BSides Boise presentation 11.21.2015

1. The Certificate Farce
Boise BSides 11-21-2015

2. SANS Master’s Student
Sandra (Sandy) Dunn
HP Cybersecurity
subzer0girl@gmail.com
Twitter @subzer0girl
Thank you for data & research support !
Jim Lairmore, HP Inc.
Kevin Bocek, Venafi
Dan DeSantis, Venafi

3. • You live where multiple organizations can issues driver license ID’s
• Some of those organizations include ones that the governments have control and
are known to be untrustworthy
• Some of these organizations don’t have great processes and accidently issue IDs
to people they shouldn’t (whoops)
• The ID’s are the only way you know which business or individuals you can trust
with your private and financial data
• There are criminals actively trying to trick you to get your data
• When you ask for an ID there is a security officer that helps you check the ID.
He warns you if the driver’s license is out of date, if the license was written
with bad ink, or if the name on the license doesn’t match the name the person
or business told you. You ignore him a lot… You used to try to listen, but you
can’t really understand what he is telling you and he used to say “it’s not
safe it’s not safe” and it was safe the driver license was just out of date.
The people forgot to get a new one.
• When someone has their ID stolen or bad guys steal people’s stuff after showing
them their driver’s license then their ID is revoked.
• To see if a person ID was revoked you have to ask the organization for all the
driver’s licenses that they have revoked. They send you back a book the size
of set of encyclopedias and that can take several days. Sometimes it’s hard to
know where to ask for the books because they change the address of where to go
get them. It got too hard you mostly don’t ask any more.

4. How confident are you that you can trust the
ID’s that people use to prove their identity?

5. • These driver’s licenses perform another very important task for you. They help
you know what food is safe to eat because unfortunately there are people
actively and aggressively trying to poison you.
• When you get food there is signature on the food that is signed by the people
who made it. You determine if the food is safe based on whether you trust who
made the food.
• The people who want to poison you know that you trust the signature and will
eat anything if it is signed by someone you trust.
• They actively try to steal the special pens used to make the signatures you
trust. Some businesses know this and protect the pen and lock them up. Some
businesses just leave the pen laying around.
• The truth is the people trying to poison you don’t really need to work very
hard to steal pens for the special signatures.
• The people who sell the special pens that make the signatures really need to
make money and they will really sell them to anyone without asking too many
questions.

6. How confident are you that
you won’t get poisoned
Alexander Litvinenko
November 1 2006, Litvinenko suddenly fell ill and was hospitalized
from poisoning by radioactive polonium-210. He died November 23.
https://en.wikipedia.org/wiki/Alexander_Litvinenko
Andrey Lugovo

7. Do free TLS certificate make the internet
more secure?
https://letsencrypt.org/
http://www.infoworld.com/article/2984243/security/the-perils-of-free-digital-certificates.html#tk.ifw-infsb

8. At the end of this presentation
Know where to
find data that
supports how
often
certificate
trust is broken
Less blind
trust in code
signing
Hold people and
sites
accountable for
out of date /
self signed
certificates
Align with the
urgency to
manage
certificates in
your
environment
Know about
some tools

9. • TLS 1.3 RFC expected in April 2016
• SHA1 no longer supported January 1, 2016
• NIST December 2015
• Google December 2015
• Microsoft June 2016
• Mozilla July 2016
Keynote: Alex Stamos
The Moral Imperatives and Challenges for Modern Application Security
https://www.youtube.com/watch?v=_xVoBA1f4gY
Coming TLS changes

10. Common TLS Certificates Trust Anchors
• Website
• Code Signing Certificates
• S/MIME email encryption
• Digital ID / User Identity
• SSH
• RDP
• Business to Business Applications
• VOIP
• VPN
• IoT

11. Recent Code Signing Key Compromise News

12. 10.28.15 Google to Symantec – “You have until June to fix this or we will
flag Symantec issued certificates as vulnerable”
We issued 23
test
certificates
That seems
low, we don’t
believe you
Ok, your right
it’s 2,458
Certificates
http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/

13. http://techcrunch.com/2015/11/12/all-mac-store-apps-stopped-working-due-to-expired-security-certificate/#.y37x7x:xhzD
More Certificate Pain

14. • Komodia TLS intercept libraries
• MITM HTTPS traffic
• EFF Recommends reinstalling a
fresh OS
https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted
Considering that Lenovo implemented
this intentionally and the potential
damage, was this a criminal act ?

15. Netcraft research indicates Certificate Authorities
aren’t flagging domains with names that are similar
to common, high traffic sites.
Universal SSL certificates (free CloudFlare
certificate) accounted for 40 percent of
certificates used by phishing sites.
http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html

16. CRL (Certificate Revocation List ) • blacklist of revoked
certificates
• Often hard coded in the url
• Often disabled because of
the length of time to check
OCSP (Online Certificate Status Protocol) • Improvement over CRL lists
but the soft fail defeats
the purpose
OCSP Stapling best option • Requires implementation by
Web Server Administrator to
implement
• SSLLabs.com OCSP Stapling
will become a factor in
your grade
TLS Certificate Revocation

17. And the bad guys know it doesn’t really work....
8 % of the certificates being
served had been revoked

18. SANS Internet Storm Center
https://isc.sans.edu/crls.html?token=e01d79423885ad9aac53ab92eb75274c116b548e&startdate=2014-10-04&enddate=2015-11-03&submit=Update

20. OCSP Certificate
Pinning
OCSP Stapling requires the website administrators to
enable it on their web server
Certificate
Transparency
Add a layer of visibility to domain owners for CA issued
TLS certificates. an open auditing and monitoring system
that lets any domain owner or CA determine whether
certificates have been mistakenly or maliciously issued.
TACK Dynamic certificate framework. TACK requires protocol
changes for both the server and the client side of any SSL
transaction which has been met with a cold reception.
Convergence Instead of hard coded CA’s. Convergence configures a
dynamic set of Notaries. No incentive for the notary
investment
Sovereign Keys Addressed issues like the ineffectiveness of browser
certificate warnings. Ended up just really replacing one
remote authority with another.
DANE DNS Authentication of Named Entities a proposal based on
DNSSEC to eventually replace the CA system. It is based on
the idea of using the DNS hierarchy to issue SSL certs the
same way that domains are managed and resolved - with few
root keys & individual organizations in charge. The
challenge is that countries that have little trust would
be required to trust the reliability of the DANE entry.

21. TLS Tools

22. OWASP OWASP Cheat Sheets
OWASP Testing tools
OWASP.org
TLSSLed TLSSLed is Linux shell script to
evaluate the security of target
Kali Linux
O-Saft OWASP SSL advanced forensic tool /
OWASP SSL audit for testers
https://www.owasp.org/index.php/O-Saft
ssldump – An SSL/TLS network
protocol analyzer
It identifies TCP connections on the
chosen network interface and attempts
to interpret them as SSL/TLS traffic.
When it identifies SSL/TLS traffic, it
decodes the records and displays them
in a textual form to stdout. If
provided with the appropriate keying
material, it will also decrypt the
connections and display the
application data traffic.
http://ssldump.sourceforge.net/
SSLyze check for web SSL/TLS and also
STARTTLS for smtp, xmpp, pop3, ftp,
imap, ldap and rdp
https://github.com/nabla-c0d3/sslyze
SSL Server Test Provides a grade of a
sites TLS implementation
https://www.ssllabs.com/ssltest/
SSL Client Test Client TLS information https://www.ssllabs.com/ssltest/viewMy
Client.html

23. Prevention Ideal, Detection a Must !
But you won’t see this in your logs……
Censys Shodan Alexa
Netcraft Google
Hacks
Internet
Archives

24. 205,477
Censys
https://www.censys.io/

25. This doesn’t look good …

26. https://sonar.labs.rapid7.com/
Project Sonar
Sonar collects SSL Certificates, Web Server responses, DNS
records, and responses from common UDP services. We use this
data to identify large-scale misconfigurations and
vulnerabilities in consumer, enterprise, and critical
infrastructure systems.
All Sonar data is provided to the public free of charge in
cooperation with the University of Michigan. You can find the
data at Scans.IO.

27. SSL/TLS Filters
Cert Version
Cert Bits
Cert Issuer
Cert Subject / Cert Name
Check for known issues (Heartbleed)
Cipher Bits / Protocol
Grab cert for all services
27
Searches and indexes by responses to queries
https://shodanio.wordpress.com/2014/06/16/kicking-the-shodan-api-up-a-notch/

28. Blue+Coat+PacketShaper

30. • What certificates are present on a given IP?
• Which client IPs access a given service?
Flying Pig – TLS Knowledge Base
https://www.circl.lu/services/passive-ssl/

31. http://blog.squarelemon.com/
DerbyCon TLS Fingerprinting
Lee Brotherston @synackpse
• Recognizing a TLS Fingerprint is possible by
Capturing client TLS initial hello packets
• Recognize SuperFish, PrivDog, and GeniusBox
clients in network traffic
“Using TLS fingerprinting we can quickly and passively
determine which client is being used, and apply strategies
from both the attacker and defender perspectives. These
strategies allow us to achieve smarter defending and
stealthier attacking” Lee Brotherston

32. http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html
Netcraft TLS Certificate Services
Deceptive
Domain Score
analyzes the likelihood that a domain name
will be used for fraudulent activities.
Phishing Alert
Service
sends an alert if your site / certificate is
used for a phishing scam

33. Urgent need to proactively
manage TLS Certificate
inside and outside your
firewall
Think about
code signing
trust
Hold people and sites
accountable for out of date
/ self signed certificates
Start now
it’s going to
get worse
Summary

34. OWASP https://owasp.org Cheat Sheets Key Pinning, TLS testing,
CA Security Council https://casecurity.org/ is a multi-vendor industry advocacy group created
to conduct research, promote Internet security
standards and educate the public on Internet
security issues.
CA Browser (CAB) forum, which is a group that
includes both CAs and web browser vendors.
https://cabforum.org/ Voluntary consortium of certification authorities,
vendors of Internet browser software, operating
systems, and other PKI-enabled applications
industry guidelines governing the issuance and
management of X.509 v.3 digital certificates.
Online Trust Alliance https://otalliance.org/resources/SSL/CABestPractice
s.html
European Telecommunications Standards Institute
(ETSI)
www.etsi.org independent, not-for-profit, standardization
organization in the telecommunications industry) in
Europe
W3C http://www.w3.org/2001/tag/doc/web-https TAG’s position on securing the Web through the use
of cryptography, identifies some of the associated
issues, and recommends further work to aid in its
use.
Its primary audience is W3C participants

35. Title Link
PKI Trust Models: Whom Do You Trust https://www.sans.org/reading-room/whitepapers/vpns/pki-trust-models-
trust-36112
Digital Certificate Revocation https://www.sans.org/reading-room/whitepapers/certificates/digital-
certificate-revocation-35292
Building and Managing a PKI Solution for Small and Medium Size Business https://www.sans.org/reading-room/whitepapers/certificates/building-
managing-pki-solution-small-medium-size-business-34445
SSl/TLS: What’s Under the Hood https://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-
hood-34297
Windows Enforcement of Authenticode Code Signing and Timestamping http://social.technet.microsoft.com/wiki/contents/articles/32288.windo
ws-enforcement-of-authenticode-code-signing-and-timestamping.aspx
The Scary and Terrible Code Signing Problem You Don’t Know You Have https://www.sans.org/reading-room/whitepapers/certificates/scary-
terrible-code-signing-problem-don-039-t-36382
The Business Case For TLS Certificate Enterprise Key Management https://www.sans.org/reading-room/whitepapers/critical/business-
case-tls-certificate-enterprise-key-management-web-site-certificates-
wrangling-36392

36. http://wiki.cacert.org/Risk/History
History of Certificate Risks & Threats

37. More Fear Uncertainty and Doubt

38. http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
We’ve focused on browser based TLS,
there are many other applications
that rely on TLS libraries and have
validation challenges.
More Work To do

39. https://www.blackhat.com/docs/us-15/materials/us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf
BGP Hijacking
The problem is: the
encryption is backed
by SSL/TLS PKI

40. Sniffly
Sniffly is an attack that abuses HTTP
Strict Transport Security and Content
Security Policy to allow arbitrary
websites to sniff a user's browsing
history. It has been tested in Firefox
and Chrome
https://github.com/diracdeltas/sniffly

41. Highly classified decryption program run by the NSA
The British signals intelligence agency GCHQ has a
similar program codenamed Edgehill.
http://www.spiegel.de/media/media-35531.pdf
Bullrun