1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
%
% Title page
%
% Hi everyone. Welcome to our talk "privacy-preserving and incrementally
% deployable support for Certificate Transparency in Tor". I'm Rasmus, a PhD
% student at Karlstad University. This is joint work together with
% Tobias Pulls from Karlstad University,
% Tom Ritter from Mozilla, and
% Paul Syverson from the US Naval Research Laboratory.
%
\begin{frame}
%
% To get started I would like to remind us of the past.
%
% The year is 2011. Summer just arrived, and we are located in the northern
% parts of Netherlands. The offices of DigiNotar appear to be operating as
% usual. Had we been there at the time, we probably wouldn't have thought
% they'd be out of business in September.
%
\vfill
\begin{columns}
\begin{column}{0.45\textwidth}
\mktitle{A flash-back into the past}
\begin{itemize}
\item June, 2011
\item Netherlands, Beverwijk
\item DigiNotar
\end{itemize}
\end{column}
\begin{column}{0.55\textwidth}
\centering
\includegraphics[width=\columnwidth]{img/beverwijk}
\burl{https://creativecommons.org/licenses/by-sa/3.0/}
% https://commons.wikimedia.org/wiki/File:Nzkanaal2.jpg
\end{column}
\end{columns}
\end{frame}
\begin{frame}
%
% What happened?
%
% Let me give you the backdrop.
%
% DigiNotar was a so-called certificate authority that issued certificates
% for the web. Your browser uses these certificates to verify that you are
% really visiting the website that you intended to and not some attacker.
%
% Sounds great! What's the catch?
% Well.
% You have to trust that no Certificate Authority is going to mess up the
% certificate issuance process. Any failure in this process may result in a
% mis-issued certificate, which in turn may result in insecure connections.
%
% Okay. So,
% I think most of you know what happened. DigiNotar was hacked. They
% mis-issued certificates for Google, Mozilla, Tor, and many others.
%
% This was actually detected by DigiNotar.
% In response, they decided to be silent and cover it up.
%
% The main reason why we, the public, detected that DigiNotar was no longer
% operating in good faith is because of a large scale attack in Iran. Some
% of the mis-issued certificates were used to intercept network traffic of
% 300k gmail users. Perhaps we were actually lucky to detect the attack at
% all. If the attacker had been more stealthy, DigiNotar might still have
% been in operation today. That is a scary though. Can we do better?
%
% Fortunately, the answer is yes. We can do better. The overall ecosystem
% improved significantly since 2011. This talk covers one such improvement:
% - Certificate Transparency
%
\vfill
\begin{columns}
\begin{column}{0.45\textwidth}
\mktitle{What happened?}
\begin{itemize}
\item DigiNotar issued web certificates
\item Did not live up to expectations
\item Then tried to cover it up\footnotemark
\end{itemize}
\end{column}
\begin{column}{0.55\textwidth}
\centering
\includegraphics[width=\columnwidth]{img/diginotar}
\burl{https://www.bbc.com/news/technology-14989334}
\end{column}
\end{columns}
\vfill
\pause
\centering\alert{A stealthy attacker might have gotten away with it!}
\footnotetext[1]{%
\tiny{
FoxIT.
Black Tulip: Report of the investigation into the DigiNotar Certificate
Authority breach.
Page 3.
}
}
\end{frame}
\begin{frame}
%
% Just to make sure that we are on the same page.
%
% A large scale attack should not be necessary to detect if a trusted party
% like DigiNotar misbehaves. And it is not like we are only talking about a
% single isolated incident. The real problem is that we have hundreds of
% Certificate Authorities that claim to issue certificates only to the
% rightful domain owners. Every now and then, someone gets it wrong. What
% we are left with is an incident that endangers our digital safety,
% sometimes even our physical safety depending on the real-world context.
%
% What Certificate Transparency brings to the table is the ability to detect
% mis-issued certificates. The basic idea is that every issued certificate
% must be disclosed in a public log that anyone can inspect.
%
% Usually, Certificate authorities are the ones doing the logging. Websites
% then serve the issued certificate together with some proofs of logging.
% The browser verifies these proofs before accepting the certificate as
% valid.
%
% This is actually great, because now a website can look for certificates
% that match their domain name in the log. If something shows up that they
% did not ask for - well - now they are aware of that. They probably
% wouldn't have been without the log. In response, you might question the
% certificate authority, initiate a revocation process, and so forth.
%
\vfill
\begin{columns}
\begin{column}{0.5\textwidth}
\mktitle{Larger problem and solution?}
\begin{itemize}
\item Digitar was not a one-time incident\footnotemark
\item Many other parties can get it wrong
\item Add visibility into issued certificates\footnotemark
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\input{img/ct}
\end{column}
\end{columns}
\footnotetext[2]{\burl{https://sslmate.com/certspotter/failures}}
\footnotetext[3]{\burl{https://certificate.transparency.dev/}}
\end{frame}
\begin{frame}
%
% Certificate Transparency, or CT for short, has been - and is still being -
% gradually rolled-out by Google and others. For example, every certificate
% must be CT compliant to validate in Google Chrome and Apple's Safari.
%
% CT compliance basically means that at least two logs must have "promised"
% to make that certificate available to the public. Such a promise is
% usually called an SCT and it is hard-coded into the issued certificate.
%
% Browsers currently use SCTs as proofs of logging. It is possible to
% verify that these promises are in fact true. That is an important part to
% ensure that blind trust is not shifted from Certificate Authorities to CT
% logs. However, such verification is challenging because of the added
% complexity and possible privacy concerns.
%
% For example, to verify that a certificate is in fact included in a log,
% you need to interact with the log ecosystem. Such interactions leak
% a user's browsing patterns to the logs and that is kind of problematic.
%
\mktitle{Certificate Transparency (CT) compliance\footnotemark}
\begin{columns}
\begin{column}{0.25\textwidth}
\end{column}
\begin{column}{0.25\textwidth}
\centering\includegraphics[width=.67\columnwidth]{img/chrome}
\end{column}
\begin{column}{0.25\textwidth}
\centering\includegraphics[width=.7\columnwidth]{img/safari}
\end{column}
\begin{column}{0.25\textwidth}
\end{column}
\end{columns}
\vfill
``Two logs promised that they will make the certificate public''
\footnotetext[4]{%
\burl{https://github.com/chromium/ct-policy/blob/master/ct_policy.md}
\&
\burl{https://support.apple.com/en-us/HT205280}%
}
\end{frame}
|