SSL Trust Pitfalls Prof. Ravi Sandhu

2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute certificate SPKI certificate

3 © Ravi Sandhu 2002 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

4 © Ravi Sandhu 2002 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

5 © Ravi Sandhu 2002 SINGLE ROOT CA MODEL Root CA abcdefghijklmnop Root CA User

6 © Ravi Sandhu 2002 SINGLE ROOT CA MULTIPLE RAs MODEL Root CA abcdefghijklmnop Root CA UserRA UserRA UserRA

7 © Ravi Sandhu 2002 MULTIPLE ROOT CAs MODEL Root CA abcdefghijklmnop Root CA User Root CA Root CA Root CA User Root CA User

8 © Ravi Sandhu 2002 ROOT CA PLUS INTERMEDIATE CAs MODEL Z X Q A Y RST CEGIKMO abcdefghijklmnop

9 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant

10 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

11 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

12 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

13 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL Essentially the model on the web today Deployed in server-side SSL mode Client-side SSL mode yet to happen

14 © Ravi Sandhu 2002 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

15 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services

16 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server BIMM Corporation Server-side SSL

17 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser Web server Server-side SSL Ultratrust Security Services Mallorys Web server Server-side SSL BIMM Corporation Ultratrust Security Services

18 © Ravi Sandhu 2002 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

19 © Ravi Sandhu 2002 MAN IN THE MIDDLE MASQUARADING PREVENTED Bob Web browser Web server Client-side SSL Ultratrust Security Services Mallorys Web server BIMM Corporation Client-side SSL Ultratrust Security Services Client Side SSL end-to-end Ultratrust Security Services Bob BIMM Corporation Ultratrust Security Services Bob

20 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com Ultratrust Security Services

21 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com SRPC

22 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com PPC

23 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com SRPC PPC

24 © Ravi Sandhu 2002 PKI AND TRUST Got to be very careful Not a game for amateurs Not many professionals as yet

25 © Ravi Sandhu 2002 REFERENCES "An overview of PKI trust models" by Perlman, R. IEEE Network, Volume: 13 Issue: 6, Nov.-Dec Page(s): "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE (WET ICE '98) June 1998 Page(s): "Restricting access with certificate attributes in multiple root environments - a recipe for certificate masquerading" by Hayes, J.M. Proc. 15th Annual Computer Security Applications Conference, IEEE, 2001, Page(s):