OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability

1. OpenSSL Alternative Chains Certificate
Forgery Security Bypass Vulnerability
By
Venkatesh Chinta

2. 1) SSL
2) OpenSSL
3) Digital Certificates
4) Certificate Authentication
5) Certificate Chains
6) Vulnerability in OpenSSL
7) Countermeasures
Index

3. SSL

4. What is SSL?
It is used to keep sensitive information sent across the
Internet is encrypted, so that only the intended recipient can
understand it.

5. Example:

6. Cipher-Suites
Key Exchange Algorithm
Ex: RSA, Diffie-Hellman, ECDH and etc.
It is used to determine if and how the client and server will authenticate during
the handshake.
Encryption Algorithm
Ex: AES, 3DES and etc.
It is used to encrypt the data between two client and server.
Message Authentication
Ex: MD5,SHA and etc.
It is used to provide integrity to data between client and server.

8. OpenSSL

9. A toolkit implementing SSL v2/v3 and TLS protocols with full-strength
cryptography world-wide.

10. Digital Certificates

11. Public-Key Cryptography

12. Scenario

13. Digital certificates are electronic credentials that are used to assert the online
identities of individuals, computers, and other entities on a network.
Digital certificates function similarly to identification cards such as passports and
drivers licenses.

14. Public-Key Certificate Validation Process

16. Windows maintains a database of CA’s
1)Microsoft
2)VeriSign
3)Global-Sign
and lot of CA certificates
Microsoft Publisher
Operating System

17. Certificates in our Windows OS

18. Trust Validation
ABC
Root Certificate
(Server)
ABC
Root Certificate
(Client)
Trust
Established
ABC
Root Certificate
(Server)
No
ABC Root
Certificate in
Client OS
Un-trusted

19. Certificates in SSL

20. Certificate Chains
CA1
CA3
CA2
Alice
Bob
Public
key of
CA2
CA1
Public
key of
CA3
CA2
Public
key of
Bob
CA3
When Alice wants to check the authenticity of Bob’s public
key she must verify each link in the chain:

22. Scenario

23. Vulnerability in OpenSSL

24. During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b)
will attempt to find an alternative certificate chain if the first attempt to build such
a chain fails.
An error in the implementation of this logic can mean that an attacker could cause
certain checks on un-trusted certificates to be bypassed, such as the CA flag,
enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid
certificate.

25. The issue, which was reported to OpenSSL on June 24 , 2015 by Adam Langley and
David Benjamin of Google/Boring-SSL, is known to affect versions 1.0.2c, 1.0.2b,
1.0.1n, and 1.0.1o. It can be used to compromise any application that verifies
certificates including SSL and TLS.(CVE ID: 2015-1793)
Exploit Available at:
https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mi
tm_proxy

26. Attack Scenario

27. Attacker
1) Example.com
Certified by Global Sign
(Private Key, Public Key)
AttackerVictim
www.bank.com
Certified by Global Sign
(Private key, Public Key)
2) Man in the Middle Attack Launched
3) Victim tries a SSL to bank.com
4) Attacker Signs Bank
Certificate using his
private key
and address is
example.com/cert.crt
5)Victim Checks the
Certificate ,Chain
validation is failed
and constructs
alternative Chains
6) Alternate Chains construct new
certificates based on url (retrieves
attacker certificate) sent by attacker.
External, Trusted Certificates also
retrieved. Certificate Chain Created.
7) Session Compromised

28. Countermeasures

29. 1) Update OpenSSL to latest versions
2) Verify certificates by CA flag when creating new certificates.

30. Thank You