Upload File

certificate authorities and ssl/tls/https€¦ · mining your ps and qs • apache ships with a...

  • Home
  • Documents
  • Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set
44
CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner [email protected] Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

Upload: others

Post on 09-Jul-2020

9 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CSE484/CSEM584:ComputerSecurityandPrivacy

CertificateAuthoritiesand

SSL/TLS/HTTPS

Fall2016

Ada(Adam)[email protected]

ThankstoFranziRoesner,DanBoneh,DieterGollmann,DanHalperin,YoshiKohno,JohnManferdelli,JohnMitchell,VitalyShmatikov,BennetYee,andmanyothersforsampleslidesandmaterials...

Page 2: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

AuthenticityofPublicKeys

11/2/16 CSE484/CSEM584-Fall2016 2

?

Problem:HowdoesAliceknowthatthepublickeyshereceivedisreallyBob’spublickey?

privatekey

AliceBob

publickey

Page 3: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Announcements

• Lab2(websecurity)willbecomingoutnextTuesday

11/2/16 CSE484/CSEM584-Fall2016 3

Page 4: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

RSAdecryption

•  Basedonfeedbackandinterest,notinlecture

•  I’veaddedaslidetolecture12’sslideswhichexplainsit(it’sslide18)

11/2/16 CSE484/CSEM584-Fall2016 4

Page 5: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

RSAdecryption

• Ontheinterestscaleof1-5…– ...someoneanswered0– ...someoneanswered6– …someoneansweredπ– …someoneanswered25

11/2/16 CSE484/CSEM584-Fall2016 5

Page 6: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Securitymindsetanecdote–MiningYourPsandQs

•  A2012studytitled“MiningyourPsandQs:DetectionofWidespreadWeakKeysinNetworkDevices”

Scannedtheentireinternettolookforweakpublickeys

11/2/16 CSE484/CSEM584-Fall2016 6

Page 7: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

MiningYourPsandQs

•  TheywereabletodeterminetheRSAprivatekeyfor0.5%ofHTTPSserversand0.03%ofSSHservers

•  How?Insufficientrandomness.0.5%ofkeyssharedaporqwithatleastoneotherkey(butnotboth).

11/2/16 CSE484/CSEM584-Fall2016 7

Page 8: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

RSACryptosystem[Rivest,Shamir,Adleman1977]

•  Keygeneration:–  Generaterandomlargeprimesp,q

•  Say,1024bitseach–  Computen=pqandϕ(n)=(p-1)(q-1)–  Choosesmalle,relativelyprimetoϕ(n)

•  Typically,e=216+1=65537–  Computeuniquedsuchthated=1modϕ(n)

•  Modularinverse:d=e-1modϕ(n)

–  Publickey=(e,n);privatekey=(d,n)•  Encryptionofm:c=memodn•  Decryptionofc:cdmodn=(me)dmodn=m

11/2/16 CSE484/CSEM584-Fall2016 8

Page 9: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Certificates

•  Public-keycertificate– Signedstatementspecifyingthekeyandidentity• sigCA(“Bob”,PKB)

11/2/16 CSE484/CSEM584-Fall2016 9

Page 10: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Threat:Man-In-The-Middle(MITM)

11/2/16 CSE484/CSEM584-Fall2016 10

Google.com

Page 11: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Youencounterthiseveryday…

11/2/16 CSE484/CSEM584-Fall2016 11

SSL/TLS:Encryption&authenticationforconnections(Moreonthislater!)

Page 12: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CertificateAuthority

•  Trustedorganizationthatverifieswhoownswhatkeysoutofbandandtellseveryoneelsewhosekeysarewhose

11/2/16 CSE484/CSEM584-Fall2016 12

Page 13: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

StrawmanCAdesign

1.  Youbrowsetowww.cs.washington.edu2.  www.cs.washington.edusendsitskeyK3.  YourbrowserasksatrustedCA:“hey,keyK

therightkeyforUWCSE?”4.  CAreplies“yes”or“no”

Whyisthisabadidea?(Q1)

11/2/16 CSE484/CSEM584-Fall2016 13

Page 14: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

RealCAdesign

•  Thinkofacertificateasacryptographicallyhard-to-forgepieceofID

11/2/16 CSE484/CSEM584-Fall2016 14

Certificateauthority

(e.g.,VerisignorLet’sEncrypt)

www.cs.washington.edu

<proofthatI’mUWCSEandPKUWCSEismykey>

sigCA(“UWCSE”,PKUWCSE)

Page 15: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ExampleCertificate

11/2/16 CSE484/CSEM584-Fall2016 15

Page 16: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ExampleCertificate

11/2/16 CSE484/CSEM584-Fall2016 16

Page 17: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

X.509Certificate

11/2/16 CSE484/CSEM584-Fall2016 17

Page 18: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

HierarchicalApproach

•  SingleCAcertifyingeverypublickeyisimpractical

•  Instead,oneormoretrustedrootauthorities–  Everybodymustknowthepublickeyforverifyingrootauthority’ssignatures

•  CAsdelegatetootherauthorities– Whathappensifrootauthorityisevercompromised?

11/2/16 CSE484/CSEM584-Fall2016 18

Page 19: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

HierarchicalApproach

•  SingleCAcertifyingeverypublickeyisimpractical•  Instead,useatrustedrootauthority–  Forexample,Verisign–  Everybodymustknowthepublickeyforverifyingroot

authority’ssignatures•  Rootauthoritysignscertificatesforlower-level

authorities,lower-levelauthoritiessigncertificatesforindividualnetworks,andsoon–  Insteadofasinglecertificate,useacertificatechain

•  sigVerisign(“AnotherCA”,PKAnotherCA),sigAnotherCA(“Alice”,PKA)

– Whathappensifrootauthorityisevercompromised?

11/2/16 CSE484/CSEM584-Fall2016 19

Page 20: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ManyChallenges…

•  CAsmakeseriousmistakes– Badsecuritypractices,badoperationalpractices

•  Revocationishard…•  Usersdon’tnoticewhenattackshappen– We’lltalkmoreaboutthislater

11/2/16 CSE484/CSEM584-Fall2016 20

Page 21: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

MiningYourPsandQs

•  Apacheshipswitha“snake-oil”certificate--anexamplecertificatefordemonstratinghowtosetupHTTPS

•  Astudyfound>85khostsontheinternet(0.66%ofallTLShostsontheinternet)activelyusingthesekeys!

•  22hostshadcertificatesusingthesekeysTHATWERESIGNEDBYACA!

11/2/16 CSE484/CSEM584-Fall2016 21

Page 22: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

11/2/16 CSE484/CSEM584-Fall2016 22

AttackingCAsSecurityofDigiNotarservers:•  Allcorecertificate

serverscontrolledbyasingleadminpassword(Pr0d@dm1n)

•  Softwareonpublic-facingserversoutofdate,unpatched

•  Noanti-virus(couldhavedetectedattack)

Page 23: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CollidingCertificates

11/2/16 CSE484/CSEM584-Fall2016 23

serialnumber

validityperiod

realcertdomainname

realcertRSAkey

X.509extensions

signatureidenticalbytes

(copiedfromrealcert)

collisionbits(computed)

chosenprefix(difference)

serialnumber

validityperiod

roguecertdomainname

???

X.509extensions

signature

setbytheCA

HashtothesameMD5value!

Validforbothcertificates!

[Sotirovetal.“RogueCertificates”]

Page 24: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ConsequencesofHackingaCA

•  Attackermakesthemselfafakecertificateforasite(say,mail.yahoo.com): fakeCert=sigCA(“Yahoo”,<attacker’skey>)

11/2/16 CSE484/CSEM584-Fall2016 24

Page 25: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Q2:Man-In-The-Middle(MITM)

11/2/16 CSE484/CSEM584-Fall2016 25

mail.yahoo.com

Page 26: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ConsequencesofHackingaCA

•  Attackermakesthemselvesafakecertificateforasite(say,mail.yahoo.com): fakeCert=sigCA(“Yahoo”,<attacker’skey>)

•  Anattackercanpretendtobeanyrealsite–  Forexample,useDNStopoisonthemappingof

mail.yahoo.comtoanIPaddress

•  …“authenticate”astherealsite•  …decryptalldatasentbyusers–  Email,phoneconversations,Webbrowsing

11/2/16 CSE484/CSEM584-Fall2016 26

Page 27: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

MoreRogueCerts

•  InJan2013,arogue*.google.comcertificatewasissuedbyanintermediateCAthatgaineditsauthorityfromtheTurkishrootCATurkTrust–  TurkTrustaccidentallyissuedintermediateCAcertsto

customerswhorequestedregularcertificates–  Ankaratransitauthorityuseditscertificatetoissueafake

*.google.comcertificateinordertofilterSSLtrafficfromitsnetwork

•  Thisrogue*.google.comcertificatewastrustedbyeverybrowserintheworld

11/2/16 CSE484/CSEM584-Fall2016 27

Page 28: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

ManyChallenges…

•  CAsmakeseriousmistakes– Badsecuritypractices,badoperationalpractices

•  Revocationishard…•  Usersdon’tnoticewhenattackshappen– We’lltalkmoreaboutthislater

11/2/16 CSE484/CSEM584-Fall2016 28

Page 29: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CertificateRevocation(Q3)

11/2/16 CSE484/CSEM584-Fall2016 29

Page 30: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CertificateRevocation

•  Revocationisveryimportant•  Manyvalidreasonstorevokeacertificate–  Privatekeycorrespondingtothecertifiedpublickeyhas

beencompromised–  UserstoppedpayingtheircertificationfeetothisCAand

CAnolongerwishestocertifyhim–  CA’sprivatekeyhasbeencompromised!

•  Expirationisaformofrevocation,too– Manydeployedsystemsdon’tbotherwithrevocation–  Re-issuanceofcertificatesisabigrevenuesourcefor

certificateauthorities

11/2/16 CSE484/CSEM584-Fall2016 30

Page 31: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

CertificateRevocationMechanisms

•  Certificaterevocationlist(CRL)–  CAperiodicallyissuesasignedlistofrevokedcertificates•  Creditcardcompaniesusedtoissuethickbooksofcanceledcreditcardnumbers

–  Canissuea“deltaCRL”containingonlyupdates•  Onlinerevocationservice– Whenacertificateispresented,recipientgoestoaspecialonlineservicetoverifywhetheritisstillvalid•  Likeamerchantdialingupthecreditcardprocessor

11/2/16 CSE484/CSEM584-Fall2016 31

Page 32: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

Keybase

•  Basicidea:–  Relyonexistingtrustofaperson’sownershipofother

accounts(e.g.,Twitter,GitHub,website)–  Eachuserpublishessignedproofstotheirlinkedaccount

https://keybase.io/

11/2/16 CSE484/CSEM584-Fall2016 32

Page 33: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

SSL/TLS

•  SecureSocketsLayerandTransportLayerSecurity–  Sameprotocol,newversion(TLSiscurrent)

•  DefactostandardforInternetsecurity–  “TheprimarygoaloftheTLSprotocolistoprovide

privacyanddataintegritybetweentwocommunicatingapplications”

•  DeployedineveryWebbrowser;alsoVoIP,paymentsystems,distributedsystems,etc.

11/2/16 CSE484/CSEM584-Fall2016 33

Page 34: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

SSL/TLS

•  TLSistypicallyusedontopofaTCPconnection

TLS

•  Canbeusedoverothertransportprotocols

11/2/16 CSE484/CSEM584-Fall2016 34

Page 35: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

TLSBasics

•  TLSconsistsoftwoprotocols–  Familiarpatternforkeyexchangeprotocols

•  Handshakeprotocol– Usepublic-keycryptographytoestablishasharedsecretkeybetweentheclientandtheserver

•  Recordprotocol– Usethesecretsymmetrickeyestablishedinthehandshakeprotocoltoprotectcommunicationbetweentheclientandtheserver

11/2/16 CSE484/CSEM584-Fall2016 35

Page 36: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

BasicHandshakeProtocol

11/2/16 CSE484/CSEM584-Fall2016 36

C

ClientHello

S

Clientannounces(inplaintext):•  Protocolversionitisrunning•  Cryptographicalgorithmsitsupports•  Fresh,randomnumber

Page 37: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

BasicHandshakeProtocol

11/2/16 CSE484/CSEM584-Fall2016 37

C

C,versionc,suitesc,Nc

ServerHello

SServerresponds(inplaintext)with:•  Highestprotocolversionsupportedby

boththeclientandtheserver•  Strongestcryptographicsuiteselected

fromthoseofferedbytheclient•  Fresh,randomnumber

Page 38: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

BasicHandshakeProtocol

11/2/16 CSE484/CSEM584-Fall2016 38

C

versions,suites,Ns,ServerKeyExchange

SServersendshispublic-keycertificatecontainingeitherhisRSA,orhisDiffie-Hellmanpublickey(dependingonchosencryptosuite)

C,versionc,suitesc,Nc

Page 39: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

BasicHandshakeProtocol

11/2/16 CSE484/CSEM584-Fall2016 39

C

versions,suites,Ns,certificate,“ServerHelloDone”

S

C,versionc,suitesc,Nc

ClientKeyExchange

Theclientgeneratessecretkeymaterialandsendsittotheserverencryptedwiththeserver’spublickey(ifusingRSA)

Page 40: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

BasicHandshakeProtocol

11/2/16 CSE484/CSEM584-Fall2016 40

C

versions,suites,Ns,certificate,“ServerHelloDone”

S

C,versionc,suitesc,Nc

{Secretc}PKsifusingRSA

switchtokeysderivedfromsecretc,Nc,Ns

CandSsharesecretkeymaterial(secretc)atthispoint

switchtokeysderivedfromsecretc,Nc,Ns

FinishedFinished

Recordofallsentandreceivedhandshakemessages

Page 41: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

“Core”SSL3.0Handshake(NotTLS)

11/2/16 CSE484/CSEM584-Fall2016 41

C

versions=3.0,suites,Ns,certificate,“ServerHelloDone”

S

C,versionc=3.0,suitesc,Nc

{Secretc}PKsifusingRSA

switchtokeysderivedfromsecretc,Nc,Ns

CandSsharesecretkeymaterial(secretc)atthispoint

switchtokeysderivedfromsecretc,Nc,Ns

FinishedFinished

Page 42: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

VersionRollbackAttack

11/2/16 CSE484/CSEM584-Fall2016 42

C

Versions=2.0,suites,Ns,certificate,“ServerHelloDone”

S

C,versionc=2.0,suitesc,Nc

{Secretc}PKsifusingRSA

CandSendupcommunicatingusingSSL2.0(weakerearlierversionoftheprotocolthat

doesnotinclude“Finished”messages)

ServerisfooledintothinkingheiscommunicatingwithaclientwhosupportsonlySSL2.0

Page 43: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

“Chosen-Protocol”Attacks

•  Whydopeoplereleasenewversionsofsecurityprotocols?Becausetheoldversiongotbroken!

•  Newversionmustbebackward-compatible–  Noteverybodyupgradesrightaway

•  Attackercanfoolsomeoneintousingtheold,brokenversionandexploitknownvulnerability–  Similar:foolvictimintousingweakcryptoalgorithms

•  Defenseishard:mustauthenticateversioninearlydesigns•  Manyprotocolshad“versionrollback”attacks

–  SSL,SSH,GSM(cellphones)

11/2/16 CSE484/CSEM584-Fall2016 43

Page 44: Certificate Authorities and SSL/TLS/HTTPS€¦ · Mining Your Ps and Qs • Apache ships with a “snake-oil” certificate --an example certificate for demonstrating how to set

VersionCheckinSSL3.0

11/2/16 CSE484/CSEM584-Fall2016 44

C

versions=3.0,suites,Ns,certificateforPKs,“ServerHelloDone”

S

C,versionc=3.0,suitesc,Nc

{versionc,secretc}PKs

CandSsharesecretkeymaterialsecretcatthispoint

“Embed”versionnumberintosecret

CheckthatreceivedversionisequaltotheversioninClientHello

switchtokeyderivedfromsecretc,Nc,Ns

switchtokeyderivedfromsecretc,Nc,Ns


HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating

ArcGIS Online: Mapping for Your Organization...ArcGIS Security Update –HTTPS Only•Esri is committed to ensuring your content is secure-TLS 1.2 implemented in 2019-HTTPS Only

Certificate Click on the certificate to view details

Copyright © 2018. Trend Micro Incorporated. All rights ... · app Protocol channel • 1: HTTP • 2: HTTPS • 3: HTTP2 • 4: FTP tlsVersion TLS version • 0: None TLS • 1:

Analysis of SSL Certificate Reissues and Revocations in the … · Revocation; Extended validation 1. INTRODUCTION Secure Sockets Layer (SSL) and Transport Layer Secu-rity (TLS)1

Mission Accomplished? HTTPS Security after DigiNotar · TLS/HTTPS Security Extensions • Certificate Transparency • HSTS (HTTP Strict Transport Security) • HPKP (HTTP Public

SSL : A Tool for Detecting TLS Certificate Validation ......SSL/TLS libraries encapsulate the core functionality of the SSL/TSL protocols, and export an API that allows a client application

ITIL® Intermediate Certificate – Operational Support ...® Intermediate Certificate – Operational Support & Analysis (OSA)* Certificate : ITIL® Intermediate Certificate-Operational

Programs Offered by College...Last Generated 2:06 pm on 01/22/2021 certificate/) certificate/) certificate/)

Do you trust that certificate? - Rabbit Slide Show · ActiveMerchant module ActiveMerchant class Connection def configure_ssl(http) return unless endpoint.scheme == "https" http.use_ssl

Dan Boneh Web security HTTPS and the Lock Icon. Dan Boneh Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly)

HTTPS Demystified!garster.github.io/p/https/slides/HTTPS.pdf · SSL and TLS Secure Socket Layer Version 1, 2 and 3. All broken, don’t use these. Transport Layer Security, same thing,

9 Imagerie - canceropole-gso.org · Mtp Mtp Bdx Tls Mtp Lim Mtp Mtp Mtp Tls ls Tls Tls Tls Tls Tls Bdx Lim Tls tp im Tls Bdx Bdx Bdx Bdx Bdx Mtp Lim Mtp Mtp Mtp Mtp Tls Tls Nîm Tls

DRL : Deep Learning-based Automated Testing of Certificate … · The Transport Layer Security (SSL) [?] and its predeces-sor Transport Layer Security (TLS) [18] protocols are the

Experiential Learning Workshop on Web Security Basics · • SSL certificate management • HTTPS deployment challenges • HO1: Deploying SSL, click thru browser warnings • HTTP

ITIL® Intermediate Certificate – Release, Control & Intermediate Certificate – Release, Control & Validation (RCV)* Certificate : ITIL® Intermediate Certificate-Release Control

Sangoma s500 VoIP Phone - Avanzada 7€¦ · ˜ TLS (Transport Layer Security) ˜ SRTP ˜ Open VPN ˜ HTTPS certi˜cate manager ˜ AES encryption for con˜guration ˜le ˜ Digest

Exploiting and Defending: Common Web Application ......Common Web Application Vulnerabilities. Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead ... HTTPS (TLS

AKUVOX SP-R53P · TFTP/FTP/HTTP/HTTPS protocols Support SRTP for voice data encryption 802.1Q VLAN, SIP over TLS Administration Features Auto provisioning: FTP/TFTP/HTTP/HTTPS/PnP

Installation & Configuration Guide Version 3 - KaplanSoft · TLS Enabled: You can use HTTPS for HotSpot login form when you enable TLS. You must select a server certificate after

CPSC 257: Information Security in the Real Worldzoo.cs.yale.edu › classes › cs257 › cs257.2016 › ln19.pdfThe security of HTTPS is that of TLS/SSL. Authentication, key exchange,

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Suricata 2.0, Netfilter and the PRC - home.regit.org · Rules and outputs compatible to Snort syntax useful logging like HTTP request log, TLS certificate log, DNS ... "Luarule";l

Innovations beyond Smart Meteringc02c31c3-… · • DLMS/COSEM (IEC 62056) for smart meter communication • ModBus TCP with OPC UA PubSub for IoT communication • HTTPS, TLS, SNMP,

Application Layer TLS / SSL · Certificate of secure.example.com Certificate of super secure TLS CA. Transport Layer Security. IAIK Basics Key protocol for secure communication HTTPS,

Sangoma s500 VoIP Phone - PbxMechanic€¦ · ˜ TLS (Transport Layer Security) ˜ SRTP ˜ Open VPN ˜ HTTPS certi˜cate manager ˜ AES encryption for con˜guration ˜le ˜ Digest

History of the TLS Authentication Gap Bug - troopers.de · History of the TLS Authentication Gap Bug Marsh Ray Steve Dispensa PhoneFactor. TCP/IP https library application code TLS

Last-Mile TLS Interception: Analysis and Observation of the Non …mmannan/student-resources/Thesi… · Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS

ITIL® Intermediate Certificate – Service Offerings ...qtnt.com/soa_flyer_qtnt_01.pdf · ITIL® Intermediate Certificate – Service Offerings & Agreements (SOA)* Certificate

Bamboozling Certificate Authorities with BGPpmittal/publications/bgp-tls...major factor in Let’s Encrypt’s decision to start deploy-ing the multiple-vantage-point countermeasure

TLS-450/TLS-450PLUS Consoles

History of the TLS Authentication Gap Bug · 2019. 9. 3. · HTTPS Login Form Password-based credentials are passed over https to the server to authenticate the client. The session

Web Security · 2020. 7. 9. · (Transport Layer Security / Secure Sockets Layer) • HTTP over TLS => HTTPS • TLS/SSL usually implemented by the server • Two common production

Why Do We Need HTTPS€¦ · •antivirus software gets update from vendor’s server •mobile apps •syncing information between smartphone and manufacturer. SSL/TLS Implementations

AWS Certificate Manager · 2020-02-12 · AWS Certificate Manager User Guide Concepts What Is AWS Certificate Manager? Welcome to the AWS Certificate Manager (ACM) service. ACM