Android takes aim at ISP surveillance with DNS privacy | Naked Security

Android takes aim at ISP surveillance with DNS privacy; John E Dunn; In Naked Security; 2017-10-27.


  • Transport Layer Security (TLS)
  • Server Name Identification (SNI)
  • DNS-over-TLS
  • Port 853
    like Port 53, but with TLS.
  • Android, not specific to Android
  • Google DNS
  • none
  • <claim>even Google’s DNS service doesn’t support it yet.</claim>


  • DNSCurve
  • Confidential DNS
  • DNS-over-DLTS (DNSoD)
  • DNSCrypt
  • DNS-over-TLS


  • Investigatory Powers Act (IPA)
    • United Kingdom (UK)
    • commenced 2016-11
    • a.k.a. “Snooper’s Charter”




In Naked Security

Mozilla launches Project Things IoT framework on Raspberry Pi | LinuxGizmos

Mozilla launches Project Things IoT framework on Raspberry Pi; Eric Brown; In LinuxGizmos; 2017-07-07.


Mozilla Project Things is announced.
Mozilla Firefox Connect Devices project is abandoned.


  • Project Things
    • of Mozilla
    • Concept
      • a framework
      • a brand
      • a specification
    • And more
      • the theory, the Web of Things (WoT)
      • the framework, the architecture
        a meta-layer among the Great Cultures.
      • three flavors
  • Web of Things
    • specifications
    • Components
      • device
      • gateway
      • cloud
  • Things Gateway
    • Raspberry Pi
    • Software tack, shown later
  • Proprietary lock-in at the core; Internet of Things (IoT) is a “Great Cultures” system; <quote><snip>most home and industrial IoT vendors <snip/> align themselves with <snip/> IoT ecosystems pushed by a handful of the world’s largest tech companies. </quote>
    <quote>All of these stacks include proprietary technology, as well as varying degrees of more open technologies that are more or less controlled by a single company.</quote>


  • JSON
  • HTTP
  • REST
  • WebSockets
  • TLS (Transport Layer Security)


  • Web Thing API
    A Specification Proposal
    “simple” <ahem>nobody ever comes out with a “complex” specification, now do they?</ahem>
    but extensible
  • Web Thing Description, a format
  • JSON, an encoding
    a default [meaning something else could replace that?]
  • REST + WebSockets
  • Web Thing API

“Great Cultures”, a.k.a. “The Ecosystems”

The three more Linux-oriented ecosystems listed here —

  • Nest
  • Weave
  • AWS IoT
  • Greengrass

Amazon AWS IoT

  • Artik
  • Tizen
  • SmartThings

Latest Samsung Module runs Tizen RT on a Cortex M4<
>Linux-Based Smart Home Hubs Advance into AI


Something talking Apple to Apple.
Something talking Microsoft to Microsoft


  • Web Thing Description Format <ahem>like RDF, but different</ahem>
  • [A new] RESTy style Web Thing API
  • [A new] HTTP for IoT and low-function processing <ahem>MQTT</ahem>

via Ben Francis, Mozilla


of Project Things

  • device (smart node/endpoint)
  • gateway
  • cloud components
Things Devices
use a Direct Integration Pattern in the Things Framework to directly expose a WoT API
<ahem>what does this even mean?</ahem>

  • L2 is WiFi
  • L4 is TCP/IP
  • L7 is HTTP
Things Gateway
runs on gateways <ahem/> It aggregates communications from low-end or PAN networked devices.
Things Cloud
Uses a cloud server to expose a WoT API. It controls zero or more gateways and “smart” IoT devices within its domain of control.

The Prototype (Things Gateway)

  • Raspberry Pi 3 Single Board Computer (SBC)
  • Linux
  • NodeJS, JavaScript
  • Rust
    something aspirational, later

Polish: “experimental pre-release software”

Use Case

  • Discover the Gateway on the local network
  • Zero configuration (Zeroconf?) the Gateway to the Cloud
    • Choose a Web Address (a DNS name? An URL?)
    • A TLS tunnel requiring zero configuration
  • Create a username and passwordo on the Gateway
  • Discover zero or more Smart Plugs attached to the Gateway
    • ZigBee
    • Z-Wave
  • Control the Smart Plugs from the Cloud
    • on
    • off




… and brands

  • AllJoyn
  • Cortex M4
  • Iotivity
  • Personal Area Network (PAN)
  • Single Board Computer (SBC)
  • Tizen
  • Web of Things (WoT)
  • Z-Wave
  • ZigBee


  • Hyper-Text Transport Protocol (HTTP)
    The transfer of hypertext
  • JavaScript Object Notation (JSON)
  • Representational State Transfer (REST)
    The manifestation and transfer of a representation of the (internal) state of a workflow in zero or more remote applications; the workflow execitomg among the client and server(s)
  • Transport Layer Security (TLS)
  • Web Socket (WebSockets)
    Yes, everywhere except Opera


  • Ben Francis, Mozilla



In LinuxGizmos


Security Collapse in the HTTPS Market | ACM Queue

Axel Arnbak, Hadi Asghari, Michel van Eeten, Nico Van Eijk; Security Collapse in the HTTPS Market; In ACM Queue; Volume 12, issue 8; 2014-09-23
Teaser: Assessing legal and technical solutions to secure HTTPS


  • <quote> An outdated implementation, as long as the browser accepts it, appears similar to the state-of-the-art implementation.</quote>
  • SSL Pulse, a dashboard of the Trustworthy Internet Movement, 2016-03-05, commencing 2012-04-25.
  • Much of the value proposition in PKI comes from the “trust signals” (the badging) that does nothing.


  • Hypertext Transfer Protocol Secure (HTTPS)
  • Transport Layer Security (TLS)
  • Secure Sockets Layer (SSL)
  • Certificate Authority (CA)
  • Validation Levels
    • Domain Validated DV)
    • Organization Validated (OV)
    • Extended Validation (EV)


  • DigiNotar
  • Comodo
  • Verisigh
  • Trustwave


  • OpenSSL
  • Apple #gotofail
  • OpenSSL Hearbleed
  • DigiNotar
    • 2011
    • Dutch

Transparency Proposals

  • Convergence
  • Perspectives
  • DANE
  • Sovereign Keys
  • Certificate Transparency
  • Public Key Pinning
  • TACK


  • Weakest link
  • Information assymetry
  • ineffective auditing
  • Liability dumping

Mapping the Market

  • CA of GoDaddy had signed 26 percent of all valid HTTPS certificates in March 2013.
  • …other factoids…


35 references

Analyzing Forged SSL Certificates in the Wild | Huang, Ricey, Ellingseny, Jackson

Lin-Shung Huang (CMU), Alex Rice (Facebook), Erling Ellingsen (Facebook), Collin Jackson (CMU); Analyzing Forged SSL Certificates in the Wild; In Proceedings of the 35th IEEE Symposium on Security and Privacy (SP); 2014; 15 pages.


The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.


Facebook wants a kinder, gentler end for SHA-1 | The Register

Facebook wants a kinder, gentler end for SHA-1; Richard Chirgwin; In The Register; 2015-12-10.
Teaser: Graceful migration would help the other three billion

tl;dr →voiced by Alex Stamos (Facebook), they believe that SHA-1 is still useful for their shop operating abroad, downmarket in the developing world.

Original Sources


Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web | Dietz, Czeskis, Balfanz, Wallach

Michael Dietz, Alexei Czeskis, Dirk Balfanz, Dan S. Wallach; Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web; In Usenix Security; 2012; 15 pages.


Client authentication on the web has remained in the internet-equivalent of the stone ages for the last two decades. Instead of adopting modern public-key-based authentication mechanisms, we seem to be stuck with passwords and cookies.

In this paper, we propose to break this stalemate by presenting a fresh approach to public-key-based client authentication on the web. We describe a simple TLS extension that allows clients to establish strong authenticated channels with servers and to bind existing authentication tokens like HTTP cookies to such channels. This allows much of the existing infrastructure of the web to remain unchanged, while at the same time strengthening client authentication considerably against a wide range of attacks.

We implemented our system in Google Chrome and Google’s web serving infrastructure, and provide a performance evaluation of this implementation.

Serious bug causes “quite a few” HTTPS sites to reveal their private keys | Ars Technica

Serious bug causes “quite a few” HTTPS sites to reveal their private keys; ; In Ars Technica; 2015-09-04.

tl;dr → use of Chinese Remainder Theorem (CRT) sometimes causes faults to occur during the computation of an RSA signature.

Original Sources


  • Boxen Vendoren
    • Hillstone Networks
    • Alteon/Nortel
    • Viprinet
    • QNO
    • ZyXEL
    • BEJY
    • Fortinet.
  • Libraries
  • Browsers
    • Chrome
    • Firefox
  • CVE-2015-5738
    OpenSSL code library from Cavium.
  • Some of the “we found some problems, but it’s fixed now”

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS | Vanhoef, Piessens

Mathy Vanhoef, Frank Piessens; All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS; In Proceedings of the 24th USENIX Security Symposium; 2015-08-12; 16 pages; landing.


We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases in the RC4 keystream we use statistical hypothesis tests. This reveals many new biases in the initial keystream bytes, as well as several new long-term biases. Our fixed-plaintext recovery algorithms are capable of using multiple types of biases, and return a list of plaintext candidates in decreasing likelihood.

To break WPA-TKIP we introduce a method to generate a large number of identical packets. This packet is decrypted by generating its plaintext candidate list, and using redundant packet structure to prune bad candidates. From the decrypted packet we derive the TKIP MIC key, which can be used to inject and decrypt packets. In practice the attack can be executed within an hour. We also attack TLS as used by HTTPS, where we show how to decrypt a secure cookie with a success rate of 94% using 9*227 ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin’s ABSAB bias, and brute-forcing the cookie by traversing the plaintext candidates. Using our traffic generation technique, we are able to execute the attack in merely 75 hours.


Archaeological order…

RFC 7568 – Deprecating Secure Sockets Layer Version 3.0

RFC 7568Deprecating Secure Sockets Layer Version 3.0; R. Barnes, M. Thomson (Mozilla), A. Pironti (INRIA), A. Langley (Google); Internet Engineering Task Force (IETF); 2015-06.


The Secure Sockets Layer version 3.0 (SSLv3), as specified in RFC 6101, is not sufficiently secure. This document requires that SSLv3 not be used. The replacement versions, in particular, Transport Layer Security (TLS) 1.2 (RFC 5246), are considerably more secure and capable protocols.

This document updates the backward compatibility section of RFC 5246 and its predecessors to prohibit fallback to SSLv3.

The Logjam Attack: How Diffie-Hellman Fails in Practice

Logjam: How Diffie-Hellman Fails in Practice

tl;dr → server supports DHE_EXPORT ciphers; client willing to accept any directive to downgrade

Adrian et al. (14 authors); Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice; 2015-05-20; 13 pages.