SlideShare a Scribd company logo

Certificate authorities under attack :A

Download as PPTX, PDF
Saurabh Giratkar
Saurabh Giratkar
TechnologyBusiness
1 of 20
Seminar On “Certificate authorities under attack :A Plea for Certificate Legitimation” By Mr. Saurabh Giratkar Under the guidance of Department Of Computer Science and Engineering
Contents: 1. Introduction 2. Probability-theoretic Observation 3. Problem areas 4. Certificate Revocation and its respective approaches 5. Certificate Authorization and its respective approaches 6. Conclusion
1.Introduction • Probabilities of attacks. • Dealing with two problem areas. • Countermeasures on problem areas. • PKI
2. Probability-theoretic Observation • After some incidents of frauduently issuing SSL certificates, i assume a list of n commonly trusted root CAs, i.e., CA1, CA2, . . . , CAn. Each CAi is compromised with a probability 0 ≤ pi ≤ 1 within a given time interval. Pr[CAi is compromised] = pi 1 − pi refers to the probability of CAi not being compromised Pr[CAi is not compromised] = 1 − pi,
•
•
3.Problem areas There are two problem areas as follows: • Certificate Revocation • Certificate Authorization
Problem areas in Certificate Revocation: Few problematic areas. 1. Security 2. Black list approach.
Problem areas in Certificate Authorization: • One problematic area. • It possess questionable trust models.
Certificate Legitimation: • Certificate Authorization and Certificate Revocation are subsumed and then termed as Certificate Legitimation. • Certificate Legitimation is a key to the security of the Internet PKI.
4.Certificate Revocation and its respective approaches Approaches of Certificate Revocation: • It has some security problems in the field and to overcome these problems there are two important approaches as follows, 1.Black list approach 2.White list approach
1.Black list approach: • It does not follows the legitimacy. • It is risky approach for some incidents. • It provides less security as compare to that of white list approach. • Black list approach is refers to as a default permit stance. • Black list approach is more comfortable for travelling persons but less secure for the country.
2.White list approach: • White list approach follows the legitimacy. • White list approach is also risky for some incidents. • It provides more security as compare to that of black list approach. • White list approach is refers to as a default-deny stance. • Disadvantages of white list approach overweights its advantages.
Countermeasure: • These two approaches are completely vice-versa of each other. • White list approach is used to legitimate certificates , while the black list approach is used to revoked certificates. • So, to solve the problem of Certificate Revocation , there is a need to combine the approaches.
5.Certificate Authorization and its respective approaches: Certificate Authorization: • Certificate Authorization is use for a security purpose. • Certificate Authorization is also use in the internet for the authorization reason. • X.509 certificate is use here for the authentication purpose. • Public key pinning.
Approaches/Countermeasures: There are two alternatives to overcome the problem of Certificate Authorization as follows: • DANE • Sovereign Keys
DANE: • DANE stands for DNS-based Authentication. • It is specified by the IETF. • It is one of the most appropriate approach while dealing with the problems in Certificate Authorization.
Sovereign Keys: • It is similar to that of DANE. • The EFF has launched an initiative called Sovereign Keys. • Sovereign Keys plays an important role while dealing with problems that occurs in Certificate Authorization.
6.Conclusion: In this seminar i have identified two problems in which immediate action is required, namely Certificate Revocation and Certificate Authorization, and i have introduced a notion of “Certificate Legitimation” to subsumed them . We think that certificate legitimation is going to be important in future, and that approaches like white list , black list , DANE ,Sovereign Keys are going to be very promising. These approaches do not solve all the security problems , but they make the resulting system more resilient against attacks.
Thank You

Recommended

Trojans
TrojansTrojans
TrojansSaurabh Giratkar
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicCheapest SSLs
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementDavid Martin
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farceSandra (Sandy) Dunn
 
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)ducmanhkthd
 

Recommended

Trojans
TrojansTrojans
TrojansSaurabh Giratkar
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicCheapest SSLs
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementDavid Martin
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farceSandra (Sandy) Dunn
 
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)ducmanhkthd
 
Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureSuci Rahmawati
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"idsecconf
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummiesAlex de Jong
 
Pki
PkiPki
Pkiseli purnianda
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"idsecconf
 
Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxVicky Tyagi
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017Micro Focus
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...Andrew O. Leeth
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDevops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDrew Malone
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 

More Related Content

Viewers also liked

Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureSuci Rahmawati
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"idsecconf
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"idsecconf
 

Viewers also liked (13)

Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key Infrastructure
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Pki
PkiPki
Pki
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
Muhammad Abrar Istiadi - “How to hack #IDSECCONF2016 ctf online challenge"
 

Similar to Certificate authorities under attack :A

Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxVicky Tyagi
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017Micro Focus
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...Andrew O. Leeth
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDevops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDrew Malone
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Source Conference
 
Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?Cyber Security Partners
 
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...AgileNZ Conference
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?PECB
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class NineFRSecure
 

Similar to Certificate authorities under attack :A (20)

Session on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptxSession on Cyber security and Ethical Hacking.pptx
Session on Cyber security and Ethical Hacking.pptx
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus WalshDevops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
Devops - Accelerating the Pace and Securing Along the Way - Thaddeus Walsh
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
 
Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?Implementing Legal within Tech. What are the Cyber Security issues?
Implementing Legal within Tech. What are the Cyber Security issues?
 
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...Security Certification or How I Learned to Stop Worrying & Love Stories - And...
Security Certification or How I Learned to Stop Worrying & Love Stories - And...
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine
 

More from Saurabh Giratkar

A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)Saurabh Giratkar
 
A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)Saurabh Giratkar
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.Saurabh Giratkar
 
Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.Saurabh Giratkar
 
External environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industryExternal environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industrySaurabh Giratkar
 
Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Saurabh Giratkar
 
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATIONOBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATIONSaurabh Giratkar
 
Air pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array pptAir pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array pptSaurabh Giratkar
 
Air pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors arrayAir pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors arraySaurabh Giratkar
 
Brain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer InteractionBrain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer InteractionSaurabh Giratkar
 

More from Saurabh Giratkar (13)

A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
 
A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)A Border security Using Wireless Integrated Network Sensors (WINS)
A Border security Using Wireless Integrated Network Sensors (WINS)
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
 
Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.Impact of Packaging on Consumer Buying Behavior.
Impact of Packaging on Consumer Buying Behavior.
 
Economy Australia
Economy AustraliaEconomy Australia
Economy Australia
 
External environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industryExternal environment of taj & oberoi hotel industry
External environment of taj & oberoi hotel industry
 
Managerial Effectiveness
Managerial Effectiveness Managerial Effectiveness
Managerial Effectiveness
 
Mary parker follett
Mary parker follettMary parker follett
Mary parker follett
 
Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003Connecting Remote Users to Your Network with Windows Server 2003
Connecting Remote Users to Your Network with Windows Server 2003
 
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATIONOBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
OBJECT DECOMPOSITION BASED ON SKELETON ANALYSIS FOR ROAD EXTRATION
 
Air pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array pptAir pollution monitoring system using mobile gprs sensors array ppt
Air pollution monitoring system using mobile gprs sensors array ppt
 
Air pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors arrayAir pollution monitoring system using mobile gprs sensors array
Air pollution monitoring system using mobile gprs sensors array
 
Brain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer InteractionBrain Computer Interface Next Generation of Human Computer Interaction
Brain Computer Interface Next Generation of Human Computer Interaction
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Certificate authorities under attack :A

  • 1. Seminar On “Certificate authorities under attack :A Plea for Certificate Legitimation” By Mr. Saurabh Giratkar Under the guidance of Department Of Computer Science and Engineering
  • 2. Contents: 1. Introduction 2. Probability-theoretic Observation 3. Problem areas 4. Certificate Revocation and its respective approaches 5. Certificate Authorization and its respective approaches 6. Conclusion
  • 3. 1.Introduction • Probabilities of attacks. • Dealing with two problem areas. • Countermeasures on problem areas. • PKI
  • 4. 2. Probability-theoretic Observation • After some incidents of frauduently issuing SSL certificates, i assume a list of n commonly trusted root CAs, i.e., CA1, CA2, . . . , CAn. Each CAi is compromised with a probability 0 ≤ pi ≤ 1 within a given time interval. Pr[CAi is compromised] = pi 1 − pi refers to the probability of CAi not being compromised Pr[CAi is not compromised] = 1 − pi,
  • 5.
  • 6.
  • 7. 3.Problem areas There are two problem areas as follows: • Certificate Revocation • Certificate Authorization
  • 8. Problem areas in Certificate Revocation: Few problematic areas. 1. Security 2. Black list approach.
  • 9. Problem areas in Certificate Authorization: • One problematic area. • It possess questionable trust models.
  • 10. Certificate Legitimation: • Certificate Authorization and Certificate Revocation are subsumed and then termed as Certificate Legitimation. • Certificate Legitimation is a key to the security of the Internet PKI.
  • 11. 4.Certificate Revocation and its respective approaches Approaches of Certificate Revocation: • It has some security problems in the field and to overcome these problems there are two important approaches as follows, 1.Black list approach 2.White list approach
  • 12. 1.Black list approach: • It does not follows the legitimacy. • It is risky approach for some incidents. • It provides less security as compare to that of white list approach. • Black list approach is refers to as a default permit stance. • Black list approach is more comfortable for travelling persons but less secure for the country.
  • 13. 2.White list approach: • White list approach follows the legitimacy. • White list approach is also risky for some incidents. • It provides more security as compare to that of black list approach. • White list approach is refers to as a default-deny stance. • Disadvantages of white list approach overweights its advantages.
  • 14. Countermeasure: • These two approaches are completely vice-versa of each other. • White list approach is used to legitimate certificates , while the black list approach is used to revoked certificates. • So, to solve the problem of Certificate Revocation , there is a need to combine the approaches.
  • 15. 5.Certificate Authorization and its respective approaches: Certificate Authorization: • Certificate Authorization is use for a security purpose. • Certificate Authorization is also use in the internet for the authorization reason. • X.509 certificate is use here for the authentication purpose. • Public key pinning.
  • 16. Approaches/Countermeasures: There are two alternatives to overcome the problem of Certificate Authorization as follows: • DANE • Sovereign Keys
  • 17. DANE: • DANE stands for DNS-based Authentication. • It is specified by the IETF. • It is one of the most appropriate approach while dealing with the problems in Certificate Authorization.
  • 18. Sovereign Keys: • It is similar to that of DANE. • The EFF has launched an initiative called Sovereign Keys. • Sovereign Keys plays an important role while dealing with problems that occurs in Certificate Authorization.
  • 19. 6.Conclusion: In this seminar i have identified two problems in which immediate action is required, namely Certificate Revocation and Certificate Authorization, and i have introduced a notion of “Certificate Legitimation” to subsumed them . We think that certificate legitimation is going to be important in future, and that approaches like white list , black list , DANE ,Sovereign Keys are going to be very promising. These approaches do not solve all the security problems , but they make the resulting system more resilient against attacks.