Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Let's be honest, without any methamatical/design/architectural assumptions, about the current PKI practical context. One of the weakest links of PKI is trust delegation to some sort of governement based legislated system. As said, somewhere on this maling list, CA's are companies in those same legislative ecosystems. This should be seen if you study the current View of certificates you get from popular endpoints using different geographic locations. Cross correlating this with the current PKI CA's/Delegations Trust network should give us an hint that effectively governments are monitoring the People. I think we should make an effort, in name of freedom, and study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). On Thu, Sep 22, 2011 at 10:38 AM, Ralph Holz h...@net.in.tum.de wrote: Hi, Sorry, but this is too good. This is the Bavarian tax office, and ELSTER is the government's tax software: C=DE, ST=Bayern, L=Muenchen, O=Bayerisches Landesamt fuer Steuern - Dienststelle Muenchen, OU=ELSTER, CN=Elster HTTPS-Client, 41 I seem to live in the country of offenders. Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. Their distributed observatory is probably going to help much here, but I can offer the data sets from our paper. I'll put the paper online tomorrow and paste the link here. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on We did not find any differences in the top 200 or so, and the rest did not seem suspicious. See the links in the previous mail for the set of differing certs. 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. We did not observe that too often (Microsoft did it, not sure about Google), but yes, we would need to crawl such clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). Sorry, I don't quite get that? Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
The way you position yourself in the network infra-structure is of very importance when doing data collection. Users of a given ISP may have rogue certificates while others at the same country but another ISP may not. We as researchers need to position ourselves at different network scopes in order to detect more efficiently rogue certificates and thus identifying more effectively doubtful CA's or even individual persons beings monitored. All users reaching the same endpoint should have the same certificate. So this is an important technical aspect that must be addressed carefully. The best way I think would be making users from those countries run some probe (as volunteers) to get their Certificates View. Actually EFF partially advocates this by telling people how to run their SSL Observatory but at the same time they suggest doing it in a Cloud Environment, thus distorting the main purpose of sitting ourselves at different network locations when collecting data. On Thu, Sep 22, 2011 at 5:30 PM, Ralph Holz h...@net.in.tum.de wrote: Hi, study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more. Their distributed observatory is probably going to help much here, but I can offer the data sets from our paper. I'll put the paper online tomorrow and paste the link here. 1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on We did not find any differences in the top 200 or so, and the rest did not seem suspicious. See the links in the previous mail for the set of differing certs. 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. We did not observe that too often (Microsoft did it, not sure about Google), but yes, we would need to crawl such clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). Sorry, I don't quite get that? Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, http://www.meleeisland.de/issuer_ca_on_eff.csv Oh, now it makes sense, those are mostly router certs (and various other certs from vendors who create broken certs like the Plesk ones). You won't just Hm. I agree that many are router certs, certainly those with brand names of networking equipment in the CN, but mostly? For example, are the 550,000+ ones with CN=localhost.localdomain also router certs? I guess the only way would be to rescan them and get the HTML they deliver. I did that, BTW, for about 60k certs with Plesk as CN. Mostly, the sites redirected to port 80, but in about a quarter of cases we found the typical Plesk portal sites. Given that you can google the default password, this seems a weak configuration. We'll report on that in our upcoming IMC paper, too [1]. find them in Korea, they're everywhere, in vast numbers, but (at least for the router certs) they're usually only visible from the LAN interface. It would certainly explain why they show up so often in the EFF scan, but not in our scan of the Top 1M (EFF: 13%, ours: 3%). But, even in the Top 1M, we get about 30k such certs, and they are not router certs. So all you need to do is warkit a router via one of a seemingly endless series of vulns that SOHO routers have and you've got a trusted root cert that can MITM all traffic through it. That would be very bad, truly. I am wondering if we can't get our hands on such a router and do a proof-of-concept. Anyone in? [1] http://conferences.sigcomm.org/imc/2011/program.htm Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Ralph Holz h...@net.in.tum.de writes: I am wondering if we can't get our hands on such a router and do a proof-of- concept. Anyone in? In terms of warkitting routers, they're pretty much all vulnerable [0], so all you'd need to do after that is exploit the CA certs. OTOH if you can warkit a router you can also drop sslstrip on it, and at that point it's game over for the user whether you have a CA cert or not. Peter. [0] All meaning that every brand that researchers could get their hands on proved vulnerable. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
From: Peter Gutmann pgut...@cs.auckland.ac.nz To: cryptography@randombit.net Sent: Monday, September 19, 2011 2:32:21 PM Subject: Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea) Ralph Holz h...@net.in.tum.de writes: In terms of warkitting routers, they're pretty much all vulnerable [0], so all you'd need to do after that is exploit the CA certs. OTOH if you can warkit a router you can also drop sslstrip on it, and at that point it's game over for the user whether you have a CA cert or not. Does this warkitting require physical access to the router? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Randall Webmail rv...@insightbb.com writes: Does this warkitting require physical access to the router? No, it's all remotely done. (This is why I have two different routers from different vendors between me and the public internet, and have had this setup for about a decade now). Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Ralph Holz h...@net.in.tum.de writes: In the EFF dataset of the full IPv4 space, I find 773,512 such certificates. Could these be from the bizarro Korean DIY PKI (the NPKI) that they've implemented? Could you post (or email) some of the certs? Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
Hi, In the EFF dataset of the full IPv4 space, I find 773,512 such certificates. Could these be from the bizarro Korean DIY PKI (the NPKI) that they've implemented? Could you post (or email) some of the certs? I don't think so. Here is a list of COUNT(issuers), issuers from the EFF dataset. Only those counted that appeared 200 times. http://www.meleeisland.de/issuer_ca_on_eff.csv Let me know if you want a few of those certs. BTW, that cert by Gov of Korea is found this often in the EFF data set: 1694 | C=KR, O=Government of Korea, OU=GPKI, CN=CA134040001 Should be in the CSV above. Ralph signature.asc Description: OpenPGP digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
On 09/17/2011 06:37 PM, Marsh Ray wrote: It's not entirely clear that a trusted CA cert is being used in this attack, however the article comes to the conclusion that HTTPS application data is being decrypted so it's the most plausible assumption. Why is it the most plausible assumption? Isn't it far easier to replace the cryptographic libraries on PCs with one that has a wrapper that copies all payloads before encryption and after decryption, and transmits the payload to the snooper? Why go through the hassle of breaking a cipher when all you have to do is replace a few files on the target's PC to get what you want? Arshad Noor StrongAuth, Inc. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Another data point on SSL trusted root CA reliability (S Korea)
On 2011-09-18 1:18 PM, Arshad Noor wrote: Why do we assume that government spies will go to such lengths to get at an individual's data, when a downloaded root-kit on the target PC suffices? The government has less ability, but no more ability, to rootkit your computer than do ten thousand Nigerian scammers. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography