SlideShare a Scribd company logo

Lets-Attack-Lets_Encrypt.pdf

Y
YuChianWu

1

Engineering
1 of 21
Download to read offline
1 Let‘s Attack Let‘s Encrypt Dr. Haya Shulman ATHENE | Fraunhofer SIT Division Director “Cybersecurity Analytics and Defenses” Black Hat USA Video Conference, August 2021
2 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
3 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
4 Domain Validation Who owns that domain? https://www.flickr.com/photos/ben_lawson/155595430 CC BY-NC-ND 2.0
5 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow
6 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow > 95% certificates market
7 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow > 95% certificates market Vulnerable! Fraudulent certificates via off-path attacks [USENIX2018,CCS2018]
8 ▪ First to deploy distributed Domain Validation with MultiVA ▪ In 2020 MultiVA in production environment of Let’s Encrypt Let‘s Encrypt Certificate Authority ▪ Leads the certificates market ▪ Among fastest growing CAs ▪ Over 1 billion certificates, serves over 200M websites MultiVA Single VA
9 Attacker cannot hijack multiple VAs simultaneously ▪ Assumption: even strong adversaries have limited capabilities ▪ Simulations in [USENIX2021] showed: ▪ MultiVA detects 94% of the BGP prefix hijacks ▪ >90% of ASes topologically incapable of launching BGP attacks against most domains ▪ Improves resilience of avg domain to attacks from 97% of ASes on the Internet Web CA MultiVA Single VA
10 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
11 Nameserver Selection Uniformly at random Number of nameservers per domain ▪ Goal: distribute the load among nameservers ▪ Unpredictable selection among good performing servers ▪ All SW avoid poorly performing servers ▪ Packet loss or high latency
12 Nameserver Elimination Simulate loses ▪ Cause DNS software at vantage point to avoid a nameserver ▪ Repeat per nameserver, block all except one (selected) nameserver
13 Downgrade Attack via Nameserver Elimination on-path easy… off-path? ▪ Loss via fragment mis- association ▪ Exploit fragmentation ▪ Loss via excess query rate ▪ Exploit Rate limiting ▪ Loss via router buffer overflow ▪ Low rate bursts ▪ Force the VP to query NS of attacker‘s choice ▪ which has vulnerabilities, e.g., can be hijacked
14 Domains Vulnerable to Off-Path Downgrade Attack ▪ Loss via fragment mis-association ▪ 1.88% of Let’s Encrypt domains and 4.39% of 1M Alexa domains ▪ Loss via excess query rate ▪ 23.27% of Let’s Encrypt domains and 16.95% of 1M Alexa domains ▪ Loss via router buffer overflow ▪ Apply to 24% of Let’s Encrypt-certified domains and 20% of 857K-top Alexa domains
15 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
16 Issue Fraudulent Certificates, Ethically … ▪ Typically: estimate vulnerabilities to prefix hijacks via simulations ▪ Good but limited representation of reality ▪ Idea: two-sided evaluation ▪ Fraudulent certificates for real domains with our own setup of Let‘s Encrypt ▪ Fraudulent certificates for our own domains with Let‘s Encrypt ▪ We pin to servers that can be sub-prefix hijacked
17 What About Other CAs?
18 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
19 Countermeasures Attacks can be blocked ▪ Unpredictable VA selection: from a large set of VAs ▪ Resilient nameserver selection: select randomly out of all nameservers ▪ Turning off caches: makes the attack more difficult to launch ▪ Preventing BGP hijacks with RPKI: only prevents the hijack attacks but not other, e.g., [CCS2018] ▪ Detecting fraudulent certificates with CT
20 Conclusions ▪ Verifying ownership over domains is essential for bootstrapping cryptography ▪ DV is automated, fast, cheap and widely used ▪ Single VA is vulnerable [USENIX2018, CCS2018] ▪ Let‘s Encrypt with MultiVA is vulnerable downgrade attacks → reduce validation to attacker selected nameserver ▪ Ownership verification with DV although simple is yet to be secured Full paper: Tianxiang Dai, Haya Shulman, Michael Waidner: Let's Downgrade Let's Encrypt; ACM Conf. on Computer and Communications Security (CCS), Nov. 2021.
21 Vielen Dank! Thank you very much! Merci beaucoup! !‫רבה‬ ‫תודה‬ Dziękuję! Dank je wel! çok teşekkürler zor spas Grazie mille! Muchas gracias

Recommended

Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseISSA LA
 
Destroying Router Security - NNC5ed
Destroying Router Security - NNC5edDestroying Router Security - NNC5ed
Destroying Router Security - NNC5edJose Antonio Rodriguez Garcia
 
Destroying Router Security
Destroying Router SecurityDestroying Router Security
Destroying Router SecurityIván Sanz de Castro
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhsTim Martin
 
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...Mauricio Velazco
 

Recommended

Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseISSA LA
 
Destroying Router Security - NNC5ed
Destroying Router Security - NNC5edDestroying Router Security - NNC5ed
Destroying Router Security - NNC5edJose Antonio Rodriguez Garcia
 
Destroying Router Security
Destroying Router SecurityDestroying Router Security
Destroying Router SecurityIván Sanz de Castro
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhsTim Martin
 
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...Mauricio Velazco
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoringdeftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic MonitoringDeft Association
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningThousandEyes
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)Yan Cui
 
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018Amazon Web Services Korea
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Usevngundi
 
Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEC-Council
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
Denial of Service
Denial of ServiceDenial of Service
Denial of ServiceMarketingArrowECS_CZ
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoSAPNIC
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersEric Vétillard
 
lecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdflecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdfYuChianWu
 
lecture02_LinearRegression.pdf
lecture02_LinearRegression.pdflecture02_LinearRegression.pdf
lecture02_LinearRegression.pdfYuChianWu
 

More Related Content

Similar to Lets-Attack-Lets_Encrypt.pdf

Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPROIDEA
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoringdeftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic MonitoringDeft Association
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningThousandEyes
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)Yan Cui
 
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018Amazon Web Services Korea
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupmichaelxin2015
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Usevngundi
 
Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEC-Council
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoSAPNIC
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersEric Vétillard
 

Similar to Lets-Attack-Lets_Encrypt.pdf (20)

Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr WojciechowskiPLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoringdeftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS PoisoningMonitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)
 
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
AWS Serverless 활용 네트워크 보안 아키텍처::함인용 실장, 이성현 매니저, 솔트웨어::AWS Summit Seoul 2018
 
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetupWeapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Use
 
Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin Cardwell
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
 
Denial of Service
Denial of ServiceDenial of Service
Denial of Service
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
 

More from YuChianWu

lecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdflecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdfYuChianWu
 
lecture02_LinearRegression.pdf
lecture02_LinearRegression.pdflecture02_LinearRegression.pdf
lecture02_LinearRegression.pdfYuChianWu
 
week13_yolo_mobilenet.pdf
week13_yolo_mobilenet.pdfweek13_yolo_mobilenet.pdf
week13_yolo_mobilenet.pdfYuChianWu
 
week14_segmentation.pdf
week14_segmentation.pdfweek14_segmentation.pdf
week14_segmentation.pdfYuChianWu
 
week10_Reinforce.pdf
week10_Reinforce.pdfweek10_Reinforce.pdf
week10_Reinforce.pdfYuChianWu
 
week12_cv_intro_and_r-cnn.pdf
week12_cv_intro_and_r-cnn.pdfweek12_cv_intro_and_r-cnn.pdf
week12_cv_intro_and_r-cnn.pdfYuChianWu
 
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdfFragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdfYuChianWu
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...YuChianWu
 
A-Hole-in-the-Tube.pdf
A-Hole-in-the-Tube.pdfA-Hole-in-the-Tube.pdf
A-Hole-in-the-Tube.pdfYuChianWu
 
IPvSeeYou.pdf
IPvSeeYou.pdfIPvSeeYou.pdf
IPvSeeYou.pdfYuChianWu
 
kolmogorov_foundations.pdf
kolmogorov_foundations.pdfkolmogorov_foundations.pdf
kolmogorov_foundations.pdfYuChianWu
 
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdf
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdfIntroductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdf
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdfYuChianWu
 

More from YuChianWu (12)

lecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdflecture04_mle_svm_multiclass_pca.pdf
lecture04_mle_svm_multiclass_pca.pdf
 
lecture02_LinearRegression.pdf
lecture02_LinearRegression.pdflecture02_LinearRegression.pdf
lecture02_LinearRegression.pdf
 
week13_yolo_mobilenet.pdf
week13_yolo_mobilenet.pdfweek13_yolo_mobilenet.pdf
week13_yolo_mobilenet.pdf
 
week14_segmentation.pdf
week14_segmentation.pdfweek14_segmentation.pdf
week14_segmentation.pdf
 
week10_Reinforce.pdf
week10_Reinforce.pdfweek10_Reinforce.pdf
week10_Reinforce.pdf
 
week12_cv_intro_and_r-cnn.pdf
week12_cv_intro_and_r-cnn.pdfweek12_cv_intro_and_r-cnn.pdf
week12_cv_intro_and_r-cnn.pdf
 
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdfFragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf
Fragattacks-Breaking-Wi-Fi-Through-Fragmentation-And-Aggregation.pdf
 
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
Im-A-Hacker-Get-Me-Out-Of-Here-Breaking-Network-Segregation-Using-Esoteric-Co...
 
A-Hole-in-the-Tube.pdf
A-Hole-in-the-Tube.pdfA-Hole-in-the-Tube.pdf
A-Hole-in-the-Tube.pdf
 
IPvSeeYou.pdf
IPvSeeYou.pdfIPvSeeYou.pdf
IPvSeeYou.pdf
 
kolmogorov_foundations.pdf
kolmogorov_foundations.pdfkolmogorov_foundations.pdf
kolmogorov_foundations.pdf
 
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdf
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdfIntroductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdf
Introductory Real Analysis (A. N. Kolmogorov, S. V. Fomin etc.) (z-lib.org).pdf
 

Recently uploaded

Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086anil_gaur
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf203318pmpc
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 

Recently uploaded (20)

FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 

Lets-Attack-Lets_Encrypt.pdf

  • 1. 1 Let‘s Attack Let‘s Encrypt Dr. Haya Shulman ATHENE | Fraunhofer SIT Division Director “Cybersecurity Analytics and Defenses” Black Hat USA Video Conference, August 2021
  • 2. 2 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
  • 3. 3 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
  • 4. 4 Domain Validation Who owns that domain? https://www.flickr.com/photos/ben_lawson/155595430 CC BY-NC-ND 2.0
  • 5. 5 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow
  • 6. 6 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow > 95% certificates market
  • 7. 7 Domain Validation Who owns that domain? Domain Validation (DV) Organisation Validation (OV) Extended Validation (EV) Free/Cheap Automated Fast Expensive Manual Slow Expensive Manual Slow > 95% certificates market Vulnerable! Fraudulent certificates via off-path attacks [USENIX2018,CCS2018]
  • 8. 8 ▪ First to deploy distributed Domain Validation with MultiVA ▪ In 2020 MultiVA in production environment of Let’s Encrypt Let‘s Encrypt Certificate Authority ▪ Leads the certificates market ▪ Among fastest growing CAs ▪ Over 1 billion certificates, serves over 200M websites MultiVA Single VA
  • 9. 9 Attacker cannot hijack multiple VAs simultaneously ▪ Assumption: even strong adversaries have limited capabilities ▪ Simulations in [USENIX2021] showed: ▪ MultiVA detects 94% of the BGP prefix hijacks ▪ >90% of ASes topologically incapable of launching BGP attacks against most domains ▪ Improves resilience of avg domain to attacks from 97% of ASes on the Internet Web CA MultiVA Single VA
  • 10. 10 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
  • 11. 11 Nameserver Selection Uniformly at random Number of nameservers per domain ▪ Goal: distribute the load among nameservers ▪ Unpredictable selection among good performing servers ▪ All SW avoid poorly performing servers ▪ Packet loss or high latency
  • 12. 12 Nameserver Elimination Simulate loses ▪ Cause DNS software at vantage point to avoid a nameserver ▪ Repeat per nameserver, block all except one (selected) nameserver
  • 13. 13 Downgrade Attack via Nameserver Elimination on-path easy… off-path? ▪ Loss via fragment mis- association ▪ Exploit fragmentation ▪ Loss via excess query rate ▪ Exploit Rate limiting ▪ Loss via router buffer overflow ▪ Low rate bursts ▪ Force the VP to query NS of attacker‘s choice ▪ which has vulnerabilities, e.g., can be hijacked
  • 14. 14 Domains Vulnerable to Off-Path Downgrade Attack ▪ Loss via fragment mis-association ▪ 1.88% of Let’s Encrypt domains and 4.39% of 1M Alexa domains ▪ Loss via excess query rate ▪ 23.27% of Let’s Encrypt domains and 16.95% of 1M Alexa domains ▪ Loss via router buffer overflow ▪ Apply to 24% of Let’s Encrypt-certified domains and 20% of 857K-top Alexa domains
  • 15. 15 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
  • 16. 16 Issue Fraudulent Certificates, Ethically … ▪ Typically: estimate vulnerabilities to prefix hijacks via simulations ▪ Good but limited representation of reality ▪ Idea: two-sided evaluation ▪ Fraudulent certificates for real domains with our own setup of Let‘s Encrypt ▪ Fraudulent certificates for our own domains with Let‘s Encrypt ▪ We pin to servers that can be sub-prefix hijacked
  • 18. 18 Overview ▪ Ownership validation is vulnerable ▪ Downgrade attacks ▪ Experimental issuance of fraudulent certificates ▪ Countermeasures
  • 19. 19 Countermeasures Attacks can be blocked ▪ Unpredictable VA selection: from a large set of VAs ▪ Resilient nameserver selection: select randomly out of all nameservers ▪ Turning off caches: makes the attack more difficult to launch ▪ Preventing BGP hijacks with RPKI: only prevents the hijack attacks but not other, e.g., [CCS2018] ▪ Detecting fraudulent certificates with CT
  • 20. 20 Conclusions ▪ Verifying ownership over domains is essential for bootstrapping cryptography ▪ DV is automated, fast, cheap and widely used ▪ Single VA is vulnerable [USENIX2018, CCS2018] ▪ Let‘s Encrypt with MultiVA is vulnerable downgrade attacks → reduce validation to attacker selected nameserver ▪ Ownership verification with DV although simple is yet to be secured Full paper: Tianxiang Dai, Haya Shulman, Michael Waidner: Let's Downgrade Let's Encrypt; ACM Conf. on Computer and Communications Security (CCS), Nov. 2021.
  • 21. 21 Vielen Dank! Thank you very much! Merci beaucoup! !‫רבה‬ ‫תודה‬ Dziękuję! Dank je wel! çok teşekkürler zor spas Grazie mille! Muchas gracias