The document discusses various aspects of SSL/TLS security, highlighting the risks of SSL attacks and the importance of authenticity in secure communication. It addresses vulnerabilities such as the BEAST attack, issues with certificate authorities, and the significance of certificate revocation lists. Additionally, it outlines the implications of attacks against the public key infrastructure and mentions specific incidents of CA hacks that compromised numerous certificates.

1. Believe it or not SSL
attacks
Akash Mahajan
That Web Application Security Guy

2. HTTP + SSL/TLS = HTTPS

3. http://www.trailofbits.com/resources/creating_a_rogue_ca_cert_slides.pdf

4. SSL/TLS
O Encrypted Communication –
Eavesdropping and Tampering
O Secure Identification of a
Network – Are you talking to the
right server?

5. Attacking The Encryption Algorithm
O Attack like the BEAST (Browser Exploit
Against SSL/TLS ) target the underlying
encryption.
O Usually the encryption has held against
attacks. Even BEAST requires injecting
client side JavaScript to work
O http://threatpost.com/en_us/blogs/new-
attack-breaks-confidentiality-model-ssl-
allows-theft-encrypted-cookies-091611

6. Attacking The Authenticity
O The low hanging fruit. Most of the times
when that sslstrip guy talks about SSL
issues he talks about attacking the
authenticity.
O Why is the authenticity important?
O How do you bypass it?

7. How is the authenticity maintained?
O A implicitly trusted certificate will tell you
that a server’s particular certificate is trust
worthy or not.
O When a server got a certificate trusted by
a root CA they get added to a list.
O If a server is removed from the trusted
listed they get added to a revocation list.

8. Is your browser checking the revocation
list?
O Chrome relies on frequent updates for
this.
O Firefox ?
O IE - Online Certificate List
O Online Certificate Status Protocol

9. Bad Things can Happen
O Comodo an affiliate of a root CA was
hacked.
O DigiNotar was hacked.
O Hundreds of certificates for google, yahoo,
mozilla, MS windows update were
released.
O SSL assumes that both end points aren’t
evil

10. I hacked the internet and all I
have is a t-shirt
O Attack against the PKI because of MD5
O The attack was against Intermediate CAs
O There were theoretical attacks against
MD5 since 2004
O They found out that RapidSSL had issued
97% certificates with MD5 hash.

11. I hacked the internet and all I
have is a t-shirt
O Also the certificate serial number was
sequential and time could be predicted
O Used 200 PS3s to generate a certificate
which had most parts from a legitimate
cert but something different.
O http://www.trailofbits.com/resources/creati
ng_a_rogue_ca_cert_paper.pdf

13. SSLStrip attacks HTTP
O Attacked correct attributes not being setup
in Certificates
O Now looks at HTTP traffic going by.
O Has a valid certificate for a weird looking
domain name whose puny code looks like
/?

14. Akash Mahajan | That Web
Application Security Guy
O akashmahajan@gmail.com
O @makash | akashm.com
O http://slideshare.net/akashm
O OWASP Bangalore Chapter
Lead
O Null Co-Founder and
Community Manager

15. References
O SSL Lock image from http://elie.im/blog/security/evolution-of-the-https-lock-icon-
infographic/
O http://arstechnica.com/business/news/2011/09/new-javascript-hacking-tool-can-
intercept-paypal-other-secure-sessions.ars
O http://technet.microsoft.com/en-us/library/cc962078.aspx
O https://freedom-to-tinker.com/blog/sroosa/flawed-legal-architecture-certificate-
authority-trust-model
O http://arstechnica.com/security/news/2011/08/earlier-this-year-an-iranian.ars
O http://arstechnica.com/security/news/2011/03/independent-iranian-hacker-claims-
responsibility-for-comodo-hack.ars
O http://en.wikipedia.org/wiki/Certificate_authority#cite_note-3
O http://vnhacker.blogspot.in/2011/09/beast.html
O http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-
theft-encrypted-cookies-091611