Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Let's be honest, without any methamatical/design/architectural assumptions, about the current PKI practical context. One of the weakest links of PKI is trust delegation to some sort of governement based legislated system. As said, somewhere on this maling list, CA's are companies in those same legislative ecosystems. This should be seen if you study the current View of certificates you get from popular endpoints using different geographic locations. Cross correlating this with the current PKI CA's/Delegations Trust network should give us an hint that effectively governments are monitoring the People. I think we should make an effort, in name of freedom, and study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). On Thu, Sep 22, 2011 at 10:38 AM, Ralph Holz h...@net.in.tum.de wrote: Hi, Sorry, but this is too good. This is the Bavarian tax office, and ELSTER is the government's tax software: C=DE, ST=Bayern, L=Muenchen, O=Bayerisches Landesamt fuer Steuern - Dienststelle Muenchen, OU=ELSTER, CN=Elster HTTPS-Client, 41 I seem to live in the country of offenders. Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. Their distributed observatory is probably going to help much here, but I can offer the data sets from our paper. I'll put the paper online tomorrow and paste the link here. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on We did not find any differences in the top 200 or so, and the rest did not seem suspicious. See the links in the previous mail for the set of differing certs. 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. We did not observe that too often (Microsoft did it, not sure about Google), but yes, we would need to crawl such clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). Sorry, I don't quite get that? Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
The way you position yourself in the network infra-structure is of very importance when doing data collection. Users of a given ISP may have rogue certificates while others at the same country but another ISP may not. We as researchers need to position ourselves at different network scopes in order to detect more efficiently rogue certificates and thus identifying more effectively doubtful CA's or even individual persons beings monitored. All users reaching the same endpoint should have the same certificate. So this is an important technical aspect that must be addressed carefully. The best way I think would be making users from those countries run some probe (as volunteers) to get their Certificates View. Actually EFF partially advocates this by telling people how to run their SSL Observatory but at the same time they suggest doing it in a Cloud Environment, thus distorting the main purpose of sitting ourselves at different network locations when collecting data. On Thu, Sep 22, 2011 at 5:30 PM, Ralph Holz h...@net.in.tum.de wrote: Hi, study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. Their distributed observatory is probably going to help much here, but I can offer the data sets from our paper. I'll put the paper online tomorrow and paste the link here. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on We did not find any differences in the top 200 or so, and the rest did not seem suspicious. See the links in the previous mail for the set of differing certs. 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. We did not observe that too often (Microsoft did it, not sure about Google), but yes, we would need to crawl such clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). Sorry, I don't quite get that? Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, http://www.meleeisland.de/issuer_ca_on_eff.csv Oh, now it makes sense, those are mostly router certs (and various other certs from vendors who create broken certs like the Plesk ones). You won't just Hm. I agree that many are router certs, certainly those with brand names of networking equipment in the CN, but mostly? For example, are the 550,000+ ones with CN=localhost.localdomain also router certs? I guess the only way would be to rescan them and get the HTML they deliver. I did that, BTW, for about 60k certs with Plesk as CN. Mostly, the sites redirected to port 80, but in about a quarter of cases we found the typical Plesk portal sites. Given that you can google the default password, this seems a weak configuration. We'll report on that in our upcoming IMC paper, too [1]. find them in Korea, they're everywhere, in vast numbers, but (at least for the router certs) they're usually only visible from the LAN interface. It would certainly explain why they show up so often in the EFF scan, but not in our scan of the Top 1M (EFF: 13%, ours: 3%). But, even in the Top 1M, we get about 30k such certs, and they are not router certs. So all you need to do is warkit a router via one of a seemingly endless series of vulns that SOHO routers have and you've got a trusted root cert that can MITM all traffic through it. That would be very bad, truly. I am wondering if we can't get our hands on such a router and do a proof-of-concept. Anyone in? [1] http://conferences.sigcomm.org/imc/2011/program.htm Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Ralph Holz h...@net.in.tum.de writes: I am wondering if we can't get our hands on such a router and do a proof-of- concept. Anyone in? In terms of warkitting routers, they're pretty much all vulnerable [0], so all you'd need to do after that is exploit the CA certs. OTOH if you can warkit a router you can also drop sslstrip on it, and at that point it's game over for the user whether you have a CA cert or not. Peter. [0] All meaning that every brand that researchers could get their hands on proved vulnerable. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
From: Peter Gutmann pgut...@cs.auckland.ac.nz To: cryptography@randombit.net Sent: Monday, September 19, 2011 2:32:21 PM Subject: Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea) Ralph Holz h...@net.in.tum.de writes: In terms of warkitting routers, they're pretty much all vulnerable [0], so all you'd need to do after that is exploit the CA certs. OTOH if you can warkit a router you can also drop sslstrip on it, and at that point it's game over for the user whether you have a CA cert or not. Does this warkitting require physical access to the router? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Randall Webmail rv...@insightbb.com writes: Does this warkitting require physical access to the router? No, it's all remotely done. (This is why I have two different routers from different vendors between me and the public internet, and have had this setup for about a decade now). Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Ralph Holz h...@net.in.tum.de writes: In the EFF dataset of the full IPv4 space, I find 773,512 such certificates. Could these be from the bizarro Korean DIY PKI (the NPKI) that they've implemented? Could you post (or email) some of the certs? Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, In the EFF dataset of the full IPv4 space, I find 773,512 such certificates. Could these be from the bizarro Korean DIY PKI (the NPKI) that they've implemented? Could you post (or email) some of the certs? I don't think so. Here is a list of COUNT(issuers), issuers from the EFF dataset. Only those counted that appeared 200 times. http://www.meleeisland.de/issuer_ca_on_eff.csv Let me know if you want a few of those certs. BTW, that cert by Gov of Korea is found this often in the EFF data set: 1694 | C=KR, O=Government of Korea, OU=GPKI, CN=CA134040001 Should be in the CSV above. Ralph signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Been seeing Twitter from @ralphholz, @KevinSMcArthur, and @eddy_nigg about some goofy certs surfacing in S Korea with CA=true. via Reddit http://www.reddit.com/tb/kj25j http://english.hani.co.kr/arti/english_edition/e_national/496473.html It's not entirely clear that a trusted CA cert is being used in this attack, however the article comes to the conclusion that HTTPS application data is being decrypted so it's the most plausible assumption. Quoting extensively here because I don't have a sense of how long The Hankyoreh keeps their English language text around. - Marsh NIS admits to packet tapping Gmail By Noh Hyung-woong It has come to light that the National Intelligence Service has been using a technique known as “packet tapping” to spy on emails sent and received using Gmail, Google’s email service. This is expected to have a significant impact, as it proves that not even Gmail, previously a popular “cyber safe haven” because of its reputation for high levels of security, is safe from tapping. The NIS itself disclosed that Gmail tapping was taking place in the process of responding to a constitutional appeal filed by 52-year-old former teacher Kim Hyeong-geun, who was the object of packet tapping, in March this year. As part of written responses submitted recently to the Constitutional Court, the NIS stated, “Mr. Kim was taking measures to avoid detection by investigation agencies, such as using a foreign mail service [Gmail] and mail accounts in his parents’ names, and deleting emails immediately after receiving or sending them. We therefore made the judgment that gathering evidence through a conventional search and seizure would be difficult, and conducted packet tapping.” The NIS went on to explain, “[Some Korean citizens] systematically attempt so-called ‘cyber asylum,’ in ways such as using foreign mail services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s investigative authority, making packet tapping an inevitable measure for dealing with this.” The NIS asserted the need to tap Gmail when applying to a court of law for permission to also use communication restriction measures [packet tapping]. The court, too, accepted the NIS’s request at the time and granted permission for packet tapping. Unlike normal communication tapping methods, packet tapping is a technology that allows a real-time view of all content coming and going via the Internet. It opens all packets of a designated user that are transmitted via the Internet. This was impossible in the early days of the Internet, but monitoring and vetting of desired information only from among huge amounts of packet information became possible with the development of “deep packet inspection” technology. Deep packet inspection technology is used not only for censorship, but also in marketing such as custom advertising on Gmail and Facebook. The fact that the NIS taps Gmail, which uses HTTP Secure, a communication protocol with reinforced security, means that it possesses the technology to decrypt data packets transmitted via Internet lines after intercepting them. “Gmail has been using an encrypted protocol since 2009, when it was revealed that Chinese security services had been tapping it,” said one official from a software security company. “Technologically, decrypting it is known to be almost impossible. If it turns out to be true [that the NIS has been packet tapping], this could turn into an international controversy.” “The revelation of the possibility that Gmail may have been tapped is truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It has shown once again that the secrets of people’s private lives can be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a Democratic Society, who has taken on Kim’s case, said, “I think it is surprising, and perhaps even good, that the NIS itself has revealed that it uses packet tapping on Gmail. I hope the Constitutional Court will use this appeal hearing to decide upon legitimate boundaries for investigations, given that the actual circumstances of the NIS’s packet tapping have not been clearly revealed.” Please direct questions or comments to [englishh...@hani.co.kr] ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
On 09/17/2011 06:37 PM, Marsh Ray wrote: It's not entirely clear that a trusted CA cert is being used in this attack, however the article comes to the conclusion that HTTPS application data is being decrypted so it's the most plausible assumption. Why is it the most plausible assumption? Isn't it far easier to replace the cryptographic libraries on PCs with one that has a wrapper that copies all payloads before encryption and after decryption, and transmits the payload to the snooper? Why go through the hassle of breaking a cipher when all you have to do is replace a few files on the target's PC to get what you want? Arshad Noor StrongAuth, Inc. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
On 2011-09-18 1:18 PM, Arshad Noor wrote: Why do we assume that government spies will go to such lengths to get at an individual's data, when a downloaded root-kit on the target PC suffices? The government has less ability, but no more ability, to rootkit your computer than do ten thousand Nigerian scammers. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography