User Identity• SSH• RDP • Business to Business Applications• VOIP• VPN• IoT

Recent Code Signing Key Compromise News

10.28.15 Google to Symantec – “You have until June to fix this or we will flag Symantec issued certificates as vulnerable”

We issued 23 test

certificates

That seems low, we don’t believe you

Ok, your right it’s 2,458

Certificates

http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/

http://techcrunch.com/2015/11/12/all-mac-store-apps-stopped-working-due-to-expired-security-certificate/#.y37x7x:xhzD

More Certificate Pain

• Komodia TLS intercept libraries

• MITM HTTPS traffic

• EFF Recommends reinstalling a fresh OS

https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted

Considering that Lenovo implemented this intentionally and the potential damage, was this a criminal act ?

Netcraft research indicates Certificate Authorities aren’t flagging domains with names that are similar to common, high traffic sites.

Universal SSL certificates (free CloudFlare certificate) accounted for 40 percent of certificates used by phishing sites.

http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html

CRL (Certificate Revocation List ) • blacklist of revoked certificates

• Often hard coded in the url• Often disabled because of

the length of time to check

OCSP (Online Certificate Status Protocol) • Improvement over CRL lists but the soft fail defeats the purpose

OCSP Stapling best option • Requires implementation by Web Server Administrator to implement

• SSLLabs.com OCSP Stapling will become a factor in your grade

TLS Certificate Revocation

And the bad guys know it doesn’t really work....

8 % of the certificates being served had been revoked

SANS Internet Storm Center

https://isc.sans.edu/crls.html?token=e01d79423885ad9aac53ab92eb75274c116b548e&startdate=2014-10-04&enddate=2015-11-03&submit=Update

OCSP Certificate Pinning

OCSP Stapling requires the website administrators to enable it on their web server

Certificate Transparency

Add a layer of visibility to domain owners for CA issued TLS certificates. an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.

TACK Dynamic certificate framework. TACK requires protocol changes for both the server and the client side of any SSL transaction which has been met with a cold reception.

Convergence Instead of hard coded CA’s. Convergence configures a dynamic set of Notaries. No incentive for the notary investment

Sovereign Keys Addressed issues like the ineffectiveness of browser certificate warnings. Ended up just really replacing one remote authority with another.

DANE DNS Authentication of Named Entities a proposal based on DNSSEC to eventually replace the CA system. It is based on the idea of using the DNS hierarchy to issue SSL certs the same way that domains are managed and resolved - with few root keys & individual organizations in charge. The challenge is that countries that have little trust would be required to trust the reliability of the DANE entry.

TLS Tools

OWASP OWASP Cheat SheetsOWASP Testing tools

OWASP.org

TLSSLed TLSSLed is Linux shell script to evaluate the security of target

Kali Linux

O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers

https://www.owasp.org/index.php/O-Saft

ssldump – An SSL/TLS network protocol analyzer

It identifies TCP connections on the chosen network interface and attempts to interpret them as SSL/TLS traffic. When it identifies SSL/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.

http://ssldump.sourceforge.net/

SSLyze check for web SSL/TLS and also STARTTLS for smtp, xmpp, pop3, ftp, imap, ldap and rdp

https://github.com/nabla-c0d3/sslyze

SSL Server Test Provides a grade of a sites TLS implementation

https://www.ssllabs.com/ssltest/

SSL Client Test Client TLS information https://www.ssllabs.com/ssltest/viewMyClient.html

Prevention Ideal, Detection a Must !

But you won’t see this in your logs……

Censys Shodan

Alexa Netcraft

205,477

Censys

https://www.censys.io/

This doesn’t look good …

https://sonar.labs.rapid7.com/

Project Sonar

Sonar collects SSL Certificates, Web Server responses, DNS records, and responses from common UDP services. We use this data to identify large-scale misconfigurations and vulnerabilities in consumer, enterprise, and critical infrastructure systems.

All Sonar data is provided to the public free of charge in cooperation with the University of Michigan. You can find the data at Scans.IO.

SSL/TLS Filters

Cert VersionCert BitsCert IssuerCert Subject / Cert NameCheck for known issues (Heartbleed)Cipher Bits / Protocol

Grab cert for all services27

Searches and indexes by responses to queries

https://shodanio.wordpress.com/2014/06/16/kicking-the-shodan-api-up-a-notch/

Blue+Coat+PacketShaper

• What certificates are present on a given IP?• Which client IPs access a given service?

Flying Pig – TLS Knowledge Base

https://www.circl.lu/services/passive-ssl/

http://blog.squarelemon.com/

DerbyCon TLS Fingerprinting

Lee Brotherston @synackpse

• Recognizing a TLS Fingerprint is possible by Capturing client TLS initial hello packets

• Recognize SuperFish, PrivDog, and GeniusBox clients in network traffic

“Using TLS fingerprinting we can quickly and passively determine which client is being used, and apply strategies from both the attacker and defender perspectives. These strategies allow us to achieve smarter defending and stealthier attacking” Lee Brotherston

http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html

Netcraft TLS Certificate Services

Deceptive Domain Score

analyzes the likelihood that a domain name will be used for fraudulent activities.

Phishing Alert Service

sends an alert if your site / certificate is used for a phishing scam

Urgent need to proactively manage TLS Certificate

inside and outside your firewall

Think about code signing trust

Hold people and sites accountable for out of date /

self signed certificates

Start now it’s going to get worse

Summary

OWASP https://owasp.org Cheat Sheets Key Pinning, TLS testing,

CA Security Council https://casecurity.org/ is a multi-vendor industry advocacy group created to conduct research, promote Internet security standards and educate the public on Internet security issues.

CA Browser (CAB) forum, which is a group that includes both CAs and web browser vendors.

https://cabforum.org/ Voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications industry guidelines governing the issuance and management of X.509 v.3 digital certificates.

Online Trust Alliance https://otalliance.org/resources/SSL/CABestPractices.html

European Telecommunications Standards Institute (ETSI)

www.etsi.org independent, not-for-profit, standardization organization in the telecommunications industry) in Europe

W3C http://www.w3.org/2001/tag/doc/web-https TAG’s position on securing the Web through the use of cryptography, identifies some of the associated issues, and recommends further work to aid in its use.

Its primary audience is W3C participants

Title Link

PKI Trust Models: Whom Do You Trust https://www.sans.org/reading-room/whitepapers/vpns/pki-trust-models-trust-36112

Digital Certificate Revocation https://www.sans.org/reading-room/whitepapers/certificates/digital-certificate-revocation-35292

Building and Managing a PKI Solution for Small and Medium Size Business https://www.sans.org/reading-room/whitepapers/certificates/building-managing-pki-solution-small-medium-size-business-34445

SSl/TLS: What’s Under the Hood https://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-hood-34297

Windows Enforcement of Authenticode Code Signing and Timestamping http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx

The Scary and Terrible Code Signing Problem You Don’t Know You Have https://www.sans.org/reading-room/whitepapers/certificates/scary-terrible-code-signing-problem-don-039-t-36382

The Business Case For TLS Certificate Enterprise Key Management https://www.sans.org/reading-room/whitepapers/critical/business-case-tls-certificate-enterprise-key-management-web-site-certificates-wrangling-36392

http://wiki.cacert.org/Risk/History

History of Certificate Risks & Threats

More Fear Uncertainty and Doubt

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

We’ve focused on browser based TLS, there are many other applications that rely on TLS libraries and have validation challenges.

More Work To do

https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf

BGP HijackingThe problem is: the encryption is backed by SSL/TLS PKI

Sniffly

Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome

https://github.com/diracdeltas/sniffly

Highly classified decryption program run by the NSA

The British signals intelligence agency GCHQ has a similar program codenamed Edgehill.

http://www.spiegel.de/media/media-35531.pdf

Bullrun