Scribd Logo
Upload

Welcome to Scribd!

  • 71 views

    3.attacks On SSL

    Uploaded by

    Muktesh Mukul
    SSL is a cryptographic protocol that provides security for internet communications. It uses digital signatures and SSL certificates to enable HTTPS. Researchers have demonstrated attacks against the MD5 cryptographic hash function used to sign certificates, including chosen-prefix collisions. They generated two certificates with different identities but the same digital signature, showing the certificates were indistinguishable. This could allow an attacker to impersonate a trusted website through a rogue certificate. Users and software vendors need to transition to more secure alternatives to MD5 for signing certificates.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    3.attacks On SSL

    Uploaded by

    Muktesh Mukul
    71 views21 pages
    SSL is a cryptographic protocol that provides security for internet communications. It uses digital signatures and SSL certificates to enable HTTPS. Researchers have demonstrated attacks against the MD5 cryptographic hash function used to sign certificates, including chosen-prefix collisions. They generated two certificates with different identities but the same digital signature, showing the certificates were indistinguishable. This could allow an attacker to impersonate a trusted website through a rogue certificate. Users and software vendors need to transition to more secure alternatives to MD5 for signing certificates.

    Original Title

    3.Attacks on SSL

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    SSL is a cryptographic protocol that provides security for internet communications. It uses digital signatures and SSL certificates to enable HTTPS. Researchers have demonstrated attacks against the MD5 cryptographic hash function used to sign certificates, including chosen-prefix collisions. They generated two certificates with different identities but the same digital signature, showing the certificates were indistinguishable. This could allow an attacker to impersonate a trusted website through a rogue certificate. Users and software vendors need to transition to more secure alternatives to MD5 for signing certificates.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    71 views21 pages

    3.attacks On SSL

    Uploaded by

    Muktesh Mukul
    SSL is a cryptographic protocol that provides security for internet communications. It uses digital signatures and SSL certificates to enable HTTPS. Researchers have demonstrated attacks against the MD5 cryptographic hash function used to sign certificates, including chosen-prefix collisions. They generated two certificates with different identities but the same digital signature, showing the certificates were indistinguishable. This could allow an attacker to impersonate a trusted website through a rogue certificate. Users and software vendors need to transition to more secure alternatives to MD5 for signing certificates.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    You are on page 1of 21

    Anisha Raghu

    What

    is SSL?
    signatures and SSL certificates to HTTPS

    Digital

    Introduction MD5

    chosen-prefix collision attack on SSL

    Attack Final

    Thoughts

    SSL

    (Secure socket Layer) is a cryptographic protocol that provide security and data integrity for communications over networks such as the internet.

    Few

    of the details contained in a certificate: Web servers host name Issue and expire time Public key for the Web server
    Steps

    to view the certificates in your computer: Internet Explorer: Tools | Internet Options | Contents | Certificates (view) Firefox: Tools | Options | Advanced | Encryption | View Certificates (view)

    Collisions

    = different messages, same hash

    Chosen

    prefix method allows two completely arbitrary files to have the same MD5 hash, by appending a few thousand bytes at the end of each file. of a chosen prefix collision attack

    Example

    Two

    certificates that have

    Different Identities Different Public keys

    But

    have the same digital signature

    Collision

    of these two certificates using MD5 chosen-prefix attack.


    of colliding certificates

    Demo

    Certification Authority distributes its CA root certificate via browser vendors to browsers.

    company that wants its website to be secured, purchases a website certificate at the CA

    If

    its signature can be verified with the certificate of a CA in the trust list, the website certificate will be accepted.

    1a. A legitimate website certificate is obtained from a commercial CA 1b. A rogue CA certificate is constructed

    Hackers

    created a rouge Certification authority using a cluster of 200 PS3s

    2. A copy of the genuine website is built, put on another web server, and equipped with the rogue website certificate.

    3. There exist "redirection attacks", by which the communication from the browser can be redirected to the rogue website.
    Demo

    1.
    2. 3. 4. 5. 6. 7.

    8.
    9. 10.

    VeriSign Inc RSA data Security Entrust.net Equifax GTE corporation IPS safeguard CA NetLock Halozatbiztonsagi kft StartCom Ltd TC trust Center for security in data networks Thawte

    Users Certification

    Authorities

    Browser

    and Operating System vendors owners

    Website

    http://www.win.tue.nl/hashclash/rogue-ca/
    http://www.phreedom.org/research/rogue-

    ca/
    http://www.win.tue.nl/hashclash/TargetColl

    idingCertificates/
    http://blogs.techrepublic.com.com/network

    ing/?p=776

    Colliding

    X.509 Certificates, Arjen Lenstra, Xiaoyun Wang, and Benne de Weger


    chosen-prefix collisions for MD5 and the creation of a rogue CA certificate, Marc Stevens, Alex Sotirov, Jake Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and Benne de Weger Collisions for MD5 and Colliding X.509 Certificates for Different Identities, Marc Stevens, Arjen Lenstra, and Benne de Weger

    Short

    Target

    You might also like