PKI Under Attack
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Focus on S/MIME
The University of Saskatchewan Department of Computer Science Technical Report #2011-03 Cryptographic Security for Emails: A Focus on S/MIME Minhaz Fahim Zibran Department of Computer Science University of Saskatchewan Email: [email protected] Abstract In this paper I present a study on \S/MIME", which has become the industry standard for secure email exchange. Based on existing literature review, the study examines S/MIME in depth with specific emphasis on its architecture, strengths, and deficiencies. The study also identifies usability issues related to S/MIME enabled email clients, which indicate scopes for further improvements in those implementations. Obstacles in the adoption of S/MIME are also identified indicating what is required for its successful adoption in the community. In presenting the study, the paper contributes in two ways: (a) for any newcomer in the field of cryptography this paper will be a useful resource to quickly learn about S/MIME in a fair level of detail, (b) the indication about limitations of S/MIME and its implementations reveals an avenue for further research in the area of email security, which may result in improvement of S/MIME itself, or its implementations in the email clients. Keywords: Email Security, S/MIME, MIME, PGP, PKI, Certificate, Email Authentication, Email Encryption, Key Management 1 Introduction Email has been a very common medium of communication these days. It somewhat re- places the traditional surface mail and many of the traditional ways of communication [32]. Today people send and read emails from their personal computers, business workstation, PDAs and even cell phones. -
Towards a Hybrid Public Key Infrastructure (PKI): a Review
Towards a Hybrid Public Key Infrastructure (PKI): A Review Priyadarshi Singh, Abdul Basit, N Chaitanya Kumar, and V. Ch. Venkaiah School of Computer and Information Sciences, University of Hyderabad, Hyderabad-500046, India Abstract. Traditional Certificate- based public key infrastructure (PKI) suffers from the problem of certificate overhead like its storage, verification, revocation etc. To overcome these problems, idea of certificate less identity-based public key cryptography (ID-PKC) was proposed by Shamir. This is suitable for closed trusted group only. Also, this concept has some inherent problems like key escrow problem, secure key channel problem, identity management overhead etc. Later on, there had been several works which tried to combine both the cryptographic techniques such that the resulting hybrid PKI framework is built upon the best features of both the cryptographic techniques. It had been shown that this approach solves many problems associated with an individual cryptosystem. In this paper, we have reviewed and compared such hybrid schemes which tried to combine both the certificate based PKC and ID-based PKC. Also, the summary of the comparison, based on various features, is presented in a table. Keywords: Certificate-based PKI; Identity-based public key cryptography (ID-PKC); Hybrid PKI 1 INTRODUCTION Public key infrastructure (PKI) and public key cryptography (PKC) [12] plays a vital role with four major components of digital security: authentication, integrity, confidentiality and non-repudiation. Infact, PKI enables the use of PKC through key management. The ”efficient and secure management of the key pairs during their whole life cycle" is the purpose of PKI, which involves key generation, key distribution, key renewal, key revocation etc [11]. -
Security Target Document
Security Target Document Passport Certificate Server Ver. 4.1.1 Prepared for: Common Criteria EAL2 (augmented) 30 April 2002 2225 Sheppard Ave, Suite 1700 Toronto, Ontario, Canada M2J 5C2 TEL: 416-756-2324 FAX: 416-756-7346 [email protected] www.dvnet.com Passport Certificate Server V.4.1.1 Security Target 30 April 2002 Common Criteria EAL 2 (augmented) Version 1.00 TABLE OF CONTENTS 1 Introduction ............................................................................................................................................ 1 1.1 Security Target Identification......................................................................................................... 1 1.2 Security Target Overview............................................................................................................... 1 1.3 Common Criteria Conformance .....................................................................................................1 2 TOE Description..................................................................................................................................... 2 2.1 Product Deployment....................................................................................................................... 2 2.2 Product Functions........................................................................................................................... 2 2.3 Product Description ........................................................................................................................ 3 2.3.1 Platform -
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI Doowon Kim Bum Jun Kwon Tudor Dumitras, University of Maryland University of Maryland University of Maryland College Park, MD College Park, MD College Park, MD [email protected] [email protected] [email protected] ABSTRACT To establish trust in third-party software, we currently rely on Digitally signed malware can bypass system protection mechanisms the code-signing Public Key Infrastructure (PKI). This infrastruc- that install or launch only programs with valid signatures. It can ture includes Certification Authorities (CAs) that issue certificates also evade anti-virus programs, which often forego scanning signed to software publishers, vouching for their identity. Publishers use binaries. Known from advanced threats such as Stuxnet and Flame, these certificates to sign the software they release, and users rely this type of abuse has not been measured systematically in the on these signatures to decide which software packages to trust broader malware landscape. In particular, the methods, effective- (rather than maintaining a list of trusted packages). If adversaries ness window, and security implications of code-signing PKI abuse can compromise code signing certificates, this has severe impli- are not well understood. We propose a threat model that highlights cations for end-host security. Signed malware can bypass system three types of weaknesses in the code-signing PKI. We overcome protection mechanisms that install or launch only programs with challenges specific to code-signing measurements by introducing valid signatures, and it can evade anti-virus programs, which often techniques for prioritizing the collection of code-signing certificates neglect to scan signed binaries. -
Introduction to Cryptography
Mag. iur. Dr. techn. Michael Sonntag Introduction to Cryptography Institute of Networks and Security Johannes Kepler University Linz, Austria E-Mail: [email protected] Thanks to Rudolf Hörmanseder for some slides (esp. drawings!) Why cryptography? Security is a very important aspect, especially if money (or equivalents) are affected by transactions Not every information should be available to everyone Note: Data is sent in the Internet over numerous "open systems", where anyone can listen it! Security is needed! The technical aspect of security is cryptography Encrypting data against disclosure and modifications Signing data against modifications and repudiation Note: Cryptography does not solve all security problems! Example: Communication analysis (who talks to whom when) Other aspects of security are also needed » E.g.: Do you know what your employees actually do with data? Solutions: DRM, deactivation codes, anonymizers, … Michael Sonntag Introduction to Cryptography 2 Application areas Storing data in encrypted form Even access will not lead to disclosure (stolen laptops!) Example: File/-system encryption, password storage Transmitting data securely Enc. transmission prevents eavesdropping and tampering Example: TLS Identifying your partner Preventing man-in-the-middle attacks Example: TLS with uni-/bidirectional certificates Proof of identity & authority Avoiding impersonation Example: GPG E-Mail signatures, digital signatures (Austria: "Bürgerkarte“ – “citizen card”) Michael Sonntag Introduction to -
A Practical Evaluation of a High-Security Energy-Efficient
sensors Article A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications Manuel Suárez-Albela * , Tiago M. Fernández-Caramés , Paula Fraga-Lamas and Luis Castedo Department Computer Engineering, Faculty of Computer Science, Universidade da Coruña, 15071 A Coruña, Spain; [email protected] (T.M.F.-C.); [email protected] (P.F.-L.); [email protected] (L.C.) * Correspondence: [email protected]; Tel.: +34-981-167-000 (ext. 6051) Received: 28 July 2017; Accepted: 19 August 2017; Published: 29 August 2017 Abstract: Fog computing extends cloud computing to the edge of a network enabling new Internet of Things (IoT) applications and services, which may involve critical data that require privacy and security. In an IoT fog computing system, three elements can be distinguished: IoT nodes that collect data, the cloud, and interconnected IoT gateways that exchange messages with the IoT nodes and with the cloud. This article focuses on securing IoT gateways, which are assumed to be constrained in terms of computational resources, but that are able to offload some processing from the cloud and to reduce the latency in the responses to the IoT nodes. However, it is usually taken for granted that IoT gateways have direct access to the electrical grid, which is not always the case: in mission-critical applications like natural disaster relief or environmental monitoring, it is common to deploy IoT nodes and gateways in large areas where electricity comes from solar or wind energy that charge the batteries that power every device. In this article, how to secure IoT gateway communications while minimizing power consumption is analyzed. -
Measuring Breaches of Trust in the Windows Code-Signing PKI
Session F5: Understanding Security Fails CCS’17, October 30-November 3, 2017, Dallas, TX, USA Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI Doowon Kim Bum Jun Kwon Tudor Dumitras, University of Maryland University of Maryland University of Maryland College Park, MD College Park, MD College Park, MD [email protected] [email protected] [email protected] ABSTRACT To establish trust in third-party software, we currently rely on Digitally signed malware can bypass system protection mechanisms the code-signing Public Key Infrastructure (PKI). This infrastruc- that install or launch only programs with valid signatures. It can ture includes Certification Authorities (CAs) that issue certificates also evade anti-virus programs, which often forego scanning signed to software publishers, vouching for their identity. Publishers use binaries. Known from advanced threats such as Stuxnet and Flame, these certificates to sign the software they release, and users rely this type of abuse has not been measured systematically in the on these signatures to decide which software packages to trust broader malware landscape. In particular, the methods, effective- (rather than maintaining a list of trusted packages). If adversaries ness window, and security implications of code-signing PKI abuse can compromise code signing certificates, this has severe impli- are not well understood. We propose a threat model that highlights cations for end-host security. Signed malware can bypass system three types of weaknesses in the code-signing PKI. We overcome protection mechanisms that install or launch only programs with challenges specific to code-signing measurements by introducing valid signatures, and it can evade anti-virus programs, which often techniques for prioritizing the collection of code-signing certificates neglect to scan signed binaries. -
Security Policies for the Federal Public Key Infrastructure
Security Policies for the Federal Public Key Infrastructure Noel A. Nazario Security Technology Group National Institute of Standards and Technology Abstract This document discusses provisions for the handling of security policies in the proposed Federal Public Key Infrastructure (PKI). Federal PKI policies deal with the generation, deactivation, and dissemination of public key certificates, the integrity of the infrastructure, maintenance of records, identification of certificate holders, and the establishment of trust relationships between Certification Authorities (CAs). The verification of a digital signature is not sufficient indication of the trustworthiness of an electronic message or data file. The verifier needs to factor the trustworthiness of the CAs involved in the certification of the sender. To accomplish this, the verifier needs to examine the certificate policy for those CAs. The Federal PKI Technical Security Policy establishes guidelines for the operation of Federal CAs and the identification of the parties requesting certification. It also defines Policy Approving Authorities (PAA) responsible for assessing the policies and operational practices of all Federal CAs within a domain and assigning them corresponding Federal Assurance Levels. These assurance levels may be used in lieu of a certificate policy when making an on-line determination of the trustworthiness of a certificate. Key words Certificate policy, Federal Assurance Levels, PAA, PKI, Policy Approving Authority, public key infrastructure, security policy. SECURITY POLICIES FOR THE FEDERAL PUBLIC KEY INFRASTRUCTURE Noel A. Nazario NIST North, Room 426 820 West Diamond Avenue Gaithersburg, MD 20899 [email protected] Introduction and Background This paper discusses provisions for the handling of security policies in the proposed Federal Public Key Infrastructure (PKI). -
Security Economics in the HTTPS Value Chain
Security Economics in the HTTPS Value Chain Hadi Asghari*, Michel J.G. van Eeten*, Axel M. Arnbak+ & Nico A.N.M. van Eijk+1 * [email protected], [email protected] Delft University of Technology, Faculty of Technology Policy and Management + [email protected], [email protected] University van Amsterdam, Faculty of Law, Institute for Information Law Abstract. Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs). Next, we explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset. This uncovers a surprising pattern: there is no race to the bottom. Rather, we find a highly concentrated market with very large price differences among suppliers and limited price competition. We explain this pattern and explore what it tells us about the security incentives of CAs, including how market leaders seem to benefit from the status quo. In light of these findings, we look at regulatory and technical proposals to address the systemic vulnerabilities in the HTTPS value chain, in particular the EU eSignatures proposal that seeks to strictly regulate HTTPS communications. Keywords: HTTPS, Cybersecurity, Internet Governance, Constitutional Values, E-Commerce, Value Chain Analysis, Security Economics, eSignatures Regulation, SSL, TLS, Digital Certificates, Certificate Authorities. -
Secure Channels Secure Channels • Example Applications – PGP: Pretty Good Privacy CS 161/194-1 – TLS: Transport Layer Security Anthony D
Main Points • Applying last week’s lectures in practice • Creating Secure Channels Secure Channels • Example Applications – PGP: Pretty Good Privacy CS 161/194-1 – TLS: Transport Layer Security Anthony D. Joseph – VPN: Virtual Private Network September 26, 2005 September 26, 2005 CS161 Fall 2005 2 Joseph/Tygar/Vazirani/Wagner What is a Secure Channel? Plaintext Plaintext Creating Secure Channels Encryption / Internet Encryption / • Authentication and Data Integrity Decryption Decryption Ciphertext and MAC – Use Public Key Infrastructure or third-party server to authenticate each end to the other • A stream with these security requirements: – Add Message Authentication Code for – Authentication integrity • Ensures sender and receiver are who they claim to be – Confidentiality • Confidentiality • Ensures that data is read only by authorized users – Data integrity – Exchange session key for encrypt/decrypt ops • Ensures that data is not changed from source to destination • Bulk data transfer – Non-repudiation (not discussed today) • Ensures that sender can’t deny message and rcvr can’t deny msg • Key Distribution and Segmentation September 26, 2005 CS161 Fall 2005 3 September 26, 2005 CS161 Fall 2005 4 Joseph/Tygar/Vazirani/Wagner Joseph/Tygar/Vazirani/Wagner Symmetric Key-based Symmetric Key-based Secure Channel Secure Channel Alice Bob • Sender (A) and receiver (B) share secret keys KABencrypt KABencrypt – One key for A è B confidentiality KABauth KABauth – One for A è B authentication/integrity Message MAC Compare? Message – Each message -
The Most Dangerous Code in the World: Validating SSL Certificates In
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software Martin Georgiev Subodh Iyengar Suman Jana The University of Texas Stanford University The University of Texas at Austin at Austin Rishita Anubhai Dan Boneh Vitaly Shmatikov Stanford University Stanford University The University of Texas at Austin ABSTRACT cations. The main purpose of SSL is to provide end-to-end security SSL (Secure Sockets Layer) is the de facto standard for secure In- against an active, man-in-the-middle attacker. Even if the network ternet communications. Security of SSL connections against an is completely compromised—DNS is poisoned, access points and active network attacker depends on correctly validating public-key routers are controlled by the adversary, etc.—SSL is intended to certificates presented when the connection is established. guarantee confidentiality, authenticity, and integrity for communi- We demonstrate that SSL certificate validation is completely bro- cations between the client and the server. Authenticating the server is a critical part of SSL connection es- ken in many security-critical applications and libraries. Vulnerable 1 software includes Amazon’s EC2 Java library and all cloud clients tablishment. This authentication takes place during the SSL hand- based on it; Amazon’s and PayPal’s merchant SDKs responsible shake, when the server presents its public-key certificate. In order for transmitting payment details from e-commerce sites to payment for the SSL connection to be secure, the client must carefully verify gateways; integrated shopping carts such as osCommerce, ZenCart, that the certificate has been issued by a valid certificate authority, Ubercart, and PrestaShop; AdMob code used by mobile websites; has not expired (or been revoked), the name(s) listed in the certifi- Chase mobile banking and several other Android apps and libraries; cate match(es) the name of the domain that the client is connecting Java Web-services middleware—including Apache Axis, Axis 2, to, and perform several other checks [14, 15]. -
Blockchain-Based Certificate Transparency and Revocation
Blockchain-based Certificate Transparency and Revocation Transparency? Ze Wang1;2;3, Jingqiang Lin1;2;3??, Quanwei Cai1;2, Qiongxiao Wang1;2;3, Jiwu Jing1;2;3, and Daren Zha1;2 1 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China. 2 Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China. 3 School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China. {wangze,linjingqiang,caiquanwei,wangqiongxiao}@iie.ac.cn Abstract. Traditional X.509 public key infrastructures (PKIs) depend on certification authorities (CAs) to sign certificates, used in SSL/TLS to authenticate web servers and establish secure channels. However, recent security incidents indicate that CAs may (be compromised to) sign fraud- ulent certificates. In this paper, we propose blockchain-based certificate transparency and revocation transparency. Our scheme is compatible with X.509 PKIs but significantly reinforces the security guarantees of a certificate. The CA-signed certificates and their revocation status in- formation of an SSL/TLS web server are published by the subject (i.e., the web server) as a transaction, and miners of the community append it to the global certificate blockchain after verifying the transaction and mining a block. The certificate blockchain acts as append-only public logs to monitor CAs' certificate signing and revocation operations, and an SSL/TLS web server is granted with the cooperative control on its certificates to balance the absolute authority of CAs in traditional PKIs. We implement the prototype system with Firefox and Nginx, and the experimental results show that it introduces reasonable overheads.