Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser – this time for real? by Mathias Tausig

Target Group: SysAdmins, anyone interested in PKI
Focus: technical
Language: English

Abstract:
**********
Revocation of TLS certificates used by web browsers has been broken for years. Why is that, and can the newly proposed CRLite technology solve the problem?

About the Speaker:
*********************
Mathias Tausig is Security Consultant at SBA Research. Mathias received a master’s degree (DI / MSc) in Technical Mathematics from the University of Technology Vienna (TU Wien). His professional experience includes a tenure as a Security Officer for a Certification Authority and lecturing IT-Security at the University of Applied Sciences Campus Vienna.

  • Login to see the comments

  • Be the first to like this

SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser – this time for real? by Mathias Tausig

  1. 1. Klassifikation: Öffentlich Welcome to the SBA Live Academy #bleibdaheim # remotelearning Today: CRLite: Revocation for X.509 certificates in the browser – this time for real? by Mathias Tausig This talk will be recorded as soon as the presentation starts! Recording will end BEFORE the Q&A Session starts. Please be sure to turn off your video in your control panel.
  2. 2. Klassifikation: Öffentlich CRLite Revocation for X.509 certificates in the browser – this time for real? SBA Research gGmbH, 2020
  3. 3. Klassifikation: Öffentlich 3 The sad story of revocation SBA Research gGmbH, 2020
  4. 4. Klassifikation: Öffentlich 4 Revocation • Problem only arose with asymmetric cryptography • Subject creates public/private keypair • Trusted Certification Authority signs keypair to create trust into the ownership of it -> certificate • Certificate valid for a limited amount of time • Things can go wrong in that timeframe o Broken algorithms o Key compromise o Organisational problems o Misissued certificates • -> Revocation tells the world that a certificate has become invalid before its expiration date SBA Research gGmbH, 2020
  5. 5. Klassifikation: Öffentlich 5 Revocation • Certificate Revocation List (CRL) o List of all revoked certificates for that CA o Too large to be downloaded on every HTTPS connection (MBs) • Online Certificate Status Protocol (OCSP) o Query status of a single relevant certificate o Privacy concerns o Hard failure vs. soft failure (= Single point of failure vs. useless) o Very resource intensive (Comodo 2013: 2.000.000.000 requests/day) SBA Research gGmbH, 2020
  6. 6. Klassifikation: Öffentlich 6 Revocation • OCSP Stapling o Server queries OCSP response, sends it with the TLS handshake to the client o Server can simply hold back OCSP response with revocation information o Bad implementations in web servers • OCSP Must-Staple o Certificate extension indicating that the certificate is only valid in conjunction with a stapled OCSP response o Again: Bad or incomplete support. Hardly used SBA Research gGmbH, 2020
  7. 7. Klassifikation: Öffentlich 7 Revocation Workarounds • OneCRL/CRLSet/… o Browser vendor compiles a list of revoked certificates, pushes it directly to the browser o Does not scale, only usable for high value domains • Short lived certificates o The shorter a certificate’s lifespan, the shorter the period a compromised key can be exploited o TLS certificates were originally valid for up to 5 years o Maximum lifetime of 2 years since 2018 o Ballot to reduce it to 1 year fails in CA/B forum 2019; unilateral push by Apple announced in 2020 o Let’s Encrypt: 3 month SBA Research gGmbH, 2020
  8. 8. Klassifikation: Öffentlich 8 Summary Revocation for the WebPKI is weird … • Most complicated part of operating a CA (legal & standard requirements) • Currently mostly broken & unused • Consumes a lot of effort, yes not really important SBA Research gGmbH, 2020
  9. 9. Klassifikation: Öffentlich 9 CRLite to the rescue SBA Research gGmbH, 2020
  10. 10. Klassifikation: Öffentlich 10 CRLite Overview • Proposed by Larisch, Choffnes et.al. at IEEE S&P 2017 (Universities & Akamai) • Compile a list of all revocations like OneCRL • Store it efficiently by using Cascading Bloom Filters SBA Research gGmbH, 2020
  11. 11. Klassifikation: Öffentlich 11 Bloom Filter • Extremely fast and storage efficient data index • Data can only be added to the filter • User can query if some data is in the filter o „Object not in the filter“ o „Object probably in the filter“ • Probabilistic Data Structure • False positive probabililty depends on filter size, configuration and number of entries SBA Research gGmbH, 2020
  12. 12. Klassifikation: Öffentlich 12 CRLite Workflow • Download all CRLs • Store unique certificate identifier (hash of public key + serial number) of all revoked certificates in Bloom filter • Check for false positives in the filter o Download all certificates from certificate transparency logs • Store false positives in a second, much smaller, cascading bloom filter • Continue until no false positives are left • Push filter to browser SBA Research gGmbH, 2020
  13. 13. Klassifikation: Öffentlich 13 CRLite at Mozilla • Activated in Firefox Nightly (only for telemetry) • Filter compiled 4 times a day • Covers 100M of 152M certificates, 750k revocations o Missing: CRL errors, CAs without a CRL (Let‘s Encrypt!) • Filter generation takes ~1h; requires 16GB memory and 7GB storage • Filter size: 1,3MB • Faster than OCSP 99% of cases SBA Research gGmbH, 2020
  14. 14. Klassifikation: Öffentlich 14 References • https://obj.umiacs.umd.edu/papers_for_stories/crlite_oakland1 7.pdf • https://blog.mozilla.org/security/2020/01/09/crlite-part-2- end-to-end-design/ • https://blog.mozilla.org/security/2020/01/21/crlite-part-3- speeding-up-secure-browsing/ • https://scotthelme.co.uk/crlite-finally-a-fix-for-broken- revocation/ • https://www.imperialviolet.org/2014/04/19/revchecking.html • https://scotthelme.co.uk/revocation-is-broken/ SBA Research gGmbH, 2020
  15. 15. Klassifikation: Öffentlich 15 Key take-aways 1. Certificate revocation in the browser is currently broken 2. Pushing lists of revoked certificates to the browser is the only thing that works 3. Bloom filters allow extremely compact storage 4. Certificate transparency necessary enabling technology SBA Research gGmbH, 2020
  16. 16. Klassifikation: Öffentlich 16 Mathias Tausig SBA Research gGmbH Floragasse 7, 1040 Wien +43 1 5053688 1512 mtausig@sba-research.org SBA Research gGmbH, 2020
  17. 17. Klassifikation: Öffentlich 17 Professional Services Penetration Testing Architecture Reviews Security Audit Security Trainings Incident Response Readiness ISMS & ISO 27001 Consulting Bridging Science and Industry Applied Research Industrial Security | IIoT Security | Mathematics for Security Research | Machine Learning | Blockchain | Network Security | Sustainable Software Systems | Usable Security SBA Research Knowledge Transfer SBA Live Academy | sec4dev | Trainings | Events | Teaching | sbaPRIME Contact us: anfragen@sba-research.org

×