The Experts below are selected from a list of 141 Experts worldwide ranked by ideXlab platform
James M. Hayes - One of the best experts on this subject based on the ideXlab platform.
-
Restricting access with Certificate attributes in multiple Root environments - A recipe for Certificate masquerading
Proceedings - Annual Computer Security Applications Conference ACSAC, 2001Co-Authors: James M. HayesAbstract:The issue of Certificate masquerading against the SSL protocol is pointed out in Hayes (1998). In Hayes, various forms of server Certificate masquerading are identified. It should also be noted that the attack described is a man-in-the-middle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of Hayes and involves client Certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than in Hayes since a MITM attack is not involved and the only requirement is that the application trust a given Root Certificate authority (CA). The problem arises when applications use multiple Roots that do not cross-certify. The problem is further exacerbated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem, within the public key infrastructure (PKI) community, but continues to persist in practice despite this knowledge.
-
ACSAC - Restricting access with Certificate attributes in multiple Root environments - a recipe for Certificate masquerading
Seventeenth Annual Computer Security Applications Conference, 1Co-Authors: James M. HayesAbstract:The issue of Certificate masquerading against the SSL protocol is pointed out in Hayes (1998). In Hayes, various forms of server Certificate masquerading are identified. It should also be noted that the attack described is a man-in-the-middle (MITM) attack that requires direct manipulation of the SSL protocol. This paper is a mirror of Hayes and involves client Certificate masquerading. The motivation for this paper comes from the fact that this anomaly has shown up in commercial products. It is potentially more damaging than in Hayes since a MITM attack is not involved and the only requirement is that the application trust a given Root Certificate authority (CA). The problem arises when applications use multiple Roots that do not cross-certify. The problem is further exacerbated since the applications themselves do not have the ability to apply external name constraints and policies. Unfortunately, the problem is a fairly well known problem, within the public key infrastructure (PKI) community, but continues to persist in practice despite this knowledge.
Len Sassaman - One of the best experts on this subject based on the ideXlab platform.
-
pki layer cake new collision attacks against the global x 509 infrastructure
Financial Cryptography, 2010Co-Authors: Dan Kaminsky, Meredith L Patterson, Len SassamanAbstract:Research unveiled in December of 2008 [15] showed how MD5’s long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary Root Certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized — first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation Certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a “low assurance” Certificate for a given name from acquiring the “green bar” EV experience.
-
Financial Cryptography - PKI layer cake: new collision attacks against the global x.509 infrastructure
Financial Cryptography and Data Security, 2010Co-Authors: Dan Kaminsky, Meredith L Patterson, Len SassamanAbstract:Research unveiled in December of 2008 [15] showed how MD5’s long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary Root Certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized — first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation Certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a “low assurance” Certificate for a given name from acquiring the “green bar” EV experience.
Michael R Clark - One of the best experts on this subject based on the ideXlab platform.
-
protecting publish subscribe interactions via tls and a system wide Certificate validation engine
Unmanned Systems Technology XXII, 2020Co-Authors: Anthony Pierce, Andrew Alten, Michael R ClarkAbstract:Multiple defense-relevant open architecture standards include the publish/subscribe messaging paradigm, which allows for dynamic network topology and scalability. Using the Transport Layer Security (TLS) protocol to secure such messaging is common; however, Certificate validation must be performed. Typically, Certificate validation is left to the application to configure, but history has shown that application developers often get incorrect Certificate validation. In this paper, we explore the overhead costs of different security implementations under varying network conditions within a pub/sub system. Furthermore, we study how TrustBase strengthens and simplifies Certificate validation within a pub/sub architecture. TrustBase allows a system administrator or integrator to specify a single Certificate validation policy for all applications in the system. This ensures that even if application developers have misconfigured Certificate validation, the policy is followed, which we believe could make system accreditation easier. Our study is conducted on a notional system with an Apache ActiveMQ messaging server. Handshake timing data are collected from several publishers and subscribers to understand the overhead resulting from using TLS with and without the TrustBase kernel module active on the system. Our experiments run with different Certificate validation strategies including prepositioned public-keys and Certificate chaining with a trusted Root Certificate authority. To our knowledge, we are the first to study TrustBase in an environment that emulates realistic network conditions and a messaging paradigm beyond the traditional client/server model. Our results confirm those of the original TrustBase work; TrustBase adds negligible overhead and is easily configurable as a universal Certificate validation authority.
-
Protecting publish/subscribe interactions via TLS and a system-wide Certificate validation engine
Unmanned Systems Technology XXII, 2020Co-Authors: Anthony Pierce, Andrew Alten, Michael R ClarkAbstract:Multiple defense-relevant open architecture standards include the publish/subscribe messaging paradigm, which allows for dynamic network topology and scalability. Using the Transport Layer Security (TLS) protocol to secure such messaging is common; however, Certificate validation must be performed. Typically, Certificate validation is left to the application to configure, but history has shown that application developers often get incorrect Certificate validation. In this paper, we explore the overhead costs of different security implementations under varying network conditions within a pub/sub system. Furthermore, we study how TrustBase strengthens and simplifies Certificate validation within a pub/sub architecture. TrustBase allows a system administrator or integrator to specify a single Certificate validation policy for all applications in the system. This ensures that even if application developers have misconfigured Certificate validation, the policy is followed, which we believe could make system accreditation easier. Our study is conducted on a notional system with an Apache ActiveMQ messaging server. Handshake timing data are collected from several publishers and subscribers to understand the overhead resulting from using TLS with and without the TrustBase kernel module active on the system. Our experiments run with different Certificate validation strategies including prepositioned public-keys and Certificate chaining with a trusted Root Certificate authority. To our knowledge, we are the first to study TrustBase in an environment that emulates realistic network conditions and a messaging paradigm beyond the traditional client/server model. Our results confirm those of the original TrustBase work; TrustBase adds negligible overhead and is easily configurable as a universal Certificate validation authority.
Vern Paxson - One of the best experts on this subject based on the ideXlab platform.
-
a tangled mass the android Root Certificate stores
Conference on Emerging Network Experiment and Technology, 2014Co-Authors: Narseo Vallinarodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver, Vern PaxsonAbstract:The security of today's Web rests in part on the set of X.509 Certificate authorities trusted by each user's browser. Users generally do not themselves configure their browser's Root store but instead rely upon decisions made by the suppliers of either the browsers or the devices upon which they run. In this work we explore the nature and implications of these trust decisions for Android users. Drawing upon datasets collected by Netalyzr for Android and ICSI's Certificate Notary, we characterize the Certificate Root store population present in mobile devices in the wild. Motivated by concerns that bloated Root stores increase the attack surface of mobile users, we report on the interplay of Certificate sets deployed by the device manufacturers, mobile operators, and the Android OS. We identify Certificates installed exclusively by apps on Rooted devices, thus breaking the audited and supervised Root store model, and also discover use of TLS interception via HTTPS proxies employed by a market research company.
-
CoNEXT - A Tangled Mass: The Android Root Certificate Stores
Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, 2014Co-Authors: Narseo Vallina-rodriguez, Johanna Amann, Christian Kreibich, Nicholas Weaver, Vern PaxsonAbstract:The security of today's Web rests in part on the set of X.509 Certificate authorities trusted by each user's browser. Users generally do not themselves configure their browser's Root store but instead rely upon decisions made by the suppliers of either the browsers or the devices upon which they run. In this work we explore the nature and implications of these trust decisions for Android users. Drawing upon datasets collected by Netalyzr for Android and ICSI's Certificate Notary, we characterize the Certificate Root store population present in mobile devices in the wild. Motivated by concerns that bloated Root stores increase the attack surface of mobile users, we report on the interplay of Certificate sets deployed by the device manufacturers, mobile operators, and the Android OS. We identify Certificates installed exclusively by apps on Rooted devices, thus breaking the audited and supervised Root store model, and also discover use of TLS interception via HTTPS proxies employed by a market research company.
Dan Kaminsky - One of the best experts on this subject based on the ideXlab platform.
-
pki layer cake new collision attacks against the global x 509 infrastructure
Financial Cryptography, 2010Co-Authors: Dan Kaminsky, Meredith L Patterson, Len SassamanAbstract:Research unveiled in December of 2008 [15] showed how MD5’s long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary Root Certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized — first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation Certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a “low assurance” Certificate for a given name from acquiring the “green bar” EV experience.
-
Financial Cryptography - PKI layer cake: new collision attacks against the global x.509 infrastructure
Financial Cryptography and Data Security, 2010Co-Authors: Dan Kaminsky, Meredith L Patterson, Len SassamanAbstract:Research unveiled in December of 2008 [15] showed how MD5’s long-known flaws could be actively exploited to attack the real-worldCertification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary Root Certificate for Verisign, and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests.We also draw particular attention to two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parsePKCS#10, and the potential for SQL injection fromtext contained within its requests. Finally, we explore why the implications of these attacks are broader than some have realized — first, because Client Authentication is sometimes tied to X.509, and second, because Extended Validation Certificates were only intended to stop phishing attacks from names similar to trusted brands. As per the work of Adam Barth and Collin Jackson [4], EV does not prevent an attacker who can synthesize or acquire a “low assurance” Certificate for a given name from acquiring the “green bar” EV experience.
