Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Future of SSL in an Appified World From Developers to NSA, the Nation State Adversaries Matthew Smith Usable Security and Privacy Lab, Universität.

Similar presentations


Presentation on theme: "The Future of SSL in an Appified World From Developers to NSA, the Nation State Adversaries Matthew Smith Usable Security and Privacy Lab, Universität."— Presentation transcript:

1 The Future of SSL in an Appified World From Developers to NSA, the Nation State Adversaries Matthew Smith Usable Security and Privacy Lab, Universität Bonn Human Factors Group, Fraunhofer FKIE

2 2 Secure Socket Layer SSL is a cryptographic protocol and the mainstay of our Internet security It is mainly used in combination with Certificate Authorities to validate the public keys of entities

3 3 Problems with CAs (whom do we trust?) Prof. Dr. Matthew Smith  Approximately trusted root CAs in  Firefox, Chrome, IE Explorer, Windows, Mac OS, Linux  Extended to ~650 via CA hierarchies  EFF Map of these organizations  SSL / HTTPS only as strong as the weakest link  Weak ( -based) authentication with many CAs  Targeted attacks against CAs - a real world threat  As Comodo and Diginotar have shown https://www.eff.org/observatory

4 4 CAs in the news Prof. Dr. Matthew Smith

5 5 SSL Warnings Usable Security and Privacy Lab –Universität Bonn

6 6 What users actually see Usable Security and Privacy Lab –Universität Bonn

7 7 Heartbleed Usable Security and Privacy Lab –Universität Bonn

8 8 SSL CCS Injection Vulnerability Usable Security and Privacy Lab –Universität Bonn Masashi Kikuchi of Lepidum  CVE OpenSSL’s ChangeCipherSpec processing has a serious vulnerability  OpenSSL through 1.0.1g  OpenSSL through 1.0.0l  all versions before OpenSSL 0.9.8y  Attackers can eavesdrop and modify communication  Attackers can hijack a authenticated session Not as bad as heartbleed but still pretty bad

9 9 Usable Security: An Emerging Research Field Complexity is the worst enemy of security  Systems are getting ever more complex We have the technology to make – almost – everything secure  We just don‘t have the people to do it properly We have two options:  Create more secure humans  Create more usable technology Usable Security and Privacy Lab –Universität Bonn

10 10 Usable security & privacy research Usable Security and Privacy Lab –Universität Bonn  End-user  Evaluation  Automation  Communication  Administrators/Experts  Software and process optimisation  Developers  API and Library analysis  New paradigms

11 11 SSL on Android The end user Usable Security and Privacy Lab –Universität Bonn

12 12 Android Browser Warning Messages Mobile browsers validate SSL certificates correctly…...and warn the user if something goes wrong …display security indicators… Usable Security and Privacy Lab –Universität Bonn

13 13 Online Survey … and warn the user if something goes wrong….  To see if users know when they are surfing on an SSL protected website  half of the participants got the survey via HTTP  the other half via HTTPS  exit survey asked whether their connection was protected or not  To find out if users understood the Browser’s warning messages  presented an SSL warning message Usable Security and Privacy Lab –Universität Bonn

14 14  ~50% had not seen an SSL warning message on their phone before.  The risk users were warned against was rated with 2.86 (sd=.94) on a scale between 1 and 5  Many participants stated they did not care about warning messages at all. Online Survey - Results  745 participants  47.5% of non-IT experts believed they were using a secure Internet connection  although it was plain HTTP  even 34.7% of participants with prior IT education thought this Usable Security and Privacy Lab –Universität Bonn

15 15 Appification  There’s an App for Everything Sascha Fahl,

16 16 Developers Usable Security and Privacy Lab –Universität Bonn

17 17 Trust me I‘m an Engineer

18 18 SSL Static Code Analysis  2011 Analysis of 13,500 popular, free apps from Google’s Play Market  92.8 % of the apps use the Internet permission  91.7 % of networking API calls are HTTP(S) related  0.8 % exclusively HTTPS URLs  46.2 % mix HTTP and HTTPS  % of all apps that use HTTPS include code that fails in SSL certificate validation  1070 include critical code  790 accept all certificates  284 accept all hostnames Prof. Dr. Matthew Smith

19 19 TrustManager Implementations  22 different TrustManager implementations TrustManager DummyTrustManager AcceptAllTrustManagerOpenTrustManager SimpleTrustManager NonValidatingTrustManager FakeTrustManager EasyX509TrustManager NaiveTrustManager  and all turn effective certificate validation off Prof. Dr. Matthew Smith

20 20 Manual App Testing Results  Cherry-picked 100 apps  21 apps trust all certificates  20 apps accept all hostnames  Captured credentials for:  American Express, Diners Club, Paypal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary accounts, and IBM Sametime, among others. Usable Security and Privacy Lab –Universität Bonn

21 21 Manual App Testing Results These 41 apps had an install-base of 39 – 185 million! Prof. Dr. Matthew Smith

22 22 Anti-Virus Example Prof. Dr. Matthew Smith

23 23 For more on this see  Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben and Matthew Smith: Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,Proceedings of the 19th ACM Conference on Computer and Communications Security (ACM CCS 2012) Prof. Dr. Matthew Smith

24 24 Nation State Adversaries Usable Security and Privacy Lab –Universität Bonn

25 25 SSL Development Usable Security for Users Usable Security and Privacy Lab –Universität Bonn

26 26 What users actually see Usable Security and Privacy Lab –Universität Bonn

27

28 28 SSL Development Usable Security for Developers Usable Security and Privacy Lab –Universität Bonn

29 29 Dumb Developers? Usable Security and Privacy Lab –Universität Bonn

30 30 Talking To Developers  Finding broken SSL in Android apps is good… …knowing what the root causes are is even better  We contacted 80 developers of broken apps  informed them  offered further assistance  asked them for an interview ✓ ✓ ?  15 developers agreed ✓ Usable Security and Privacy Lab –Universität Bonn

31 31 Developer Survey Summary  Self-Signed Certificates – Development.  Developers commonly wish to use self-signed certificates for testing purposes and hence want to turn off certificate validation during testing.  Self-Signed Certificates – Production.  A few developers wanted to use self-signed certificates in their production app for cost and effort reasons.  Code Complexity.  Developers described the code-level customization features of SSL as too complex and requiring too much effort.  Certificate Pinning / Trusted Roots.  Developers liked the idea of having an easy way to limit the number of trusted certificates and/or certificate authorities.  Global Warning Message.  Developers requested global SSL warning messages since they described building their own warning messages as too challenging. Usable Security and Privacy Lab –Universität Bonn

32 32 Solutions?  So what should we do to help the developers? Usable Security and Privacy Lab –Universität Bonn

33 33 A new approach to SSL on Android Prof. Dr. Matthew Smith Central SSL service for Android  Force SSL  start with https-everywhere list  Force SSL Validation  cannot be overridden  Self-Signed Certificates  for developer devices  SSL Pinning  via simple config file  Standardised User Interaction  actually show user what is happening  show meaningful warnings  Alternate SSL Validation Strategies  Perspectives, Certificate Transparency, etc.  hot-pluggable

34 34 For more on this see  Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, Matthew Smith(2013): Rethinking SSL Development in an Appified World,Proceedings of the 20th ACM Conference on Computer and Communications Security (ACM CCS 2013) Prof. Dr. Matthew Smith

35 35 SSL Infrastructure Certificate Transparency Usable Security and Privacy Lab –Universität Bonn

36 36 Problems with CAs (whom do we trust?) Prof. Dr. Matthew Smith  Approximately trusted root CAs in  Firefox, Chrome, IE Explorer, Windows, Mac OS, Linux  Extended to ~650 via CA hierarchies  EFF Map of these organizations  SSL / HTTPS only as strong as the weakest link  Weak ( -based) authentication with many CAs  Targeted attacks against CAs - a real world threat  As Comodo and Diginotar have shown https://www.eff.org/observatory

37 37 Certificate Transparency (Google‘11)  Adds additional layer to CA infrastructure  Certificate Transparency (CT) server operates append-only data structure (Merkle tree)  Procedure:  Submit Cert to CT log  Receive Signed Certificate Timestamp  TLS present the SCT to a TLS client  along with the SSL certificate  CT log only adds Certs if:  They are signed by trusted CA  CT log is append only  Client only accepts connections with SCT  Can detect attacks after the fact  Hopefully deters “respectable” attackers Idea: Make all CA action visible and non-repudiable

38 38 Usable security & privacy research Usable Security and Privacy Lab –Universität Bonn  End-user  Do not see mobile security indicators  Should not have to  Administrators/Experts  Misconfigure servers  Should have better tools  Developers  Make many honest mistakes  New development paradigm can protect in specific domains  Usable development of crypto libraries has not been researched properly to date  Infrastructure  Transparency is key


Download ppt "The Future of SSL in an Appified World From Developers to NSA, the Nation State Adversaries Matthew Smith Usable Security and Privacy Lab, Universität."

Similar presentations


Ads by Google