SlideShare a Scribd company logo

Certificate authorities under attack :A

Download as PPTX, PDF
Saurabh Giratkar
Saurabh Giratkar
TechnologyBusiness
1 of 20
Seminar On “Certificate authorities under attack :A Plea for Certificate Legitimation” By Mr. Saurabh Giratkar Under the guidance of Department Of Computer Science and Engineering
Contents: 1. Introduction 2. Probability-theoretic Observation 3. Problem areas 4. Certificate Revocation and its respective approaches 5. Certificate Authorization and its respective approaches 6. Conclusion
1.Introduction • Probabilities of attacks. • Dealing with two problem areas. • Countermeasures on problem areas. • PKI
2. Probability-theoretic Observation • After some incidents of frauduently issuing SSL certificates, i assume a list of n commonly trusted root CAs, i.e., CA1, CA2, . . . , CAn. Each CAi is compromised with a probability 0 ≤ pi ≤ 1 within a given time interval. Pr[CAi is compromised] = pi 1 − pi refers to the probability of CAi not being compromised Pr[CAi is not compromised] = 1 − pi,
•
•
3.Problem areas There are two problem areas as follows: • Certificate Revocation • Certificate Authorization
Problem areas in Certificate Revocation: Few problematic areas. 1. Security 2. Black list approach.
Problem areas in Certificate Authorization: • One problematic area. • It possess questionable trust models.
Certificate Legitimation: • Certificate Authorization and Certificate Revocation are subsumed and then termed as Certificate Legitimation. • Certificate Legitimation is a key to the security of the Internet PKI.
4.Certificate Revocation and its respective approaches Approaches of Certificate Revocation: • It has some security problems in the field and to overcome these problems there are two important approaches as follows, 1.Black list approach 2.White list approach
1.Black list approach: • It does not follows the legitimacy. • It is risky approach for some incidents. • It provides less security as compare to that of white list approach. • Black list approach is refers to as a default permit stance. • Black list approach is more comfortable for travelling persons but less secure for the country.
2.White list approach: • White list approach follows the legitimacy. • White list approach is also risky for some incidents. • It provides more security as compare to that of black list approach. • White list approach is refers to as a default-deny stance. • Disadvantages of white list approach overweights its advantages.
Countermeasure: • These two approaches are completely vice-versa of each other. • White list approach is used to legitimate certificates , while the black list approach is used to revoked certificates. • So, to solve the problem of Certificate Revocation , there is a need to combine the approaches.
5.Certificate Authorization and its respective approaches: Certificate Authorization: • Certificate Authorization is use for a security purpose. • Certificate Authorization is also use in the internet for the authorization reason. • X.509 certificate is use here for the authentication purpose. • Public key pinning.
Approaches/Countermeasures: There are two alternatives to overcome the problem of Certificate Authorization as follows: • DANE • Sovereign Keys
DANE: • DANE stands for DNS-based Authentication. • It is specified by the IETF. • It is one of the most appropriate approach while dealing with the problems in Certificate Authorization.
Sovereign Keys: • It is similar to that of DANE. • The EFF has launched an initiative called Sovereign Keys. • Sovereign Keys plays an important role while dealing with problems that occurs in Certificate Authorization.
6.Conclusion: In this seminar i have identified two problems in which immediate action is required, namely Certificate Revocation and Certificate Authorization, and i have introduced a notion of “Certificate Legitimation” to subsumed them . We think that certificate legitimation is going to be important in future, and that approaches like white list , black list , DANE ,Sovereign Keys are going to be very promising. These approaches do not solve all the security problems , but they make the resulting system more resilient against attacks.
Thank You

Recommended

Trojans
TrojansTrojans
Trojans
Saurabh Giratkar
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
Venafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
Cheapest SSLs
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
Sandra (Sandy) Dunn
 
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
ducmanhkthd
 

Recommended

Trojans
TrojansTrojans
Trojans
Saurabh Giratkar
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
Venafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
Cheapest SSLs
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
Sandra (Sandy) Dunn
 
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
ducmanhkthd
 
Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key Infrastructure
Suci Rahmawati
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
Information Security Awareness Group
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
Frank Lesniak
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Frank Lesniak
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
idsecconf
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
Information Security Awareness Group
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
Sylvain Maret
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
Alex de Jong
 
Pki
PkiPki
Pki
seli purnianda
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
idsecconf
 
Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptx
Vicky Tyagi
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
Micro Focus
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
Andrew O. Leeth
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
Nicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
Nicholas Davis
 
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDevops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Drew Malone
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 

More Related Content

Viewers also liked

Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
Frank Lesniak
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 

Viewers also liked (13)

Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key Infrastructure
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Pki
PkiPki
Pki
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
 

Similar to Certificate authorities under attack :A

Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptx
Vicky Tyagi
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
Andrew O. Leeth
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
Nicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
Nicholas Davis
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Source Conference
 
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
AgileNZ Conference
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
EnergySec
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
PECB
 

Similar to Certificate authorities under attack :A (20)

Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptx
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDevops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
 
Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?
 
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine
 

More from Saurabh Giratkar

A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
Saurabh Giratkar
 
A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
Saurabh Giratkar
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
Saurabh Giratkar
 
Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.
Saurabh Giratkar
 
External environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industryExternal environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industry
Saurabh Giratkar
 
Managerial Effectiveness
Managerial Effectiveness Managerial Effectiveness
Managerial Effectiveness
Saurabh Giratkar
 
Air pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array pptAir pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array ppt
Saurabh Giratkar
 
Air pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors arrayAir pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors array
Saurabh Giratkar
 
Brain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer InteractionBrain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer Interaction
Saurabh Giratkar
 

More from Saurabh Giratkar (13)

A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
 
A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
 
Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.
 
Economy Australia
Economy AustraliaEconomy Australia
Economy Australia
 
External environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industryExternal environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industry
 
Managerial Effectiveness
Managerial Effectiveness Managerial Effectiveness
Managerial Effectiveness
 
Mary parker follett
Mary parker follettMary parker follett
Mary parker follett
 
Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003
 
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATIONOBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
 
Air pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array pptAir pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array ppt
 
Air pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors arrayAir pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors array
 
Brain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer InteractionBrain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer Interaction
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Certificate authorities under attack :A

  • 1. Seminar On “Certificate authorities under attack :A Plea for Certificate Legitimation” By Mr. Saurabh Giratkar Under the guidance of Department Of Computer Science and Engineering
  • 2. Contents: 1. Introduction 2. Probability-theoretic Observation 3. Problem areas 4. Certificate Revocation and its respective approaches 5. Certificate Authorization and its respective approaches 6. Conclusion
  • 3. 1.Introduction • Probabilities of attacks. • Dealing with two problem areas. • Countermeasures on problem areas. • PKI
  • 4. 2. Probability-theoretic Observation • After some incidents of frauduently issuing SSL certificates, i assume a list of n commonly trusted root CAs, i.e., CA1, CA2, . . . , CAn. Each CAi is compromised with a probability 0 ≤ pi ≤ 1 within a given time interval. Pr[CAi is compromised] = pi 1 − pi refers to the probability of CAi not being compromised Pr[CAi is not compromised] = 1 − pi,
  • 5.
  • 6.
  • 7. 3.Problem areas There are two problem areas as follows: • Certificate Revocation • Certificate Authorization
  • 8. Problem areas in Certificate Revocation: Few problematic areas. 1. Security 2. Black list approach.
  • 9. Problem areas in Certificate Authorization: • One problematic area. • It possess questionable trust models.
  • 10. Certificate Legitimation: • Certificate Authorization and Certificate Revocation are subsumed and then termed as Certificate Legitimation. • Certificate Legitimation is a key to the security of the Internet PKI.
  • 11. 4.Certificate Revocation and its respective approaches Approaches of Certificate Revocation: • It has some security problems in the field and to overcome these problems there are two important approaches as follows, 1.Black list approach 2.White list approach
  • 12. 1.Black list approach: • It does not follows the legitimacy. • It is risky approach for some incidents. • It provides less security as compare to that of white list approach. • Black list approach is refers to as a default permit stance. • Black list approach is more comfortable for travelling persons but less secure for the country.
  • 13. 2.White list approach: • White list approach follows the legitimacy. • White list approach is also risky for some incidents. • It provides more security as compare to that of black list approach. • White list approach is refers to as a default-deny stance. • Disadvantages of white list approach overweights its advantages.
  • 14. Countermeasure: • These two approaches are completely vice-versa of each other. • White list approach is used to legitimate certificates , while the black list approach is used to revoked certificates. • So, to solve the problem of Certificate Revocation , there is a need to combine the approaches.
  • 15. 5.Certificate Authorization and its respective approaches: Certificate Authorization: • Certificate Authorization is use for a security purpose. • Certificate Authorization is also use in the internet for the authorization reason. • X.509 certificate is use here for the authentication purpose. • Public key pinning.
  • 16. Approaches/Countermeasures: There are two alternatives to overcome the problem of Certificate Authorization as follows: • DANE • Sovereign Keys
  • 17. DANE: • DANE stands for DNS-based Authentication. • It is specified by the IETF. • It is one of the most appropriate approach while dealing with the problems in Certificate Authorization.
  • 18. Sovereign Keys: • It is similar to that of DANE. • The EFF has launched an initiative called Sovereign Keys. • Sovereign Keys plays an important role while dealing with problems that occurs in Certificate Authorization.
  • 19. 6.Conclusion: In this seminar i have identified two problems in which immediate action is required, namely Certificate Revocation and Certificate Authorization, and i have introduced a notion of “Certificate Legitimation” to subsumed them . We think that certificate legitimation is going to be important in future, and that approaches like white list , black list , DANE ,Sovereign Keys are going to be very promising. These approaches do not solve all the security problems , but they make the resulting system more resilient against attacks.