Basics of ssl
-
Upload
nu-the-open-security-community -
Category
Education
-
view
1.497 -
download
1
description
Transcript of Basics of ssl
BASICS OF
SSL
AGENDA
• SSL Evolution
• SSL Handshakes
• Man in the Middle: Proxy Tools, SSLStrip
• Recent Attacks on SSL
• Security guidelines while configuring SSL
SSL EVOLUTION
• SSL 1.0 : Developed by Netscape. Never publicly released
• SSL 2.0 : Released by Netscape in 1995. Contained lot of security flaws.
• SSL 3.0 : Released by Netscape in 1996. Complete redesign of the protocol.
Newer versions of SSL/TLS are based on SSL 3.0.
• TLS 1.0 : RFC 2246 published by IETF in 1999. Nearly same as SSL 3.0
• TLS 1.1 : RFC 4346 published by IETF in 2006. Protection against CBC
attacks (BEAST attack) added.
• TLS 1.2 : RFC 5246 published by IETF in 2008. Adds Elliptic Curve
CipherSuites to TLS. Removed DES, RC2 and IDEA CipherSuites.
SHA-256 hashing used.
• TLS_RSA_WITH_RC4_128_MD5
• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
SSL HANDSHAKES – CIPHERSUITES
SSL HANDSHAKES – RECORD LAYER HEADER
SSL RECORD LAYER
Figure from William Stalling‟s article on “SSL: Foundation for Web Security” (http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html)
SSL HANDSHAKES
SSL HANDSHAKES IN WIRESHARK
SSL HANDSHAKES – CLIENT HELLO
SSL HANDSHAKES – CLIENT HELLO
SSL HANDSHAKES - SERVER HELLO
SSL HANDSHAKES – SERVER HELLO
SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE
SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE
SSL HANDSHAKES - CLIENT KEY EXCHANGE
SSL HANDSHAKES – CLIENT KEY EXCHANGE
SSL HANDSHAKES – KEY GENERATION
SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED
SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED
SSL APPLICATION DATA
SSL APPLICATION DATA
MAN IN THE MIDDLE – PROXY TOOL
MAN IN THE MIDDLE – PROXY TOOL
MAN IN THE MIDDLE - WEBSCARAB, ZAP, BURP, CHARLES
MAN IN THE MIDDLE – SSLSTRIP (BEFORE)
MAN IN THE MIDDLE – SSLSTRIP
MAN IN THE MIDDLE – SSLSTRIP (AFTER)
MAN IN THE MIDDLE – SSLSTRIP (AFTER)
MAN IN THE MIDDLE - SSLSTRIP
• Header could be set in the response as below:
response.setHeader("Strict-Transport-Security", "max-age=31536000;
includeSubdomains");
=> Tells that the domain and its subdomains should always be on
HTTPS till a period of 12 months (31536000 seconds)
• The browser caches this information, and always connects to the
domain/subdomain on HTTPS
• Counter of 12 months is reset every time the browser gets a page with this
header from the domain.
• Setting this header also throws an error if SSL certificate is untrusted or
erroneous, instead of showing a warning that user can override. This adds to
the security and prevents hacker from intercepting the SSL requests and
seeing the SSL packets in clear using the proxy tools like WebScarab.
MAN IN THE MIDDLE – SOLUTION – HSTS (HTTP STRICT
TRANSPORT SECURITY)
• BEAST ATTACK
• LUCKY 13 ATTACK
• CRIME ATTACK
• RC4 ATTACK
RECENT ATTACKS ON SSL
• Configure all three protocols: TLS 1.0, 1.1 & 1.2
• Choose a strong and secure CipherSuite
• Certificate to be signed by Trusted CA like Verisign.
• Don‟t configure wild card certificates
• Ensure session cookies have “secure=true” flag set, so that it is
transmitted only over SSL.
• Ensure HSTS header is set for the domain and subdomains.
• Run the server through https://www.ssllabs.com/ssltest/ and fix
any issues identified.
SECURITY GUIDELINES WHILE CONFIGURING SSL ON
SERVERS
SECURITY CONSIDERATION WHILE CONFIGURING SSL ON
SERVERS
SECURITY CONSIDERATION WHILE CONFIGURING SSL ON
SERVERS
SSL EVOLUTION
Figure from Wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security)
BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
• Same key used for encryption and Decryption
• Algorithms are Fast, but Sharing the key is a challenge.
• Stream Cipher : RC4_128
• Block Ciphers : AES_128_CBC, AES_256_CBC,
3DES_EDE_CBC
BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION Cipher Block Chaining (CBC) Mode
Figure from Wikipedia (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)
Public Key Encryption
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Public Key Encryption • 2 separate keys used: Public key and Private key
• Sender uses Public key (of the receiver) for Encrypting the
message.
• Receiver uses his Private key for Decrypting the message.
• X509 Certificates are carrier of public key, which is shared.
• Private key is kept secret and is never shared.
• Algorithms are slower compared to symmetric.
• Algorithms: RSA, Diffie–Hellman, Elliptic curve
Digital Signature
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Digital Signature • Sender generates Hash of the message and then encrypts the
Hash with his Private Key, which is the Digital Signature
• Signature is appended to the message and sent to the Receiver.
• Receiver reads the Signature and decrypts it with Public Key (of
the Sender) to obtain the hash.
• Receiver generates the hash of the message and compares the
generated hash with that of hash obtained by decrypting
Signature.
• Signature Algorithms: Sha1withRSA, MD5withRSA
X509 Certificate BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
X509 Certificate Entries
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
X509 Certificate Extensions
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Obtaining CA Signed Certificate
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
Certificate Chaining
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
SSL HANDSHAKES – PRF (PSEUDO RANDOM FUNCTION)
SSL HANDSHAKES – PFS (PERFECT FORWARD SECRECY)
• Prime Numbers shared between Alice and Bob – p, g
• Secret number chosen by Alice - a
• Secret number chosen by Bob – b
• Shared Secret - s
SSL HANDSHAKES – PFS – DIFFIE-HELLMAN KEY EXCHANGE
Figure from Wikipedia (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)
SSL HANDSHAKES – 2 WAY SSL
SSL HANDSHAKES – SSL RESUMPTION
SSL HANDSHAKES – SSL RESUMPTION
SSL HANDSHAKES – SSL RENEGOTIATION
• Developed by Moxie Marlinspike
• SSLStrip capable of logging packets in clear from SSL enabled sites including login credentials passed to the site.
• Running SSLStrip (available in BackTrack):
-> sslstrip -l 10000
-> tail –f sslstrip.log
=> Configure browser of any system to redirect the packets through BackTrack (port 10000). Alternatively you could try arpspoof command to convince a host that our MAC address is the router‟s MAC address.
• Details in http://www.thoughtcrime.org/software/sslstrip/.
MAN IN THE MIDDLE – SSLSTRIP
• Developed by Moxie Marlinspike
• Originally written to demonstrate IE„s vulnerability to "basicConstraints" extn - Microsoft fixed this vulnerability.
• Currently can be used as a proxy tool to see SSL traffic in clear. The tool generates certs for the domain being accessed on the fly.
• SSLSniff also to demonstrate Null-Prefix attacks and OCSP attacks.
• Supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons.
• More Info: http://www.thoughtcrime.org/software/sslsniff
MAN IN THE MIDDLE - SSLSNIFF