1 00:00:00,630 --> 00:00:03,040 It's all about certificate authorities and hate. 2 00:00:03,040 --> 00:00:11,160 T t p s s d p s relies on certificates for it and location that the site is real and the public key 3 00:00:11,160 --> 00:00:14,160 belongs to that site without a certificate. 4 00:00:14,310 --> 00:00:18,000 The security of Haiti to use doesn't work is broken. 5 00:00:18,000 --> 00:00:23,440 The problem is the whole certificate ecosystem is weak and vulnerable to attack. 6 00:00:23,580 --> 00:00:31,230 The security of HTP S is only as strong as the weakest link and in such a large ecosystem of chains 7 00:00:31,230 --> 00:00:38,580 of trust a broken link is inevitable vulnerabilities within the ecosystem could enable the creation 8 00:00:38,880 --> 00:00:40,560 of bogus certificates. 9 00:00:40,710 --> 00:00:42,610 The Everybody then trusts. 10 00:00:42,720 --> 00:00:50,730 If someone can issue a fake certificate that your browser trusts you'll have no idea that hey CPS can 11 00:00:50,730 --> 00:00:57,920 be intercepted and read the hated CPS that you associate with in the U L will still be there. 12 00:00:57,960 --> 00:01:04,230 The padlock will still appear as normal the traffic will be sent encrypted as normal and the certificate 13 00:01:04,230 --> 00:01:06,590 will look valid and everything will look fine. 14 00:01:06,810 --> 00:01:13,180 Whoever issued the fake certificate can decrypt the traffic as they know the private key. 15 00:01:13,200 --> 00:01:18,840 Let me give you some examples of how this is possible and why typically it can't be fully relied on 16 00:01:19,170 --> 00:01:20,080 and therefore hate. 17 00:01:20,200 --> 00:01:22,710 Yes can't really be fully relied on. 18 00:01:22,710 --> 00:01:29,210 Probably the most concerning is the practices of the certificat authorities and vulnerabilities. 19 00:01:29,230 --> 00:01:31,930 Jus certificate authority mistakes. 20 00:01:32,040 --> 00:01:35,290 Or if we have a look here. 21 00:01:35,640 --> 00:01:40,190 This section on the failing of certificate authorities was recorded in 2015. 22 00:01:40,260 --> 00:01:43,410 I'll provide a 20:18 update at the end. 23 00:01:43,460 --> 00:01:51,240 It is very interesting to see what I said in 2015 and the consequences of what happened by 2018. 24 00:01:51,240 --> 00:01:52,050 See the headline. 25 00:01:52,050 --> 00:01:58,600 Google issued ultimatum to Symantec over an authorized Hastey TPSAC figures. 26 00:01:58,770 --> 00:02:05,010 So what's happened here is semantic as issued certificates proclaiming to be from Google. 27 00:02:05,010 --> 00:02:12,270 Google in fact never requested those certificates and semantic is really the market leader in terms 28 00:02:12,270 --> 00:02:13,720 of typical authority. 29 00:02:13,740 --> 00:02:19,260 It's the big daddy if you like of certificate authorities these should be the guys setting the standards 30 00:02:19,450 --> 00:02:26,940 and if we scroll down a little bit go here initially Symantec said that 23 certificates were issued 31 00:02:26,940 --> 00:02:32,280 and when it means 23 certificates it means 23 certificates that shouldn't have been issued. 32 00:02:32,400 --> 00:02:38,130 But then Google has disputed this number saying it is much higher following further examination semantic 33 00:02:38,130 --> 00:02:49,350 said that there was a further 164 certificates over 76 domains and 2000 458 certificates for domains 34 00:02:49,560 --> 00:02:51,250 not even registered. 35 00:02:51,300 --> 00:02:58,350 So that's the degree of the current level of concern over the practices of certificate authorities and 36 00:02:58,350 --> 00:03:04,230 the mistakes that's typical authorities make and this is semantic supposed to be the market leader and 37 00:03:04,230 --> 00:03:06,250 this is not an isolated incident. 38 00:03:06,270 --> 00:03:14,640 If we look here we can see five months ago a separate batch of bogus difficulties that have been issued 39 00:03:15,030 --> 00:03:21,530 for several of Google's domains including which is pretty much all of Google dot com. 40 00:03:21,660 --> 00:03:28,980 See all these other Google domains they are issued by an NGO based MCSA holdings an intermediate certificate 41 00:03:28,990 --> 00:03:34,800 authority that operates under the China Internet Network Information Center. 42 00:03:34,950 --> 00:03:41,280 So you can understand the smallest Devika or authorities are likely to make mistakes and even the bigger 43 00:03:41,280 --> 00:03:47,580 certificate authorities are making mistakes and these hypocrites that would be issued or have been issued 44 00:03:48,000 --> 00:03:51,510 would have been trusted by your browser and everyone else's browser. 45 00:03:51,900 --> 00:03:54,510 So what happened by 2018. 46 00:03:54,510 --> 00:04:01,290 Symantec made repeated violations and top of those mentioned including mis issuing thirty thousand eighty 47 00:04:01,290 --> 00:04:07,710 to be a certificate while Symantec continued to go she ate with both Google and Mozilla over the sanctions 48 00:04:07,970 --> 00:04:13,510 sematic was unable to meet the security demands and ultimately had to sell the business. 49 00:04:13,510 --> 00:04:14,670 Did you see it. 50 00:04:14,850 --> 00:04:22,080 The acquisition included the planned timeline to distrust established by Google and Mozilla Firefox 51 00:04:22,080 --> 00:04:29,180 and Chrome deprecated trust in the semantics Dipika authority including semantic own brands. 52 00:04:29,220 --> 00:04:36,550 So one of the largest certificat authorities was ultimately able to securely issue certificates re-emphasizing 53 00:04:36,600 --> 00:04:44,850 my early point in 2015 that certificates and Hastey CPS cannot be fully relied upon due to the bad practices 54 00:04:44,880 --> 00:04:47,810 of certificate authorities and vulnerabilities. 55 00:04:47,810 --> 00:04:50,150 You typical authorities. 56 00:04:50,220 --> 00:04:54,400 There's also far too many trusted parties. 57 00:04:54,630 --> 00:04:58,440 Let me show you this. 58 00:04:59,110 --> 00:05:07,480 This is the tree of trust for scientific authorities and we can zoom in here and see all of the different 59 00:05:07,480 --> 00:05:09,780 troughs and trust relationships 60 00:05:14,440 --> 00:05:22,820 so civil authorities exist in about 50 something countries there's over 1400 certificate authorities 61 00:05:22,830 --> 00:05:25,560 trustable by Microsoft and Mozilla. 62 00:05:25,560 --> 00:05:31,620 Therefore Firefox you've even got it's typical authorities like the Hong Kong post office. 63 00:05:31,620 --> 00:05:33,850 This is typical authority you've got. 64 00:05:33,930 --> 00:05:41,370 You have subsidiary certificate authorities like the U.S. Department of Homeland Security and U.S. defense 65 00:05:41,370 --> 00:05:48,000 contractors who are supposed CIA's which leads onto another key witness. 66 00:05:48,000 --> 00:05:54,600 Nation states will have influence over certificat authorities if not actually be able to just issue 67 00:05:54,600 --> 00:05:58,920 certificates themselves and be able to claim to be whoever they want to be. 68 00:05:58,920 --> 00:06:06,240 Facebook Apple your bank and your browser will trust that certificate as it would be issued by a trusted 69 00:06:06,240 --> 00:06:12,060 CA or subordinate CIA that's within your browser's certificates that it trusts. 70 00:06:12,120 --> 00:06:19,940 This means the U.S. U.K. China Russia the 14 eyes they're all like to be able to issue fake certificates 71 00:06:20,010 --> 00:06:25,650 that your browser will trust and therefore be able to view Haiti CPS encrypted traffic that will look 72 00:06:25,710 --> 00:06:28,940 absolutely normal to you that they will be able to decrypt it. 73 00:06:28,950 --> 00:06:34,370 So you'll think that you have end to end encryption but not these guys can issue fake certificates than 74 00:06:34,560 --> 00:06:36,410 to be it's completely broken. 75 00:06:36,420 --> 00:06:42,030 Something else of concern is the X5 09 standard for certificates themselves. 76 00:06:42,030 --> 00:06:47,710 This is pretty poorly designed and it's just too flexible in the writing of the standard. 77 00:06:47,760 --> 00:06:53,970 Somebody accidentally copied and pasted the wrong thing and they ended up missing out parts of the standard 78 00:06:53,970 --> 00:06:55,190 that was supposed to be in there. 79 00:06:55,200 --> 00:07:00,210 So you ended up having a standard and then there's the things that should be in it that weren't in the 80 00:07:00,210 --> 00:07:00,800 standard. 81 00:07:00,810 --> 00:07:06,470 There was a complete disaster and you can have vulnerabilities in the process of getting certificates. 82 00:07:06,480 --> 00:07:11,880 An example of that was no bite poisoning where you were able to get certificates for domains that you 83 00:07:11,880 --> 00:07:12,660 didn't own. 84 00:07:12,690 --> 00:07:18,780 A nation states will definitely be working on discovering new vulnerabilities to subvert the process 85 00:07:18,780 --> 00:07:20,180 of getting certificates. 86 00:07:20,190 --> 00:07:25,680 So if they don't have new ways of doing that now they certainly will have potentially new ways in the 87 00:07:25,680 --> 00:07:26,520 future. 88 00:07:26,520 --> 00:07:32,210 And if you have a bogus certificate there's even free tools available you can use in order to insert 89 00:07:32,220 --> 00:07:32,730 that. 90 00:07:32,730 --> 00:07:34,740 So here we are SSL sniff. 91 00:07:35,010 --> 00:07:40,080 So this was originally developed because of a weakness that was found in Internet Explorer but this 92 00:07:40,080 --> 00:07:44,550 tool could be used to insert a different certificate if you were sat in the middle. 93 00:07:44,700 --> 00:07:50,430 Obviously if you're a nation state you have your own version of this software where you can insert your 94 00:07:50,430 --> 00:07:52,740 own certificate into the traffic. 95 00:07:52,770 --> 00:07:58,350 And as you can see it says it is designed to map in the middle SSL connections on a LAN and dynamically 96 00:07:58,350 --> 00:08:02,960 generates for the domains that are being accessed on the fly. 97 00:08:03,000 --> 00:08:08,430 The new certificates are constructed in a certificate chain that is signed by any certificate that you 98 00:08:08,430 --> 00:08:09,260 provide. 99 00:08:09,450 --> 00:08:15,950 So what are ways to help prevent bogus certificates and therefore your traffic being decrypted. 100 00:08:16,020 --> 00:08:23,470 Well you can reduce the number of certificates that you actually trust trigger here auctions. 101 00:08:25,010 --> 00:08:32,140 Tranced certificates these certificates you can see the hundreds of certificates here that you actually 102 00:08:32,140 --> 00:08:33,580 trust. 103 00:08:33,580 --> 00:08:38,670 Now you can remove certificates that you feel are just not necessary. 104 00:08:38,710 --> 00:08:45,430 What you'll find is that probably 95 percent of the places that you go only need a very small number 105 00:08:45,430 --> 00:08:46,520 of certificates. 106 00:08:46,750 --> 00:08:51,340 So if reducing the number of certificates is something that interests you I suggest this is something 107 00:08:51,340 --> 00:08:53,500 you can google and have a look around. 108 00:08:53,500 --> 00:08:56,750 Have a play around with removing certificates. 109 00:08:56,920 --> 00:08:58,530 Obviously what's going to happen. 110 00:08:58,600 --> 00:09:04,510 Is he going to come across sites that have a certificate chain is difficult that you may have deleted 111 00:09:04,630 --> 00:09:06,310 that's something you really have to play around with. 112 00:09:06,310 --> 00:09:14,570 It depends what sites you go to as close that and other thing you can do is you can watch for changes 113 00:09:14,690 --> 00:09:17,510 in the certificates for the sites that you use. 114 00:09:17,510 --> 00:09:21,520 So you can see here there's an add on for Firefox call certificate patrol. 115 00:09:21,650 --> 00:09:26,930 Your browser has many certification authorities an intermediate civil authorities quietly. 116 00:09:26,930 --> 00:09:34,200 Every time you enter and hasty CPS Web site this add on reveals when certificates are updated. 117 00:09:34,280 --> 00:09:37,920 So you can ensure it was a legitimate change. 118 00:09:37,940 --> 00:09:45,680 Let me go down here and you may or may not be able to see that but what it will show you is the fingerprint 119 00:09:45,740 --> 00:09:49,270 of what it used to be for the certificate. 120 00:09:49,460 --> 00:09:52,820 And what is the fingerprint is for the current certificate. 121 00:09:52,820 --> 00:09:56,990 Now this may seem on the surface to be a good idea right. 122 00:09:56,990 --> 00:09:59,410 Problem is not practical. 123 00:09:59,570 --> 00:10:01,650 Certificates are changed all the time. 124 00:10:01,790 --> 00:10:06,560 So you're going to get these pop up all the time and you are not going to know whether or not this tific 125 00:10:06,660 --> 00:10:08,640 is genuine or not genuine. 126 00:10:08,930 --> 00:10:14,060 I mean you can get clues because perhaps if they change the authority that they use so they move from 127 00:10:14,060 --> 00:10:20,940 say Symantec to the Hong Kong post office they know that that's that's a clue that something is wrong. 128 00:10:21,440 --> 00:10:27,230 These things if you install this extension you'll see you get these pop up all the time so it becomes 129 00:10:27,290 --> 00:10:31,990 pretty you on practical clothes that. 130 00:10:32,240 --> 00:10:38,600 Now there's another option if you are the server owner or if you have some sort of relationship with 131 00:10:38,600 --> 00:10:44,590 what you're connecting to you're able to do what's called certificate pinning and what that is is as 132 00:10:44,630 --> 00:10:53,180 it says here is pinning is a process of so chasing a host with their expected x 5 0 9 certificate or 133 00:10:53,180 --> 00:10:54,920 public key. 134 00:10:54,960 --> 00:11:01,640 There's varying methods of saying I will only accept one specific public key. 135 00:11:01,640 --> 00:11:05,960 So for example you could tie it to a fingerprint or hash. 136 00:11:05,960 --> 00:11:09,210 So then if somebody actually changes it it won't work. 137 00:11:09,440 --> 00:11:15,650 If you use online banking apps for example because I was a security architect for a number of the banking 138 00:11:15,650 --> 00:11:21,620 apps in the UK one of the security methods there is that you pin the certificates because your banking 139 00:11:21,620 --> 00:11:23,470 app doesn't need to go to lots of sites. 140 00:11:23,480 --> 00:11:31,840 You can say just only allow this one public certificate or a number of problems because their first 141 00:11:31,970 --> 00:11:34,550 money in the middle tries to change their certificates. 142 00:11:34,730 --> 00:11:40,160 It won't work because you Pindi it only those public keys and certificate printing works for more than 143 00:11:40,160 --> 00:11:48,620 just Haiti DPF it can work for VPN and SSL and TLR and other protocols that you use with those. 144 00:11:48,620 --> 00:11:52,310 Another method is to be anonymous in the first place. 145 00:11:52,310 --> 00:11:58,730 So if you're concerned about somebody reading your traffic then if you're anonymous they won't be able 146 00:11:58,730 --> 00:12:03,050 to tribute that traffic to you even if they can read it. 147 00:12:03,110 --> 00:12:04,590 If this makes sense. 148 00:12:04,640 --> 00:12:11,360 So for example if you are using an anonymizing method so perhaps a VPN or Tor or something like that 149 00:12:11,630 --> 00:12:16,790 if they then issue a fake certificate and are able to read it they may not then be able to associate 150 00:12:16,790 --> 00:12:17,880 that back to you. 151 00:12:17,880 --> 00:12:23,180 It all depends on whether or not you care about them reading the data or you care about them associating 152 00:12:23,180 --> 00:12:24,300 that data to you. 153 00:12:24,310 --> 00:12:31,730 Being anonymous is another method and you can also use VPN is to get a VPN which only protects you so 154 00:12:31,730 --> 00:12:32,370 more. 155 00:12:32,540 --> 00:12:35,090 So here we have a diagram showing a VPN. 156 00:12:35,090 --> 00:12:39,130 You've got a VPN to this VPN Terminator here. 157 00:12:39,170 --> 00:12:44,340 And within that VPN tunnel this hasty CPS using SSL NTFS. 158 00:12:44,430 --> 00:12:52,040 And then after it reaches the VPN Terminator the traffic comes out as Hastey t p s only if you've got 159 00:12:52,040 --> 00:12:58,460 an attacker that is only able to get in the middle here is going to prevent them from being able to 160 00:12:58,460 --> 00:12:59,830 change the certificate. 161 00:13:00,140 --> 00:13:04,720 If they can get to the traffic here and obviously they can change the certificate. 162 00:13:04,760 --> 00:13:06,470 An example where this might be useful. 163 00:13:06,470 --> 00:13:13,220 So say you're in China you care about the Chinese government swapping out a fake certificate what you 164 00:13:13,220 --> 00:13:20,390 can do is you can VPN out of China and then connect to your server again which will need to be out of 165 00:13:20,390 --> 00:13:25,370 China and then you can more guarantee that your connection is end to end secure. 166 00:13:25,490 --> 00:13:30,830 Because you know that they've not been able to change is difficult while it's been in China. 167 00:13:30,830 --> 00:13:35,870 Now if you want to connect to a server that's within the domain of influence of your threat agent and 168 00:13:35,870 --> 00:13:42,950 even a VPN can be a problem because once you break out of the vpn then they can decrypt traffic so that 169 00:13:42,950 --> 00:13:49,820 certificate authorities and hayseed CPS and the issues that you have with them your main line of defense 170 00:13:49,910 --> 00:13:51,970 is to have defense in depth. 171 00:13:52,010 --> 00:13:59,390 You use multiple controls in order to minimize the risk and a control here being the the VPN and you 172 00:13:59,390 --> 00:14:05,000 would add additional controls depending on your level of security your privacy need those controls which 173 00:14:05,000 --> 00:14:07,310 we can to go through as part of the course.