Chain of Fools: An Exploration of Certificate Chain Validation Mishaps

Presented at Black Hat Europe 2019, Dec. 4, 2019, 11 a.m. (50 minutes).

Typically, when software needs to perform cryptographic tasks, developers use libraries or APIs that abstract many details away from them. They don't need to fully understand how TLS handshakes work to create a TLS socket, nor do they need to understand the cryptographic primitives used to encrypt SSH traffic when making SSH connections. However, some abstractions are leaky, and a better understanding is required to get things right. One example is validation of certificate chains, which is required when using APIs like Google SafetyNet or Android Protected Confirmation.

Applied cryptography can be hard even when using cryptographic libraries. For example, many cryptographic libraries make it difficult or non-obvious to properly validate certificate chains. Generally speaking, it's not because of defects in the library, but rather the difficulty of designing usable cryptographic APIs and providing clear, unambiguous documentation. There's also a lot of incorrect advice on the internet when it comes to implementing common cryptographic workflows. Advice on validating certificate chains is no exception. Oftentimes, this advice instructs the developer to (unknowingly) add untrusted intermediates as trusted roots when building certificate chains, which breaks the chain of trust. This allows an attacker to provide an otherwise valid certificate chain that chains up to a fake root, which will cause certificate chain validation to succeed when it shouldn't.

In this talk, we explore the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited, and how widespread usage of APIs like Android SafetyNet are in certain verticals. We also propose recommendations for both implementers and cryptographic API authors, like choosing misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.


Presenters:

  • James Barclay - Senior R&D Engineer, Duo Security
    James Barclay is a Senior R&D Engineer at Duo Labs, the advanced security research and analysis team at Duo Security. Prior to joining Duo, James was a Tools Engineer at Pinterest, and an IT consultant before that. He's contributed to a handful of open-source projects, is passionate about the future of authentication with WebAuthn, and has been called an Apple nerd once or twice.
  • Nick Mooney - Senior R&D Engineer, Duo Security
    Nick Mooney is a Security R&D Engineer at Duo Security as part of the Duo Labs team. Prior to arriving at Duo, Nick studied Computer Science at the University of Washington in Seattle. Outside of security research, Nick is passionate about boats, islands, and youth outdoor/wilderness education.
  • Olabode Anise - Data Scientist, Duo Security
    Olabode Anise is a Data Scientist at Duo Security where he wrangles data, prototypes data-related features, and makes pretty graphs to support engineering, product management, and marketing efforts. Prior to Duo, Olabode studied usable security at the University of Florida. When he's not at work, he spends his time exploring data involving topics such as sports analytics, relative wages and cost of living across the United States.

Links:

Similar Presentations: