Can SSL and TOR be intercepted? Secure Socket Layer.
-
Upload
cornelius-ward -
Category
Documents
-
view
226 -
download
0
Transcript of Can SSL and TOR be intercepted? Secure Socket Layer.
![Page 1: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/1.jpg)
![Page 2: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/2.jpg)
Can SSL and TOR be intercepted?
![Page 3: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/3.jpg)
Secure Socket Layer
![Page 4: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/4.jpg)
De-facto standard to encrypt
communications
Can ensure the identity of the peer
![Page 5: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/5.jpg)
Prerequisite to decrypt a communication:
You have to monitor it!
![Page 6: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/6.jpg)
Most of the SSL attacks are MITM-based
![Page 7: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/7.jpg)
Physically in the middle
Rogue AP, ISP, etc.
![Page 8: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/8.jpg)
Logically in the middle
Take a look at our 2003 BlackHat presentation…
![Page 9: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/9.jpg)
Ok but…can SSL be intercepted?
![Page 10: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/10.jpg)
Three attacks’ categories
![Page 11: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/11.jpg)
Protocol design and math
Chain of trust
The User
![Page 12: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/12.jpg)
Let’s start with…
![Page 13: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/13.jpg)
Protocol design and math
![Page 14: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/14.jpg)
Weak encryption can be easily cracked
Protocol and algorithms are negotiated during the handshake
This “attack” can be performed passively
![Page 15: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/15.jpg)
Weak encryption can be easily cracked
~70%* of the Internet uses only “strong” encryption
What’s “weak” and what’s “easy”? Ask the NSA…
* Trustworthy Internet Movement 2014/10/3 on 151.509 web sites
![Page 16: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/16.jpg)
SSLv2 Downgrade Attack
No integrity check on the handshake
Weaker encryption algorithms can be forced
![Page 17: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/17.jpg)
SSLv2 Downgrade Attack
SSLv2 disabled by default on most systems
![Page 18: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/18.jpg)
SSLv3 is vulnerable as well…
POODLE attack (September 2014)
could be used to decrypt HTTPS cookies
![Page 19: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/19.jpg)
SSLv3 is vulnerable as well…
Most browsers dismissed SSLv3
Providers are going to dismiss it as well
![Page 20: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/20.jpg)
Protocol version Website Support
SSL 2.0 19.4%
SSL 3.0 98.0%
TLS 1.0 99.3%
TLS 1.1 42.0%
TLS 1.2 44.3%
Website coverage
![Page 21: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/21.jpg)
TLS Logjam attack
Published on May 2015
Forces TLS connection with weak key
![Page 22: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/22.jpg)
TLS Logjam attack
Vendors are patching
![Page 23: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/23.jpg)
Implementation-specific attacks
OpenSSL "Heartbleed" (CVE-2014-0160)
Oracle Java JSSE (CVE-2014-6593)
OpenSSL "Freak" (CVE-2015-0204)
And many others...
![Page 24: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/24.jpg)
Implementation-specific attacks
Keep your system up to date!
Google’s Nogotofail tests connections for known bugs and weak configurations
![Page 25: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/25.jpg)
Chain of Trust
![Page 26: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/26.jpg)
If you have the private key you can see the traffic!
Very hard to detect
This “attack” can be performed passively if no PFS is used
![Page 27: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/27.jpg)
If you have the private key you can see the traffic!
Don’t give your private key to anyone ;)
Forward Secrecy available on almost 40% of the websites
![Page 28: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/28.jpg)
Custom CA on the client device
Often used by AVs to inspect traffic
Sometimes used by vendors to insert Ads
![Page 29: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/29.jpg)
Custom CA on the client device
Don’t install untrusted CA certificates
Keep your OS/AV up to date
![Page 30: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/30.jpg)
Rogue CA
A malicious CA can sign fake certificates
CAs’ certificates were stolen in the past (eg: Diginotar 2011)
Allows any “active” probe to impersonate any website
![Page 31: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/31.jpg)
Rogue CA
Public Key Pinning
EFF SSL Observatory monitors trusted CAs
Google and Facebook actively search for rogue CAs
![Page 32: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/32.jpg)
Rogue CA
In December 2013 0.2% of all connections to Facebook were established with forged certificates
In 2014 Google found evidence from France and India of certificates signed by rogue Cas
In 2015 Google removed all China NIC and EV CAs from their products
![Page 33: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/33.jpg)
Future alternatives to the Chain of Trust
Trust Assertion for Certificate Keys
DNS-based Authentication of Named Entities
![Page 34: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/34.jpg)
The User
![Page 35: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/35.jpg)
SSL Strip attack
Intercept the “redirect to HTTPS” reply
HTTP-to-HTTPS Proxy for the whole communication
Replace HTTPS with HTTP in any link
![Page 36: Can SSL and TOR be intercepted? Secure Socket Layer.](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bfc81a28abf838ca8277/html5/thumbnails/36.jpg)
SSL Strip attack
Pay attention to the “lock”
Servers using HSTS can force HTTPS on the clients
HTTPS Everywhere plugin doesn’t allow HTTP connections
Mozilla pushes for full HTTPS