Let's Attack Let's Encrypt

Presented at Black Hat USA 2021, Aug. 4, 2021, 11:20 a.m. (40 minutes)

<div><span>Following the recent off-path attacks against PKI, Let’sEncrypt deployed in 2020 domain validation from multiple vantage points to ensure security even against the stronger on-path MitM adversaries. The idea behind such distributed domain validation is that even if the adversary can hijack traffic of some vantage points, it will not be able to intercept traffic of all the vantage points to all the nameservers in a domain. </span></div><div><span><br></span></div><div><span>In this work we show that two central design issues of the distributed domain validation of Let’sEncrypt make it vulnerable to downgrade attacks: (1) the vantage points are selected from a small fixed set of vantage points, and (2) the way the vantage points select the nameservers in target domains can be manipulated by a remote adversary. We develop off-path methodologies, based on these observations, to launch downgrade attacks against Let’sEncrypt. The downgrade attacks reduce the validation with `multiple vantage points to multiple nameservers', to validation with `multiple vantage points to a single attacker-selected nameserver'. Through experimental evaluations with Let’sEncrypt and the 1M-Let’sEncrypt-certified domains, we find that our off-path attacker can successfully launch downgrade attacks against more than 24.53% of the domains, rendering Let’sEncrypt to use a single nameserver for validation with them. </span></div><div><span><br></span></div><div><span>We then develop an automated off-path attack against the `single-server'-domain validation for these 24.53% domains, to obtain fraudulent certificates for more than 107K domains, which constitute 10% of the 1M domains in our dataset.</span></div><div><span><br></span></div><div><span>We also evaluate our attacks against other major CAs and compare the security and efforts needed to launch the attacks, to those needed to launch the attacks against Let’sEncrypt. The conclusion from the evaluations is that our downgrade attacks remove any security benefits that Let’sEncrypt has over other CAs. </span></div>

Presenters:

  • Haya Shulman - Director of Cybersecurity Analytics and Defences Department, Fraunhofer Institute for Secure Information Technology SIT
    Dr. Haya Shulman is the Director of Cybersecurity Analytics and Defences department at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt, and Scientific Leader of the Fraunhofer Project Center for Cybersecurity at the Hebrew University of Jerusalem in Israel. She is also the head of the Analytics Based Cybersecurity Mission in ATHENE german national research center and is a representative for Fraunhofer SIT in ATHENE Board. Dr. Shulman established and is the leader of the Hessian-Israeli Partnership Accelerator program in Darmstadt and Jerusalem. Dr. Shulman obtained her PhD in Computer Science in 2014. Her research is focused on the applied aspects of cybersecurity, identifying weaknesses in networks and critical infrastructures and devising practical and effective countermeasures. Dr. Shulman received various awards for her work, including the German IT Sicherheitspreis and the IETF/IRTF Applied Networking Research Award.

Links:

Similar Presentations: