1

Prepared for:

Four Must Know Certificate and Key Management

Threats

Intelligent People

2

Server AuthenticationSecure Communications

Server Authentication Secure Communications

Client-side Server Authentication

Use of Certificates and Keys in Enterprise Environments

Certificate Authorities

© 2013 Venafi

3

Certificate and Key Management Challenges

© 2013 Venafi

Certificate Authorities

4

Downtime Risk

© 2013 Venafi

5

Certificate-based DowntimeExpired Certificate

Browser error message.

Web server certificate expires

Application server certificate expires

Application outage.

© 2013 Venafi

6

Certificate-based DowntimeExpired Intermediate Root Certificate

CA1

Multiple simultaneous application outages.

Intermediate Root Certificates

Expired

© 2013 Venafi

7

Certificate-based DowntimeTrusted Root Certificates Not Updated

© 2013 Venafi

CA1 CA2

Trusted Root Certificates

from CA1

New Certificates from CA2

Downtime because new certs from CA2 are not trusted.

Move to new CA

8

Certificate-based Causes of Downtime

• Scenarios– Certificate expires– Intermediate root certificate expires– Root certificates not updated

• Causes1. No inventory certificates to track expiration2. Correct administrators NOT notified of impending

expiration3. Administrators notified but don’t not take action4. Certificates renewed but not installed5. Certificates installed but applications not restarted6. No tracking or management of intermediate root7. No tracking or management of trusted roots

© 2013 Venafi

9

Security Risks

© 2013 Venafi

10

The Threat is Evolving

© 2013 Venafi

Attackers stole private keys from two

Taiwanese companies and Adobe to sign

code.

Attackers compromise or dupe certificate authorities

to issue fraudulent certificates for further

attacks.

Attackers exploited MD5 to create a face

Microsoft CA certificate and then

sign code.

Hackers are increasingly targeting public key infrastructure for attacks because it is a broadly used security mechanism.

Poor certificate management practices put you at risk.

CA CompromisesCA Compromises

DuquDuqu FlameFlame

StuxnetStuxnet AdobeAdobe

BusterBuster

11

Public Key Infrastructure (PKI)The Foundation of Digital Certificates

Root CA

Relying Party

End Entity Certificate

OCSP Responder

CRL Distribution

Point

CRLRegistration Authority

Subject

Issuing CA Certificate

CRL

Root Certificate

IssuingCACA

© 2013 Venafi

12

Private Key Compromise Risk

© 2013 Venafi

13

Server

Putting Private Keys at Risk

© 2013 Venafi

Server

Performance Monitoring

Customer Experience Monitoring

Security Monitoring

Private keys are manually passed to other groups/adminsfor distribution.

Keystore 1 Password = abc123

Keystore passwords are not changed regularly.

Keystore 2Password = abc123

Same password used on multiple keystores.

Admins manually manage private keys, making it possible to copy them.

Private keys and passwords are not changed when adminsleave the organization

14

CA Compromise Risk

© 2013 Venafi

15

Recent Public Certificate Authority & Fraudulent Certificate Incidents

© 2013 Venafi

Year Incidents

2001 • VeriSign issues Microsoft Corporation code signing certificate to a non-Microsoft employee.

2008• Thawte issues certificate for Live.com to non-Microsoft employee• Comodo issues mozilla.org certificate to Startcom• Organization forges VeriSign RapidSSL certificates

2011

• Comodo issues nine counterfeit certificates (Google, Yahoo, Live, etc.) when registration authority is compromised.

• StartSSL CA compromised• DigiNotar compromised. 531 fraudulent certificates issued. Dutch

government experiences major service outages.• Boeing CA compromised

2013 • Microsoft CA certificates forged by exploiting MD5 (Flame)

2013 • Buster: DigiCert issues code signing certificate to bogus company

* Electronic Freedom Foundation uncovers many more unpublicized CA incidents by analyzing CRLs from public CAs

16

NIST Alert on CA Compromisehttp://csrc.nist.gov/publications/nistbul/july-2013_itl-bulletin.pdf

These recent attacks on CAs make it imperative that organizations ensure they are using secure CAs and are prepared to respond to a CA compromise or issuance of a fraudulent certificates.

- NIST, July 2013

These recent attacks on CAs make it imperative that organizations ensure they are using secure CAs and are prepared to respond to a CA compromise or issuance of a fraudulent certificates.

- NIST, July 2013

© 2013 Venafi

17

Using Fraudulent Certificates:A Two-Phased Attack

Get fraudulent

certificate(s).

Use the fraudulent

certificate(s) for nefarious

purposes.

© 2013 Venafi

18

SubjectHacker

CA Compromise and Fraudulent Certificate Scenarios

CA

RA

C

CA System Compromise: Malware or other infiltration used to get fraudulent certificate signed by CA (without getting copy of CA private key).

Impersonation: Trick RA into issuing a fraudulent certificate. A

RA Compromise: Infiltrate RA or steal credentials and authorize fraudulent certificates. B

CA Key Theft: Stolen or derived copy of CA private key is used to issue fraudulent certificates.

D

© 2013 Venafi

19

Man-in-the-Middle

Bob

Alice.comCertificate

Alice.comPrivate Key

Alice.com

EveBob is redirected thru Eve’s server and presented with the fraudulent certificate. Eve can view all encrypted data.

Bob normally connects to Alice.com directly and verifies the authenticity of the server using its certificate

FraudulentCertificate

Eve’sPrivate Key

Subject: Alice.comIssuer: CA1Public Key:

Subject: Alice.comIssuer: CAxPublic Key:

© 2013 Venafi

20

Impersonation

Bob

Bob’s Certificate

Bob’s Private Key

Alice.com

Eve FraudulentCertificateEve’sPrivate Key

Subject: BobIssuer: CA1Public Key:

Eve authenticates as Bob to Alice.com using the fraudulent certificate

Bob authenticates to Alice.com using his certificate

Subject: BobIssuer: CAxPublic Key:

© 2013 Venafi

21

Forge Digital Signatures

Bob

Bob’s Certificate

Bob’s Private Key

Alice

Eve FraudulentCertificateEve’sPrivate Key

Eve is able to forge Bob’s signature using the fraudulent certificate

Bob digitally signs documents authorizing fund transfers

Subject: BobIssuer: CA1Public Key:

Subject: BobIssuer: CAxPublic Key:

© 2013 Venafi

22

Fallout from a CA CompromiseAll Certificates must be Replaced

© 2013 Venafi

CA1 CA2

All certificates from compromised CA must be replaced.

Must move to new CA

23

Weak Algorithm Risk

© 2013 Venafi

24

Flame and MD5Attack on Microsoft

• Focused on MD5 Certificate

• Certificate was remanufactured using well‐known attack

• Man‐in‐the‐middle was setup

• Targeted machines detected no difference

Microsoft Impersonated

1

• Microsoft Licensing Services Compromised

• Microsoft Update Services Compromised

• Machines still thought they were working securely with Microsoft

Services Compromised

2

• Code was signed using the fake, remanufactured certificate

• Windows allowed the malware to spread quickly and run

Fake Code Signing

3

• Malware stole small parts of files

• Information was sent to 80 different URLs

• Once analyzed, instructed to return and get interesting files

Information Stolen

4

© 2013 Venafi

25

Are Your Doors Open?

© 2013 Venafi

• Nearly 1 in 5 certificates relies on outdated, “hackable” MD5 algorithm• Not a hypothetical risk• Security doors are open today• IDS, IPS, AV, firewalls do not close these doors (appears as authentic)• Legal and risk management departments are mandating that MD5 certs be

removed

26

Summary

• Your organization uses certificates broadly for SSL/TLS today…and use is growing

• Attackers are increasingly targeting certificates and PKI (non-hypothetical risk)

• Risks include:– Downtime– Private key compromise– CA compromise– Algorithm breakage

• Lack of certificate and key management puts your organization at risk

© 2013 Venafi

27© 2013 Venafi

Next Steps

• Attend the second half of this webinar series: “5 Must Haves to Prevent Encryption Disasters” Feb 20, 10am EST, 7am PST, 3pm GMT

• Download NIST’s ITL Bulletin: “Preparing for and Responding to CA Compromise”

www.venafi.com/NIST

• Questions?– Paul Turner

info@venafi.com

Next Steps

• Attend the second half of this webinar series: “5 Must Haves to Prevent Encryption Disasters” Feb 20, 10am EST, 7am PST, 3pm GMT

• Download NIST’s ITL Bulletin: “Preparing for and Responding to CA Compromise”

www.venafi.com/NIST

• Questions?– Paul Turner

info@venafi.com

Today’s Presentation

NIST ITL Bulletin

28© 2013 Venafi

?? ?? ??DiscussionDiscussion

29© 2013 Venafi

Unpublished Work of Venafi, Inc. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Venafi, Inc. Access to this work is restricted to Venafi employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Venafi, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Venafi, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Venafi, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Venafi marks referenced in this presentation are trademarks or registered trademarks of Venafi, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

© 2013 Venafi