The document discusses man-in-the-middle (MITM) attacks on SSL/TLS connections and methods to prevent them. It describes how SSL/TLS uses certificate chains to establish trust but that corporate proxies and compromised root CAs allow for MITM. The document then presents techniques like certificate pinning and fingerprint verification that applications can use to protect against MITM attacks by validating certificates match expected values hardcoded in the app.

1. Nein, danke!
MAN IN THE MIDDLE ?
Daniel Schneller – CenterDevice GmbH

2. SSL – und alles ist gut™

3. SSL – und alles ist gut™

4. SSL – und alles ist gut™
…oder ?

5. Mac App Store

6. Mac App Store

7. Mac App Store

8. Und wo war nun SSL?

9. SSL – Chain of Trust

10. SSL – Chain of Trust

11. SSL – Chain of Trust
Root CA Certificate

12. SSL – Chain of Trust
Root CA Certificate
Intermediate CA Certificate(s)stellt aus

13. SSL – Chain of Trust
Root CA Certificate
Intermediate CA Certificate(s)
Leaf Certificate
stellt aus
stellt aus

14. SSL – Chain of Trust

15. SSL – Chain of Trust

16. SSL – Chain of Trust

17. SSL – Chain of Trust

18. SSL – Chain of Trust

19. SSL – Chain of Trust

20. Und wie viele
Root-CAs gibt es ?

21. System Roots

22. System Roots

23. System Roots
Windows 8: ~350
Mozilla: ~160
iOS 6: ~220

24. Man In The Middle?

25. Man In The Middle
[Corporate] Proxy Client

26. Man In The Middle
[Corporate] Proxy Client

27. Man In The Middle
[Corporate] Proxy Client

28. Man In The Middle
Website [Corporate] Proxy Client

29. Man In The Middle
Website [Corporate] Proxy Client

30. Man In The Middle
Website [Corporate] Proxy Client

31. Man In The Middle
Website [Corporate] Proxy Client

32. Man In The Middle

33. Man In The Middle

34. Man In The Middle

35. Man In The Middle

36. Man In The Middle

37. Man In The Middle

38. Konsequenzen
• Überwachung
• Veränderung
• Gesendete und empfangene Daten
• Chain-Of-Trust formal intakt

39. Gut und böse
• Debugging
• Reverse Engineering
• Security Audits
• Lernen undVerstehen

40. ReST Debugging

41. Gut und böse
• Phishing
• Identitätsdiebstahl
• Industriespionage
• …

42. Mac App Store

43. Mac App Store

44. Mac App Store

45. Demo 1
Video 1
Video 2

46. Gegenmaßnahmen

47. Zertifikatsvergleich

48. Zertifikatsvergleich
• Serverzertifikat in Client-App
• Vergleich mit vom Server präsentiertem
Zertifikat
• Verbindungsaufbau nur bei exakter
Übereinstimmung

49. Zertifikatsvergleich
Client AppServer

50. Zertifikatsvergleich
Client AppServer
==

51. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

52. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

53. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

54. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

55. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

56. Zertifikatsvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

57. NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];
Zertifikatsvergleich
• Schritt 2: Referenz-Zertifikat laden

58. NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];
Zertifikatsvergleich
• Schritt 2: Referenz-Zertifikat laden

59. Zertifikatsvergleich
• Schritt 2: Referenz-Zertifikat laden
NSString *refPath =
[[NSBundle mainBundle] pathForResource:@"reference"
ofType:@"der"];
NSData *refCertData =
[[NSData alloc] initWithContentsOfFile:refPath];

60. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

61. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

62. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

63. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

64. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

65. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

66. Zertifikatsvergleich
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
certificateVerified = [refCertData
isEqualToData:certData];
}
• Schritt 3: Referenzvergleich

67. Demo 2
Video

68. Fingerprintvergleich

69. Fingerprintvergleich
• Ähnlich Zertifikatsvergleich
• Vergleich des Zertifikat-Hashs mit Referenz
• Zertifikat nicht mit App ausgeliefert
• Beispiel: Apple Software Update

70. Fingerprintvergleich
Client AppServer
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash

71. Fingerprintvergleich
Client AppServer
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash

72. Fingerprintvergleich
Client AppServer
==
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766
SHA-1 Hash
1122 3344 5566
7788 9900 AABB
CCDD EEFF 9988
7766

73. Fingerprintvergleich
SecTrustResultType evaluationResult;
OSStatus status =
SecTrustEvaluate(srvTrust,
&evaluationResult);
if (status == errSecSuccess) {
if (evaluationResult == kSecTrustResultUnspecified) {
// ...
}
}
• Schritt 1: Chain-of-Trust validieren

74. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

75. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

76. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

77. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

78. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

79. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

80. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

81. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

82. Fingerprintvergleich
static NSString* const kReferenceFP = @"AC .... DC";
BOOL found = NO;
CFIndex crtCount = SecTrustGetCertificateCount(srvTrust);
for (CFIndex j = 0; j < crtCount && !found; j++) {
SecCertificateRef cert =
SecTrustGetCertificateAtIndex(srvTrust, j);
NSData* certData =
CFBridgingRelease(SecCertificateCopyData(cert));
NSString* fingerprint = [self sha1:certData];
found = [kReferenceFP isEqualToString:fingerprint]
}
• Schritt 2: Fingerprint berechnen

83. Demo 3
Video

84. Fallstricke

85. Fallstricke
• Zertifikatswechsel
• Abgelaufen
• Kompromittiert
• Frühzeitiges App-Update planen
• Altes und neues Zertifikat gleichzeitig

86. Variante

87. Variante
• Prüfung des Root-CA Zertifikats
• Trade-Off Flexibilität gegen Sicherheit
• Updates nur bei Root-CA Wechsel nötig

88. Fazit

89. Fazit
• SSL gewährleistet
• Vertraulichkeit
• Identitätsgarantie
• CA System (oft) ausreichend
• Mehr Sicherheit = Höherer Aufwand

90. Informierte
Entscheidungen treffen!

91. Links
Sample Code
• github.com/dschneller/mitm-no-thank-you
Tools
• github.com/ADVTOOLS/ADVcertificator
• github.com/ADVTOOLS/ADVTrustStore
• www.apple.com/support/iphone/enterprise
• technet.microsoft.com/en-us/library/
cc754841.aspx

92. Links
TLS Session Cache
• developer.apple.com/library/ios/#qa/qa1727
Root-CA Listen
• support.apple.com/kb/HT5012
• www.mozilla.org/projects/security/certs/included/
• social.technet.microsoft.com/wiki/contents/
articles/14215.windows-and-windows-phone-8-
ssl-root-certificate-program-member-cas.aspx
• Android: Settings–Security–Trusted Credentials
(ab 4.0)

93. Vielen Dank!

94. Fragen ?
daniel.schneller@centerdevice.de
@dschneller

95. Das war’s.Wirklich :)