Analysis of the adoption of security headers in HTTP.

With the increase in the number of threats within Web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This paper analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: Content Security Policy (CSP); Public Key Pinning Extension for HTTP (HPKP); HTTP Strict Transport Security (HSTS) and HTTP Header Field X-Frame-Options (XFO), in order to understand the impact that these options have on the most popular Web sites.The results show that, while the implementation of the parameters are increasing, they are still not implemented on many of the top sites. Along with this the paper shows the profile of adoption of Let’s Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers

Detecting and defeating advanced man-in-the-middle attacks against TLS

Sobre los derechos de acceso: Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.TLS es un bloque esencial para la construcción de redes privadas. Un aspecto crítico para la seguridad de TLS es la autenticación y el intercambio de claves, que habitualmente se realiza mediante certificados. Un intercambio inseguro de claves puede conducir a un ataque de hombre en el medio (MITM). La confianza en los certificados se consigue habitualmente gracias a la utilización de una infraestructura de clave pública (PKI), que emplea autoridades de certificación (CA) de confianza para el establecimiento de cadenas de validez de certificados. En los últimos años, han surgido una serie de problemas relacionados con el uso del PKI: lo certificados pueden ser emitidos para cualquier entidad de Internet, con independencia de la posición de la CA en el árbol jerárquico. Esto implica que un ataque exitoso contra una CA tiene el potencial de permitir la generación de certificados válidos que posibilitarán la realización de ataques de hombre en el medio. No podemos descartar la posibilidad de usos malicioso de CA intermedias para llevar a cabo ataques dirigidos mediante la emisión de certificados ad-hoc, que serían extremadamente difíciles de detectar. La infraestructura PKI actual es susceptible a este tipo de ataques, por lo que se hace necesaria la creación de nuevos mecanismos para la detección y neutralización de los mismos. El IETF y otros organismos de estandarización han lanzado distintas iniciativas para posibilitar la detección de certificados falsificados. La mayoría de estas iniciativas intentan solucionar los problemas existentes mantenimiento el modelo PKI y agregando la técnica de 'certificate pinning', que asocia certificados concretos a servidores. Estas técnicas tienen limitaciones significativas, como la necesidad de un proceso de arranque seguro, o el establecimiento de la asociación para cada host de forma individual y uno por uno. Este trabajo proporciona una evolución desde el esquema de 'pinning' realizado en el host a un esquema de 'pinning' en la red, mediante la habilitación de mecanismos para la validación de certificados cuando atraviesan una red determinada. Los certificados se clasificarán como confiables o no como resultado del cruce de información obtenida de distintas fuentes. Esto resultaría en la detección temprana de certificados sospechosos y lanzaría mecanismos para rechazar el ataque, minimizar su impacto y recopilar información sobre los atacantes. Junto con lo anterior, se podría realizar un análisis más detallado y pormenorizado.TLS is an essential building block for virtual private networks. A critical aspect for the security of TLS dialogs is authentication and key exchange, usually performed by means of certificates. An insecure key exchange can lead to a man-in-the-middle attack (MITM). Trust in certificates is generally achieved using Public Key Infrastructures (PKIs), which employ trusted certificate authorities (CAs) to establish certificate validity chains. In the last years, a number of security concerns regarding PKI usage have arisen: certificates can be issued for entities in the Internet, regardless of its position in the CA hierarchy tree. This means that successful attacks on CAs have the potential to generate valid certificates enabling man-in-the-middle attacks. The possibility of malicious use of intermediate CAs to perform targeted attacks through ad-hoc certificates cannot be neglected and are extremely difficult to detect. Current PKI infrastructure for TLS is prone to MITM attacks, and new mechanisms for detection and avoidance of those attacks are needed. IETF and other standardization bodies have launched several initiatives to enable the detection of “forged” certificates. Most of these initiatives attempt to solve the existing problems by maintaining the current PKI model and using certificate pinning, which associates certificates and servers on use. These techniques have significant limitations, such as the need of a secure bootstrap procedure, or pinning requiring some host-by-host basis. This study proposes an evolution from pinning-in-the-host to pinning-in-the-net, by enabling mechanisms to validate certificates as they travel through a given network. Certificates would be classified as trusted or not trusted as a result of cross-information obtained from different sources. This would result in early detection of suspicious certificates and would trigger mechanisms to defeat the attack; minimize its impact; and gather information on the attackers. Additionally, a more detailed and thorough analysis could be performed

On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name

Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply coarse-grained TLS configurations that support (by default) legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward Secrecy), and silently fall back to them if the server selects to. This introduces various risks including downgrade attacks such as the POODLE attack [15] that exploits the browsers silent fallback mechanism to downgrade the protocol version in order to exploit the legacy version flaws. To achieve a better balance between security and backward compatibility, we propose a mechanism for fine-grained TLS configurations in web browsers based on the sensitivity of the domain name in the HTTPS request using a whitelisting technique. That is, the browser enforces optimal TLS configurations for connections going to sensitive domains while enforcing default configurations for the rest of the connections. We demonstrate the feasibility of our proposal by implementing a proof-of-concept as a Firefox browser extension. We envision this mechanism as a built-in security feature in web browsers, e.g. a button similar to the \quotes{Bookmark} button in Firefox browsers and as a standardised HTTP header, to augment browsers security

Investigating mis-implementation of SSL libraries in android applications

Tezin basılısı İstanbul Şehir Üniversitesi Kütüphanesi'ndedir.This thesis presents our analysis of applications that are popular at the market against SSL miss-implementation. 8.882 applications analyzed and as a result 2.354 applications have at least one miss use of SSL libraries which are Custom TrustManager, Custom HostnameVeriers and WebViewClient libraries. After analysis phase we have created a proof of concept application as an Xposed framework plugin to identify vulnerabilities. Ourconclusionisthat27percentofapplicationshaveavulnerabilityfromSSLconnection stand point. The main reasons for these vulnerabilities are developer errors and third party generators or libraries. Using third party libraries can cause security bugs which leads to informations leakage or exploitation.Declaration of Authorship ii Abstract iv Öz v Acknowledgments vii List of Figures x List of Tables xi Abbreviations xii 1 Introduction 1 2 SSL & SSL Applications in Android 3 3 Application Testing Methodology 5 3.1 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.2 Static Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.3 Inspection of results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.4 Dynamic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.4.1 CERT Transparent Proxy Capture Appliance (Tapioca) . . . . . . 10 3.4.2 Nogotofail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.5 Cross Reference Traversing . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.6 Analysis and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4 Proposed Solution 13 4.1 Xposed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.2 Trust But Verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5 Development Best Practices for Security & Privacy 15 5.1 Certicate Pinning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5.2 Certicate pinning in Android . . . . . . . . . . . . . . . . . . . . . . . . . 19 5.3 Alternative Methods for Certicate Validation . . . . . . . . . . . . . . . . 20 6 Related Work 22 7 Conclusions 2 A Cross Reference Traversing 26 Bibliography

An analysis on the implementation of secure web-related protocols in portuguese city councils

The services supporting the websites, both public and private entities, may support security protocols such as HTTPS or DNSSEC. Public and private entities have a responsibility to ensure the security of their online platforms. Entities in the public domain such as city councils provide their services through their websites. However, each city council has its systems, configurations, and IT teams, and this means they have different standings regarding the security protocols supported. This paper analyzes the status of security protocols on Portuguese city council websites, specifically HTTPS and DNSSEC. The study evaluated 308 city council websites using a script developed for the research, and data was collected from the website of Direção Geral das Autarquias Locais (DGAL) on December 14, 2022, and the websites were scanned on December 22, 2022. The results of this assessment reveal that around 97% of city council websites use RSA as their encryption algorithm and around 84% use 2048-bit length keys for digital certificate signing. Furthermore, about 53% of the city council websites are still supporting outdated and potentially insecure SSL/TLS versions, and around 95% of the councils are not implementing DNSSEC in their domains. These results highlight potential areas for improvement in cybersecurity measures and can serve as a baseline to track progress toward improving cybersecurity maturity in Portuguese city councils.A41D-7428-BA6C | Jackson Barreto Costa JúniorN/

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure