Maintaining Security and Trust in Large Scale Public Key Infrastructures

Total Page:16

File Type:pdf, Size:1020Kb

Maintaining Security and Trust in Large Scale Public Key Infrastructures Maintaining Security and Trust in Large Scale Public Key Infrastructures Vom Fachbereich Informatik der Technischen Universit¨atDarmstadt genehmigte Dissertation zur Erlangung des Grades Doktor-Ingenieur (Dr.-Ing.) von Dipl. Wirtsch.-Inform. Johannes Braun geboren in Herrenberg. Referenten: Prof. Dr. Johannes Buchmann Prof. Dr. Max M¨uhlh¨auser Tag der Einreichung: 16.03.2015 Tag der m¨undlichen Pr¨ufung: 30.04.2015 Hochschulkennziffer: D 17 Darmstadt 2015 List of Publications [B1] Johannes Braun. Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication. IEEE Conference on Com- munications and Network Security (CNS 2014) - Poster Session, pages 510{ 511, IEEE Computer Society, 2014. Cited on pages 52 and 173. [B2] Johannes Braun, Florian Volk, Jiska Classen, Johannes Buchmann, and Max M¨uhlh¨auser.CA trust management for the Web PKI. Journal of Computer Security, 22: 913{959, IOS Press, 2014. Cited on pages 9, 66, 89, and 104. [B3] Johannes Braun, Johannes Buchmann, Ciaran Mullan, and Alex Wiesmaier. Long term confidentiality: a survey. Designs, Codes and Cryptography, 71(3): 459{478, Springer, 2014. Cited on page 161. [B4] Johannes Braun and Gregor Rynkowski. The potential of an individ- ualized set of trusted CAs: Defending against CA failures in the Web PKI. International Conference on Social Computing (SocialCom) - PAS- SAT 2013, pages 600{605, IEEE Computer Society, 2013. Extended version: http://eprint.iacr.org/2013/275. Cited on pages 9, 32, and 57. [B5] Johannes Braun, Florian Volk, Johannes Buchmann, and Max M¨uhlh¨auser. Trust views for the Web PKI. Public Key Infrastructures, Services and Appli- cations - EuroPKI 2013, vol. 8341 of LNCS, pages 134{151. Springer, 2013. Cited on pages 9 and 66. [B6] Johannes Braun, Franziskus Kiefer, and Andreas H¨ulsing.Revocation & non- repudiation: When the first destroys the latter. Public Key Infrastructures, Services and Applications - EuroPKI 2013, vol. 8341 of LNCS, pages 31{46. Springer, 2013. Cited on pages 9 and 152. [B7] Johannes Braun, Moritz Horsch, and Andreas H¨ulsing.Effiziente Umsetzung des Kettenmodells unter Verwendung vorw¨artssicherer Signaturverfahren. iv List of Publications Tagungsband zum 13. Deutschen IT-Sicherheitskongress 2013, pages 347{359. BSI, SecuMedia Verlag, 2013. Cited on pages 9 and 152. [B8] Andreas H¨ulsingand Johannes Braun. Langzeitsichere Signaturen durch den Einsatz hashbasierter Signaturverfahren. Tagungsband zum 13. Deutschen IT-Sicherheitskongress 2013, pages 565{576. BSI, SecuMedia Verlag, 2013. Cited on pages 9, 10, and 152. [B9] Johannes Braun, Alexander Wiesmaier, and Johannes Buchmann. On the security of encrypted secret sharing. 46th Hawaii International Conference on Systems Science (HICSS-46), pages 4966{4976. IEEE Computer Society, 2013. [B10] Johannes Braun, Andreas H¨ulsing,Alexander Wiesmaier, Martin A. G. Vigil, and Johannes Buchmann. How to avoid the breakdown of public key in- frastructures - forward secure signatures for certificate authorities. Public Key Infrastructures, Services and Applications - EuroPKI 2012, vol. 7868 of LNCS, pages 53{68. Springer, 2012. Cited on pages 9, 136, and 152. [B11] Johannes Braun, Moritz Horsch, and Alexander Wiesmaier. iPIN and mTAN for secure eID applications. 8th International Conference on Information Security Practice and Experience (ISPEC 2012), vol. 7232 of LNCS, pages 259{276. Springer, 2012. Cited on page 158. [B12] Johannes Braun and Johannes Buchmann. Perfect confidentiality network - a solution for information theoretically secure key agreement. 5th IFIP International Conference on New Technologies, Mobility & Security (NTMS 2012), pages 1{5, IEEE Computer Society, 2012. [B13] Moritz Horsch, Johannes Braun, Alexander Wiesmaier, Joachim Schaaf, and Claas Baum¨oller. Verteilte Dienstnutzung mit dem neuen Personalausweis. D-A-CH Security 2012. syssec Verlag, 2012. [B14] Detlef H¨uhnlein,Dirk Petrautzki, Johannes Schm¨olz,Tobias Wich, Moritz Horsch, Thomas Wieland, Jan Eichholz, Alexander Wiesmaier, Johannes Braun, Florian Feldmann, Simon Potzernheim, J¨orgSchwenk, Christian Kahlo, Andreas K¨uhne,and Heiko Veit. On the design and implementa- tion of the Open eCard App. GI SICHERHEIT 2012 Sicherheit - Schutz und Zuverl¨assigkeit, vol. P-195 of LNI, pages 95{110. Bonner K¨ollenVerlag, 2012. List of Publications v [B15] Johannes Braun, Andreas H¨ulsing,and Alexander Wiesmaier. Schlanke In- frastrukturen f¨urden digitalen Rechtsverkehr - vorw¨artssichere Verfahren f¨ur qualifizierte elektronische Signaturen. Technical report. TU Darmstadt / IS- PRAT e.V., 2012. [B16] Alexander Wiesmaier, Moritz Horsch, Johannes Braun, Franziskus Kiefer, Detlef H¨uhnlein,Falko Strenzke, and Johannes Buchmann. An efficient PACE implementation for mobile devices. 6th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2011), pages 176{185. ACM, 2011. [B17] Johannes Braun, Moritz Horsch, Alexander Wiesmaier, and Detlef H¨uhnlein. Mobile Authentisierung und Signatur. In Peter Schartner und J¨urgenTaeger, editor, D-A-CH Security 2011, pages 32{43. syssec Verlag, 2011. [B18] Johannes Braun, Alexander Wiesmaier TU Darmstadt; Eric Klieme, Linda Strick, and Wolfgang Wunderlich Fokus Fraunhofer. Der elektronische Safe als vertrauensw¨urdigerCloud Service. Technical report. TU Darmstadt / Fokus Fraunhofer / ISPRAT e.V., 2011. Patents: [B19] Alexander Wiesmaier, Johannes Braun, and Moritz Horsch. EP 2639997 (B1) - Method and system for secure access of a first computer to a second computer. European Patent Office, September 2014. Granted EP Patent 2 639 997. [B20] Claas Baum¨oller,Joachim Schaaf, Moritz Horsch, Alexander Wiesmaier and Johannes Braun. EP 2600270 (A1) - Identification element-based authen- tication and identification with decentralized service use. European Patent Office, June 2013. Pending Application EP Patent 2 600 270. Acknowledgments My first thanks go to Professor Johannes Buchmann for giving me the possibility to write this thesis. I thank him for his support and guidance throughout the past five years and for now giving me the opportunity to take over new and interesting tasks within the Collaborative Research Center CROSSING. Next, I want to thank my collaborators and colleagues that provided valuable comments and helped me to improve this work during many discussions. Finally, I want to especially thank my family and friends. They supported and believed in me all the time. To Angelika Braun, my beloved wife. Without you by my side, this would not have been possible. Abstract In Public Key Infrastructures (PKIs), trusted Certification Authorities (CAs) issue public key certificates which bind public keys to the identities of their owners. This enables the authentication of public keys which is a basic prerequisite for the use of digital signatures and public key encryption. These in turn are enablers for e- business, e-government and many other applications, because they allow for secure electronic communication. With the Internet being the primary communication medium in many areas of economic, social, and political life, the so-called Web PKI plays a central role. The Web PKI denotes the global PKI which enables the authentication of the public keys of web servers within the TLS protocol and thus serves as the basis for secure communications over the Internet. However, the use of PKIs in practice bears many unsolved problems. Numerous security incidents in recent years have revealed weaknesses of the Web PKI. Be- cause of these weaknesses, the security of Internet communication is increasingly questioned. Central issues are (1) the globally predefined trust in hundreds of CAs by browsers and operating systems. These CAs are subject to a variety of jurisdic- tions and differing security policies, while it is sufficient to compromise a single CA in order to break the security provided by the Web PKI. And (2) the handling of re- vocation of certificates. Revocation is required to invalidate certificates, e.g., if they were erroneously issued or the associated private key has been compromised. Only this can prevent their misuse by attackers. Yet, revocation is only effective if it is published in a reliable way. This turned out to be a difficult problem in the context of the Web PKI. Furthermore, the fact that often a great variety of services depends on a single CA is a serious problem. As a result, it is often almost impossible to revoke a CA's certificate. However, this is exactly what is necessary to prevent the malicious issuance of certificates with the CA's key if it turns out that a CA is in fact not trustworthy or the CA's systems have been compromised. In this thesis, we therefore turn to the question of how to ensure that the CAs an Internet user trusts in are actually trustworthy. Based on an in depth analysis of the Web PKI, we present solutions for the different issues. In this thesis, the feasibility x Abstract and practicality of the presented solutions is of central importance. From the prob- lem analysis, which includes the evaluation of past security incidents and previous scientific work on the matter, we derive requirements for a practical solution. For the solution of problem (1), we introduce user-centric trust management for the Web PKI. This allows to individually reduce the number of CAs a user trusts in to a fraction of the original number. This significantly reduces the risk to rely on a CA, which is actually not trustworthy. The assessment of a CA's trustworthiness is user dependent and evidence-based. In addition, the
Recommended publications
  • A Understanding Graph-Based Trust Evaluation in Online Social Networks: Methodologies and Challenges
    A Understanding Graph-based Trust Evaluation in Online Social Networks: Methodologies and Challenges Wenjun Jiang, Hunan University Guojun Wang, Central South University Md Zakirul Alam Bhuiyan, Temple University Jie Wu, Temple University Online social networks (OSNs) are becoming a popular method of meeting people and keeping in touch with friends. OSNs resort to trust evaluation models and algorithms, as to improve service qualities and enhance user experiences. Much research has been done to evaluate trust and predict the trustworthiness of a target, usually from the view of a source. Graph-based approaches make up a major portion of the existing works, in which the trust value is calculated through a trusted graph (or trusted network, web of trust, multiple trust chains). In this paper, we focus on graph-based trust evaluation models in OSNs, particularly in computer science literature. We first summarize the features of OSNs and the properties of trust. Then, we comparatively review two categories of graph-simplification based and graph-analogy based approaches, and discuss their individual problems and challenges. We also analyze the common challenges of all graph-based models. To provide an integrated view of trust evaluation, we conduct a brief review of its pre-and-post processes, i.e., the preparation and the validation of trust models, including information collection, performance evaluation, and related applications. Finally, we identify some open challenges that all trust models are facing. Categories and Subject Descriptors: A.1 [Introductory and Survey]; C.2.4 [Computer-Communication Networks]: Distributed Systems General Terms: Design, Reliability, Management Additional Key Words and Phrases: trusted graph, trust evaluation, simplification, analogy, online social networks (OSNs), trust models.
    [Show full text]
  • Decentralized Reputation Model and Trust Framework Blockchain and Smart Contracts
    IT 18 062 Examensarbete 30 hp December 2018 Decentralized Reputation Model and Trust Framework Blockchain and Smart contracts Sujata Tamang Institutionen för informationsteknologi Department of Information Technology Abstract Decentralized Reputation Model and Trust Framework: Blockchain and Smart contracts Sujata Tamang Teknisk- naturvetenskaplig fakultet UTH-enheten Blockchain technology is being researched in diverse domains for its ability to provide distributed, decentralized and time-stamped Besöksadress: transactions. It is attributed to by its fault-tolerant and zero- Ångströmlaboratoriet Lägerhyddsvägen 1 downtime characteristics with methods to ensure records of immutable Hus 4, Plan 0 data such that its modification is computationally infeasible. Trust frameworks and reputation models of an online interaction system are Postadress: responsible for providing enough information (e.g., in the form of Box 536 751 21 Uppsala trust score) to infer the trustworthiness of interacting entities. The risk of failure or probability of success when interacting with an Telefon: entity relies on the information provided by the reputation system. 018 – 471 30 03 Thus, it is crucial to have an accurate, reliable and immutable trust Telefax: score assigned by the reputation system. The centralized nature of 018 – 471 30 00 current trust systems, however, leaves the valuable information as such prone to both external and internal attacks. This master's thesis Hemsida: project, therefore, studies the use of blockchain technology as an http://www.teknat.uu.se/student infrastructure for an online interaction system that can guarantee a reliable and immutable trust score. It proposes a system of smart contracts that specify the logic for interactions and models trust among pseudonymous identities of the system.
    [Show full text]
  • No.Ntnu:Inspera:2546742.Pdf (10.61Mb)
    Krishna Shingala An alternative to the Public Key Krishna Shingala Infrastructure for the Internet of Things Master’s thesis in Communication Technology Supervisor: Danilo Gligoroski, Katina Kralevska, Torstein Heggebø Master’s thesis Master’s June 2019 An alternative to PKI for IoT PKI for to An alternative NTNU Engineering Communication Technology Communication Department of Information Security and Department of Information Faculty of Information Technology and Electrical Technology of Information Faculty Norwegian University of Science and Technology of Science University Norwegian An alternative to the Public Key Infras- tructure for the Internet of Things Krishna Shingala Submission date: June 2019 Responsible professor: Danilo Gligoroski, IIK, NTNU Supervisor: Danilo Gligoroski, IIK, NTNU Co-Supervisor: Katina Kralevska, IIK, NTNU Co-Supervisor: Torstein Heggebø, Nordic Semiconductor ASA Norwegian University of Science and Technology Department of Information Technology and Electrical Engineering Title: An alternative to the Public Key Infrastructure for the Internet of Things Student: Krishna Shingala Problem description: Internet of Things(IoT) enables participation of constrained devices on the Internet. Limited resources, bandwidth, and power on the devices have led to new protocols. Some examples of IoT driven and driving protocols are: – MQTT, CoAP that are application protocols for IoT; – 6LoWPAN enables efficient support of IPv6 on low power lossy networks; – CBOR enables concise data formatting; and – DTLS enables secure channel establishment over unreliable transport like the UDP. Security is one of the key factors for the success of IoT. TLS/DTLS secures the channel between the servers and the devices. Confidentiality is an important aspect of such a secure channel. Establishing the identity of an entity another.
    [Show full text]
  • The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware
    The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware Samaneh Tajalizadehkhoob, Carlos Gañán, Arman Noroozian, and Michel van Eeten Faculty of Technology, Policy and Management, Delft University of Technology Delft, the Netherlands [email protected] ABSTRACT command and control (C&C) infrastructure and the cleanup A variety of botnets are used in attacks on financial ser- process of the infected end user machines (bots) [12,32,43]. vices. Banks and security firms invest a lot of effort in The first strategy has the promise of being the most effec- detecting and combating malware-assisted takeover of cus- tive, taking away control of the botnet from the botmasters. tomer accounts. A critical resource of these botnets is their In reality, however, this is often not possible. The second command-and-control (C&C) infrastructure. Attackers rent strategy is not about striking a fatal blow, but about the or compromise servers to operate their C&C infrastructure. war of attrition to remove malware, one machine at a time. Hosting providers routinely take down C&C servers, but the It has not been without success, however. Infection levels effectiveness of this mitigation strategy depends on under- have been stable in many countries [5]. standing how attackers select the hosting providers to host In practice, a third strategy is also being pursued. Similar their servers. Do they prefer, for example, providers who to access providers cleaning up end user machines, there is are slow or unwilling in taking down C&Cs? In this paper, a persistent effort by hosting providers to take down C&C we analyze 7 years of data on the C&C servers of botnets servers, one at a time.
    [Show full text]
  • Easy Encryption for Email, Photo, and Other Cloud Services John Seunghyun Koh
    Easy Encryption for Email, Photo, and Other Cloud Services John Seunghyun Koh Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy under the Executive Committee of the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2021 © 2021 John Seunghyun Koh All Rights Reserved Abstract Easy Encryption for Email, Photo, and Other Cloud Services John Seunghyun Koh Modern users carry mobile devices with them at nearly all times, and this likely has contribut- ed to the rapid growth of private user data—such as emails, photos, and more—stored online in the cloud. Unfortunately, the security of many cloud services for user data is lacking, and the vast amount of user data stored in the cloud is an attractive target for adversaries. Even a single compro- mise of a user’s account yields all its data to attackers. A breach of an unencrypted email account gives the attacker full access to years, even decades, of emails. Ideally, users would encrypt their data to prevent this. However, encrypting data at rest has long been considered too difficult for users, even technical ones, mainly due to the confusing nature of managing cryptographic keys. My thesis is that strong security can be made easy to use through client-side encryption using self-generated per-device cryptographic keys, such that user data in cloud services is well pro- tected, encryption is transparent and largely unnoticeable to users even on multiple devices, and encryption can be used with existing services without any server-side modifications. This dis- sertation introduces a new paradigm for usable cryptographic key management, Per-Device Keys (PDK), and explores how self-generated keys unique to every device can enable new client-side encryption schemes that are compatible with existing online services yet are transparent to users.
    [Show full text]
  • Best Practices for Privileged Access Management on Cloud-Native Infrastructure
    Best Practices for Privileged Access Management on Cloud-Native Infrastructure BY GRAVITATIONAL CONTENTS INTRODUCTION ......................................................................................................................................................................... 4 BACKGROUND OF ACCESS MANAGEMENT COMPONENTS ...................................................................................... 5 SSH ............................................................................................................................................................................................. 5 SSH Public Key Authentication ............................................................................................................................................ 5 OpenSSH Certificates ............................................................................................................................................................. 7 OpenSSH Certificate Authentication .................................................................................................................................. 7 LDAP .......................................................................................................................................................................................... 8 Identity Provider ...................................................................................................................................................................... 9 AUTHENTICATION AND AUTHORIZATION ...................................................................................................................
    [Show full text]
  • Epidemic? the Attack Surface of German Hospitals During the COVID-19 Pandemic
    2021 13th International Conference on Cyber Conflict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profit or Going Viral non-commercial purposes is granted providing that copies bear this notice T. Jančárková, L. Lindström, G. Visky, P. Zotz (Eds.) and a full citation on the first page. Any other reproduction or transmission 2021 © NATO CCDCOE Publications, Tallinn requires prior written permission by NATO CCDCOE. Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic Johannes Klick Robert Koch Alpha Strike Labs Universität der Bundeswehr Berlin, Germany Neubiberg, Germany [email protected] [email protected] Thomas Brandstetter Limes Security/FH St. Pölten Hagenberg, Austria [email protected] Abstract: In our paper, we analyze the attack surface of German hospitals and healthcare providers in 2020 during the COVID-19 pandemic. A primary analysis found that 32 percent of the analyzed services were vulnerable to various degrees and that 36 percent of all hospitals showed numerous vulnerabilities. Further resulting vulnerability statistics were mapped against the size of organization and hospital bed count. The analysis looked at the publicly visible attack surface utilizing a Distributed Cyber Recon System, through distributed Internet scanning, Big Data methods, and scan data of almost 1.5 TB from more than 89 different global Internet scans. From the 1,555 identified German hospitals and clinical entities, analysis of the external attack surface was conducted by looking at more than 13,000 service banners for version identification and subsequent CVE-based vulnerability identification.
    [Show full text]
  • Challenges in Managing SSH Keys – and a Call for Solutions
    Challenges in Managing SSH Keys – and a Call for Solutions Tatu Ylonen University of Helsinki [email protected] Abstract In some cases a single key can access tens of thousands of servers, such as for keys originally installed for emergency SSH (Secure Shell) uses public keys for authenticating servers response, auditing, or patch management purposes. Some of and users. While SSH’s key management design was great these keys are very old. for grass-roots deployments, it is now causing significant Second, extensive monitoring of the usage of the keys has operational and security challenges in large computing envi- revealed that typically about 90% of the authorized keys are ronments. This paper summarizes progress in SSH key man- unused. That is, they are access credentials that were provi- agement so far, highlights outstanding problems, and presents sioned years ago, the need for which ceased to exist or the requirements for a long-term solution. Proposals are solicited person having the private key left, and the authorized key from the research community to address the issue; so far the was never deprovisioned. Thus, the access was not terminated industry has been unable to come up with an ideal solution. when the need for it ceased to exist. This signifies a failure of The problem is of high practical importance, as most of our identify and access management (IAM) practices. critical Internet infrastructure, cloud services, and open source software development is protected using these keys. In many organizations – even very security-conscious or- ganizations – there are many times more obsolete authorized keys than they have employees.
    [Show full text]
  • Perspectives: Improving SSH-Style Host Authentication with Multi-Path Probing
    Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing Dan Wendlandt David G. Andersen Adrian Perrig Carnegie Mellon University Abstract Furthermore, a study by Reis et al. used client-side mea- surements to confirm that real-time snooping and modifi- The popularity of “Trust-on-first-use” (Tofu) authentica- cation of web traffic is a reality in today’s networks [20]. tion, used by SSH and HTTPS with self-signed certificates, In this paper, we examine a novel approach to authen- demonstrates significant demand for host authentication ticating a server’s public key. Traditional approaches to that is low-cost and simple to deploy. While Tofu-based server key authentication, such as a public-key infrastruc- applications are a clear improvement over completely inse- ture (PKI) [7, 5], rely on trusted entities (e.g., Verisign) cure protocols, they can leave users vulnerable to even that grant certificates based on the validation of real-world simple network attacks. Our system, PERSPECTIVES, identities. When done securely, such verification requires thwarts many of these attacks by using a collection of “no- significant (often manual) effort. While some network tary” hosts that observes a server’s public key via multiple hosts, primarily commercial websites, can afford to pay network vantage points (detecting localized attacks) and the high verification cost for these certificates, clients have keeps a record of the server’s key over time (recognizing no simple and effective means to authenticate connectivity short-lived attacks). Clients can download these records to most other hosts on the Internet. on-demand and compare them against an unauthenticated Because the high cost of creating and managing a host key, detecting many common attacks.
    [Show full text]
  • Scalable Blockchains for Computational Trust
    A Scalable Blockchain Approach for Trusted Computation and Verifiable Simulation in Multi-Party Collaborations Ravi Kiran Raman,∗y Roman Vaculin,y Michael Hind,y Sekou L. Remy,y Eleftheria K. Pissadaki,y Nelson Kibichii Bore,y Roozbeh Daneshvar,y Biplav Srivastava,y and Kush R. Varshneyy ∗University of Illinois at Urbana-Champaign yIBM Research Abstract—In high-stakes multi-party policy making based on ology in this paper. machine learning and simulation models involving independent In AI, increasingly complex machine learning models with computing agents, a notion of trust in results is critical in facilitat- ever increasing complexity are being learned on vast datasets. ing transparency, accountability, and collaboration. Using a novel combination of distributed validation of atomic computation Lack of access to the training process and the hyperparameters blocks and a blockchain-based immutable audit mechanism, this used therein do not only hinder scientific reproducibility, work proposes a framework for distributed trust in computations. but also remove any basis to trust the reported results. In In particular we address the scalability problem by reducing particular, applications interested in the trained model might the storage and communication costs using a lossy compression not trust the agent performing the training. Other than sanity scheme. This framework guarantees not only verifiability of final results, but also the validity of local computations, and its cost- checks such as validation datasets, there exists no simpler benefit tradeoffs are studied using a synthetic example of training way to guarantee correctness than complete retraining. This a neural network. is impractical considering the extensive amounts of time and hardware required.
    [Show full text]
  • Automated Verification for Secure Messaging Protocols and Their
    Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach Nadim Kobeissi, Karthikeyan Bhargavan, Bruno Blanchet To cite this version: Nadim Kobeissi, Karthikeyan Bhargavan, Bruno Blanchet. Automated Verification for Secure Mes- saging Protocols and Their Implementations: A Symbolic and Computational Approach. 2nd IEEE European Symposium on Security and Privacy , Apr 2017, Paris, France. pp.435 - 450, 10.1109/Eu- roSP.2017.38. hal-01575923 HAL Id: hal-01575923 https://hal.inria.fr/hal-01575923 Submitted on 21 Aug 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach Nadim Kobeissi Karthikeyan Bhargavan Bruno Blanchet INRIA Paris INRIA Paris INRIA Paris Abstract—Many popular web applications incorporate end-to- for application-specific messaging patterns and deployment end secure messaging protocols, which seek to ensure that constraints. Such custom protocols deserve close scrutiny, messages sent between users are kept confidential and authen- but their formal security analysis faces several challenges. ticated, even if the web application’s servers are broken into First, web applications often evolve incrementally in an or otherwise compelled into releasing all their data.
    [Show full text]
  • Public Key Pinning for TLS Using a Trust on First Use Model
    Public Key Pinning for TLS Using a Trust on First Use Model Gabor X Toth* Tjebbe Vlieg* *University of Amsterdam February 2013 Abstract Although the Public Key Infrastructure (PKI) using X.509 is meant to prevent the occurrence of man-in-the-middle attacks on TLS, there are still situations in which such attacks are possible due to the large number of Certification Authorities (CA) that has to be trusted. Recent incidents involving CA compromises, which lead to issuance of rogue certificates indicate the weakness of the PKI model. Recently various public key pinning protocols – such as DANE or TACK – have been proposed to thwart man-in-the-middle attacks on TLS connections. It will take a longer time, however, until any of these protocols reach wide deployment. We present an approach intended as an interim solution to bridge this gap and provide protection for connections to servers not yet using a pinning protocol. The presented method is based on public key pinning with a trust on first use model, and can be combined with existing notary approaches as well. Keywords: TLS, PKI, X.509, public key pinning, trust on first use 1 Introduction There are widely known problems with the Public Key Infrastructure using X.509 (PKIX) and its use in TLS certificate validation. Currently, users have to trust a large number of certificate authorities (CA), which are less and less trustworthy due to security breaches in their systems, leading to the issuance of rogue certificates [1,2]. Even if a CA is not compromised, it can still issue intermediate CA certificates to the wrong entities [3], or it can be forced to issue rogue certificates by a government trying to spy on its citizens.
    [Show full text]