From 76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 15:35:20 +0200 Subject: Rescue some slides from old private mono repos --- slides/2021-pets/src/start.tex | 189 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 slides/2021-pets/src/start.tex (limited to 'slides/2021-pets/src/start.tex') diff --git a/slides/2021-pets/src/start.tex b/slides/2021-pets/src/start.tex new file mode 100644 index 0000000..00226e2 --- /dev/null +++ b/slides/2021-pets/src/start.tex @@ -0,0 +1,189 @@ +% +% Title page +% +% Hi everyone. Welcome to our talk "privacy-preserving and incrementally +% deployable support for Certificate Transparency in Tor". I'm Rasmus, a PhD +% student at Karlstad University. This is joint work together with +% Tobias Pulls from Karlstad University, +% Tom Ritter from Mozilla, and +% Paul Syverson from the US Naval Research Laboratory. +% + +\begin{frame} + % + % To get started I would like to remind us of the past. + % + % The year is 2011. Summer just arrived, and we are located in the northern + % parts of Netherlands. The offices of DigiNotar appear to be operating as + % usual. Had we been there at the time, we probably wouldn't have thought + % they'd be out of business in September. + % + \vfill + \begin{columns} + \begin{column}{0.45\textwidth} + \mktitle{A flash-back into the past} + \begin{itemize} + \item June, 2011 + \item Netherlands, Beverwijk + \item DigiNotar + \end{itemize} + \end{column} + \begin{column}{0.55\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/beverwijk} + \burl{https://creativecommons.org/licenses/by-sa/3.0/} + % https://commons.wikimedia.org/wiki/File:Nzkanaal2.jpg + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + % + % What happened? + % + % Let me give you the backdrop. + % + % DigiNotar was a so-called certificate authority that issued certificates + % for the web. Your browser uses these certificates to verify that you are + % really visiting the website that you intended to and not some attacker. + % + % Sounds great! What's the catch? + % Well. + % You have to trust that no Certificate Authority is going to mess up the + % certificate issuance process. Any failure in this process may result in a + % mis-issued certificate, which in turn may result in insecure connections. + % + % Okay. So, + % I think most of you know what happened. DigiNotar was hacked. They + % mis-issued certificates for Google, Mozilla, Tor, and many others. + % + % This was actually detected by DigiNotar. + % In response, they decided to be silent and cover it up. + % + % The main reason why we, the public, detected that DigiNotar was no longer + % operating in good faith is because of a large scale attack in Iran. Some + % of the mis-issued certificates were used to intercept network traffic of + % 300k gmail users. Perhaps we were actually lucky to detect the attack at + % all. If the attacker had been more stealthy, DigiNotar might still have + % been in operation today. That is a scary though. Can we do better? + % + % Fortunately, the answer is yes. We can do better. The overall ecosystem + % improved significantly since 2011. This talk covers one such improvement: + % - Certificate Transparency + % + \vfill + \begin{columns} + \begin{column}{0.45\textwidth} + \mktitle{What happened?} + \begin{itemize} + \item DigiNotar issued web certificates + \item Did not live up to expectations + \item Then tried to cover it up\footnotemark + \end{itemize} + \end{column} + \begin{column}{0.55\textwidth} + \centering + \includegraphics[width=\columnwidth]{img/diginotar} + \burl{https://www.bbc.com/news/technology-14989334} + \end{column} + \end{columns} + \vfill + \pause + \centering\alert{A stealthy attacker might have gotten away with it!} + \footnotetext[1]{% + \tiny{ + FoxIT. + Black Tulip: Report of the investigation into the DigiNotar Certificate + Authority breach. + Page 3. + } + } +\end{frame} + +\begin{frame} + % + % Just to make sure that we are on the same page. + % + % A large scale attack should not be necessary to detect if a trusted party + % like DigiNotar misbehaves. And it is not like we are only talking about a + % single isolated incident. The real problem is that we have hundreds of + % Certificate Authorities that claim to issue certificates only to the + % rightful domain owners. Every now and then, someone gets it wrong. What + % we are left with is an incident that endangers our digital safety, + % sometimes even our physical safety depending on the real-world context. + % + % What Certificate Transparency brings to the table is the ability to detect + % mis-issued certificates. The basic idea is that every issued certificate + % must be disclosed in a public log that anyone can inspect. + % + % Usually, Certificate authorities are the ones doing the logging. Websites + % then serve the issued certificate together with some proofs of logging. + % The browser verifies these proofs before accepting the certificate as + % valid. + % + % This is actually great, because now a website can look for certificates + % that match their domain name in the log. If something shows up that they + % did not ask for - well - now they are aware of that. They probably + % wouldn't have been without the log. In response, you might question the + % certificate authority, initiate a revocation process, and so forth. + % + \vfill + \begin{columns} + \begin{column}{0.5\textwidth} + \mktitle{Larger problem and solution?} + \begin{itemize} + \item Digitar was not a one-time incident\footnotemark + \item Many other parties can get it wrong + \item Add visibility into issued certificates\footnotemark + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \input{img/ct} + \end{column} + \end{columns} + \footnotetext[2]{\burl{https://sslmate.com/certspotter/failures}} + \footnotetext[3]{\burl{https://certificate.transparency.dev/}} +\end{frame} + +\begin{frame} + % + % Certificate Transparency, or CT for short, has been - and is still being - + % gradually rolled-out by Google and others. For example, every certificate + % must be CT compliant to validate in Google Chrome and Apple's Safari. + % + % CT compliance basically means that at least two logs must have "promised" + % to make that certificate available to the public. Such a promise is + % usually called an SCT and it is hard-coded into the issued certificate. + % + % Browsers currently use SCTs as proofs of logging. It is possible to + % verify that these promises are in fact true. That is an important part to + % ensure that blind trust is not shifted from Certificate Authorities to CT + % logs. However, such verification is challenging because of the added + % complexity and possible privacy concerns. + % + % For example, to verify that a certificate is in fact included in a log, + % you need to interact with the log ecosystem. Such interactions leak + % a user's browsing patterns to the logs and that is kind of problematic. + % + \mktitle{Certificate Transparency (CT) compliance\footnotemark} + \begin{columns} + \begin{column}{0.25\textwidth} + \end{column} + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=.67\columnwidth]{img/chrome} + \end{column} + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=.7\columnwidth]{img/safari} + \end{column} + \begin{column}{0.25\textwidth} + \end{column} + \end{columns} + \vfill + ``Two logs promised that they will make the certificate public'' + + \footnotetext[4]{% + \burl{https://github.com/chromium/ct-policy/blob/master/ct_policy.md} + \& + \burl{https://support.apple.com/en-us/HT205280}% + } +\end{frame} -- cgit v1.2.3