Upload File

hpkp spearing superfish with - c0nrad.io · 2019. 12. 4. · hpkp hmmm, is yahoo!’s spki in my...

  • Home
  • Documents
  • HPKP Spearing Superfish with - c0nrad.io · 2019. 12. 4. · HPKP Hmmm, is Yahoo!’s SPKI in my pinset? NO! STOP CONNECTION MITM No Secrets Agency Subject: yahoo.com SPKI: jkl Valid
24
Spearing Superfish with HPKP Stuart Larsen Yahoo Paranoids - Pentest

Upload: others

Post on 18-Feb-2021

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Spearing Superfish with HPKP

    Stuart LarsenYahoo Paranoids - Pentest

  • Overview

    ● The Problem● HPKP● Lenovo Superfish Certificate● Conclusion

  • whoami

  • The ProblemVeriSign

    GeoTrust

    Comodo

    Digicert

    Thawte

    Potential Insecure CA

    Trusted CAs:

  • The Problem

    VeriSign

    VeriSign -> yahoo.com

    VeriSign -> twitter.com

    VeriSign -> facebook.com

    VeriSign -> google.com

  • The Problem

    Insecure_ca

    Insecure_ca -> yahoo.com

    Insecure_ca -> twitter.com

    Insecure_ca -> facebook.com

    Insecure_ca -> google.com

  • The Problem

    MITM

    No Secrets AgencyInsecure_ca -> yahoo.

    comVeriSign -> yahoo.com

    To the user, everything looks okay.

  • Is this a real problem?

    ● ComodoHacker: http://en.wikipedia.org/wiki/Comodo_Group#Certificate_hacking

    ● DigiNotar: http://arstechnica.com/security/2011/08/earlier-this-year-an-iranian/

    ● More?

    http://en.wikipedia.org/wiki/Comodo_Group#Certificate_hackinghttp://en.wikipedia.org/wiki/Comodo_Group#Certificate_hackinghttp://en.wikipedia.org/wiki/Comodo_Group#Certificate_hackinghttp://arstechnica.com/security/2011/08/earlier-this-year-an-iranian/http://arstechnica.com/security/2011/08/earlier-this-year-an-iranian/http://arstechnica.com/security/2011/08/earlier-this-year-an-iranian/http://arstechnica.com/security/2011/08/earlier-this-year-an-iranian/

  • HTTP Public Key Pinning (HPKP)

    “instructs web clients to associate specific cryptographic identities with a certain web server to prevent MITM attacks dues to compromised Certificate Authorities”

  • Public-Key-Pins HeaderPublic-Key-Pins: pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="IN1y/s/iJ+9dzXOhnh5sMzqPV6gmsYM9tLlO5iaCwSA="; max-age=30; includeSubdomains; report-uri="hpkp_report"

  • Public-Key-Pins Header● pin-sha256:

    ○ base 64 encoding of a hashed Subject Public Key Info

    ● max-age:○ number of seconds to save host pinning

    ● includeSubDomains: (optional)○ tells the client to apply pinned host to subdomains as

    well● report-uri: (optional)

    ○ If there is a violation, where should it be reported

  • What is a Pin

    pin-sha256=256klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=

    Subject: yahoo.com

    Issuer: VeriSign

    Public Key AlgorithmSubject Public Key

    notBeforenotAfter

    extensions

    ….

    Public Key Algorithm

    Subject Public Key

    SPKI: Subject Public Key Identifier

    pin-sha256=abcFor Examples:

  • Where to PinRoot CA

    SPKI: abc

    Inter CA

    SPKI: def

    yahoo.com

    SPKI: ghi

    yahoo.combackup csr

    SPKI: xyz

    ● A pin can be any certificate in the chain

    ● When publishing a policy, two of the pins must be in different trust chains

    ● You can publish a pin at different levels of the chain

    ● Backup CSRs

  • Root CA

    SPKI: abcInter CA

    SPKI: ghi

    Public Key Pinning

    pin-sha256=abc

    pin-sha256=def

    pin-sha256=ghi

    Subject: yahoo.com

    SPKI: abc

    HPKP

    Monday

  • Public Key PinningTuesday

    pin-sha256=abc

    pin-sha256=def

    pin-sha256=ghi

    HPKP

    Root CA

    SPKI: abcInter CA

    SPKI: ghiSubject: yahoo.com

    SPKI: abc

    Hmmm, is Yahoo!’s SPKI in my pinset?YES!

  • insecure_ca

    Public Key PinningWednesday

    pin-sha256=abc

    pin-sha256=def

    pin-sha256=ghi

    HPKP

    Hmmm, is Yahoo!’s SPKI in my pinset?NO! STOP CONNECTION

    MITM

    No Secrets Agency

    Subject:yahoo.com

    SPKI: jkl

    Valid Certificate. But bad SPKI

    Root CA

    SPKI: abcInter CA

    SPKI: ghiSubject: yahoo.com

    SPKI: abc

  • Lenovo and Superfish

    ● Pre-installed adware for displaying Ads in Google searches

    ● The adware came from a company called Superfish

  • The Problem of Superfish

    ● Google Search uses HTTPS● So Lenovo pre-installed self signed root

    certificate● The same certificate was on all infected

    machines● The encryption key was trivially crackable● Check here: https://superphish.com

    https://superphish.com

  • Superfish MITM

    ● Any malicious actor can use this certificate to MITM any website.

    ● Which completely negates HTTPS, meaning passwords, bank statements, emails, messages are visible again

    ● It also gives nation states, ISPs, backbone providers another vector for information snooping

  • The Embarrassing Part of the Talk

    ● Can’t we just apply HPKP to the Superfish certificate?

    ● The Superfish certificate won’t be in any pinned certificate chains.

    ● Turns out it doesn’t quite work that way

  • HPKP: Locally Installed Certificates

  • HTTP Public Key Pinning (HPKP)

    “instructs web clients to associate specific cryptographic identities with a certain web server to prevent MITM attacks dues to compromised Certificate Authorities”

  • Conclusion

    ● The Problem● HPKP● Lenovo Superfish Certificate

  • Questions?


SPKI analysis in strand space Alex Vidergar, 1Lt, USAF Air Force Institute of Technology Graduate School of Computer Science & Engineering Thesis Advisor:

Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and ... · @unapibageek - @ssantosv IE/Edge highlights: • Most of the websites will not be remembered as webs protected with HSTS,

A Component Security Infrastructure · SDSI/SPKI Cells Build software systems using components . ... 9/24/15 Cells @ FCS 2002 30 Traditional Security Model allow request from alice.jhu.edu

These slides: HSTS and HPKP in ... and HPKP in practice Joseph Bonneau (based on research w/Michael Kranch) IETF 92 March 26 2015 These slides: Research paper ... TLS in one slide

Distributed Access Control CS489/589: Access Control ...doshin/t/s10/cs589/docs/note5.pdf · SPKI/SDSI what s needed for distributed systems security. It attempts to be fresh design

Greenpass Client Tools for Delegated Authorization in ...trdata/reports/TR2004-509.pdf · SPKI allows certain local users to delegate network access to guests by issuing certificates

Understanding SPKI/SDSI Using First-Order Logictheory.stanford.edu/people/jcm/papers/sem_spki_j.pdf · 2007-12-17 · SPKI/SDSI tags, semantically natural, and algorithmically tractable

fe.unsiq.ac.idfe.unsiq.ac.id/portal/assets/uploads/SPKI-FE-Akuntansi.docx · Web viewkeuangan umum dan standar akuntansi keuangan ETAP yang berlaku. 3.Mampu menyusun laporan hasil

Principalship: Roles & Responsibilities PINSET-September 2011 Presented By Sajid Masood The Knowledge School

Delegation Logic: A Logic-based Approach to Distributed ...ebusiness.mit.edu/research/papers/115 Grosof, Delegation Logic.pdf · REFEREE [11], and SPKI/SDSI [12; 15]. A key feature

Mission Accomplished? HTTPS Security after DigiNotar · TLS/HTTPS Security Extensions • Certificate Transparency • HSTS (HTTP Strict Transport Security) • HPKP (HTTP Public

Synthesising End-to-End Security Schemes through ...researchbank.rmit.edu.au/eserv/rmit:160595/Thevathayan.pdf · within Proxy-Based SPKI/SDSI Mobile Networks in Asia Pacific Information

Schematic Heaven, Tube Books, Schematics Galore ...schems.com/bmampscom/carvin/Carvin_BelAir 212.pdf · SPKI SPK2 FOOTSWITCH INTERNAL FUSE 3A SLOW BLOW 5mm x 20mm STOPS OSCILLATION

SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI

Denis CaromelArnaud Contes Univ. Nice ActiveEon · 2009 30. Fault-tolerance in ProActive Rollback-Recovery fault-tolerance ... SPKI: Hierarchy of certificates No security related

Lujo Bauer, Scott Garriss, Michael K. Reiter September 29 ... · logics that encode SPKI [4, 29, 23], SD3 [24], and the RT family of logics [30]. In Section 7, we discuss our ability

ABUSING CERTIFICATE TRANSPARENCY CON 25/DEF CON 25...(HPKP) 10 CERTIFICATE AUTHORITY AUTHORIZATION (CAA) 11 CERTIFICATE TRANSPARENCY (CT) 12 PUBLIC LOGS Let's put all certificates

Delegation Logic: A Logic-based Approach to Distributed ...theory.stanford.edu/~ninghui/papers/dl_tissec03.pdf · REFEREE [11], and SPKI/SDSI [12; 15]. A key feature of these systems

Security and Privacy Challenges in Context-Sensitive Services · Built client-based access-control framework based on Web framework [Howell and Kotz, OSDI 2000] SPKI/SDSI certificates

MTR, CRK, SPK - PFC Equipment, Inc. · of high-grade stainless steel, MTRI, CRKI, and SPKI pumps must be used. 5. Type designation The standard range of pumps encompasses complete

Slides’for’Drawbridge’chase/cps510/slides/drawbridge.pdf · Autonet LAN, the SPKI system for network security, the Microsoft Tablet PC software, the Microsoft Palladium high-assurance

US8438617 - people.csail.mit.edu · C. Ellison, IETF RFC 2692: "SPKI Requirements," sep. 1999, pp. (Continued) Primary Examiner Kambiz Zand Assistant Examiner — Stephen Sanders

Upgrading HTTPS in Midair - mjkranch.comHSTS and HPKP are being used o Used by over 12,500 sites (~1% of top million) o 500% increase in preload list in the past 4 months Many errors

[Wroclaw #4] Web Application Security Headers-2 (HSTS, HPKP)

SDSIrep: A reputation system based on SDSI - TUMesparza/Talks/sdsi.pdf · SDSIrep: A reputation system based on SDSI Ahmed Bouajjani, Javier Esparza, ... SDSI (SPKI/SDSI) [Clarke,

Emerging Web Application Security Standards Scott HelmeTransport security is largely a solved problem 1. Deploy encryption 2. Use good configuration 3. Deploy HSTS 4. Deploy HPKP (only

Namespaces in SPKI Carl M. Ellison Intel Architecture Labs [email protected]

Namespaces in SPKI

 · SPKI 29 53 Curving chains series 881 - 881G - 881 TAB equiv 21 25 mm 116.1 140.1 mm 129 154 mm 67.8 79.8 mm 35 40 45 50 35 40 45 50 ... 30 30 cccoo mm 133 165 mm 65 56 s mm 53

Delegation Logic: A Logic-based Approach to Distributed ...cs- · REFEREE [11], and SPKI/SDSI [12; 15]. A key feature of these systems is the support of delegation. There has also

Available online at ScienceDirect2013), HSTS (Hodges et al., 2012), HPKP (Evans and Palmer, 2011), SISCA (Karapanos and Capkun, 2014), and other best practices (e.g., enabling CSP

PENGARUH JENIS RIZOBAKTERI PEMACU PERTUMBUHAN …fkptpi.unsyiah.ac.id/images/PDF PROSIDING/PDF/PDF AGROTEKNOLOGI/259-27… · menggunakan pinset pada media tanam steril. Media tanam

JEDI: Many-to-Many End-to-End Encryption and Key ...(e.g., SPKI/SDSI [31] and Macaroons [13]) provide principals with tokens (e.g., certificate chains) that they can present to prove

SecPAL: Design and Semantics of a Decentralized ...courses.cs.vt.edu/~cs5204/fall08-kafura/Papers/... · Intuitive, unambiguous semantics Languages such as XACML, XrML, or SPKI/SDSI

A Trusted Execution Platform for Multiparty Computationpmg.lcs.mit.edu/~ajmani/papers/thesis.pdf · The Simple Public Key Infrastructure (SPKI) provides name resolution and au-thorization