SSL Trust Pitfalls

1
SSL Trust Pitfalls
Prof. Ravi Sandhu
2
THE CERTIFICATE TRIANGLE
user
X.509 identity certificate
X.509 attribute certificate
attribute
public-key
SPKI certificate
3
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
4
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
5
SINGLE ROOT CA MODEL
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
User
6
SINGLE ROOT CAMULTIPLE RAs MODEL
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
7
MULTIPLE ROOT CAs MODEL
Root CA
Root CA
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
User
Root CA
User
Root CA
User
8
ROOT CA PLUS INTERMEDIATE CAs MODEL
Z
X
Y
Q
R
S
T
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
9
SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY
Root
Brand
Brand
Brand
Geo-Political
Bank
Acquirer
Customer
Merchant
10
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
11
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
12
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
13
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL

• Essentially the model on the web today
• Deployed in server-side SSL mode
• Client-side SSL mode yet to happen

14
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
15
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Server-side SSL
Ultratrust Security Services
www.host.com
16
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Ultratrust Security Services
Server-side SSL
Server-side SSL
Mallorys Web server
www.host.com
BIMM Corporation
www.host.com
17
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Ultratrust Security Services
Server-side SSL
Server-side SSL
BIMM Corporation
Mallorys Web server
www.host.com
Ultratrust Security Services
www.host.com
18
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
19
MAN IN THE MIDDLEMASQUARADING PREVENTED
Client Side SSL end-to-end
Ultratrust Security Services
Bob Web browser
www.host.com Web server
Bob
Ultratrust Security Services
Client-side SSL
Client-side SSL
BIMM Corporation
BIMM Corporation
www.host.com
Mallorys Web server
Ultratrust Security Services
Ultratrust Security Services
www.host.com
Bob
20
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Joe_at_anywhere Web browser
BIMM.com Web server
Client-side SSL
Ultratrust Security Services
Ultratrust Security Services
Joe_at_anywhere
BIMM.com
21
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice_at_SRPC Web browser
BIMM.com Web server
Client-side SSL
SRPC
Ultratrust Security Services
Alice_at_SRPC
BIMM.com
22
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Bob_at_PPC Web browser
BIMM.com Web server
Client-side SSL
PPC
Ultratrust Security Services
Bob_at_PPC
BIMM.com
23
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice_at_SRPC Web browser
BIMM.com Web server
Client-side SSL
SRPC
Ultratrust Security Services
BIMM.com
PPC
Bob_at_PPC
24
PKI AND TRUST

• Got to be very careful
• Not a game for amateurs
• Not many professionals as yet

25
REFERENCES

• "An overview of PKI trust models" by Perlman, R.
  IEEE Network, Volume 13 Issue 6 , Nov.-Dec.
  1999 Page(s) 38-43
• "The problem with multiple roots in Web
  browsers-certificate masquerading" by Hayes, J.M.
  Proceedings Seventh IEEE International Workshops
  on Enabling Technologies Infrastructure for
  Collaborative Enterprises, IEEE 1998. (WET ICE
  '98) 17-19 June 1998 Page(s) 306 -311.
• "Restricting access with certificate attributes
  in multiple root environments - a recipe for
  certificate masquerading" by Hayes, J.M. Proc.
  15th Annual Computer Security Applications
  Conference, IEEE, 2001, Page(s) 386-390.