BASICS OF

SSL

AGENDA

• SSL Evolution

• SSL Handshakes

• Man in the Middle: Proxy Tools, SSLStrip

• Recent Attacks on SSL

• Security guidelines while configuring SSL

SSL EVOLUTION

• SSL 1.0 : Developed by Netscape. Never publicly released

• SSL 2.0 : Released by Netscape in 1995. Contained lot of security flaws.

• SSL 3.0 : Released by Netscape in 1996. Complete redesign of the protocol.

Newer versions of SSL/TLS are based on SSL 3.0.

• TLS 1.0 : RFC 2246 published by IETF in 1999. Nearly same as SSL 3.0

• TLS 1.1 : RFC 4346 published by IETF in 2006. Protection against CBC

attacks (BEAST attack) added.

• TLS 1.2 : RFC 5246 published by IETF in 2008. Adds Elliptic Curve

CipherSuites to TLS. Removed DES, RC2 and IDEA CipherSuites.

SHA-256 hashing used.

• TLS_RSA_WITH_RC4_128_MD5

• TLS_RSA_WITH_RC4_128_SHA

• TLS_RSA_WITH_3DES_EDE_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA

• TLS_RSA_WITH_AES_128_CBC_SHA256

• TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

SSL HANDSHAKES – CIPHERSUITES

SSL HANDSHAKES – RECORD LAYER HEADER

SSL RECORD LAYER

Figure from William Stalling‟s article on “SSL: Foundation for Web Security” (http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html)

SSL HANDSHAKES

SSL HANDSHAKES IN WIRESHARK

SSL HANDSHAKES – CLIENT HELLO

SSL HANDSHAKES – CLIENT HELLO

SSL HANDSHAKES - SERVER HELLO

SSL HANDSHAKES – SERVER HELLO

SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE

SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE

SSL HANDSHAKES - CLIENT KEY EXCHANGE

SSL HANDSHAKES – CLIENT KEY EXCHANGE

SSL HANDSHAKES – KEY GENERATION

SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED

SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED

SSL APPLICATION DATA

SSL APPLICATION DATA

MAN IN THE MIDDLE – PROXY TOOL

MAN IN THE MIDDLE – PROXY TOOL

MAN IN THE MIDDLE - WEBSCARAB, ZAP, BURP, CHARLES

MAN IN THE MIDDLE – SSLSTRIP (BEFORE)

MAN IN THE MIDDLE – SSLSTRIP

MAN IN THE MIDDLE – SSLSTRIP (AFTER)

MAN IN THE MIDDLE – SSLSTRIP (AFTER)

MAN IN THE MIDDLE - SSLSTRIP

• Header could be set in the response as below:

response.setHeader("Strict-Transport-Security", "max-age=31536000;

includeSubdomains");

=> Tells that the domain and its subdomains should always be on

HTTPS till a period of 12 months (31536000 seconds)

• The browser caches this information, and always connects to the

domain/subdomain on HTTPS

• Counter of 12 months is reset every time the browser gets a page with this

header from the domain.

• Setting this header also throws an error if SSL certificate is untrusted or

erroneous, instead of showing a warning that user can override. This adds to

the security and prevents hacker from intercepting the SSL requests and

seeing the SSL packets in clear using the proxy tools like WebScarab.

MAN IN THE MIDDLE – SOLUTION – HSTS (HTTP STRICT

TRANSPORT SECURITY)

• BEAST ATTACK

• LUCKY 13 ATTACK

• CRIME ATTACK

• RC4 ATTACK

RECENT ATTACKS ON SSL

• Configure all three protocols: TLS 1.0, 1.1 & 1.2

• Choose a strong and secure CipherSuite

• Certificate to be signed by Trusted CA like Verisign.

• Don‟t configure wild card certificates

• Ensure session cookies have “secure=true” flag set, so that it is

transmitted only over SSL.

• Ensure HSTS header is set for the domain and subdomains.

• Run the server through https://www.ssllabs.com/ssltest/ and fix

any issues identified.

SECURITY GUIDELINES WHILE CONFIGURING SSL ON

SERVERS

SECURITY CONSIDERATION WHILE CONFIGURING SSL ON

SERVERS

SECURITY CONSIDERATION WHILE CONFIGURING SSL ON

SERVERS

THANK YOU

SACHIN (sachinraj.shetty@gmail.com)

SSL EVOLUTION

Figure from Wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security)

BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION

Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION

• Same key used for encryption and Decryption

• Algorithms are Fast, but Sharing the key is a challenge.

• Stream Cipher : RC4_128

• Block Ciphers : AES_128_CBC, AES_256_CBC,

3DES_EDE_CBC

BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION Cipher Block Chaining (CBC) Mode

Figure from Wikipedia (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)

Public Key Encryption

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

Public Key Encryption • 2 separate keys used: Public key and Private key

• Sender uses Public key (of the receiver) for Encrypting the

message.

• Receiver uses his Private key for Decrypting the message.

• X509 Certificates are carrier of public key, which is shared.

• Private key is kept secret and is never shared.

• Algorithms are slower compared to symmetric.

• Algorithms: RSA, Diffie–Hellman, Elliptic curve

Digital Signature

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

Digital Signature • Sender generates Hash of the message and then encrypts the

Hash with his Private Key, which is the Digital Signature

• Signature is appended to the message and sent to the Receiver.

• Receiver reads the Signature and decrypts it with Public Key (of

the Sender) to obtain the hash.

• Receiver generates the hash of the message and compares the

generated hash with that of hash obtained by decrypting

Signature.

• Signature Algorithms: Sha1withRSA, MD5withRSA

X509 Certificate BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

X509 Certificate Entries

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

X509 Certificate Extensions

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

Obtaining CA Signed Certificate

Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

Certificate Chaining

BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

SSL HANDSHAKES – PRF (PSEUDO RANDOM FUNCTION)

SSL HANDSHAKES – PFS (PERFECT FORWARD SECRECY)

• Prime Numbers shared between Alice and Bob – p, g

• Secret number chosen by Alice - a

• Secret number chosen by Bob – b

• Shared Secret - s

SSL HANDSHAKES – PFS – DIFFIE-HELLMAN KEY EXCHANGE

Figure from Wikipedia (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)

SSL HANDSHAKES – 2 WAY SSL

SSL HANDSHAKES – SSL RESUMPTION

SSL HANDSHAKES – SSL RESUMPTION

SSL HANDSHAKES – SSL RENEGOTIATION

• Developed by Moxie Marlinspike

• SSLStrip capable of logging packets in clear from SSL enabled sites including login credentials passed to the site.

• Running SSLStrip (available in BackTrack):

-> sslstrip -l 10000

-> tail –f sslstrip.log

=> Configure browser of any system to redirect the packets through BackTrack (port 10000). Alternatively you could try arpspoof command to convince a host that our MAC address is the router‟s MAC address.

• Details in http://www.thoughtcrime.org/software/sslstrip/.

MAN IN THE MIDDLE – SSLSTRIP

• Developed by Moxie Marlinspike

• Originally written to demonstrate IE„s vulnerability to "basicConstraints" extn - Microsoft fixed this vulnerability.

• Currently can be used as a proxy tool to see SSL traffic in clear. The tool generates certs for the domain being accessed on the fly.

• SSLSniff also to demonstrate Null-Prefix attacks and OCSP attacks.

• Supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons.

• More Info: http://www.thoughtcrime.org/software/sslsniff

MAN IN THE MIDDLE - SSLSNIFF