cloud strife - internet research task forcekevin borgolte cloud strife: mitigating the security...
TRANSCRIPT
Kevin Borgolte Tobias Fiebig Shuang Hao Christopher Kruegel Giovanni Vigna
Applied Networking Research Workshop (ANRW 2018) / IETF 102
CLOUD STRIFEMitigating the Security Risks of Domain-Validated Certificates
[email protected] [email protected] [email protected] [email protected] [email protected]
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) !3
STALE DNS RECORDS AND IP ADDRESS RE-USE
cloudstrife.seclab.cs.ucsb.edu
34.215.255.68
• How to migrate DNS gracefully? • When to release 34.215.255.68? TTL? Longer? • What about failure and automatic scaling?
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) !4
DOMAIN-VALIDATED CERTIFICATES
• Standard TLS certificate
• Trusted by major browsers and operating systems
• Credited for the rise in HTTPS adoption
• Cheap or free
• No identity verification
via https://nettrack.info/ssl_certificate_issuers.html
Let’s Encrypt
Comodo
GeoTrust
Top SSL Issuers
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
ClientClient ACMECA
1 Request certificate
Client ACMECA
1 Request certificate
2 Respond with challengeClient ACME
CA
1 Request certificate
2 Respond with challenge3 Host challenge
at http://example.com
example.comWebserver
Client ACMECA
1 Request certificate
2 Respond with challenge
4 Verify challenge3 Host challenge
at http://example.com
example.comWebserver
!5
HTTP-BASED DOMAIN-VALIDATION
If you control the host behind the domain, then you can prove domain ownership successfully.
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
• Trusted TLS certificates (MitM) • Malicious and remote code loading • Subdomain attacks • Email (no MX = A record) • Spam & phishing (residual trust)
!6
IMPACT?
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
ap-northeast-1
ap-northeast-2
ap-south-1
ap-southeast-1
ap-southeast-2
ca-central-1
eu-central-1
eu-west-1
eu-west-2
sa-east-1
us-east-1
us-east-2
us-west-1
us-west-2
Availability Zone
10sec
1min
1hour
1day
1week2weeks
Tim
eB
etw
een
Reo
ccur
ence
(Sec
onds
) log
!7
SCALE?
• Looking at cloud IP address (AWS, Azure)
• 1.6 million unique IPs, 14 million allocations
• 130 million unique domains
• How many active domains point to free IPs?
• >700,000 domains can be taken over within minutes by attacker
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) !8
CLOUD STRIFE
• Assume takeovers can and will happen in the future
• Major changes to DNS or deployment impractical
• Aim to prevent attacks higher up
• Focus on TLS services
• Leverage existing standards when possible
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
• HTTP, simple idea: • HTTPS with trusted certificates
• HTTP Strict Transport Security
• HTTP Public Key Pinning
• HTTP, simple idea: • HTTPS with trusted certificates domain-validated certificates
• HTTP Strict Transport Security
• HTTP Public Key Pinning deprecated since Chrome 67
!9
MITIGATING TAKEOVER ATTACKS
Takeover attacks now require pinned certificate.
Reduces takeover attacks to denial of service attacks.
Doesn’t work for SMTP etc. though
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
• HTTP, better idea: • HTTPS with trusted certificates
• Prevent certificate issuance for domains (likely) taken over
• HTTP Strict Transport Security
!10
MITIGATING TAKEOVER ATTACKS
How do you prevent certificate issuance?
No trusted certificate = also works for SMTP etc.
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) !11
CERTIFICATE TRANSPARENCY LOGS
• Public append-only log for issued certificates
• Monitor for suspicious certificates
• Real-time(ish) audit trail
In itself:
• Reactive: attacker’s window of opportunity remains
• Must be actively monitored (by domain owners)
Can be used for historic lookups
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018)
ClientClient ACMECA
1 Request certificate
Client ACMECA
1 Request certificate
CTLogs
2 Check for existingcertificates
Client ACMECA
1 Request certificate
3 Respond with challengeCT
Logs
2 Check for existingcertificates
Client ACMECA
1 Request certificate
3 Respond with challengeCT
Logs4 Host challenge
at https://example.com
2 Check for existingcertificates
example.comWebserver
Client ACMECA
1 Request certificate
3 Respond with challengeCT
Logs
5Verify challenge and
existing certificate4 Host challenge
at https://example.com
2 Check for existingcertificates
example.comWebserver
!12
PREVENTIVE HTTP-BASED DOMAIN-VALIDATION
If an old certificate was found, require it to be current HTTPS certificate.
1
2
Kevin Borgolte Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates (ANRW 2018) !13
CLOUD STRIFE
• Prevents TLS certificates to be issued for takeovers
• No certificate = takeover attacks less useful (= DoS)
• Drawbacks for users only for disaster recovery • Re-bootstrap chain of trust
• ACME validation challenge draft next?
[email protected] https://kevin.borgolte.me
twitter: @caovc
Thank you!
Questions?
seclabTHE COMPUTER SECURITY GROUP AT UC SANTA BARBARA