1 / 13

Installing Fake Root Keys in a PC

Installing Fake Root Keys in a PC. Adil Alsaid and Chris J. Mitchell Information Security Group Royal Holloway, University of London. Contents. Introduction Installing Root Certificates A Practical Method for Silently Installing a Root Certificate Countermeasures. Introduction.

badrani
Download Presentation

Installing Fake Root Keys in a PC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Installing Fake Root Keys in a PC Adil Alsaid and Chris J. Mitchell Information Security Group Royal Holloway, University of London

  2. Contents • Introduction • Installing Root Certificates • A Practical Method for Silently Installing a Root Certificate • Countermeasures

  3. Introduction • The attack • Motivation

  4. Installing Root Certificates • Creating a Root Certificate • Installing Root Certificates under user control

  5. Creating a Root Certificate makecert -r -n "CN=MyRootCA, OU=MyOrganization, O=CompanyName,E=Emailaddress" -sv root.pvk root.cer

  6. User Controlled Installation

  7. User Controlled Installation

  8. User Controlled Installation

  9. General Approach to Silent Root Certificate Installation • Using standard tools • Writing directly to the root certificate store

  10. A Practical Method for Silently Installing a Root Certificate • C++ and CryptoAPI • MS Windows message system

  11. The Attack • The user executes a malicious applet • The malicious applet does the following: • Creates another running thread (Monitoring) • Makes a CryptoAPI function call to add the fake root certificates • Hides the ‘security warning’ message box by providing a positive answer • Now, the fake root certificate will be listed in the browser’s trusted root CAs list

  12. Countermeasures • Proactive or preventative measures • Users re-authentication • Root public key store access restriction • Reactive measures • Scanning tool • OCSP • Verified and user added root keys

  13. Questions?

More Related