Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Man in the Middle? - No, thank you!

Daniel Schneller
June 26, 2013
Programming
0
85

Man in the Middle? - No, thank you!

Many developers in encrypt confidential data on the way to the backend using SSL and have a false sense of security.

While SSL is suitable as a tool to ensure the confidentiality and integrity of data, it must be understood and used correctly. A publication of the University of Texas and Stanford University from October 2012 shows that some serious vulnerabilities can be overlooked, even when using renowned libraries and software packages.

Using an example iOS application the talk shows how attackers can take possession of supposedly safely transmitted data, and how this can be prevented effectively by means of SSL Certificate pinning.

First a few SSL basics and relevant attack vectors are explained, then ways to counteract them. While the example is based on iOS, the concepts can be applied to Android and other platforms, as well.

Daniel Schneller

June 26, 2013
Tweet

More Decks by Daniel Schneller

See All by Daniel Schneller
Lokalisierung für Mobile Apps
dschneller
0
26
Localizing Mobile Apps
dschneller
2
50
iOS Development for Java Developers
dschneller
1
1.8k

Other Decks in Programming

See All in Programming
ONE WEDGE_company_guide
1wedge_one
0
440
二郎系ラーメンのコールで学ぶ AST 解析
memory1994
PRO
7
1.7k
Rethinking UI building strategies @ SFI 2024
letelete
0
270
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
250
PostmanでAPIの動作確認が楽になった話
h455h1
0
160
コードレビューで学ぶ!Kotlinオブジェクト指向デザインパターン
akkie76
2
190
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
810
エンターテイメント業界で利用されるAWS
demuyan
0
210
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
200
Goのmultiple errorsについて (2024年4月版)
syumai
1
330
Netty Chicago Java User Group 2024-04-17
sullis
0
170
Snowflakeで眠ったデータを起こそう!
estie
0
110

Featured

See All Featured
Side Projects
sachag
451
41k
How GitHub (no longer) Works
holman
304
140k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
10 Git Anti Patterns You Should be Aware of
lemiorhan
647
58k
Music & Morning Musume
bryan
41
5.6k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Designing the Hi-DPI Web
ddemaree
276
33k
Raft: Consensus for Rubyists
vanstee
132
6.3k
A Philosophy of Restraint
colly
196
16k
4 Signs Your Business is Dying
shpigford
175
21k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
16
6.4k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k

Transcript

  1. No,$thank$you! MAN$IN$THE$MIDDLE$? Daniel$Schneller$–$CenterDevice$GmbH

  2. SSL$–$and$you’re$done™

  3. SSL$–$and$you’re$done™

  4. SSL$–$and$you’re$done™ …are$you?

  5. Mac$App$Store

  6. Mac$App$Store

  7. Mac$App$Store

  8. Outbank

  9. What$happened$to$SSL?

  10. SSL$–$Chain$of$Trust

  11. SSL$–$Chain$of$Trust Root$CA$Cer)ficate

  12. SSL$–$Chain$of$Trust Root$CA$Cer)ficate $Intermediate$CA$Cer)ficate(s) issues

  13. SSL$–$Chain$of$Trust Root$CA$Cer)ficate $Intermediate$CA$Cer)ficate(s) Leaf$Cer)ficate issues issues

  14. SSL$–$Chain$of$Trust

  15. SSL$–$Chain$of$Trust

  16. SSL$–$Chain$of$Trust

  17. SSL$–$Chain$of$Trust

  18. SSL$–$Chain$of$Trust

  19. SSL$–$Chain$of$Trust

  20. Just$how$many$Root$CAs$ are$there?

  21. System$Roots

  22. System$Roots

  23. System$Roots Windows$8:$~350 Mozilla:$~160 iOS$6:$~220

  24. Man$In$The$Middle?

  25. Man$In$The$Middle [Corporate]$Proxy Client

  26. Man$In$The$Middle [Corporate]$Proxy Client

  27. Man$In$The$Middle [Corporate]$Proxy Client

  28. Man$In$The$Middle Website [Corporate]$Proxy Client

  29. Man$In$The$Middle Website [Corporate]$Proxy Client

  30. Man$In$The$Middle Website [Corporate]$Proxy Client

  31. Man$In$The$Middle Website [Corporate]$Proxy Client

  32. Man$In$The$Middle

  33. Man$In$The$Middle

  34. Man$In$The$Middle

  35. Man$In$The$Middle

  36. Man$In$The$Middle

  37. Man$In$The$Middle

  38. Consequences •Monitoring •ManipulaZon •Sent$and$received$data$affected •Chain\Of\Trust$formally$verified

  39. Good$and$evil •Debugging •Reverse$Engineering •Security$Audits •Learning$and$Understanding

  40. ReST$Debugging

  41. Good$and$evil •Phishing •IdenZty$The` •Industrial$Espionage •…

  42. Mac$App$Store

  43. Mac$App$Store

  44. Mac$App$Store

  45. iTunes

  46. iTunes

  47. iTunes

  48. Demo$1 Video$1 Video$2

  49. Countermeasures

  50. Reference$CerZficates

  51. Reference$CerZficates •Client$bundles$server$cerZficate$as$a$ reference •Compare$reference$and$cerZficate$sent$by$ the$server$ •Connect$only$when$there’s$a$perfect$match

  52. Reference$CerZficates $Client$App $Server

  53. Reference$CerZficates $Client$App $Server ==

  54. Reference$CerZficates SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if (status

    == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } } •Step$1:$$Validate$Chain\of\Trust

  55. Reference$CerZficates SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if (status

    == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } } •Step$1:$$Validate$Chain\of\Trust

  56. Reference$CerZficates •Step$1:$$Validate$Chain\of\Trust SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if

    (status == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } }

  57. Reference$CerZficates •Step$1:$$Validate$Chain\of\Trust SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if

    (status == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } }

  58. Reference$CerZficates •Step$1:$$Validate$Chain\of\Trust SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if

    (status == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } }

  59. Reference$CerZficates •Step$1:$$Validate$Chain\of\Trust SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if

    (status == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } }

  60. NSString *refPath = [[NSBundle mainBundle] pathForResource:@"reference" ofType:@"der"]; NSData *refCertData =

    [[NSData alloc] initWithContentsOfFile:refPath]; Reference$CerZficates •Step$2:$Load$Reference$CerZficate

  61. NSString *refPath = [[NSBundle mainBundle] pathForResource:@"reference" ofType:@"der"]; NSData *refCertData =

    [[NSData alloc] initWithContentsOfFile:refPath]; Reference$CerZficates •Step$2:$Load$Reference$CerZficate

  62. Reference$CerZficates •Step$2:$Load$Reference$CerZficate NSString *refPath = [[NSBundle mainBundle] pathForResource:@"reference" ofType:@"der"]; NSData

    *refCertData = [[NSData alloc] initWithContentsOfFile:refPath];

  63. Reference$CerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for

    (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; } •Step$3:$Compare$cerZficates

  64. Reference$CerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for

    (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; } •Step$3:$Compare$cerZficates

  65. Reference$CerZficates •Step$3:$Compare$cerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);

    for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; }

  66. Reference$CerZficates •Step$3:$Compare$cerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);

    for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; }

  67. Reference$CerZficates •Step$3:$Compare$cerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);

    for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; }

  68. Reference$CerZficates •Step$3:$Compare$cerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);

    for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; }

  69. Reference$CerZficates •Step$3:$Compare$cerZficates BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);

    for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); found = [refCertData isEqualToData:certData]; }

  70. Demo$2 Video

  71. FingerprinZng

  72. FingerprinZng •Similar$to$Reference$CerZficate$approach •Compares$CerZficate$Fingerprint$against$ reference$value •Server$CerZficate$not$needed$in$the$client •Example:$$Apple$So`ware$Update

  73. FingerprinZng$ $Client$App $Server 1122 3344 5566 7788 9900 AABB CCDD

    EEFF 9988 7766 SHA-1 Hash

  74. FingerprinZng$ $Client$App $Server 1122 3344 5566 7788 9900 AABB CCDD

    EEFF 9988 7766 SHA-1 Hash

  75. FingerprinZng$ $Client$App $Server == 1122 3344 5566 7788 9900 AABB

    CCDD EEFF 9988 7766 SHA-1 Hash 1122 3344 5566 7788 9900 AABB CCDD EEFF 9988 7766

  76. FingerprinZng •Schrie$1:$Chain\of\Trust$validieren SecTrustResultType evaluationResult; OSStatus status = SecTrustEvaluate(srvTrust, &evaluationResult); if

    (status == errSecSuccess) { if (evaluationResult == kSecTrustResultUnspecified) { // ... } }

  77. FingerprinZng static NSString* const kReferenceFP = @"AC .... DC"; BOOL

    found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] } •Schrie$2:$Fingerprint$berechnen

  78. FingerprinZng static NSString* const kReferenceFP = @"AC .... DC"; BOOL

    found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] } •Schrie$2:$Fingerprint$berechnen

  79. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  80. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  81. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  82. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  83. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  84. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  85. FingerprinZng •Schrie$2:$Fingerprint$berechnen static NSString* const kReferenceFP = @"AC .... DC";

    BOOL found = NO; CFIndex crtCount = SecTrustGetCertificateCount(srvTrust); for (CFIndex j = 0; j < crtCount && !found; j++) { SecCertificateRef cert = SecTrustGetCertificateAtIndex(srvTrust, j); NSData* certData = CFBridgingRelease(SecCertificateCopyData(cert)); NSString* fingerprint = [self sha1:certData]; found = [kReferenceFP isEqualToString:fingerprint] }

  86. Demo$3 Video

  87. Caveats

  88. Caveats •Change$of$CerZficate •Expired •Compromised •Update$app$with$plenty$of$lead$Zme •Temporarily$accept$old$and$new$ cerZficates

  89. VariaZon

  90. VariaZon •Check$Root\CerZficate$against$reference •Trade\Off:$Flexibility$vs.$Security •Updates$only$required$when$changing$ Root\CA

  91. Conclusions

  92. Conclusions •SSL$provides •ConfidenZality$(encrypted) •AuthenZcity •CA$system$(usually)$suffiecient •More$Security$=$More$Work

  93. Make$informed$ decisions!

  94. Links Sample,Code •github.com/dschneller/mitm\no\thank\you Tools •github.com/ADVTOOLS/ADVcerZficator •github.com/ADVTOOLS/ADVTrustStore •www.apple.com/support/iphone/enterprise •technet.microso`.com/en\us/library/ cc754841.aspx

  95. Links TLS,Session,Cache •developer.apple.com/library/ios/#qa/qa1727 Root6CA,Lists •support.apple.com/kb/HT5012 •www.mozilla.org/projects/security/certs/ included/ •social.technet.microso`.com/wiki/contents/ arZcles/14215.windows\and\windows\phone\8\ ssl\root\cerZficate\program\member\cas.aspx

    •Android:$Sepngs–Security–Trusted$CredenZals

  96. Thank$you!

  97. QuesZons$? [email protected] $$$$$@dschneller

  98. That’s$all.$Really.$:)

  99. Demo$1 Standard$SSL,$ MITM$Root\CA$ not$installiert zurück