believe it or not ssl attacks
DESCRIPTION
A talk about attacks against SSL that have been uncovered in the last 3-4 years. This talk delves into about what exactly was attacked and how it was attacked and how SSL is still a pretty useful piece of technology.This was given at null Bangalore April Meeting.TRANSCRIPT
Believe it or not SSL attacks
Akash MahajanThat Web Application Security Guy
HTTP + SSL/TLS = HTTPS
http://www.trailofbits.com/resources/creating_a_rogue_ca_cert_slides.pdf
SSL/TLS
OEncrypted Communication – Eavesdropping and Tampering
OSecure Identification of a Network – Are you talking to the right server?
Attacking The Encryption Algorithm
O Attack like the BEAST (Browser Exploit Against SSL/TLS ) target the underlying encryption.
O Usually the encryption has held against attacks. Even BEAST requires injecting client side JavaScript to work
O http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611
Attacking The Authenticity
O The low hanging fruit. Most of the times when that sslstrip guy talks about SSL issues he talks about attacking the authenticity.
O Why is the authenticity important?O How do you bypass it?
How is the authenticity maintained?
O A implicitly trusted certificate will tell you that a server’s particular certificate is trust worthy or not.
O When a server got a certificate trusted by a root CA they get added to a list.
O If a server is removed from the trusted listed they get added to a revocation list.
Is your browser checking the revocation list?
O Chrome relies on frequent updates for this.
O Firefox ? O IE - Online Certificate ListO Online Certificate Status Protocol
Bad Things can Happen
O Comodo an affiliate of a root CA was hacked.
O DigiNotar was hacked.O Hundreds of certificates for google,
yahoo, mozilla, MS windows update were released.
O SSL assumes that both end points aren’t evil
I hacked the internet and all I have is a t-shirt
O Attack against the PKI because of MD5
O The attack was against Intermediate CAs
O There were theoretical attacks against MD5 since 2004
O They found out that RapidSSL had issued 97% certificates with MD5 hash.
I hacked the internet and all I have is a t-shirt
O Also the certificate serial number was sequential and time could be predicted
O Used 200 PS3s to generate a certificate which had most parts from a legitimate cert but something different.
O http://www.trailofbits.com/resources/creating_a_rogue_ca_cert_paper.pdf
SSLStrip attacks HTTPO Attacked correct attributes not being
setup in CertificatesO Now looks at HTTP traffic going by. O Has a valid certificate for a weird
looking domain name whose puny code looks like / ?
Akash Mahajan | That Web Application Security [email protected] @makash | akashm.com O http://slideshare.net/akashmO OWASP Bangalore Chapter
LeadO Null Co-Founder and
Community Manager
ReferencesO SSL Lock image from http
://elie.im/blog/security/evolution-of-the-https-lock-icon-infographic/O http://
arstechnica.com/business/news/2011/09/new-javascript-hacking-tool-can-intercept-paypal-other-secure-sessions.ars
O http://technet.microsoft.com/en-us/library/cc962078.aspxO https://
freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-authority-trust-model
O http://arstechnica.com/security/news/2011/08/earlier-this-year-an-iranian.ars
O http://arstechnica.com/security/news/2011/03/independent-iranian-hacker-claims-responsibility-for-comodo-hack.ars
O http://en.wikipedia.org/wiki/Certificate_authority#cite_note-3O http://vnhacker.blogspot.in/2011/09/beast.htmlO http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-
model-ssl-allows-theft-encrypted-cookies-091611