Certificates, SSL and ...

Slideshow. Slides are fun. Slides are good.

SSL and TLS for activist privacy

SSL Versions

Why was SSL created?

SSL Everywhere

Although SSL is most often described as a general purpose transparent network security protocol, SSL was primarily designed to secure web traffic.

It's become a ubiquitous security 'black box' that everybody assumes will provide their security needs.

There is a problem as people don't understand at all how it works, so it means people don't know when they are insecure.

SSL comes with it's own set of assumptions...


What's our threat model?

Our threat model looks different

Isn't that all a little bit ...Paranoid?

Inventati 'Crackdown'

The italian postal police became interested in discovering the identity of one of the users of Inventati mail service.

On June 15, 2004 the police with the cooperation of the Aruba web hosting facility were able to make a copy of the hard drive of the Inventati servers. In particular they were interested in recovering the SSL private key.

When the italian kids inquired about the service disruption they were told that there had been some technical problems at the facility.

One year later it came to light that the police had been capturing email traffic of all 6000 inventati email users for the last 12 months.

Wait a minute!! The cops did WHAT??

This came to light in court proceedings, the police bragged and explained about it in court.

SSL Protocol

The SSL Protocol has four main cryptographic components.

The specific algorithms are negotiated from many different possibilities

Bulk Encryption Algorithms

Symmetric Ciphers, both block and stream are supported.

Keys used are session keys derived from key exchange.


Same keys used for brute speed, you can do big blocks at a time.

MAC Digest

A checksum that is also encrypted to help ensure data recieved was that which was sent.

Messages protected from tampering by appending a keyed hash. MACs based on two hash algorithms are supported


The root certificate from CA on the machine is usually trusted by the user.

Key Exchange

Used to derive the keys for the session. Both sides need to use the same keys for encryption.

SSL supports two main key exchange algorithms:

RSA is most often used.

Cipher Suites

An example of the detail you would see from the communication with a server RSA_WITH_RC4_128_MD5:

How the inventati had their certificate taken should be learned from. They used RSA based SSL which doesn't use forward security. Diffe-Hellman does have forward security.

What is to be done?

If we have lots of RSA keys on a server, then when someone gets the private key, there is a problem. But DH is not so well supported by clients.

Can we detect forged certificates?

Traffic Analysis

Even encrypted transfer leaks info by the length of the packet, the observation of two possible end points and ...

Points for Discussion

Lunar's comment:

STAMP: MeetingNotes/SslCertificates (dernière édition le 2008-12-19 18:59:55 par anonyme)