SSL man-in-the-middle secure solution

Presented at VB2015, Sept. 30, 2015, noon (30 minutes)

More and more HTTP traffic is being encrypted (HTTPS). This increases security by preventing listening into the conversation, but it also creates a problem for security products that need access to that information as well. To address this, many security companies implement a 'man-in-the-middle' protocol, where they broker the keys from both ends of the conversation, and thus are able to inspect the content.

For some websites now - and perhaps many more in the future - the client is checking to verify that the SSL certificate is routed to the server. However, these checks will fail because the certificate returned by the security product will not match the server's domain. We see some of these failures in the field today, and more will likely follow.

The IEEE Industry Connections Security Group is working on a secure solution to this growing problem. We will show where we are, and discuss how we will move forward towards an industry solution.

Presenters:

• Igor Muttik - Intel Security   as Prof. Igor Muttik
  Prof. Igor Muttik Prof. Igor Muttik (Ph.D.) works for Intel Corporation. He started researching computer malware in the 1980s when the anti-virus industry was in its infancy. He is based in the UK and worked as a virus researcher for Dr. Solomon's Software where he later headed the anti-virus research team. From 1998 he was running McAfee's malware research in EMEA and switched to his architectural role in 2002. He was a Senior Principal Research Architect with McAfee Labs, which became part of Intel in 2011. He takes particular interest in applied security research and the design of new security software and hardware. Igor holds a Ph.D. degree in physics and mathematics from the Moscow University. He is a regular speaker at major international security conferences and is a co-author of three books, more than 100 publications and more than 25 patents.
• Righard Zwienenberg - ESET
  Righard Zwienenberg Righard J. Zwienenberg is a Senior Research Fellow at ESET, and began dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. He has been a member of CARO since late 1991, and is now President of AMTSO, Vice-President of AVAR and on the Technical Overview Board of the WildList. He is a popular speaker at industry conferences, including Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS and CFET.
• Mark Kennedy - Symantec
  Mark Kennedy Mark is a Distinguished Engineer with Symantec, where he has been for the last 24 years. Apart from his work with Symantec, Mark also serves on the Board of Directors of the AMTSO, as well as the Chairman of several IEEE committees. He has spoken at numerous conferences around the world, including several appearance at Virus Bulletin.

Links:

• https://www.virusbulletin.com/conference/vb2015/abstracts/ssl-man-middle-secure-solution

Similar Presentations:

• DEF CON 24 (2016) / Light-Weight Protocol! Serious Equipment! Critical Implications!
• Black Hat Europe 2014 / SSL Validation Checking vs. Go(ing) to Fail
• Black Hat USA 2010 / Security is Not a Four Letter Word