Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI ....
Transcript of Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI ....
![Page 1: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/1.jpg)
Public Key Infrastructure
ChesterRebeiroIITMadras
![Page 2: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/2.jpg)
• KeyEstablishment:“AliceandBobwanttouseablockcipherforencryption.Howdotheyagreeuponthesecretkey”
2
AliceandBobagreeuponaprimepandageneratorg.Thisispublicinformation
chooseasecretacomputeA=gamodp
chooseasecretbcomputeB=gbmodp
B A
ComputeK=Bamodp ComputeK=Abmodp
Abmodp=(ga)bmodp=(gb)amodp=Bamodp
Recollect Diffie-Hellman Key Exchange
![Page 3: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/3.jpg)
Man in the Middle Attack
3
Alicesendshispublickey
Alicedecryptswithherprivatekey
Bobencrypts
withSally’spu
blickey
ManinthemiddleInterceptsmessages
Sallysendsherpublickey
Sallydecryptswithherprivatekeyandre-encryptsWithAlice’spublickey
![Page 4: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/4.jpg)
Man in the Middle Attack
4
Alicesendshispublickey
Alicedecryptswithherprivatekey
Sallyencrypt
s
withMallory’
spublickey
ManinthemiddleInterceptsmessages
Sallysendsherpublickey
Sallydecryptswithherprivatekeyandre-encryptsWithAlice’spublickey
FundamentalProblem:WhoisAlice?Bob has no way to tell whether the public key he receivedbelongstoAliceornot.
![Page 5: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/5.jpg)
5
chooseasecretacomputeA=gamodp
chooseasecretbcomputeB=gbmodp
DigitallycertificatePublickeyofBob(B)
ComputeK=Bamodp ComputeK=Abmodp
Certifying Authority
DigitallycertificatePublickeyofAlice(A)
![Page 6: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/6.jpg)
X.509 Digital Certificates
Contains• SerialNumber• Issueràthecertifyingauthoritydetails• Subjectàinformationabouttheowner(whoown’sthepublickeyforexampleAlice)• PublicKeyàAlice’spublickey• Validity• SignatureàThesignatureofthecertificatesignedbythecertifyingauthority
6
![Page 7: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/7.jpg)
7
A more practical Perspective
![Page 8: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/8.jpg)
8
A more practical Perspective
VerifythesubjectEnsurethatthepersonapplyingforthecertificateeitherownsorrepresentstheidentityinthesubjectfield.
2,VerifyIdentityofAlice
![Page 9: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/9.jpg)
9
A more practical Perspective
SigningdigitalcertificatesCAgeneratesadigitalsignatureforthecertificateusingitsprivatekey.Oncethesignatureisapplied,thecertificatecannotbemodified.SignaturescanbeverifiedbyanyonewiththeCA’spublickey.
2,VerifyIdentityofAlice3.DigitallySign
![Page 10: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/10.jpg)
10
4.Alice’scertificateSignedbyCA
A more practical Perspective
Alicecanadvertisethecertificateonherwebsite
2,VerifyIdentityofAlice3.DigitallySign
![Page 11: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/11.jpg)
11
chooseasecretacomputeA=gamodp chooseasecretb
computeB=gbmodp
Alice’scertificateSignedbyCA
ComputeK=Bamodp ComputeK=Abmodp
A more practical Perspective
Bob’scertificateSignedbyCA
Alice’scertificateBob’scertificate
![Page 12: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/12.jpg)
Fetching certificates with openssl
12
Hostname:portheader
Certificate1
header
Certificate2
--BEGINCERTIFICATE----ENDCERTIFICATE--
![Page 13: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/13.jpg)
Fetching certificates with openssl
13
Hostname:port
Cutandpasteinafilepaypal.pem(PEM:privacyenhancedmail)Toviewtextequivalentofthis,useopenssl x509 –in paypal.pem –text -noout
![Page 14: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/14.jpg)
Example of X.509 Certificate (1st Part)
TheCA’sidentity(Symantec)
Theownerofthecertificate(paypal)
![Page 15: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/15.jpg)
Example of X.509 Certificate (2nd Part)
Publickey
CA’ssignature
![Page 16: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/16.jpg)
Who Certifies the CA?
16
TherearemanyCAsintherealworld,andtheyareorganizedinahierarchicalstructure.
![Page 17: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/17.jpg)
Root CAs and Self-Signed Certificate
• A root CA’s public key is also stored in an X.509 certificate. It is self-signed.
• Self-signed:theentriesfortheissuerandthesubjectareidentical.• Howcantheybetrusted?
• PublickeysofrootCAsarepre-installedintheOS,browsersandothersoftware
Same
![Page 18: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/18.jpg)
Root CAs in Mac OS
18
![Page 19: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/19.jpg)
Intermediate CAs and Chain of Trust
Paypal’scertificate
IntermediateCA’scertificate
AisusedtoverifyB
B
A
SomethingelseisneedtoverifyA(certificatefromanotherintermediateCAorrootCA)
![Page 20: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/20.jpg)
Fetching certificates with openssl
20
Hostname:portheader
Certificate1
header
Certificate2
--BEGINCERTIFICATE----ENDCERTIFICATE--
![Page 21: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/21.jpg)
21
![Page 22: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/22.jpg)
22
![Page 23: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/23.jpg)
Manually Verifying a Certificate Chain
• Paypal.pem:SavePaypal’scertificatetoafilecalled• Symatec-g3.pem:Savecertificatefrom“SymantecClass3EVSSLCA–G3”• VeriSign-G5.pem:SavetheVeriSign-G5’scertificatefromthebrowser
RootCA’scertificate
Chainofcertificates
![Page 24: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/24.jpg)
The Entire Process
24
1.SetuptheCA
CA
![Page 25: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/25.jpg)
25
1.SetuptheCA
CA’sselfsignedcertificate
CA’spublic-privatekey(passwordprotected)
![Page 26: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/26.jpg)
26
1.SetuptheCA
modelCA’scertificate
Selfsigned
![Page 27: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/27.jpg)
The Entire Process
27
1.SetuptheCA
1.GenerateKeys
CA
user
![Page 28: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/28.jpg)
28
1.UserGenerateKeys
![Page 29: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/29.jpg)
29
1.UserGenerateKeys
n=pxqn
Publickey(A)
Privatekey(a)
p
q
ap
aq
q-1
![Page 30: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/30.jpg)
The Entire Process
30
1.SetuptheCA
1.GenerateKeys
CA
user
2.GenerateCSR(certisigningreq)
![Page 31: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/31.jpg)
31
2.GenerateCSR(certisigningreq)
![Page 32: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/32.jpg)
32
2.GenerateCSR(certisigningreq)
Signedwiththebank’sprivatekey(selfsigned)
![Page 33: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/33.jpg)
The Entire Process
33
1.SetuptheCA
1.GenerateKeys
CA
user
2.GenerateCSR(certisigningreq) 2.CreateCertificateSendcsrfile
![Page 34: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/34.jpg)
34
2.CreateCertificate
![Page 35: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/35.jpg)
The Entire Process
35
1.SetuptheCA
1.GenerateKeys
CA
user
2.GenerateCSR(certisigningreq) 2.CreateCertificate
Sendcertificate
3.Deploy(httpsserver)
![Page 36: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/36.jpg)
36
3.Deploy
![Page 37: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/37.jpg)
The Entire Process
37
1.SetuptheCA
1.GenerateKeys
CA
user
2.GenerateCSR(certisigningreq) 2.CreateCertificate
3.Deploy(httpsserver)
client
![Page 38: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/38.jpg)
38
clientAclientfailstoconnectbecauseitcannotverifythefirst(root)Certificate(modelCA)
![Page 39: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/39.jpg)
39
client
AclientconnectsifthemodelCAscertificateisknown
![Page 40: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/40.jpg)
40
https://localhost:44330
![Page 41: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/41.jpg)
41
https://cse.iitm.ac.in:44330
![Page 42: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/42.jpg)
42
RegistermodeCAinyoursystem(needtoselectthatyoutrustthisCA)
![Page 43: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/43.jpg)
43
https://cse.iitm.ac.in:44330
![Page 44: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/44.jpg)
Attacker forwards authentic certificate
44
3,VerifyIdentityofAlice4.DigitallySign
Bank.com
![Page 45: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/45.jpg)
Attacker changes public key with her own
45
3,VerifyIdentityofAlice4.DigitallySign
RequestatCAisgoingtobefailBecausesignaturedoesnotmatchpublickey
Bank.com
![Page 46: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/46.jpg)
Attacker sends her own public key + signature
46
3,VerifyIdentityofAlice4.DigitallySign
Verifyshouldfail
Bank.com
![Page 47: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/47.jpg)
47
Alice’scertificateSignedbyCA
Consider this Situation
Bank.comCertificateSignedbyCA
Bank’scertificate
1. Attackermodifiespublickeys2. AttackerreplacesBob’scertificatewithhis/herown
![Page 48: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/48.jpg)
48
Alice’scertificateSignedbyCA
Consider this Situation
Bank’scertificate
1. Attackerforwardsfakecertificate2. AttackerreplacesBob’scertificatewithhis/herown
(WhatistherequirementtohaveaMIMA?)
Bank.comCertificateSignedbyCA
![Page 49: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/49.jpg)
Attacker Sends His/Her Own Certificate
• Attacker’scertificateisvalid.• BrowserchecksiftheidentityspecifiedinthesubjectfieldofthecertificatematchestheAlice’sintent.• Thereisamismatch:attacker.com≠example.com
• Browserterminateshandshakeprotocol:MITMfails
![Page 50: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/50.jpg)
Emulating an MITM Attack • DNSAttackisatypicalapproachtoachieveMITM
• WeemulateanDNSattackbymanuallychangingthe/etc/hostsfileontheuser’smachinetomapexample.comtotheIPaddressoftheattacker’smachine.
• Onattacker’smachinewehostawebsiteforexample.com.• Weusetheattacker’sX.509certificatetosetuptheserver• TheCommonnamefieldofthecertificatecontainsattacker32.com
• Whenwevisitexample.com,wegetanerrormessage:
![Page 51: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/51.jpg)
Attacks Surfaces on PKI
![Page 52: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/52.jpg)
Attack on CA’s Verification Process
• CA’sjobhastwoparts:• Verifytherelationshipbetweencertificateapplicantandthesubjectinformationinsidethecertificate
• Putadigitalsignatureonthecertificate
• Casestudy:ComodoBreach[March2011]• PopularrootCA.• TheapprovalprocessinSouthernEuropewascompromised.• Ninecertificateswereissuedtosevendomainsandhencetheattackercouldprovidefalseattestation.
• Oneoftheaffecteddomain(akeydomainfortheFirefoxbrowser):addons.mozilla.org
![Page 53: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/53.jpg)
Attack on CA’s Signing Process
• IftheCA’sprivatekeyiscompromised,attackerscansignacertificatewithanyarbitrarydatainthesubjectfield.
• CaseStudy:theDigiNotarBreach[June-July2011]
• AtopcommercialCA• AttackergotDigiNotar’sprivatekey• 531roguecertificateswereissued.• TrafficintendedforGooglesubdomainswasintercepted:MITMattack.
• HowCAsProtectTheirPrivateKey• HardwareSecurityModel(HSM)
![Page 54: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/54.jpg)
Attacks on Algorithms
• DigitalCertificatesdependontwotypesofalgorithms• one-wayhashfunctionanddigitalsignature
• CaseStudy:theCollision-ResistantPropertyofOne-WayHash• AtCRYPTO2004,XiaoyunWangdemonstratedcollisionattackagainstMD5.• InFebruary2017,GoogleResearchannouncedSHAtteredattack
• Attackbrokethecollision-resistantpropertyofSHA-1• TwodifferentPDFfileswiththesameSHA-1haswascreated.
• Countermeasures:usestrongeralgorithm,e.g.SHA256.
![Page 55: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/55.jpg)
Attacks on User Confirmation
• Afterverifyingthecertificatefromtheserver,clientsoftwareissurethatthecertificateisvalidandauthentic
• Inaddition,thesoftwareneedstoconfirmthattheserveriswhattheuserintendstointeractwith.
• Confirmationinvolvestwopiecesofinformation
• Informationprovidedorapprovedbyuser• Thecommonnamefieldinsidetheserver’scertificate• Somesoftwaredoesnotcomparethesetwopiecesofinformation:securityflaw
![Page 56: Public Key Infrastructurechester/courses/19e_ns/slides/7_PKI.pdf · Attacks Surfaces on PKI . Attack on CA’s Verification Process • CA’s job has two parts: • Verify the relationship](https://reader033.fdocuments.us/reader033/viewer/2022060722/6082a5697635e15b354d2ff5/html5/thumbnails/56.jpg)
Attacks on Confirmation: Case Study PhishingAttackonCommonNamewithUnicode
• ZhengfoundoutseveralbrowsersdonotdisplaythedomainnamecorrectlyifnamecontainsUnicode.
• xn—80ak6aa92e.comis encoded using Cyrillic characters. But domain name displayed by browser likes like apple.com
• Attack:• Getacertificateforxn—80ak6aa92e.com• Getusertovisitxn—80ak6aa92e.com,sothecommonnameismatched• User’sbrowsershowsthatthewebsiteisapple.com.Usercanbefooled.
• Hadthebrowsertoldtheuserthattheactualdomainisnottherealapple.com,theuserwouldstop.