Using BGP for TLS Certificate Acquisition

Digital certificates serve as the root of trust online, but BGP attacks can compromise this trust, leading to interception. Learn about domain control verification and countermeasures.

• BGP attacks
• TLS certificates
• Domain control
• Interception
• Countermeasures

aaliah Follow

Uploaded on Feb 17, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Using BGP to Acquire Bogus TLS Certificates Henry Birge-Lee, Yixin Sun, Annie Edmundson, Jennifer Rexford, Prateek Mittal

2. Digital certificates as a root of trust Root of trust on the internet Bootstraps trust on first time connections The keys to all web encryption Trusted Root Certificate Domain of website certificate is valid for The chain of trust validating the public key for fed.princeton.edu

3. Digital certificates as a root of trust Root of trust on the internet Bootstraps trust on first time connections The keys to all web encryption BGP attacks compromise this root of trust Trusted Root Certificate Domain of website certificate is valid for The chain of trust validating the public key for fed.princeton.edu

4. Overview Domain control validation BGP Attacks Launching an Interception Attack Countermeasures Takeaways

5. Domain Control Verification Server at example.com Certificate Authority Owner of example.com

6. Domain Control Verification Server at example.com Certificate Authority Owner of example.com

7. Domain Control Verification Server at example.com Server modifications Certificate Authority Owner of example.com

8. Domain Control Verification Server at example.com Certificate Authority Owner of example.com

9. Domain Control Verification Server at example.com Certificate Authority Owner of example.com

10. Where BGP Comes In Server at example.com If an adversary sees this request they can get a certificate Certificate Authority Owner of example.com

11. Overview Domain control validation BGP Attacks Launching an Interception Attack Countermeasures Takeaways

12. Original BGP route to victim AS 1 AS containing exmaple.com Certificate Authority AS 2 AS 3 AS 4 Adversary

13. Original BGP route to victim I own 2.2.2.2/23 AS 1 AS containing exmaple.com Certificate Authority AS 2 AS 3 AS 4 Adversary

14. BGP route to victim under attack I own 2.2.2.2/23 AS 1 AS containing exmaple.com Certificate Authority AS 2 AS 3 AS 4 I own 2.2.2.2/24 Adversary

15. BGP route to victim under attack I own 2.2.2.2/23 AS 1 AS containing exmaple.com goes to adversary Certificate Authority HTTP GET example.com/verify.html AS 2 AS 3 AS 4 I own 2.2.2.2/24 Adversary

16. BGP route to victim under attack I own 2.2.2.2/23 AS 1 AS containing exmaple.com exmaple.com AS containing Routers prefer more specific announcements Certificate Authority Everyone sees announcements AS 2 AS 3 AS 4 Connectivity Broken Not very stealthy I own 2.2.2.2/24 Adversary

17. A local (equally-specific prefix) attack I own 2.2.2.2/23 AS 5 AS 1 AS containing exmaple.com AS 3 AS 4 Certificate Authority I own 2.2.2.2/23 Adversary A. Gavrichenkov. Breaking HTTPS with BGPhijacking. Black Hat USA Briefings, 2015

18. A local (equally-specific prefix) attack I own 2.2.2.2/23 AS 5 AS 1 AS containing exmaple.com Unaffected portion Intercepted portion AS 3 AS 4 Certificate Authority I own 2.2.2.2/23 Adversary A. Gavrichenkov. Breaking HTTPS with BGPhijacking. Black Hat USA Briefings, 2015

19. A local (equally-specific prefix) attack I own 2.2.2.2/23 AS 5 AS 1 AS containing exmaple.com Equally specific announcements compete for traffic Announcement localized AS 3 AS 4 Local broken connectivity Certificate Authority Potentially stealthy I own 2.2.2.2/23 Adversary A. Gavrichenkov. Breaking HTTPS with BGPhijacking. Black Hat USA Briefings, 2015

20. A local (equally-specific prefix) attack I own 2.2.2.2/23 AS 1 AS containing exmaple.com Equally specific announcements compete for traffic Certificate Authority Announcement localized AS 2 AS 3 AS 4 Local broken connectivity Potentially stealthy Not all ASes can perform I own 2.2.2.2/23 Adversary A. Gavrichenkov. Breaking HTTPS with BGPhijacking. Black Hat USA Briefings, 2015

21. AS path poisoning I own 2.2.2.2/23 AS 1 AS containing exmaple.com Certificate Authority AS 2 AS 3 AS 4 I can get to 2.2.2.2/24 through AS 4 Adversary

22. AS path poisoning I own 2.2.2.2/23 AS 1 Everyone sees announcement but looks less suspicious AS containing exmaple.com Certificate Authority Connectivity preserved AS 2 AS 3 AS 4 Almost any AS can perform Very stealthy I can get to 2.2.2.2/24 through AS 4 Perfect setup to intercept traffic with certificate Adversary

23. Overview Domain control validation BGP Attacks Launching an Interception Attack Countermeasures Takeaways

24. Experimental Setup Control IP block 184.164.226.0/23 Set up victim website https://ctgen2.tkwith valid certificate Ran ping and HTTPS clients Established BGP sessions from adversarial AS

25. Demonstration: Launching an Interception Attack Interception demo v2.mov

26. Results from real world attacks GoDaddy Comodo Symantec GlobalSign Let s Encrypt Time to issue certificate 35 seconds < 2 min < 2 min < 2 min < 2 min Human interaction No No No No No Multiple Vantage Points No No No No No Validation Method Attacked HTTP HTTP Email Email Email

27. Results from real world attacks GoDaddy Comodo Symantec GlobalSign Let s Encrypt Time to issue certificate 35 seconds < 2 min < 2 min < 2 min < 2 min Human interaction No No No No No All studied CAs were vulnerable Multiple Vantage Points No No No No No Validation Method Attacked HTTP HTTP Email Email Email

28. Overview Domain control validation BGP Attacks Launching an Interception Attack Countermeasures Takeaways

29. Countermeasures Fix the problem at the CA n(clients) >> n(websites) >> n(CAs) Multiple vantage points: make announcement global Route age: give network operators time to respond Engaging with Let s Encrypt and Symantec Developing open source implementation

30. Overview Domain control validation BGP Attacks launching an Interception Attack Countermeasures Takeaways

31. Takeaways Digital certificates are the foundation of secure internet communications Almost any BGP speaking router can get a certificate for any domain Adversary could begin intercepting TLS connections in 35 seconds CAs must implement countermeasures soon BGPsec just as important in the world of PKI/TLS

32. Questions?