1. SSL Trust Pitfalls Prof. Ravi Sandhu

2. 2 © Ravi Sandhu 2002 THE CERTIFICATE TRIANGLE user attributepublic-key X.509 identity certificate X.509 attribute certificate SPKI certificate

3. 3 © Ravi Sandhu 2002 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

4. 4 © Ravi Sandhu 2002 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

5. 5 © Ravi Sandhu 2002 SINGLE ROOT CA MODEL Root CA abcdefghijklmnop Root CA User

6. 6 © Ravi Sandhu 2002 SINGLE ROOT CA MULTIPLE RAs MODEL Root CA abcdefghijklmnop Root CA UserRA UserRA UserRA

7. 7 © Ravi Sandhu 2002 MULTIPLE ROOT CAs MODEL Root CA abcdefghijklmnop Root CA User Root CA Root CA Root CA User Root CA User

8. 8 © Ravi Sandhu 2002 ROOT CA PLUS INTERMEDIATE CAs MODEL Z X Q A Y RST CEGIKMO abcdefghijklmnop

9. 9 © Ravi Sandhu 2002 SECURE ELECTRONIC TRANSACTIONS (SET) CA HIERARCHY Root Brand Geo-Political BankAcquirer CustomerMerchant

10. 10 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

11. 11 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

12. 12 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL X Q A R ST CEGIKMO abcdefghijklmnop

13. 13 © Ravi Sandhu 2002 MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL Essentially the model on the web today Deployed in server-side SSL mode Client-side SSL mode yet to happen

14. 14 © Ravi Sandhu 2002 SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

15. 15 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Server-side SSL Ultratrust Security Services www.host.com

16. 16 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Server-side SSL Ultratrust Security Services www.host.com Mallorys Web server BIMM Corporation www.host.com Server-side SSL

17. 17 © Ravi Sandhu 2002 SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Server-side SSL Ultratrust Security Services www.host.com Mallorys Web server Server-side SSL BIMM Corporation Ultratrust Security Services www.host.com

18. 18 © Ravi Sandhu 2002 CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Record Protocol Handshake Protocol

19. 19 © Ravi Sandhu 2002 MAN IN THE MIDDLE MASQUARADING PREVENTED Bob Web browser www.host.com Web server Client-side SSL Ultratrust Security Services www.host.com Mallorys Web server BIMM Corporation Client-side SSL Ultratrust Security Services www.host.com Client Side SSL end-to-end Ultratrust Security Services Bob BIMM Corporation Ultratrust Security Services Bob

20. 20 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Joe@anywhere Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com Ultratrust Security Services Joe@anywhere

21. 21 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com SRPC Alice@SRPC

22. 22 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Bob@PPC Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com PPC Bob@PPC

23. 23 © Ravi Sandhu 2002 ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services BIMM.com SRPC PPC Bob@PPC

24. 24 © Ravi Sandhu 2002 PKI AND TRUST Got to be very careful Not a game for amateurs Not many professionals as yet

25. 25 © Ravi Sandhu 2002 REFERENCES "An overview of PKI trust models" by Perlman, R. IEEE Network, Volume: 13 Issue: 6, Nov.-Dec. 1999 Page(s): 38-43 "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J.M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17-19 June 1998 Page(s): 306 -311. "Restricting access with certificate attributes in multiple root environments - a recipe for certificate masquerading" by Hayes, J.M. Proc. 15th Annual Computer Security Applications Conference, IEEE, 2001, Page(s): 386-390.