Anisha Raghu

What

is SSL?
signatures and SSL certificates to HTTPS

Digital

Introduction MD5

chosen-prefix collision attack on SSL

Attack Final

Thoughts

 SSL

(Secure socket Layer) is a cryptographic protocol that provide security and data integrity for communications over networks such as the internet.

 Few

of the details contained in a certificate: Web servers host name Issue and expire time Public key for the Web server
Steps

to view the certificates in your computer: Internet Explorer: Tools | Internet Options | Contents | Certificates (view) Firefox: Tools | Options | Advanced | Encryption | View Certificates (view)

 Collisions

= different messages, same hash

Chosen

prefix method allows two completely arbitrary files to have the same MD5 hash, by appending a few thousand bytes at the end of each file. of a chosen prefix collision attack

Example

 Two

certificates that have

Different Identities Different Public keys

But

have the same digital signature

Collision

of these two certificates using MD5 chosen-prefix attack.

of colliding certificates

Demo

Certification Authority distributes its CA root certificate via browser vendors to browsers.

company that wants its website to be secured, purchases a website certificate at the CA

 If

its signature can be verified with the certificate of a CA in the trust list, the website certificate will be accepted.

1a. A legitimate website certificate is obtained from a commercial CA 1b. A rogue CA certificate is constructed

 Hackers

created a rouge Certification authority using a cluster of 200 PS3s

2. A copy of the genuine website is built, put on another web server, and equipped with the rogue website certificate.

3. There exist "redirection attacks", by which the communication from the browser can be redirected to the rogue website.
Demo

1.
2. 3. 4. 5. 6. 7.

8.
9. 10.

VeriSign Inc RSA data Security Entrust.net Equifax GTE corporation IPS safeguard CA NetLock Halozatbiztonsagi kft StartCom Ltd TC trust Center for security in data networks Thawte

 Users Certification

Authorities

Browser

and Operating System vendors owners

Website

 http://www.win.tue.nl/hashclash/rogue-ca/
http://www.phreedom.org/research/rogue-

ca/
http://www.win.tue.nl/hashclash/TargetColl

idingCertificates/
http://blogs.techrepublic.com.com/network

ing/?p=776

 Colliding

X.509 Certificates, Arjen Lenstra, Xiaoyun Wang, and Benne de Weger

chosen-prefix collisions for MD5 and the creation of a rogue CA certificate, Marc Stevens, Alex Sotirov, Jake Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and Benne de Weger Collisions for MD5 and Colliding X.509 Certificates for Different Identities, Marc Stevens, Arjen Lenstra, and Benne de Weger

Short

Target