Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013.

Published byElliot Kinn Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013."— Presentation transcript:

1 Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013

2 About PKI *) *) PKI (public-key infrastructure) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

3 Some minor incidents 2011 One of COMODO partners issued certificates:Addons.mozilla.org, Login.live.com, Mail.google.com, www.google.com, Login.yahoo.com (x3), Login.skype.com Trustware issued certificate for DLP-system 2012 TurkTrust incorrect (???) issued certificate with sign rights except common

4 The significant case: DigiNotar 2011, June Certification Authority DigiNotar issued certificates for more than 20 sites, Google among them DigiNotar inactivity Fisrt complaint appeared on Google forum (Chrome browser contains the list of real Google sites certificates) Browsers excluded DidiNotar certificates for good The company went bankrupt

5 More about “DigiNotar case”

6 OCSP requests for the fake *.google.com certificate Source: FOX-IT, Interim Report, http://cryptome.org/0005/diginotar-insec.pdfhttp://cryptome.org/0005/diginotar-insec.pdf

7 NSA interference in security Source:http://xkcd.com/538/http://xkcd.com/538/ 2013

8 RRISM timeline

9 RSA key exchange Public key Private key Premaster secret in encrypted on server public key and sent to server So it can be decrypted when the attacker gets the server private key

10 Perfect Forward Secrecy ALICE BOB + + + + = = = = Common Paint Secret Colours Common Secret Public Transport SSL Best Practices https://www.ssllabs.com/projects/best-practices/

11 If you are an end-user… Bruce Schneier: “I understand that most of this is impossible for the typical internet user” Bruce Schneier: “I understand that most of this is impossible for the typical internet user” Five pieces of advice: Hide in the network Encrypt your communications Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't Be suspicious of commercial encryption software, especially from large vendors Try to use public-domain encryption that has to be compatible with other implementations

12 PKI: extra trust PKI Independent source Trusted certificate DANE (RFC 6698) Limited browsers support Certificate pinning: Mozilla Certificate Patrol, Chrome cache for Google certificates Certificate transparency (RFC 6962)

13 Certificate Transparency: how it works Source: http://www.certificate-transparency.orghttp://www.certificate-transparency.org & Two other options

14 Certificate Transparency Deployment Inspired by Google (Support in Chrome announced) One of the authors - Ben Laurie (OpenSSL Founder) CA support – Comodo

15 Summary For today the cryptographic mechanism https is not a guarantee of safety The weakest element in the system of safety provision is HUMAN FACTOR!

16 Q&A Questions? Drop ‘em at: beldmit@tcinet.ru

Download ppt "Security in Internet: what is it now? A presentation by Dmitry Belyavsky, TCI ENOG 6 / RIPE NCC Regional Meeting Kiev, Ukraine, October 2013."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS5891-01 Spring 2001.

Trust and the Public Key Infrastructure (PKI) Sangyoon Oh Florida State University Computer Security Projects GS Spring 2001.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google