DOCSLIB.ORG

Digicert® Best Practice Workshop 1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digicert® Best Practice Workshop 1 DigiCert® SSL/TLS Best Practice Workshop Student Guide 2020-03 v1 © 2020 DigiCert, Inc. All rights reserved. DigiCert is a registered trademark of DigiCert, Inc. in the USA and elsewhere. All other trademarks and registered trademarks are the property of their respective owners. DIGICERT® BEST PRACTICE WORKSHOP 1 Table of Contents Acronyms ................................................................................................................................................ 4 Introduction ............................................................................................................................................ 5 SSL Overview ........................................................................................................................................... 7 SSL & TLS ............................................................................................................................................. 7 SSL Certificates .................................................................................................................................. 12 Subject........................................................................................................................................... 13 Certificate Extensions ................................................................................................................... 13 Certificate Formats ........................................................................................................................... 14 Certificate Signing Request (CSR) .................................................................................................. 15 SAN & Wildcard ............................................................................................................................. 16 Public SSL Certificates ....................................................................................................................... 17 DV Certificates............................................................................................................................... 17 OV Certificates .............................................................................................................................. 18 EV Certificates ............................................................................................................................... 19 Domain Validation ........................................................................................................................ 20 Organisation Validation ................................................................................................................ 22 Extended Validation ...................................................................................................................... 23 How SSL Works ................................................................................................................................. 24 SSL Handshake .............................................................................................................................. 28 Authority Information Access (AIA) .............................................................................................. 30 Certificate Revocation List (CRL) ................................................................................................... 33 Online Certificate Status Protocol (OCSP) ..................................................................................... 33 SSL Protocols & Algorithms ............................................................................................................... 36 RSA ................................................................................................................................................ 36 Diffie-Hellman ............................................................................................................................... 38 Elliptic Curve Cryptography ........................................................................................................... 39 SSL Handshake Details ...................................................................................................................... 39 Session Resumption ...................................................................................................................... 43 Forward Secrecy ................................................................................................................................ 44 Cipher Suites ..................................................................................................................................... 48 SSL Risks & Vulnerabilities .................................................................................................................... 51 Expired/misconfigured Certificates .................................................................................................. 51 Self-signed & Vendor Certificates ..................................................................................................... 54 Attacks on SSL ................................................................................................................................... 56 DIGICERT® BEST PRACTICE WORKSHOP 2 Phishing ............................................................................................................................................. 58 Attacks on Certificate Authorities ..................................................................................................... 61 Case Studies ...................................................................................................................................... 62 Industry Trends ..................................................................................................................................... 64 CA/Browser Forum Requirements .................................................................................................... 64 Certificate Transparency (CT)............................................................................................................ 65 Certificate Authority Authorization (CAA) ........................................................................................ 71 Examples ....................................................................................................................................... 72 Certificate Pinning ............................................................................................................................. 73 Enforcing HTTPS ................................................................................................................................ 76 “Always-on” SSL ................................................................................................................................ 80 HTTP/2 .............................................................................................................................................. 81 Signed HTTP Exchanges (SXG) ........................................................................................................... 83 Implementing SXG......................................................................................................................... 83 Delegated Credentials ....................................................................................................................... 84 Automatic Certificate Management Environment (ACME) .............................................................. 85 SSL/TLS Best Practice ............................................................................................................................ 86 Security ............................................................................................................................................. 86 Identify .......................................................................................................................................... 87 Remediate ..................................................................................................................................... 88 Protect ........................................................................................................................................... 90 Monitor ......................................................................................................................................... 91 Performance ..................................................................................................................................... 92 Optimize cryptography ................................................................................................................. 92 Use session resumption ................................................................................................................ 92 Use HTTP/2 ................................................................................................................................... 93 Use a CDN...................................................................................................................................... 93 Use OCSP Stapling ......................................................................................................................... 93 Case Study Exercise ............................................................................................................................... 95 About DigiBank ................................................................................................................................
Load more

Recommended publications
  • SSL/TLS Implementation CIO-IT Security-14-69
    DocuSign Envelope ID: BE043513-5C38-4412-A2D5-93679CF7A69A IT Security Procedural Guide: SSL/TLS Implementation CIO-IT Security-14-69 Revision 6 April 6, 2021 Office of the Chief Information Security Officer DocuSign Envelope ID: BE043513-5C38-4412-A2D5-93679CF7A69A CIO-IT Security-14-69, Revision 6 SSL/TLS Implementation VERSION HISTORY/CHANGE RECORD Person Page Change Posting Change Reason for Change Number of Number Change Change Initial Version – December 24, 2014 N/A ISE New guide created Revision 1 – March 15, 2016 1 Salamon Administrative updates to Clarify relationship between this 2-4 align/reference to the current guide and CIO-IT Security-09-43 version of the GSA IT Security Policy and to CIO-IT Security-09-43, IT Security Procedural Guide: Key Management 2 Berlas / Updated recommendation for Clarification of requirements 7 Salamon obtaining and using certificates 3 Salamon Integrated with OMB M-15-13 and New OMB Policy 9 related TLS implementation guidance 4 Berlas / Updates to clarify TLS protocol Clarification of guidance 11-12 Salamon recommendations 5 Berlas / Updated based on stakeholder Stakeholder review / input Throughout Salamon review / input 6 Klemens/ Formatting, editing, review revisions Update to current format and Throughout Cozart- style Ramos Revision 2 – October 11, 2016 1 Berlas / Allow use of TLS 1.0 for certain Clarification of guidance Throughout Salamon server through June 2018 Revision 3 – April 30, 2018 1 Berlas / Remove RSA ciphers from approved ROBOT vulnerability affected 4-6 Salamon cipher stack
    [Show full text]
  • Using Frankencerts for Automated Adversarial Testing of Certificate
    Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Chad Brubaker ∗ y Suman Janay Baishakhi Rayz Sarfraz Khurshidy Vitaly Shmatikovy ∗Google yThe University of Texas at Austin zUniversity of California, Davis Abstract—Modern network security rests on the Secure Sock- many open-source implementations of SSL/TLS are available ets Layer (SSL) and Transport Layer Security (TLS) protocols. for developers who need to incorporate SSL/TLS into their Distributed systems, mobile and desktop applications, embedded software: OpenSSL, NSS, GnuTLS, CyaSSL, PolarSSL, Ma- devices, and all of secure Web rely on SSL/TLS for protection trixSSL, cryptlib, and several others. Several Web browsers against network attacks. This protection critically depends on include their own, proprietary implementations. whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. In this paper, we focus on server authentication, which We design, implement, and apply the first methodology for is the only protection against man-in-the-middle and other large-scale testing of certificate validation logic in SSL/TLS server impersonation attacks, and thus essential for HTTPS implementations. Our first ingredient is “frankencerts,” synthetic and virtually any other application of SSL/TLS. Server authen- certificates that are randomly mutated from parts of real cer- tication in SSL/TLS depends entirely on a single step in the tificates and thus include unusual combinations of extensions handshake protocol. As part of its “Server Hello” message, and constraints. Our second ingredient is differential testing: if the server presents an X.509 certificate with its public key.
    [Show full text]
  • Measuring the Rapid Growth of HSTS and HPKP Deployments
    Measuring the Rapid Growth of HSTS and HPKP Deployments Ivan Petrov∗ Denis Peskov∗ Gregory Coard∗ Taejoong Chungy David Choffnesy Dave Levin∗ Bruce M. Maggsz Alan Mislovey Christo Wilsony ∗ University of Maryland yNortheastern University zDuke University & Akamai Technologies ABSTRACT version of the website, thereby exposing future commu- A basic man-in-the-middle attack to bypass HTTPS strips nication to the MiTM attacker, as well. Second, if an the “s” off of an “https://” URL, thereby forcing the client attacker is able to have a certificate created in someone to effectively downgrade to an insecure connection. To ad- else's name, the attacker can impersonate that victim dress such crude attacks, the HSTS (HTTP Strict Transport domain. Security) protocol was recently introduced, which instructs Both of these attacks completely sidestep the protec- clients to preemptively (or at time of first acquire) load a tions that TLS seeks to provide to its users. To address list of domains to whom to connect strictly via HTTPS. In a these concerns, two recent additions to HTTPS have similar vein, the HPKP (HTTP Public Key Pinning) protocol been introduced. We describe them in detail in Sec- has clients obtain a set of public keys; if in future visits to tion 2, but at a high level: the website the certificate chain does not include any of those • HTTP Strict Transport Security public keys, the client is supposed to reject the connection. (HSTS) [10] addresses SSL stripping attacks by Both HSTS and HPKP are relatively new additions to the informing clients which domains it should connect web’s PKI that have seen a sudden surge in deployment in to strictly over HTTPS (i.e., if presented with an the last couple of years (we observe an order of magnitude http URL to one of these domains, they should greater deployment than a 2015 study of HSTS/HPKP).
    [Show full text]
  • Comptia Security+ 501
    CompTIA Security+ 501 CompTIA Security+ SY0-501 Instructor: Ron Woerner, CISSP, CISM CompTIA Security+ Domain 6 – Cryptography & PKI 6.4 Given a scenario, implement public key infrastructure Cybrary - Ron Woerner 1 CompTIA Security+ 501 6.4 Public-Key Infrastructure (PKI) ● Components ● Types of certificates ○ Public / Private Key ○ User ○ Certificate ○ Root ○ CA ○ Wildcard ○ CRL ○ SAN ○ Code signing ● Concepts ○ Self-signed ○ Online vs Offline CA ○ Machine/computer ○ Stapling ○ Domain validation ○ Pinning ○ Trust model ● Certificate formats ○ Key escrow ○ Certificate chaining Public and Private Keys ● Encrypt a document with the recipient’s public key. Only their private key needs to be kept secret and only it can decrypt the message ● The sender’s private key is used to sign the message Cybrary - Ron Woerner 2 CompTIA Security+ 501 PKI Components Public Key Infrastructure ● Solves the issues with key management ● A set of roles, policies, and procedures needed to manage public- key(asymmetric) encryption ● The process of creating, managing, distributing, storing, using, and revoke keys and digital certificates. ● Public Key Infrastructure X.509 (PKIX) is the working group formed by the IETF to develop standards and models PKI PKI Components - Digital Certificate ● A digitally signed block of data used to prove the ownership of a public key issued by a Certificate Authority ● Includes ○ information about the key, ○ information about the identity of its owner (called the subject), ○ and the digital signature of an entity that has verified the certificate's contents (called the issuer) ● X.509 v3 standard defines the certificate formats and fields for public keys. Cybrary - Ron Woerner 3 CompTIA Security+ 501 Digital Certificate Components X.509 Certificate Types ● Root certificates: for root authorities.
    [Show full text]
  • Configuring SSL for Services and Servers
    Barracuda Web Application Firewall Configuring SSL for Services and Servers https://campus.barracuda.com/doc/4259877/ Configuring SSL for SSL Enabled Services You can configure SSL encryption for data transmitted between the client and the service. In the BASIC > Services page, click Edit next to a listed service and configure the following fields: Status – Set to On to enable SSL on your service. Status defaults to On for a newly created SSL enabled service. Certificate – Select a certificate presented to the browser when accessing the service. Note that only RSA certificates are listed here. If you have not created the certificate, select Generate Certificate from the drop-down list to generate a self-signed certificate. For more information on how to create self- signed certificates, see Creating a Client Certificate. If you want to upload a self-signed certificate, select Upload Certificate from the drop- down list. Provide the details about the certificate in the Upload Certificate dialog box. For information on how to upload a certificate, see Adding an SSL Certificate. Select ECDSA Certificate – Select an ECDSA certificate presented to the browser when accessing the service. SSL/TLS Quick Settings - Select an option to automatically configure the SSL/TLS protocols and ciphers. Use Configured Values - This option allows you to use the previously saved values. If the values are not saved, the Factory Preset option can be used. Factory Preset - This option allows you to enable TLS 1.1, TLS 1.2 and TLS 1.3 protocols without configuring override ciphers. Mozilla Intermediate Compatibility (Default, Recommended) - This configuration is a recommended configuration when you want to enable TLS 1.2 and TLS 1.3 and configure override ciphers for the same.
    [Show full text]
  • 26. Java 8 and 8 Security Controls 2-28-2017
    New Security Control Enhancements Java 8 and 9 JIM MANICO Secure Coding Instructor www.manicode.com A little background dirt… [email protected] @manicode § Author of "Iron-Clad Java, Building Secure Web APPlications” from McGraw-Hill/Oracle-Press § 20+ years of software develoPment experience § OWASP Volunteer and Former OWASP Global Board Member § Kauai, Hawaii Resident Creative Commons MANICODE SECURITY 2 Java Enhancement ProPosals Creative Commons MANICODE SECURITY 3 'ohana (oh-ha-na) MEANING: Family. MOST COMMON USE: In referring to the WHOLE family. Creative Commons MANICODE SECURITY JEP IT UP § JEP stands for a JDK Enhancement Proposal § JEP's are how you drive change in the Java ecosystem. § Involvement is actually a lot of work. § Attention is given to PeoPle that put in the work. § The way to make imProvements or get ideas seriously considered is to do them via the JEP ProPosal Process. § Mike Ernst and Werner Dietl are good examPles. They are the duo that built type annotations which we we will talk about soon. Creative Commons MANICODE SECURITY 5 Java 9 Security JEP's Creative Commons MANICODE SECURITY 6 Java 9 Security Enhancements § There are 8 main security related JEPs for JDK 9: 219: Datagram Transport Layer Security (DTLS) 229: Create PKCS12 Keystores by Default 232: ImProve Secure APPlication Performance 244: TLS Application-Layer Protocol Negotiation Extension 246: Leverage CPU Instructions for GHASH and RSA 249: OCSP Stapling for TLS 287: Support SHA-3 Hash Algorithms 288: DisaBle SHA-1 Certificates Creative Commons MANICODE SECURITY 7 akamai (ah-ka-my) MEANING: Smart or Clever. MOST COMMON USE: Smart.
    [Show full text]
  • Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
    Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI Doowon Kim Bum Jun Kwon Tudor Dumitras, University of Maryland University of Maryland University of Maryland College Park, MD College Park, MD College Park, MD [email protected] [email protected] [email protected] ABSTRACT To establish trust in third-party software, we currently rely on Digitally signed malware can bypass system protection mechanisms the code-signing Public Key Infrastructure (PKI). This infrastruc- that install or launch only programs with valid signatures. It can ture includes Certification Authorities (CAs) that issue certificates also evade anti-virus programs, which often forego scanning signed to software publishers, vouching for their identity. Publishers use binaries. Known from advanced threats such as Stuxnet and Flame, these certificates to sign the software they release, and users rely this type of abuse has not been measured systematically in the on these signatures to decide which software packages to trust broader malware landscape. In particular, the methods, effective- (rather than maintaining a list of trusted packages). If adversaries ness window, and security implications of code-signing PKI abuse can compromise code signing certificates, this has severe impli- are not well understood. We propose a threat model that highlights cations for end-host security. Signed malware can bypass system three types of weaknesses in the code-signing PKI. We overcome protection mechanisms that install or launch only programs with challenges specific to code-signing measurements by introducing valid signatures, and it can evade anti-virus programs, which often techniques for prioritizing the collection of code-signing certificates neglect to scan signed binaries.
    [Show full text]
  • Introduction to Cryptography
    Mag. iur. Dr. techn. Michael Sonntag Introduction to Cryptography Institute of Networks and Security Johannes Kepler University Linz, Austria E-Mail: [email protected] Thanks to Rudolf Hörmanseder for some slides (esp. drawings!) Why cryptography? Security is a very important aspect, especially if money (or equivalents) are affected by transactions Not every information should be available to everyone Note: Data is sent in the Internet over numerous "open systems", where anyone can listen it! Security is needed! The technical aspect of security is cryptography Encrypting data against disclosure and modifications Signing data against modifications and repudiation Note: Cryptography does not solve all security problems! Example: Communication analysis (who talks to whom when) Other aspects of security are also needed » E.g.: Do you know what your employees actually do with data? Solutions: DRM, deactivation codes, anonymizers, … Michael Sonntag Introduction to Cryptography 2 Application areas Storing data in encrypted form Even access will not lead to disclosure (stolen laptops!) Example: File/-system encryption, password storage Transmitting data securely Enc. transmission prevents eavesdropping and tampering Example: TLS Identifying your partner Preventing man-in-the-middle attacks Example: TLS with uni-/bidirectional certificates Proof of identity & authority Avoiding impersonation Example: GPG E-Mail signatures, digital signatures (Austria: "Bürgerkarte“ – “citizen card”) Michael Sonntag Introduction to
    [Show full text]
  • X.509V3 Certificates for SSH Authentication
    X.509v3 Certificates for SSH Authentication The X.509v3 Certificates for SSH Authentication feature uses public key algorithm (PKI) for server and user authentication, and allows the Secure Shell (SSH) protocol to verify the identity of the owner of a key pair via digital certificates, signed and issued by a Certificate Authority (CA). This module describes how to configure server and user certificate profiles for a digital certificate. • Prerequisites for X.509v3 Certificates for SSH Authentication, on page 1 • Restrictions for X.509v3 Certificates for SSH Authentication, on page 1 • Information About X.509v3 Certificates for SSH Authentication, on page 2 • How to Configure X.509v3 Certificates for SSH Authentication, on page 3 • Verifying the Server and User Authentication Using Digital Certificates , on page 6 • Configuration Examples for X.509v3 Certificates for SSH Authentication, on page 6 • Additional References for X.509v3 Certificates for SSH Authentication, on page 7 • Feature Information for X.509v3 Certificates for SSH Authentication, on page 8 Prerequisites for X.509v3 Certificates for SSH Authentication The X.509v3 Certificates for SSH Authentication feature replaces the ip ssh server authenticate user command with the ip ssh server algorithm authentication command. Configure the default ip ssh server authenticate user command to remove the ip ssh server authenticate user command from the configuration. The IOS secure shell (SSH) server will start using the ip ssh server algorithm authentication command. When you configure the ip ssh server authenticate user command, the following message is displayed: Warning SSH command accepted; but this CLI will be deprecated soon. Please move to new CLI ip ssh server algorithm authentication.
    [Show full text]
  • Analysis of SSL Certificate Reissues and Revocations in the Wake
    Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed Liang Zhang David Choffnes Dave Levin Tudor Dumitra¸s Northeastern University Northeastern University University of Maryland University of Maryland [email protected] [email protected] [email protected] [email protected] Alan Mislove Aaron Schulman Christo Wilson Northeastern University Stanford University Northeastern University [email protected] [email protected] [email protected] ABSTRACT Categories and Subject Descriptors Central to the secure operation of a public key infrastruc- C.2.2 [Computer-Communication Networks]: Net- ture (PKI) is the ability to revoke certificates. While much work Protocols; C.2.3 [Computer-Communication Net- of users' security rests on this process taking place quickly, works]: Network Operations; E.3 [Data Encryption]: in practice, revocation typically requires a human to decide Public Key Cryptosystems, Standards to reissue a new certificate and revoke the old one. Thus, having a proper understanding of how often systems admin- istrators reissue and revoke certificates is crucial to under- Keywords standing the integrity of a PKI. Unfortunately, this is typi- Heartbleed; SSL; TLS; HTTPS; X.509; Certificates; Reissue; cally difficult to measure: while it is relatively easy to deter- Revocation; Extended validation mine when a certificate is revoked, it is difficult to determine whether and when an administrator should have revoked. In this paper, we use a recent widespread security vul- 1. INTRODUCTION nerability as a natural experiment. Publicly announced in Secure Sockets Layer (SSL) and Transport Layer Secu- April 2014, the Heartbleed OpenSSL bug, potentially (and rity (TLS)1 are the de-facto standards for securing Internet undetectably) revealed servers' private keys.
    [Show full text]
  • An Empirical Analysis of Email Delivery Security
    Neither Snow Nor Rain Nor MITM . An Empirical Analysis of Email Delivery Security Zakir Durumeric† David Adrian† Ariana Mirian† James Kasten† Elie Bursztein‡ Nicolas Lidzborski‡ Kurt Thomas‡ Vijay Eranti‡ Michael Bailey§ J. Alex Halderman† † University of Michigan ‡ Google, Inc. § University of Illinois, Urbana Champaign {zakir, davadria, amirian, jdkasten, jhalderm}@umich.edu {elieb, nlidz, kurtthomas, vijaye}@google.com [email protected] ABSTRACT tolerate unprotected communication at the expense of user security. The SMTP protocol is responsible for carrying some of users’ most Equally problematic, users face a medium that fails to alert clients intimate communication, but like other Internet protocols, authen- when messages traverse an insecure path and that lacks a mechanism tication and confidentiality were added only as an afterthought. In to enforce strict transport security. this work, we present the first report on global adoption rates of In this work, we measure the global adoption of SMTP security SMTP security extensions, including: STARTTLS, SPF, DKIM, and extensions and the resulting impact on end users. Our study draws DMARC. We present data from two perspectives: SMTP server from two unique perspectives: longitudinal SMTP connection logs configurations for the Alexa Top Million domains, and over a year spanning from January 2014 to April 2015 for Gmail, one of the of SMTP connections to and from Gmail. We find that the top mail world’s largest mail providers; and a snapshot of SMTP server providers (e.g., Gmail, Yahoo,
    [Show full text]
  • Introduction À La Sécurité Des Systèmes D'informations
    Université de Paris Saclay Polytech Paris Saclay – Département d’informatique Introduction à la sécurité des systèmes d’informations Document réalisé par : Polytech Paris Saclay Département d’informatique Université Paris Saclay Maison de l'Ingénieur Bâtiment 620 91405 Orsay Cedex Gilles Soufflet, Ingénieur Système Version janvier 2020 Université de Paris Saclay Sécurité informatique Polytech Paris Saclay – Département d’informatique Table des matières 1 Avant-propos ________________________________________________________________ 7 2 Notions de cryptographie _____________________________________________________ 10 2.1 Introduction _________________________________________________________________ 10 2.1.1 Principe de Kerckhoffs _______________________________________________________________ 10 2.2 Fonctions de hachage __________________________________________________________ 11 2.2.1 MD5 _____________________________________________________________________________ 11 2.2.2 SHA-1 ____________________________________________________________________________ 12 2.2.3 SHA-2 ____________________________________________________________________________ 12 2.2.4 SHA-3 ____________________________________________________________________________ 13 2.2.5 Whirpool __________________________________________________________________________ 13 2.3 Cryptographie à masque jetable _________________________________________________ 13 2.4 Cryptographie symétrique ou à clé secrète ________________________________________ 14 2.4.1 Chiffrement par bloc _________________________________________________________________
    [Show full text]