CIS 4615 meeting -*- Outline -*- * improper use of PKI and especially SSL Based on chapter 23 of the book "24 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega (McGraw Hill, 2010) ** background ------------------------------------------ BACKGROUND PKI = Public Key Infrastructure SSL/TLS = Secure Socket Layer / Transport Layer Security ------------------------------------------ ... i.e., ways to use asymmetric key crypto, like RSA ------------------------------------------ TWO WAYS TO USE SSL Use HTTPS (HTTP over SSL) easy because Use SSL in your own app harder because ------------------------------------------ ... browser makes it work ... you have to do it all right ** attacks ------------------------------------------ PKI/SSL ATTACKS Problem: PKI is hard to use correctly Attacks 1. App fails to validate certificates 2. Attacker can OR 1. App fails to securely log in client 2. Attacker can ------------------------------------------ ... impersonate host/server or do man-in-the-middle attack ... impersonate client or steal client password/info. ** problems ------------------------------------------ SSL'S SERVICES ARE OPTIONAL security services: - authentication (server and/or client) - encryption of the channel - integrity checking for the channel Can you have secure communication without authentication? ------------------------------------------ ... No, at least the client must authenticate the server ------------------------------------------ CHECKS NEEDED FOR AUTHENTICATION Certificates need to check (X.509 PKI): - server certificate signed by trusted Certification Authority (CA) - server certificate is currently valid - name of server in certificate matches - certificate is for the correct purpose (server authentication) - certificate is not revoked ------------------------------------------ Q: Who are some certification authorities? Comodo, Symantec, GoDaddy, GlobalSign, and DigiCert, StartCom, Entrust, Verizon, Trustwave, Secom, LetsEncrypt Q: What step would you guess is left out most often? Checking for revocation ** auditing ------------------------------------------ WHAT TO LOOK FOR IN AN AUDIT - PKI is used (SSL or TLS), and - HTTPS is not used, and - code fails to ------------------------------------------ ... check the certificate used by the other process ------------------------------------------ STEPS CODE SHOULD TAKE 1. Certificate signed by known CA, or has a chain of signatures leading to a known CA 2. Certificate and all in the chain are within validity period 3. Hostname is compared to the proper subfield 4. Certificate usage is correct 5. Certificate is not revoked 6. Algorithm used by the certificates is not broken 7. Program treats a failure at any step as a failure and refuses to connect Check that cryptographic signature operations are performed ------------------------------------------ Q: What should be done if the revocation server is not available? could be a fatal error or could be ignored. Why? You might need to look deep into the documentation to see what happens ** testing ------------------------------------------ TESTING try to automate a man-in-the-middle attack try to set up bogus certificates - signed by untrusted CA - self-signed - not yet valid - expired - bogus subject name - incorrect key usage - broken encryption algorithm (MD5) - revoked certificate ------------------------------------------ Microsoft has a selfcert.exe tool that can create self-signed certificates Q: Why are self-signed certificates not acceptable? the attacker can play man-in-the-middle ** extra defensive steps ------------------------------------------ EXTRA DEFENSES Can use hardware for SSL acceleration - keeps certificate in the hardware, so can't be ------------------------------------------ ... stolen