Friday, November 1, 2024
HomeTechnologyIn-depth Analysis of Certificate Transparency - Detect Fake SSL Certificates

In-depth Analysis of Certificate Transparency – Detect Fake SSL Certificates

Published on

Malware protection

Certificate Transparency aims at increasing safety with TLS certificates. Most importantly CT was put in the place to defend mis-issuance.

Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CA, and domain users. Specifically, Certificate Transparency has three main goals:

Also Read: Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs-A Detailed Analysis

- Advertisement - SIEM as a Service

Certificate Logs

Certificate logs are simple network services that maintain cryptographically assured, publicly auditable, append-only records of certificates. Anyone can submit certificates to a log, although certificate authorities will likely be the foremost submitters.

Likewise, anyone can query a log for a cryptographic proof, which can be used to verify that the log is behaving properly or verify that a particular certificate has been logged.

The number of log servers doesn’t have to be large (say, much less than a thousand worldwide), and each could be operated independently by a CA, an ISP, or any other interested party.

Monitors

Monitors are publicly run servers that periodically contact all of the log servers and watch for suspicious certificates.

For example, monitors can tell if an illegitimate or unauthorized certificate has been issued for a domain, and they can watch for certificates that have unusual certificate extensions or strange permissions, such as certificates that have CA capabilities.

A monitor acts much the same way as a credit-reporting alert, which tells you whenever someone applies for a loan or credit card in your name. Some monitors will be run by companies and organizations, such as Google, or a bank, or a government.

Others will be run as subscription services that domain owners and certificate authorities can buy into. Tech-savvy individuals can run their own monitors.

ct1

Auditors

Auditors are lightweight software components that typically perform two functions. First, they can verify that logs are behaving correctly and are cryptographically consistent.

If a log is not behaving properly, then the log will need to explain itself or risk being shut down. Second, they can verify that a particular certificate appears in a log.
 
This is a particularly important auditing function because the Certificate Transparency framework requires that all SSL certificates be registered in a log. If a certificate has not been registered in a log, it’s a sign that the certificate is suspect, and TLS clients may refuse to connect to sites that have suspect certificates.
 

How Certificate Transparency works?

Components of Certificate Transparency 

  1. Certificate Authorities CA (Comodo, DigiCert, Verisign, Thawte)
  2. Log Servers that act as public repositories for the certificate records.
  3. The browsers of any client accepting certificates (they act as auditors)
  4. Publicly run servers that monitor newly added certificate logs to check for mis-issuances

The following occurs when a CA logs a certificate:

  1. The CA creates what is called a “pre-certificate,” which contains the SSL Certificate’s information. The CA then sends this pre-certificate to its trusted Log server.
  2. The Log server then accepts this information and returns a “signed certificate timestamp” or SCT. The SCT essentially promises to log the certificate within a certain period of time. This time frame is known as the Maximum Merge Delay or MMD—it may never exceed 24 hours.
ssl
  1. The SCT is then accepted by the CA and added to the body of the SSL Certificate (or sometimes presented by other means). The SCT’s presence is, itself, a signal that the certificate has been published in a CT log.

There are three ways for an SCT to be delivered with the SSL Certificate:

  • X509v3 Extension
  • TLS Extension
  • OCSP Stapling
ssl1

Advantages of Certificate Transparency

  • Early detection of misissued certificates, malicious certificates, and rogue CAs.
  • Faster mitigation after suspect certificates or CAs is detected.
  • Better oversight of the entire TLS/SSL system.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

10 Best Linux Distributions In 2024

The Linux Distros is generally acknowledged as the third of the holy triplet of...

Securing Your SaaS – Essential Strategies for SaaS Application Security

The rapid growth of cloud computing has made SaaS applications indispensable across industries. While...

Navigating Online Privacy: VPNs, Proxies, and Encryption in a Digital Age

In an era where personal data is the new currency, navigating online privacy has...