ssl trust pitfalls prof. ravi sandhu. 2 © ravi sandhu 2002 the certificate triangle user...
TRANSCRIPT
SSL Trust Pitfalls
Prof. Ravi Sandhu
2© Ravi Sandhu 2002
THE CERTIFICATE TRIANGLE
user
attribute public-key
X.509identity
certificate
X.509attribute
certificate
SPKIcertificate
3© Ravi Sandhu 2002
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Client Server ClientHello --------> ServerHello Certificate <-------- ServerHelloDone ClientKeyExchange [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
RecordProtocol
HandshakeProtocol
4© Ravi Sandhu 2002
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Client Server ClientHello --------> ServerHello Certificate CertificateRequest <-------- ServerHelloDone Certificate ClientKeyExchange CertificateVerify [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
RecordProtocol
HandshakeProtocol
5© Ravi Sandhu 2002
SINGLE ROOT CA MODEL
RootCA
a b c d e f g h i j k l m n o p
RootCAUser
6© Ravi Sandhu 2002
SINGLE ROOT CAMULTIPLE RA’s MODEL
RootCA
a b c d e f g h i j k l m n o p
RootCA
User RA
User RA
User RA
7© Ravi Sandhu 2002
MULTIPLE ROOT CA’s MODEL
RootCA
a b c d e f g h i j k l m n o p
RootCAUser
RootCA
RootCA
RootCAUser
RootCAUser
8© Ravi Sandhu 2002
ROOT CA PLUS INTERMEDIATE CA’s MODEL
Z
X
Q
A
Y
R S T
C E G I K M O
a b c d e f g h i j k l m n o p
9© Ravi Sandhu 2002
SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY
Root
Brand BrandBrand
Geo-Political
Bank Acquirer
Customer Merchant
10© Ravi Sandhu 2002
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X
Q
A
R
S T
C E G I K M O
a b c d e f g h i j k l m n o p
11© Ravi Sandhu 2002
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X
Q
A
R
S T
C E G I K M O
a b c d e f g h i j k l m n o p
12© Ravi Sandhu 2002
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X
Q
A
R
S T
C E G I K M O
a b c d e f g h i j k l m n o p
13© Ravi Sandhu 2002
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
Essentially the model on the web today
Deployed in server-side SSL mode Client-side SSL mode yet to happen
14© Ravi Sandhu 2002
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Client Server ClientHello --------> ServerHello Certificate <-------- ServerHelloDone ClientKeyExchange [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
RecordProtocol
HandshakeProtocol
15© Ravi Sandhu 2002
SERVER-SIDE MASQUARADING
BobWeb browser
www.host.comWeb serverServer-side SSL
UltratrustSecurityServices
www.host.com
16© Ravi Sandhu 2002
SERVER-SIDE MASQUARADING
BobWeb browser
www.host.comWeb server
Server-side SSL UltratrustSecurityServices
www.host.comMallory’sWeb server
BIMMCorporation
www.host.com
Server-side SSL
17© Ravi Sandhu 2002
SERVER-SIDE MASQUARADING
BobWeb browser
www.host.comWeb server
Server-side SSL UltratrustSecurityServices
www.host.comMallory’sWeb server
Server-side SSL
BIMMCorporation
UltratrustSecurityServices
www.host.com
18© Ravi Sandhu 2002
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Client Server ClientHello --------> ServerHello Certificate CertificateRequest <-------- ServerHelloDone Certificate ClientKeyExchange CertificateVerify [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
RecordProtocol
HandshakeProtocol
19© Ravi Sandhu 2002
MAN IN THE MIDDLEMASQUARADING PREVENTED
BobWeb browser
www.host.comWeb server
Client-side SSL
UltratrustSecurityServices
www.host.com
Mallory’sWeb server
BIMMCorporation
Client-side SSL
UltratrustSecurityServices
www.host.com
Client Side SSLend-to-endUltratrust
SecurityServices
Bob
BIMMCorporation
UltratrustSecurityServices
Bob
20© Ravi Sandhu 2002
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Joe@anywhereWeb browser
BIMM.comWeb serverClient-side SSL
UltratrustSecurityServices
BIMM.com
UltratrustSecurityServices
Joe@anywhere
21© Ravi Sandhu 2002
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice@SRPCWeb browser
BIMM.comWeb serverClient-side SSL
UltratrustSecurityServices
BIMM.com
SRPC
Alice@SRPC
22© Ravi Sandhu 2002
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Bob@PPCWeb browser
BIMM.comWeb serverClient-side SSL
UltratrustSecurityServices
BIMM.com
PPC
Bob@PPC
23© Ravi Sandhu 2002
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice@SRPCWeb browser
BIMM.comWeb serverClient-side SSL
UltratrustSecurityServices
BIMM.com
SRPC
PPC
Bob@PPC
24© Ravi Sandhu 2002
PKI AND TRUST
Got to be very careful Not a game for amateurs Not many professionals as yet
25© Ravi Sandhu 2002
REFERENCES
"An overview of PKI trust models" by Perlman, R. IEEE Network, Volume: 13 Issue: 6 , Nov.-Dec. 1999 Page(s): 38-43
"The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17-19 June 1998 Page(s): 306 -311.
"Restricting access with certificate attributes in multiple root environments - a recipe for certificate masquerading" by Hayes, J.M. Proc. 15th Annual Computer Security Applications Conference, IEEE, 2001, Page(s): 386-390.