Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

CP3397 ECommerce.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Lecture 23 Internet Authentication Applications

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS Spring 2001.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Public Key Infrastructure Ammar Hasayen ….

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.

Lecture 4.2: Key Distribution CS 436/636/736 Spring 2014 Nitesh Saxena.

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

The Distribution Online Vending Pilot Project Demo Testing Certificate Management Kennedy P Subramoney 23 July 2004.

CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.

Logjam: new dangers for secure protocols Dmitry Belyavskiy, TCI ENOG 9, Kazan, June 9-10, 2015.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

By Umair Ali. Dec 2004Version 1 -PKI - a security architecture – over the internet. -Provides an increased level of confidence for exchanging information.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Cryptography Readings Encryption, Decryption, & Digital Certificates.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Digital Signatures and Digital Certificates Monil Adhikari.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.

TLSSSL Transport Layer Security Secure Sockets Layer Ryan Gesler and X.509 Certificates.

TLS: avoiding dangers A presentation by Dmitry Belyavsky, TCI Business Internet Conference Kiev, Ukraine, December 2013.

Key management issues in PGP

Public-key Infrastructure

Why distributed security policy requires secure introduction

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Install AD Certificate Services

Presentation transcript:

Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013

About PKI *) *) PKI (public-key infrastructure) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

Some minor incidents 2011 One of COMODO partners issued certificates:Addons.mozilla.org, Login.live.com, Mail.google.com, Login.yahoo.com (x3), Login.skype.com Trustware issued certificate for DLP-system 2012 TurkTrust incorrect (???) issued certificate with sign rights except common

The significant case: DigiNotar 2011, June Certification Authority DigiNotar issued certificates for more than 20 sites, Google among them DigiNotar inactivity Fisrt complaint appeared on Google forum (Chrome browser contains the list of real Google sites certificates) Browsers excluded DidiNotar certificates for good The company went bankrupt

More about “DigiNotar case”

OCSP requests for the fake *.google.com certificate Source: FOX-IT, Interim Report,

NSA interference in security Source: 2013

RRISM timeline

RSA key exchange Public key Private key Premaster secret in encrypted on server public key and sent to server So it can be decrypted when the attacker gets the server private key

Perfect Forward Secrecy ALICE BOB = = = = Common Paint Secret Colours Common Secret Public Transport SSL Best Practices

If you are an end-user… Bruce Schneier: “I understand that most of this is impossible for the typical internet user” Bruce Schneier: “I understand that most of this is impossible for the typical internet user” Five pieces of advice: Hide in the network Encrypt your communications Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't Be suspicious of commercial encryption software, especially from large vendors Try to use public-domain encryption that has to be compatible with other implementations

PKI: extra trust PKI Independent source Trusted certificate DANE (RFC 6698) Limited browsers support Certificate pinning: Mozilla Certificate Patrol, Chrome cache for Google certificates Certificate transparency (RFC 6962)

Certificate Transparency: how it works Source: & Two other options

Certificate Transparency Deployment Inspired by Google (Support in Chrome announced) One of the authors - Ben Laurie (OpenSSL Founder) CA support – Comodo

Summary For today the cryptographic mechanism https is not a guarantee of safety The weakest element in the system of safety provision is HUMAN FACTOR!

Q&A Questions? Drop ‘em at: