SlideShare ist ein Scribd-Unternehmen logo

SSl/TLS Analysis

Duduman Bogdan Vlad
Duduman Bogdan Vlad
IngenieurwesenTechnologieBildung
1 von 38
Downloaden Sie, um offline zu lesen
08 Mai 2014! Security Protocols: Modelling and Verification! Prof. Indrumator - Cătălin Bîrjoveanu " Duduman Bogdan Vlad! 1 TLS/SSL (Analysis) Text
Overview 1. Introduction to the SSL / TLS protocol! • Widely deployed, “real-world” security protocol! • Well-understood, with detailed specifications! • Good benchmark for analysis techniques! 2. Protocol analysis! • //Starting with the RFC describing the protocol! 3. Tools
What is TLS/SSL? ❖ Standard for Internet security! ❖ “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications ”! ❖ In practice, used to protect information transmitted between browsers and Web servers! ❖ Based on Secure Sockets Layers protocol, ver 3.0! • Same protocol design, different algorithms! ❖ Deployed in nearly every web browser
SSL / TLS in the Real World
TCP/IP - TLS/SSL (1)
TCP/IP - TLS/SSL (2)
TLS (Transport Layer Security) ❖ Provides a layer between TCP and Application ! ❖ Itself a layered protocol: Handshake over Record ! ❖ Record (sub)protocol! ❖ provides a private and reliable connection! ❖ Handshake (sub)protocol! ❖ authenticates one or both parties, negotiates security parameters! ❖ establishes secret connection keys for the Record protocol
TCP/IP - TLS/SSL (2)
History of the Protocol ❖ SSL 1.0! ❖ Netscape completed the design in early 1994 (Internally used)! ❖ Data integrity protection! ❖ RC4 allowed adversary to make predictable changes to the plaint text! ❖ Vulnerable to replay attacks! ❖ SSL 2.0! ❖ End of 1994, also has several problems! ❖ Handshake protection - MITM undetected!! ❖ Vulnerable to length extension attacks
History of the Protocol ❖ SSL 3.0! ❖ fixed previous attacks! ❖ Netscape and Paul Kocher, 1996! ❖ Taher Elgamal - inventor of SSL! ❖ TLS 1.0! ❖ Internet standard based on SSL 3.0, 1999 ! ❖ RFC2246 (≈SSL3)
History of the Protocol ❖ TLS 1.1! ❖ 2006! ❖ RFC4346! ❖ TLS 1.2! ❖ 2008! ❖ RFC5246
Public-Key Encryption, CA & MITM ❖ “Symmetric” encryption! ❖ Share secret key! ❖ Hundred of peoples to communicate?! ❖ Distance Key Key Them You
Public-Key Encryption, CA & MITM ❖ Solution: public-key encryption! ❖ Share public key with whole world! ❖ No known practical way to gain the private key from pkey
Public-Key Encryption, CA & MITM ❖ Visiting first time “https”! ❖ Browser create a random private key A ! ❖ Generates corresponding public key A(blue)
Public-Key Encryption, CA & MITM ❖ Server generate a random private key A ! ❖ Session key established! ❖ Intruder (MITM) ?!
Public-Key Encryption, CA & MITM ❖ MITM stops the communication! ❖ MITM create his own private key (red B)! ❖ Server doesn’t know if is the browser
Public-Key Encryption, CA & MITM ❖ MITM has the same session key (red key)! ❖ How to solve? ! ❖ Server and Browser can send there public key and compare! ❖ what if MITM knows about that - he has the session key
Public-Key Encryption, CA & MITM ❖ Certificate Authority solves the problems! ❖ There is a single CA - Symantec (VeriSign)! ❖ FedEx - Federal Express - encryption key H! ❖ MITM has the public key CA! ❖ What browser and server can do?
Public-Key Encryption, CA & MITM ❖ Server encrypts public key A with certificate key H! ❖ Browser do the same using the built-in CA
Public-Key Encryption, CA & MITM ❖ CA compares the 2 public keys! ❖ CA sends reply to them! ❖ What if MITM appear?! ❖ the browser will not be able to decrypt (key random R)
Obtaining an SSL Certificate ❖ XYZ Inc., intends to secure their customer checkout process, account management, and internal employee correspondence on their website, xyz.com. ❖ Steps: 1. XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated. 2. XYZ goes to a trusted, third party Certificate Authority, such as Trustwave . Trustwave takes the certificate signing request and validates XYZ in a two step process. Trustwave validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records. 3. When the validation process is complete, Trustwave gives XYZ a new public key (certificate) encrypted with Trustwave's private key. 4. XYZ installs the certificate on their webserver(s).
How Customers Communicate with the Server using SSL Steps: 1. A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http. 2. xyz.com sends back its public key to the customer. Once customer receives it, his/ her browser decides if it is alright to proceed. 3. The xyz.com public key must NOT be expired 4. The xyz.com public key must be for xyz.com only 5. The client must have the public key for Trustwave installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave root certificate. If the customer has Trustwave trusted public key, then they can trust that they are really communicating with XYZ, Inc.
How Customers Communicate with the Server using SSL ! 7.If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key. 8.xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client. 9.Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it. 10.Customer and website can now securely exchange information!
Tools 1.! Security Protocol Analysis! ❖ Scyther ❖ Scyther-proof ❖ Tamarin prover 2.! Access Control! ❖ FPL 3.! Static Security Analysis! ❖ FAST 4.! Protocol Testing! ❖ SecFuzz 5.! Specification synthesis! ❖ Mid-point synthesis 6.! Monitoring! ❖ MonPoly 7! Isabelle/HOL frameworks! ❖ ProtoVeriPhy ❖ Developing Security Protocols by Refinement ❖ Verification of IBM 4765's Persistent Memory Manager 8. Avispa! 9. ProVerif
The Scyther Tool ❖ Tool for the formal analysis of security protocols ! ❖ it is assumed that all cryptographic functions are perfect: the adversary learns nothing from an encrypted message unless he knows the decryption key.! ❖ Description of a protocol in the spdl language ! ❖ based on the operational semantics! ❖ spdl (Security Protocol Description Language)
The Scyther Tool ❖ Analysis of infinite sets of traces in terms of patterns! ❖ Support for multi-protocol analysis! ❖ Assist in the analysis of classes of attacks and possible protocol behaviours, or to prove correctness for an unbounded number of protocol sessions.! ❖ Can optionally output the proof tree (by using the backend).! ❖ The tool provides useful results even in the case that no attack is found
The Scyther Tool ❖ ProVerif or the Avispa tools have shown to be effective at finding attacks on protocols (Avispa) or establishing correctness of protocols (ProVerif).! ❖ Scyther offer verification, falsification, and the analysis of security protocols.! ❖ Performance
Installation Scyther Tool ❖ Scyther can be downloaded from the following website:! ❖ http://users.ox.ac.uk/~coml0529/scyther/! ❖ Installation instruction are included in the downloadable Scyther archives. Scyther is available for the Windows, Linux and Mac OS platforms.
Scyther Input File ❖ A minimal input file:! ! protocol ExampleProtocol(I,R) {! role I { };! role R { };! };
Input Language ❖ Main purpose of the language is to describe protocols, which are defined by a set of roles.! ❖ Protocol definition takes as a parameter a sequence of roles, which are then defined within its body.! ❖ Roles - are sequences of events, i. e., declarations, send, receive, or claim events.! ❖ Security protocols rely on generating random values. Can be specified by declaring them inside a role definition using the fresh declaration.! ❖ role X(...) {! ❖ fresh Na: Nonce;! ❖ send_1(X,Y,Na);! ❖ }
Input Language ❖ To receive a nonce into a variable with name Na, we specify:! ❖ role Y(...) {! ❖ var Na: Nonce;! ❖ recv_1(X,Y,Na);! ❖ }! ❖ Local declaration! ❖ Two terms can combined into a term pair: we write (x,y)! ❖ Symmetric keys: { ni }kir! ❖ Asymmetric keys: { ni } pk(I)
Input Language ❖ Hash functions are essentially encryptions with a function, of which the inverse is not known by anybody:! ❖ global declaration: hashfunction H1! ❖ how are used: H1(ni);! ❖ Types: Agent, Function, Nonce, Ticket! ❖ You can define a new type: user type! ❖ Recv and Send events mark receiving and sending a message!
Input Language ❖ Claim events are used in role specifications to model intended security properties. For example, the following claim event models that Ni is meant to be secret! ❖ claim(I, Secret, Ni);! ❖ Claim types:! ❖ Secret! ❖ SKR, echivalent to Secret but additionally mark the parameter term as a session-key! ❖ Alive - Aliveness (of all roles) ! ❖ Weakagree - Weak agreement (of all roles)
Input Language ❖ Claim types:! ❖ Nisynch (Authentification Property, Non-injective Synchronisation)! ❖ Niagree (Authentification Property, Non-injective Agreement)! ❖ Reachable! ❖ when this claim is verified, Scyther will check whether this claim can be reached at all. It is true iff there exists a trace in which this claim occurs. This can be useful to check if there is no obvious error in the protocol specification, and is in fact inserted when the--check mode of Scyther is used.! ❖ Empty! ❖ this claim will not be verified, but simply ignored. It is only useful when Scyther is used!
– It’s time to see TLS on Scyther Tool
Simplified TLS key transport protocol ❖ Protocol 4.24 is a simplified version of one possible protocol which transports the 'pre- master secret', PMK, from the client A to the server B" ❖ Session key Kab is calculated as Kab = MACpmk(Na,Nb)" ❖ TLS protocol specifies that four different session keys must be derived from the pre-master secret: one for encryption and one for data integrity (MAC calculation) in each direction. !
Simplified TLS key transport protocol ❖ Message sequences Mess_Seq1, Mess_Seq2 and Mess_Seq3 consist of hashes of the sequence of all previous exchanged messages up to that point using a hash function H.! ❖ Mess_Seq1 = H(Na, Nb, Eb(PMK)).!
Bibliografie 1. Protocols for Authentication and Key Establishment - C.Boyd, A.Mathuria! 2. Operational Semantics of Security Protocols - Cas Cremers and Sjouke Mauw, Eindhoven University of Technology, Department of Mathematics and Computer Science! 3. How SSL works! 4. Security Tools! 5. Scyther Manual! 6. http://blogs.msdn.com/b/kaushal/archive/2013/08/03/ssl-handshake-and-https- bindings-on-iis.aspx! 7. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/ Secure_Socket_Layer.html

Empfohlen

ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier
 
IBM Blockchain Platform Technical Introduction v1.1
IBM Blockchain Platform Technical Introduction v1.1IBM Blockchain Platform Technical Introduction v1.1
IBM Blockchain Platform Technical Introduction v1.1
Matt Lucas
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
amanchaurasia
 
SSL
SSLSSL
SSL
Badrul Alam bulon
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 

Empfohlen

ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier
 
IBM Blockchain Platform Technical Introduction v1.1
IBM Blockchain Platform Technical Introduction v1.1IBM Blockchain Platform Technical Introduction v1.1
IBM Blockchain Platform Technical Introduction v1.1
Matt Lucas
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
amanchaurasia
 
SSL
SSLSSL
SSL
Badrul Alam bulon
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
OpenID Foundation Japan
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
Nothing Nowhere
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
Duy Do Phan
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3
Vedant Jain
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Md. Afif Al Mamun
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
Amazon Web Services
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration Testers
Nikhil Mittal
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
FIDO Alliance
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
Michel Schudel
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)
Saravanan T.M
 
HDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングHDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティング
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
Cahyo Darujati
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3
Siddhartha Rao
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
SSIMeetup
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
Duy Do Phan
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
Michel Schudel
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 

Was ist angesagt? (20)

IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Practical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWSPractical Steps to Hack-Proofing AWS
Practical Steps to Hack-Proofing AWS
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration Testers
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)
 
HDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングHDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティング
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 

Ähnlich wie SSl/TLS Analysis

Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
webhostingguy
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
Hfz Mushtaq
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 

Ähnlich wie SSl/TLS Analysis (20)

ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Let's go HTTPS
Let's go HTTPSLet's go HTTPS
Let's go HTTPS
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 

Kürzlich hochgeladen

Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
Kamal Acharya
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
MohammadAliNayeem
 

Kürzlich hochgeladen (20)

ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptxROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
 
Teachers record management system project report..pdf
Teachers record management system project report..pdfTeachers record management system project report..pdf
Teachers record management system project report..pdf
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
Theory for How to calculation capacitor bank
Theory for How to calculation capacitor bankTheory for How to calculation capacitor bank
Theory for How to calculation capacitor bank
 
Introduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AIIntroduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AI
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
 
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfInstruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
 
ANSI(ST)-III_Manufacturing-I_05052020.pdf
ANSI(ST)-III_Manufacturing-I_05052020.pdfANSI(ST)-III_Manufacturing-I_05052020.pdf
ANSI(ST)-III_Manufacturing-I_05052020.pdf
 
How to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdfHow to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdf
 
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
Complex plane, Modulus, Argument, Graphical representation of a complex numbe...
 
Lab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docxLab Manual Arduino UNO Microcontrollar.docx
Lab Manual Arduino UNO Microcontrollar.docx
 
ChatGPT Prompt Engineering for project managers.pdf
ChatGPT Prompt Engineering for project managers.pdfChatGPT Prompt Engineering for project managers.pdf
ChatGPT Prompt Engineering for project managers.pdf
 
Quiz application system project report..pdf
Quiz application system project report..pdfQuiz application system project report..pdf
Quiz application system project report..pdf
 
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxSLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
 
Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report."United Nations Park" Site Visit Report.
"United Nations Park" Site Visit Report.
 
Lesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsxLesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsx
 
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-4 Notes for II-II Mechanical Engineering
 

SSl/TLS Analysis

  • 1. 08 Mai 2014! Security Protocols: Modelling and Verification! Prof. Indrumator - Cătălin Bîrjoveanu " Duduman Bogdan Vlad! 1 TLS/SSL (Analysis) Text
  • 2. Overview 1. Introduction to the SSL / TLS protocol! • Widely deployed, “real-world” security protocol! • Well-understood, with detailed specifications! • Good benchmark for analysis techniques! 2. Protocol analysis! • //Starting with the RFC describing the protocol! 3. Tools
  • 3. What is TLS/SSL? ❖ Standard for Internet security! ❖ “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications ”! ❖ In practice, used to protect information transmitted between browsers and Web servers! ❖ Based on Secure Sockets Layers protocol, ver 3.0! • Same protocol design, different algorithms! ❖ Deployed in nearly every web browser
  • 4. SSL / TLS in the Real World
  • 7. TLS (Transport Layer Security) ❖ Provides a layer between TCP and Application ! ❖ Itself a layered protocol: Handshake over Record ! ❖ Record (sub)protocol! ❖ provides a private and reliable connection! ❖ Handshake (sub)protocol! ❖ authenticates one or both parties, negotiates security parameters! ❖ establishes secret connection keys for the Record protocol
  • 9. History of the Protocol ❖ SSL 1.0! ❖ Netscape completed the design in early 1994 (Internally used)! ❖ Data integrity protection! ❖ RC4 allowed adversary to make predictable changes to the plaint text! ❖ Vulnerable to replay attacks! ❖ SSL 2.0! ❖ End of 1994, also has several problems! ❖ Handshake protection - MITM undetected!! ❖ Vulnerable to length extension attacks
  • 10. History of the Protocol ❖ SSL 3.0! ❖ fixed previous attacks! ❖ Netscape and Paul Kocher, 1996! ❖ Taher Elgamal - inventor of SSL! ❖ TLS 1.0! ❖ Internet standard based on SSL 3.0, 1999 ! ❖ RFC2246 (≈SSL3)
  • 11. History of the Protocol ❖ TLS 1.1! ❖ 2006! ❖ RFC4346! ❖ TLS 1.2! ❖ 2008! ❖ RFC5246
  • 12. Public-Key Encryption, CA & MITM ❖ “Symmetric” encryption! ❖ Share secret key! ❖ Hundred of peoples to communicate?! ❖ Distance Key Key Them You
  • 13. Public-Key Encryption, CA & MITM ❖ Solution: public-key encryption! ❖ Share public key with whole world! ❖ No known practical way to gain the private key from pkey
  • 14. Public-Key Encryption, CA & MITM ❖ Visiting first time “https”! ❖ Browser create a random private key A ! ❖ Generates corresponding public key A(blue)
  • 15. Public-Key Encryption, CA & MITM ❖ Server generate a random private key A ! ❖ Session key established! ❖ Intruder (MITM) ?!
  • 16. Public-Key Encryption, CA & MITM ❖ MITM stops the communication! ❖ MITM create his own private key (red B)! ❖ Server doesn’t know if is the browser
  • 17. Public-Key Encryption, CA & MITM ❖ MITM has the same session key (red key)! ❖ How to solve? ! ❖ Server and Browser can send there public key and compare! ❖ what if MITM knows about that - he has the session key
  • 18. Public-Key Encryption, CA & MITM ❖ Certificate Authority solves the problems! ❖ There is a single CA - Symantec (VeriSign)! ❖ FedEx - Federal Express - encryption key H! ❖ MITM has the public key CA! ❖ What browser and server can do?
  • 19. Public-Key Encryption, CA & MITM ❖ Server encrypts public key A with certificate key H! ❖ Browser do the same using the built-in CA
  • 20. Public-Key Encryption, CA & MITM ❖ CA compares the 2 public keys! ❖ CA sends reply to them! ❖ What if MITM appear?! ❖ the browser will not be able to decrypt (key random R)
  • 21. Obtaining an SSL Certificate ❖ XYZ Inc., intends to secure their customer checkout process, account management, and internal employee correspondence on their website, xyz.com. ❖ Steps: 1. XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated. 2. XYZ goes to a trusted, third party Certificate Authority, such as Trustwave . Trustwave takes the certificate signing request and validates XYZ in a two step process. Trustwave validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records. 3. When the validation process is complete, Trustwave gives XYZ a new public key (certificate) encrypted with Trustwave's private key. 4. XYZ installs the certificate on their webserver(s).
  • 22. How Customers Communicate with the Server using SSL Steps: 1. A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http. 2. xyz.com sends back its public key to the customer. Once customer receives it, his/ her browser decides if it is alright to proceed. 3. The xyz.com public key must NOT be expired 4. The xyz.com public key must be for xyz.com only 5. The client must have the public key for Trustwave installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave root certificate. If the customer has Trustwave trusted public key, then they can trust that they are really communicating with XYZ, Inc.
  • 23. How Customers Communicate with the Server using SSL ! 7.If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key. 8.xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client. 9.Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it. 10.Customer and website can now securely exchange information!
  • 24. Tools 1.! Security Protocol Analysis! ❖ Scyther ❖ Scyther-proof ❖ Tamarin prover 2.! Access Control! ❖ FPL 3.! Static Security Analysis! ❖ FAST 4.! Protocol Testing! ❖ SecFuzz 5.! Specification synthesis! ❖ Mid-point synthesis 6.! Monitoring! ❖ MonPoly 7! Isabelle/HOL frameworks! ❖ ProtoVeriPhy ❖ Developing Security Protocols by Refinement ❖ Verification of IBM 4765's Persistent Memory Manager 8. Avispa! 9. ProVerif
  • 25. The Scyther Tool ❖ Tool for the formal analysis of security protocols ! ❖ it is assumed that all cryptographic functions are perfect: the adversary learns nothing from an encrypted message unless he knows the decryption key.! ❖ Description of a protocol in the spdl language ! ❖ based on the operational semantics! ❖ spdl (Security Protocol Description Language)
  • 26. The Scyther Tool ❖ Analysis of infinite sets of traces in terms of patterns! ❖ Support for multi-protocol analysis! ❖ Assist in the analysis of classes of attacks and possible protocol behaviours, or to prove correctness for an unbounded number of protocol sessions.! ❖ Can optionally output the proof tree (by using the backend).! ❖ The tool provides useful results even in the case that no attack is found
  • 27. The Scyther Tool ❖ ProVerif or the Avispa tools have shown to be effective at finding attacks on protocols (Avispa) or establishing correctness of protocols (ProVerif).! ❖ Scyther offer verification, falsification, and the analysis of security protocols.! ❖ Performance
  • 28. Installation Scyther Tool ❖ Scyther can be downloaded from the following website:! ❖ http://users.ox.ac.uk/~coml0529/scyther/! ❖ Installation instruction are included in the downloadable Scyther archives. Scyther is available for the Windows, Linux and Mac OS platforms.
  • 29. Scyther Input File ❖ A minimal input file:! ! protocol ExampleProtocol(I,R) {! role I { };! role R { };! };
  • 30. Input Language ❖ Main purpose of the language is to describe protocols, which are defined by a set of roles.! ❖ Protocol definition takes as a parameter a sequence of roles, which are then defined within its body.! ❖ Roles - are sequences of events, i. e., declarations, send, receive, or claim events.! ❖ Security protocols rely on generating random values. Can be specified by declaring them inside a role definition using the fresh declaration.! ❖ role X(...) {! ❖ fresh Na: Nonce;! ❖ send_1(X,Y,Na);! ❖ }
  • 31. Input Language ❖ To receive a nonce into a variable with name Na, we specify:! ❖ role Y(...) {! ❖ var Na: Nonce;! ❖ recv_1(X,Y,Na);! ❖ }! ❖ Local declaration! ❖ Two terms can combined into a term pair: we write (x,y)! ❖ Symmetric keys: { ni }kir! ❖ Asymmetric keys: { ni } pk(I)
  • 32. Input Language ❖ Hash functions are essentially encryptions with a function, of which the inverse is not known by anybody:! ❖ global declaration: hashfunction H1! ❖ how are used: H1(ni);! ❖ Types: Agent, Function, Nonce, Ticket! ❖ You can define a new type: user type! ❖ Recv and Send events mark receiving and sending a message!
  • 33. Input Language ❖ Claim events are used in role specifications to model intended security properties. For example, the following claim event models that Ni is meant to be secret! ❖ claim(I, Secret, Ni);! ❖ Claim types:! ❖ Secret! ❖ SKR, echivalent to Secret but additionally mark the parameter term as a session-key! ❖ Alive - Aliveness (of all roles) ! ❖ Weakagree - Weak agreement (of all roles)
  • 34. Input Language ❖ Claim types:! ❖ Nisynch (Authentification Property, Non-injective Synchronisation)! ❖ Niagree (Authentification Property, Non-injective Agreement)! ❖ Reachable! ❖ when this claim is verified, Scyther will check whether this claim can be reached at all. It is true iff there exists a trace in which this claim occurs. This can be useful to check if there is no obvious error in the protocol specification, and is in fact inserted when the--check mode of Scyther is used.! ❖ Empty! ❖ this claim will not be verified, but simply ignored. It is only useful when Scyther is used!
  • 35. – It’s time to see TLS on Scyther Tool
  • 36. Simplified TLS key transport protocol ❖ Protocol 4.24 is a simplified version of one possible protocol which transports the 'pre- master secret', PMK, from the client A to the server B" ❖ Session key Kab is calculated as Kab = MACpmk(Na,Nb)" ❖ TLS protocol specifies that four different session keys must be derived from the pre-master secret: one for encryption and one for data integrity (MAC calculation) in each direction. !
  • 37. Simplified TLS key transport protocol ❖ Message sequences Mess_Seq1, Mess_Seq2 and Mess_Seq3 consist of hashes of the sequence of all previous exchanged messages up to that point using a hash function H.! ❖ Mess_Seq1 = H(Na, Nb, Eb(PMK)).!
  • 38. Bibliografie 1. Protocols for Authentication and Key Establishment - C.Boyd, A.Mathuria! 2. Operational Semantics of Security Protocols - Cas Cremers and Sjouke Mauw, Eindhoven University of Technology, Department of Mathematics and Computer Science! 3. How SSL works! 4. Security Tools! 5. Scyther Manual! 6. http://blogs.msdn.com/b/kaushal/archive/2013/08/03/ssl-handshake-and-https- bindings-on-iis.aspx! 7. http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/ Secure_Socket_Layer.html