Upload File

ssl/tls and mitm attacks - uppsala university · 2009. 12. 14. · ssl/tls – background ssl/tls...

  • Home
  • Documents
  • SSL/TLS and MITM attacks - Uppsala University · 2009. 12. 14. · SSL/TLS – Background SSL/TLS – Secure Socket Layer/Transport Layer Security (rfc 2246) Originally developed
23
SSL/TLS and MITM attacks A case study in Network Security By Lars Nybom & Alexander Wall

Upload: others

Post on 07-Feb-2021

12 views

Category:

Documents


1 download

Report

TRANSCRIPT

  • SSL/TLS and MITM attacks

    A case study in Network SecurityBy Lars Nybom & Alexander Wall

  • SSL/TLS – Background

    ● SSL/TLS – Secure Socket Layer/Transport Layer Security (rfc 2246)

  • SSL/TLS – Background

    ● SSL/TLS – Secure Socket Layer/Transport Layer Security (rfc 2246)

    ● Originally developed by Netscape.

  • SSL/TLS – Background

    ● SSL/TLS – Secure Socket Layer/Transport Layer Security (rfc 2246)

    ● Originally developed by Netscape.● Used to deploy confidentiality, authenticity and

    integrity between web client and web server.

  • SSL/TLS – How does it work?

    Based on public key cryptography and certificate authority.

  • SSL/TLS - Components

    ● Tree structure where Certificate Authorities (CA) is nodes and Servers leafs.

  • SSL/TLS - Components

    ● Tree structure where Certificate Authorities (CA) is nodes and Servers leafs.

    ● Server certificate issued by CA one level above – meaning that it's signed by CA one level above.

  • SSL/TLS - Components

    ● Tree structure where Certificate Authorities (CA) is nodes and Servers leafs.

    ● Server certificate issued by CA one level above – meaning that it's signed by CA one level above.

    ● If Client doesn't trust Server identity he/she uses the CA's public key to verify that the Server certificate is legit.

  • SSL/TLS - Components

    ● Tree structure where Certificate Authorities (CA) is nodes and Servers leafs.

    ● Server certificate issued by CA one level above – meaning that it's signed by CA one level above.

    ● If Client doesn't trust Server identity he/she uses the CA's public key to verify that the Server certificate is legit.

    ● Root CA in top of tree – trusted by everyone.

  • SSL/TLS - Problem

    ● If there's a lot of intermediate CA's between the Server and Root CA, authenticity is weak.Server → CA 1 → CA 2 → … → Root CA

    ● This allowed for older form of attack SSLSniff, where a MITM generates a bogus self-signed certificate sent to Client while connecting normally to Server.

    ● New attack SSLStrip.

  • MITM

    ● Man-In-The-Middle attack is virtually transparent to the victim.

  • ARP Spoofing

    ● In order to become ”in the middle” attacker needs to redirect the victims network traffic through his/hers computer – acting like a gateway.

  • ARP Spoofing

    ● In order to become ”in the middle” attacker needs to redirect the victims network traffic through his/hers computer – acting like a gateway.

    ● Every network interface has a MAC address associated with its IP.

  • ARP Spoofing

    ● In order to become ”in the middle” attacker needs to redirect the victims network traffic through his/hers computer – acting like a gateway.

    ● Every network interface has a MAC address associated with its IP.

    ● When a computer wants to communicate with another computer within it's subnet it needs to know that computers MAC address so it sends an ARP query.

  • ARP Spoofing

    ● In a MITM attack the attacker sends out a false ARP reply telling the victim his/hers computer is the computer the victim is looking for.

  • SSLStrip

    ● Client normally connects via HTTPS (SSL/TLS) to a Server because an user tries to GET/POST information on a webpage by a link/button that begins with ”https://...” (i.e. Facebook, Gmail and Hotmail)

  • SSLStrip

    ● Client normally connects via HTTPS (SSL/TLS) to a Server because an user tries to GET/POST information on a webpage by a link/button that begins with ”https://...” (i.e. Facebook, Gmail and Hotmail)

    ● SSLStrip rewrites all HTTPS addresses as HTTP addresses and then saves traffic content.

  • SSLStrip – How does it look?

  • SSLStrip – How does it look?

  • Countermeasures

    ● Before logging on webpage make sure that address in address bar begins with ”https://...”. If it doesn't, retype it so it does. (This only helps against SSLStrip, not SSLSniff.)

  • Countermeasures

    ● Before logging on webpage make sure that address in address bar begins with ”https://...”. If it doesn't, retype it so it does. (This only helps against SSLStrip, not SSLSniff.)

    ● If the address begins with ”https://...” make sure that the certificate doesn't look fishy.

  • Countermeasures

  • SSL/TLS and MITM attacks

    The End

    Sida 1Sida 2Sida 3Sida 4Sida 5Sida 6Sida 7Sida 8Sida 9Sida 10Sida 11Sida 12Sida 13Sida 14Sida 15Sida 16Sida 17Sida 18Sida 19Sida 20Sida 21Sida 22Sida 23


SECURE SOCKETS LAYER (SSL) E TRANSPORT LAYER SECURITY (TLS) Leonardo Bentes Arnt Secure Sockets Layer e Transport Layer Security 1

Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security

8-1 Secure Sockets Layer (SSL) and Transport layer security (TLS) IS511

T-110 4206 Lecture Slides for Ssl Tls.4200 Tls-ssl (5)

Ssl and tls

Cruise Shipboard Property Management System...Layer Security Transport Layer Security (TLS) is an incremental version of Secure Sockets Layer (SSL) version 3.0. Although SSL was primarily

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL)sconce.ics.uci.edu/134-W18/slides/LEC14.pdf · 2018. 3. 2. · SSL: Secure Sockets Layer v widely deployed security

Analysis of SSL Certificate Reissues and Revocations in the … · Revocation; Extended validation 1. INTRODUCTION Secure Sockets Layer (SSL) and Transport Layer Secu-rity (TLS)1

Transport Layer Security (TLS) & Secure Socket Layer (SSL)

B2B Security Concerns within the Automotive Industry White ... · using SSL/TLS. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic

Secure Sockets Layer (SSL) e Transport Layer Security (TLS)

The Impact of TLS on SIP Server Performance: Measurement ...hgs/papers/Shen11_Impact.pdfTransport Layer Security (TLS) [20], based on the earlier Secure Sockets Layer (SSL) [25] specification,

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)pdm12/cse545/slides/cse545-tls.pdf · 2008-05-06 · CSE598K/CSE545 - Advanced Network Security - McDaniel Page SSL/TLS

Leveraging z/OS Communications Server Application ... · Transport Layer Security (TLS/SSL) overview Transport Layer Security (TLS) is defined by the IETF ** – Based on Secure Sockets

SSL/TLS: cryptographic protocols and their weaknesses ... · 1. Introduction to Secure Socket Layer and Transport Layer Security –SSL 2.0/3.0 and TLS 1.0/1.1/1.2 2. Security provided

Real-Time Communication Security: SSL/TLS · Real-Time Communication Security: SSL/TLS ... Secure Socket Layer ... CSU610: Network Security SSL – TLS 14 Attacks fixed in v3

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) · PDF fileSecure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19th

DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server ... · SSL and TLS protocols (SSL V2, SSL V3, TLS V1.0, TLS V1.1, and TLS V1.2 as of this writing) including a robust set

SSL & TLS Essentials

SSL/TLS FOR MORTALS - RainFocus · SSL/TLS FOR MORTALS ... at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ... Using SSL/TLS correctly is oen hard to achie ve

Grid Computing 7700 · TLS/SSL TLS: Transport Layer Security Protocol is the successor to SSL: Secure Socket Layer. Secured Sockets Layer is a protocol that transmits your communications

Transport Level Securityict.siit.tu.ac.th/...Transport-Level-Security.pdf · Transport Security Web Security TLS/SSL HTTPS SSH SSL and TLS I Secure Sockets Layer (SSL) originated

SSL & TLS Essentials -

Application Layer TLS / SSL · Certificate of secure.example.com Certificate of super secure TLS CA. Transport Layer Security. IAIK Basics Key protocol for secure communication HTTPS,

DigiCert® SSL/TLS Best Practice Workshop Student Guide · TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to security certificates

Transport layer security protocol for SPWF01Sx module · Security is provided by the secure sockets layer (SSL) and transport layer security (TLS) protocols. The SSL/TLS protocols

TLS SSL DUsec mehaoua - helios.mi.parisdescartes.frhelios.mi.parisdescartes.fr/~mea/cours/DU/TLS_SSL_DUsec.pdf · TLS SSL Transport Layer Security Protocols • Connectionless and

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De

BubbleCloud · 2019. 7. 1. · LTE Layer X.509 TLS/SSL MQPTT X.509 TLS/SSL MQTT. IT EPC LTE. X.509 TLS/SSL MQTT. SIM CARD SIM CARD. IT layer runs over LTE layer and duplicates functionality

IT Security Procedural Guide: SSL/TLS Implementation CIO ...CIO...2018/04/30  · CIO-IT Security-14-69, Revision 3 SSL/TLS Implementation U.S. General Services Administration 2 Layer

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced

Feasibility of attacks against weak SSL/TLS ciphersWeak ciphers as used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) have been around since many years. In theory

Weak Keys in SSL/TLS Vitaly Shmatikov CS 6431. slide 2 What Is SSL / TLS? uSecure Sockets Layer and Transport Layer Security protocols Same protocol design,

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL)keldefra/teaching/fall2016/uci_compsci... · 2016-11-09 · SSL: Secure Sockets Layer vwidely deployed security protocol

ì Forward Secrecy · ì Secure Socket Layer (SSL) –don’t use! ìSSL 1.0 (never publicly used), SSL 2.0, SSL 3.0 ì Transport Layer Security (TLS) –modern successor ìTLS 1.0,