Chain of Fools: An Exploration of Certificate Chain Validation Mishaps
James Barclay, Nick Mooney, Olabode Anise at Black Hat Europe 2019
In this talk, we explore the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited, and how widespread usage of APIs like Android SafetyNet are in certain verticals. We also propose recommendations for both implementers and cryptographic API authors, like choosing misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#chain-of-fools-an-exploration-of-certificate-chain-validation-mishaps-17516
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#chain-of-fools-an-exploration-of-certificate-chain-validation-mishaps-17516