SlideShare ist ein Scribd-Unternehmen logo

SSL/TLS Eavesdropping with Fullpath Control

Als PPTX, PDF herunterladen
M
Mike Thompson

The presentation is actually part of a lab series. The slide deck has had specific information removed and thus the slides are missing. This covers the topic of SSL/TLS Eavesdropping for Defensive and Offensive purposes if you have Full Path Control. It is important to note that this presentation is property of A10 Networks and any work derived from this must be contributed to A10 Networks.

Internet
1 von 95
©A10 Networks, Inc. The Mechanics of SSL/TLS Eavesdropping with Full Path Control Mike Thompson
2©A10 Networks, Inc.  Not a Mathematician!!! -> Don’t fault me on my math.  Work for A10 Networks as a Principal Architect.  Jack of all trades  Formula One Junky  Python Junky  You can find me on LinkedIn: Layer427expert A little about myself
3©A10 Networks, Inc.  The topics of SSL/TLS is enormous.  We will not cover every topic.  We will try to give you the basis of understanding so that we can talk about eavesdropping.  We will not be covering cryptographic attacks in the eavesdropping section.  If you have questions we will be more than happy to talk after class.  There is a lot of things we can discuss but lets stay on point.  I am the only rat hole digger in this lab. After the lab we can dig over a drink.  Actors: About this Lab/Lecture
4©A10 Networks, Inc.  Basics of SSL  Basics of SSL Eavesdropping  Utilizing SSL Eavesdropping for Defense  SSL Eavesdropping for Offense and Detection Lab Agenda
Basics of SSL/TLS
6©A10 Networks, Inc.  The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. - We will come back to this   Through Public key cryptography it is the basis for E-Commerce Security and Trust  Utilized by almost everyone: “Who wants to be secure…”  Source of pain felt globally when vulnerabilities are found.  For non-security people, it is: – Blindly Trusted – Never questioned – Always Secure What is SSL?
7©A10 Networks, Inc.  Think of SSL/TLS having four parts: – The Protocol – Key Exchange – Bulk Crypto Operations – Chain of Trust  The primary purpose of SSL/TLS to compute a secret key that will be utilized for symmetric encryption. – This is accomplished through Asymmetric Cryptography The Purpose of SSL/TLS
8©A10 Networks, Inc.  SSL/TLS can provide: – identification:  When the Chain of Trust can be established. – authentication  When client authentication is enabled. – confidentiality  Encryption of data in flight. – integrity  Through Cipher Suites Benefits
The SSL/TLS Protocol
10©A10 Networks, Inc. Protocol Basics Think of the TLS handshake messages similar to TCP handshake. The messages are to negotiate a set of parameters that will be utilized going forward.
11©A10 Networks, Inc. Client Hello Purpose: 1. Establish Protocol Version 2. Send Random Number 1 3. Session ID if it exist 4. Send List of support Cipher Suites 1. Each Cipher will tell you what it is doing. You have to just understand what each segment explains 5. Compression Algorithm
12©A10 Networks, Inc. Purpose: 1. Version Number 2. Send Random Number 2 3. Session ID if exist. 4. Set the Cipher Suite 5. Send Public Certificate. 6. Compression Algorithm Server Hello
13©A10 Networks, Inc. Client Key Exchange Purpose: 1. Send Pre-shared Master encrypted with Public Key Between the Server Hello and the Client Key Exchange the Client Validates the Certificate against its Root CA list. We will discuss this a later section.
14©A10 Networks, Inc. Client Change Cipher Spec Purpose: 1. Notify Server that all further messages will be Encrypted
15©A10 Networks, Inc. Client Encrypted Handshake Message Purpose: 1. First messaged send to server that is encrypted. 2. Will be utilized by server to see if encrypted channel is valid. 3. End of handshake from client
16©A10 Networks, Inc. Server Change Cipher Spec & Encrypted Handshake Message Purpose: 1. Notifies client that server decrypted messages 2. Generates the master secrete and sends the client a finish message encrypted.
17©A10 Networks, Inc.  Version Differences  SSL Alerts  MAC  HMAC What was note covered
Public-Key Cryptography and their corresponding cipher suites
19©A10 Networks, Inc.  RSA – RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician, had developed an equivalent system in 1973, but it was not declassified until 1997.[1]**wikipedia – Currently is the most widely utilized. – Utilizes a modular arithmetic.  DH <- We are not going to cover this topic. We will talk about PFS and ECDH specifically. – first published by Whitfield Diffie and Martin Hellman in 1976.[2] By 1975, James H. Ellis,[3] Clifford Cocks and Malcolm J. Williamson within GCHQ, the British signals intelligence agency, had also shown how public-key cryptography could be achieved; however, their work was kept secret until 1997.[4]Utilizes **wikipedia – Utilizes a modular arithmetic.  ECC – The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. – Based on the algebraic structure of elliptic curves over finite fields. – Hurts my head to think don’t let the pretty graph fool you…. Public-Key Encryption Algorithms
Cipher Suites
21©A10 Networks, Inc. Cipher Suites notation cipher id a unique 2-3 byte cipher identifier. For example, SSL2_RC4_128_WITH_MD5 is identified as 0x010080 and TLS_RSA_WITH_3DES_EDE_CBC_SHA is identified as 0x00000A or simply 0x000A. Name common cipher suite name. TLS ciphers have //TLS_Kx_[Au]_FROM_Enc_MAC// format. SSL2 only use RSA for key exchange and authentication, so their names have //SSL2_Enc_WITH_MAC// format. Protocol Most ciphers suites fall into either //TLS// or //SSL/SSL2// protocols. The only exception is Microsoft's proprietary //PCT// protocol. Kx Key exchange algorithm. Most popular exchange methods are RSA and Diffie-Hellman (DH/DHE). Some of the more exotic methods include Kerberos (KRB5), Pre-Shared Key (PSK), and others. Au Authentication algorithm. RSA is commonly used for key authentication. Enc Symmetric encryption algorithm (e.g. DES, 3DES, AES, RC4, etc.) Bits Effective symmetric encryption key size in bits. Export for export outside US are limited to 40-56 bits. MAC Hashing algorithm used for TLS/SSL data packets integrity and authentication checks. Anon Anonymous cipher suites with no key authentication. Highly vulnerable to man in the middle attack. Export Intentionally crippled cipher suite to conform to US export laws. Symmetric cipher used in export cipher suites typically does not exceed 56bits. NULL Null cipher suites do not provide any data encryption and/or data integrity. //TLS_NULL_WITH_NULL_NULL (0x0000)// cipher suite is used during initial session establishment. Source:https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/
22©A10 Networks, Inc. Cipher Suite Examples Cipher ID Name Protocol Kx Au Enc Bits Mac 0x000009 TLS_RSA_WITH_DES_CBC_SHA TLS RSA RSA DES_CBC 56 SHA 0x00003C TLS_RSA_WITH_AES_128_CBC_SHA256 TLS RSA RSA AES_128_CBC 128 SHA256 0x00003D TLS_RSA_WITH_AES_256_CBC_SHA256 TLS RSA RSA AES_256_CBC 256 SHA256 0x00003E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 TLS DH DSS AES_128_CBC 128 SHA256 0x00003F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 TLS DH RSA AES_128_CBC 128 SHA256 0x00C00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS ECDH RSA AES_128_CBC 128 SHA 0x00C00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS ECDH RSA AES_256_CBC 256 SHA x00009E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS DHE RSA AES_128_GCM 128 SHA256 Green Indicates Perfect Forward Secrecy Support
RSA
24©A10 Networks, Inc.  Note: We are not talking about ECC Cipher Suite yet….. We will get to that.  Based on the RSA algorithm  Encryption: c = m^e mod n  Decryption: m = c^d mod n – Encryption and Decryption are inverse functions  Remember how back in school: 15 = 3*5 and the inverse is 5 = 15/3 RSA Asymmetric Cryptography Where: e = exponent m = message n = public cert d = private key c = cipher text
25©A10 Networks, Inc. Non-Padded Example e = 7 d = 1810402843 n = 2534665157 msg = "Hello World!" print "Message Send:", msg cipher_buffer = [] for m in msg: #c = pow(ord(m), e, n) c = pow(ord(m), e, n) print "Clear Text:",m, "| Cipher Text:",c cipher_buffer.append(c) print ”Message in flight", "".join(str(x) for x in cipher_buffer) msg = "" for c in cipher_buffer: m = chr(pow(c,d,n)) print "Cipher Text:", c, "| Clear Text:", m msg = msg + m print "Message Recieved:",msg Message Send: Hello World! Clear Text: H | Cipher Text: 942978039 Clear Text: e | Cipher Text: 2268399915 Clear Text: l | Cipher Text: 1042287397 Clear Text: l | Cipher Text: 1042287397 Clear Text: o | Cipher Text: 1592280001 Clear Text: | Cipher Text: 1409091327 Clear Text: W | Cipher Text: 2057956152 Clear Text: o | Cipher Text: 1592280001 Clear Text: r | Cipher Text: 2200164507 Clear Text: l | Cipher Text: 1042287397 Clear Text: d | Cipher Text: 2390226036 Clear Text: ! | Cipher Text: 2063800465 Message in flight: 94297803922683999151042287397104228739715922800011 40909132720579561521592280001220016450710422873972 3902260362063800465 Cipher Text: 942978039 | Clear Text: H Cipher Text: 2268399915 | Clear Text: e Cipher Text: 1042287397 | Clear Text: l Cipher Text: 1042287397 | Clear Text: l Cipher Text: 1592280001 | Clear Text: o Cipher Text: 1409091327 | Clear Text: Cipher Text: 2057956152 | Clear Text: W Cipher Text: 1592280001 | Clear Text: o Cipher Text: 2200164507 | Clear Text: r Cipher Text: 1042287397 | Clear Text: l Cipher Text: 2390226036 | Clear Text: d Cipher Text: 2063800465 | Clear Text: ! Message Received: Hello World!
26©A10 Networks, Inc.  This is where padding schemas come into play.  However lots of padding attacks are discovered.  Read online about this if you want to dig deeper. . Plain RSA is vulnerable to attack….
Basic SSL/TLS Math – Using ECC Cipher Suites and enabling Perfect Forward Secrecy
28©A10 Networks, Inc. ECC Cryptography Equation: y^2 = x^3 + ax + b However there is a lot of complex subject behind it… If you want to read a great set of post visit: http://jeremykun.com/2014/02/08/introduci ng-elliptic-curves/ https://www.certicom.com/10-introduction So lets move on to ECDH to get a practical example.
29©A10 Networks, Inc. Diffie–Hellman Alice and Bob agree to use a prime number p = 23 and base g = 5 (which is a primitive root modulo 23). Alice chooses a secret integer a = 6, then sends Bob A = ga mod p A = 56 mod 23 = 8 Bob chooses a secret integer b = 15, then sends Alice B = gb mod p B = 515 mod 23 = 19 Alice computes s = Ba mod p s = 196 mod 23 = 2 Bob computes s = Ab mod p s = 815 mod 23 = 2 Alice and Bob now share a secret (the number 2). http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
30©A10 Networks, Inc.  Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel.  The shared secrete will be utilized to perform symmetric encryption. – In the case of the following Cipher Specification AES^256 is utilized:  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH When reviewing ECC I was configured about how the Finite Field was initialized and I realized it specified in the domain parameters. For more information http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-56Arev1_3-8- 07.pdf
31©A10 Networks, Inc.  Session 1:  FiniteField: 3851  Secret keys, Alice: 194 , Bob:33  base_point (920 (mod 3851), 303 (mod 3851)) 3014 2809  Public keys, Alice:(3014 (mod 3851), 2809 (mod 3851)) , Bob:(1324 (mod 3851), 2950 (mod 3851))  Shared secret: ALice:(2462 (mod 3851), 3558 (mod 3851)) , Bob:(2462 (mod 3851), 3558 (mod 3851))  Bob is extracing x-coordinate to get an integer shared secret: 2462  Alice is extracing x-coordinate to get an integer shared secret: 2462 ECDH Working Example Session 1
32©A10 Networks, Inc.  FiniteField: 3851  Secret keys, Alice: 90 , Bob:74  base_point (920 (mod 3851), 303 (mod 3851)) 1034 733  Public keys, Alice:(1034 (mod 3851), 733 (mod 3851)) , Bob:(3241 (mod 3851), 1093 (mod 3851))  Shared secret: Alice:(2718 (mod 3851), 3657 (mod 3851)) , Bob:(2718 (mod 3851), 3657 (mod 3851))  Bob is extracing x-coordinate to get an integer shared secret: 2718  Alice is extracing x-coordinate to get an integer shared secret: 2718 ECDH Working Example Session 2
33©A10 Networks, Inc.  forward secrecy is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.  You do not get this with RSA – Remember Client Random 1 and Sever Random 1 – If session was recorded and private key is compromised past sessions can be compromised – If private key is compromised then present and future sessions are also compromised.  Cipher suites that use ephemeral Diffie-Hellman (DHE) or the elliptic-curve variant (ECDHE) will have perfect forward secrecy Perfect Forward Secrecy
34©A10 Networks, Inc.  Lots of things…. Items Not in slides Covered in this section
Chain of Trust Anchored by Roots
36©A10 Networks, Inc. Building the Chain
37©A10 Networks, Inc. The Root Trusted Root Store on your device
38©A10 Networks, Inc.  CRL  CSR Items Not in slides Covered in this section
Basics of SSL/TLS Eavesdropping
40©A10 Networks, Inc.  http://threatpost.com/lenovo-superfish- certificate-password-cracked/111165  http://www.pcworld.com/article/2453343/micros oft-revokes-trust-in-certificate-authority-operated- by-the-indian-government.html  http://www.fastcompany.com/3042030/tech- forecast/the-huge-web-security-loophole-that- most-people-dont-know-about-and-how-its-be  on and on and on In the news
41©A10 Networks, Inc.  The rest of the class we will focus on Trusted Root CA Poisoning and Root CA Compromise.  We will focus on full-wire-control eavesdropping a.k.a Man-in-the-Middle  We not cover brute force or crypto attacks for eavesdropping.  If you want to explore server private key compromise then take a private key off the server and utilize wire shark. Eavesdropping
42©A10 Networks, Inc. BGP Route Injection ARP Poison Wireless control so on. Ways to Gain Full Wire Control
43©A10 Networks, Inc. Lets look at the chain of Trust one more time. 1. Lets talk, but I need to know if I should trust you. 2. Here is my cert saying I know ICARus and there is his signature. 3. Have I untrusted ICArus? No 4. Do I Trust ICArus? Let me Check 5. Here is my cert that says Carolyn Trust me and here is her signature. 6. Have I untrusted CArolyn? No 7. Do I Trust CArolyn? 8. Here is my cert that says I Trust myself and here is my signature signature. --- Carolyn’s Signature was Trusted by someone who put it their so I must Trust it, right? Why note…… 9. Hey buddy you’re a swell guy… Your Computer’s Certificate Store TrustUnTrusted You ICArus Someone CArolyn Kim John-Ca 1 2 3 5 4 8 7 9 6
44©A10 Networks, Inc.  Lost of money gets spent to become a CA.  Last time I checked in 2002 it was going to cost more in audit fees the first year then we calculated the first 10 years revenue would be…  Here is how to get into the Windows OS – https://msdn.microsoft.com/en-us/library/cc751157.aspx  If you are “really” a corporation you will do everything to make sure you are Trusted.  Not being Trusted can put you out of business…. An this is the problem… TO be or not to be...Trusted
45©A10 Networks, Inc.  From the time the CA is compromised to the time the compromise is discovered puts anyone who trusted that CA at risk for Man in the Middle Attacks.  After the CA compromise is discovered there is still a delta between a updated Revocation list or security update made available.  There is another delta between the revocation list or security update being made available until it is applied by the home user or the corporate administrator.  This is the WORST OF THE WORST because it could compromise everyone on the internet. Effects Root CA Compromise
46©A10 Networks, Inc.  This is where a ROOT CA certificate is implanted with in the Trusted ROOT CA store with out the knowledge or authorization of the owner of the system.  How can this happen? – Malware – Physical Access – Trusted programs – Ignorance…  This is a more targeted approach. This will also be the most common encountered. Root CA Poisoning
47©A10 Networks, Inc. Eve’s Frame of Reference Eve Offensive EveDefensive Eve Yourbank.dcc.lab Unsupecting Bob aka you Jerk-a-Jerk-a.dcc.lab Eves Frame of Reference www.hotspot.dcc.lab Comprimised Service HotSpot Full Wire Control Lab Overview Infected Bob Corporate Network
48©A10 Networks, Inc. Eve C2 - Defense You are allowed one rule group at a time. What this means is you can fill in every field however this will be the compete rule set. Click the activate button to send the defensive commands. Click the disable protection to remove the commands Active will overwrite the existing rule
49©A10 Networks, Inc. EVE C2 - Offense This tool be be utilized to inject content into the data path. It will also load the data that was captured form the Eavesdropping. Do not goose yourself by putting sensitive information into the lab systems.
50©A10 Networks, Inc. EVEC2 - Exploit This tool in conjunction with your browser or python scripts will give you the ability to send pre defined exploits to the server over SSL. The bot payload will send a pre-defind payload to the command server over SSL
51©A10 Networks, Inc. EVEC2 - Utility This will place your latest pcap file that has data.
52©A10 Networks, Inc.  Add Server Information here when lab it build  We will be utilizing DVWA which is a vulnerable web application written in PHP for as the target.  There are Twisted Instances that are written for Server Type
Utilizing SSL Eavesdropping for Defense
54©A10 Networks, Inc. Cyber Threats Hidden in SSL Traffic –35%+ of Internet traffic is encrypted –50% of attacks will use encryption to bypass controls by 2017 –80%+ of organizations with firewalls, IPS, or UTM do not decrypt SSL traffic 70%+ SSL Traffic For some organizations Sources: “SSL Performance Problems,” NSS Labs, 2013and service provider data “Security Leaders Must Address Threats From Rising SSL Traffic,” 2013
55©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
56©A10 Networks, Inc. Drivers for SSL Traffic Growth Snowden Leaks in June 2013 –Revelations of NSA snooping increased privacy concerns Privacy watchdogs now publish SSL report cards
57©A10 Networks, Inc. Surveillance and Search Engine Ranking  New disclosures in 2014 that governments were leveraging app vulnerabilities to inject surveillance software in web traffic – Targeted sites YouTube and Microsoft Live used as conduits to inject malware – Now YouTube & MS Live encrypt traffic  In August 2014, Google announced it would rank SSL sites higher for SEO Source: Washington Post
58©A10 Networks, Inc. SSL Performance Impact on Next Gen Firewalls 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Juniper SRX3600 Stonesoft 3202 Palo Alto Networks PA- 5020 SourceFire 8250 Check Point 12600 Dell SonicWALL E10800 Fortinet 3600C SourceFire 8290 Performance Impact with 2048-bit SSL Ciphers 81%: The average of performance loss across 7 NG Firewalls Source: “SSL Performance Problems,” NSS Labs, 2013
59©A10 Networks, Inc. SSL Encryption Risks
60©A10 Networks, Inc. BACKGROUND  Organization had deployed security devices from many leading security vendors  SSL traffic not inspected due to performance, scale, & complexity RESULT OF ATTACK  Attackers infiltrated network, installed malware, and stole data across multiple end-points  Organization dropped internet connectivity for days, performed lengthy forensics and remediation ESTIMATED FINANCIAL COSTS  Lost productivity and forensic investigation= Medium Cost  Loss of intellectual property = High Cost Impact of Not Inspecting SSL: A Case Study FINDINGS: Network security tools could have prevented this attack if the tools had had visibility into SSL traffic
61©A10 Networks, Inc. How Malware Developers Exploit Encrypted Traffic Botnet Herder Clients Data exfiltration over SSL channels Command and Control Servers HTTPS Malicious file in instant messaging Drive-by download from an HTTPS site Malicious attachment sent over SMTPS • Encryption obscures: – Bot installation – C&C communication – Data exfiltration
62©A10 Networks, Inc. Reference Architecture: Inline Deployment 1. A10 Thunder ADC decrypts outbound SSL traffic 2. A third-party security device inspects traffic in clear text 3. A second Thunder ADC appliance encrypts SSL traffic and forwards it to the Internet 4. Thunder ADC decrypts the response from the Internet 5. The third-party security device inspects inbound traffic 6. Thunder ADC encrypts and forwards the response to the server Other DLP UTM IDS Server A10 ADC A10 ADC Encrypted Decrypted Encrypted Inspection and Protection Client 1 6 2 5 3 4
63©A10 Networks, Inc. Reference Architecture: Non-inline Deployment  A Thunder ADC intercepts and decrypts SSL traffic  Thunder ADC forwards decrypted traffic to third party security devices  Security devices inspects traffic for attacks or data loss  Thunder ADC encrypts decrypted traffic and forwards it to the intended destination Encrypted Decrypted Encrypted Client A10 Thunder ADC Security Devices Internet Server
SSL/TLS Eavesdropping for Offense and Detection of.
65©A10 Networks, Inc. In the News
66©A10 Networks, Inc. SSL Eavesdropping Offense
67©A10 Networks, Inc.  Governments – Gathering Intelligence – Hiding exfiltration traffic – Avoid Detection – Bot Command and Control – others?  Criminals – Click Fraud – Theft of personal data – money – Ego What is the motivation?  SKY-NET – Destruction of the human race. – Kill John Conner
68©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
Lab 3: Offense
70©A10 Networks, Inc. Lab 3 Scenario You are at some coffee shop. You need to check your bank account because your (“Mine, I am projecting”) calls up and says I need $5000.00 today for college. So you connect to the WIFI hot spot and… Little did you know that DNS has been hijack and a server is in play owned by the attacker. The Eve here has full-wire-control because they own the hotspot. You figure that everything would be alright. So just click ok…
71©A10 Networks, Inc. SSL Eavesdropping Offense
72©A10 Networks, Inc.  Open Your Browser and go to and type in https://www.hotspot.dcc.lab/login/login.html  Enter any username  Enter any password  Click Login  You will be redirected. Lab 3 Instructions: Step 1
73©A10 Networks, Inc.  Once redirected download the application. Lab 3 Instructions: Step 2 Click
74©A10 Networks, Inc.  Install the application Lab 3 Instructions: Step 3
75©A10 Networks, Inc.  Application Will install ICON on Desktop.  If the Application is Not started click on the icon.  Enter any username and password again.  And Click Logon, Lab 3 Instructions: Step 4
76©A10 Networks, Inc.  Since we still need to install the certificate we will utilize a little bit of social engineering to get you do this.  Older Version of Windows or other operating systems this could be bypassed easier if we are delegated foo super user privileges during setup...  Just click ok… You son needs money. Lab 3 Instructions: Step 5
77©A10 Networks, Inc.  Accept is like most users. Lab 3 Instructions: Step 6
78©A10 Networks, Inc. Lab 3 Instructions: Step 7  When you see the log out button you know everything thing is good.  Your Browser will open over the application window. And take you to your banking website.  If you are not able to connect to install the certificate or can not signal to the attacker you will be denied access.
79©A10 Networks, Inc.  Validate the Bad Root CA is installed. Lab 3 Instructions: Step 8
SSL/TLS Eavesdropping for Offense and Detection of.
81©A10 Networks, Inc. SSL Eavesdropping Offense
82©A10 Networks, Inc.  Governments – Gathering Intelligence – Hiding exfiltration traffic – Avoid Detection – Bot Command and Control – others?  Criminals – Click Fraud – Theft of personal data – money – Ego What is the motivation?  SKY-NET – Destruction of the human race. – Kill John Conner
83©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
Offense Attack Example
85©A10 Networks, Inc. Attack Scenario You are at some coffee shop. You need to check your bank account because your (“Mine, I am projecting”) calls up and says I need $5000.00 today for college. So you connect to the WIFI hot spot and… Little did you know that DNS has been hijack and a server is in play owned by the attacker. The Eve here has full-wire-control because they own the hotspot. You figure that everything would be alright. So just click ok…
86©A10 Networks, Inc. SSL Eavesdropping Offense
87©A10 Networks, Inc.  Open Your Browser and go to and type in https://www.hotspot.dcc.lab/login/login.html  Enter any username  Enter any password  Click Login  You will be redirected. Redirect to the webpage
88©A10 Networks, Inc.  Once redirected download the application. Install Agent Click
89©A10 Networks, Inc.  Application Will install ICON on Desktop.  If the Application is Not started click on the icon.  Enter any username and password again.  And Click Logon, Lab 3 Instructions: Step 4
90©A10 Networks, Inc.  Validate the Bad Root CA is installed. Lab 3 Instructions: Step 8
Eaves Drop Detection Detection
92©A10 Networks, Inc. In the News
93©A10 Networks, Inc.  Cert Pinning  Embedded Certificate in Compiled Code.  OCSP  CRL How to protect against offensive attacks?
94©A10 Networks, Inc. Validation Server My Financial Server Unsuspecting Larry Eve  Physically Proximity Full-wire-control is needed for a successful attack.  Potentially PGP Encrypted Payload to validation services.  Validation Server outside of last mile different path. Third Party Alternate Path
95©A10 Networks, Inc. Example Code Detected Clear Path

Empfohlen

A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)
David Ayoub
 
A10 Thunder Mid-to-High End Appliances
A10 Thunder Mid-to-High End AppliancesA10 Thunder Mid-to-High End Appliances
A10 Thunder Mid-to-High End Appliances
A10 Networks
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is now
Cisco Canada
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Canada
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 

Empfohlen

A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)
David Ayoub
 
A10 Thunder Mid-to-High End Appliances
A10 Thunder Mid-to-High End AppliancesA10 Thunder Mid-to-High End Appliances
A10 Thunder Mid-to-High End Appliances
A10 Networks
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Canada
 
Cisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is nowCisco Connect Toronto 2017 - Your time is now
Cisco Connect Toronto 2017 - Your time is now
Cisco Canada
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation FirewallCisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
 
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi ExperienceCisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Canada
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetry
Cisco Canada
 
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud AdoptionCisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Canada
 
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
Ben Stricker
 
Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data Centers
A10 Networks
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logic
Alberto Rivai
 
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlowAuditor
 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)
Jeff Green
 
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 Networks
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Optimizing your client's wi fi experience
Optimizing your client's wi fi experience
Cisco Canada
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
Bangladesh Network Operators Group
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
Marie-Agnès PONS
 
13.) analytics (user experience)
13.) analytics (user experience)13.) analytics (user experience)
13.) analytics (user experience)
Jeff Green
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Canada
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Canada
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
Cisco Canada
 
Simplifying Cloud Adoption
Simplifying Cloud AdoptionSimplifying Cloud Adoption
Simplifying Cloud Adoption
Cisco Canada
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experienceOptimizing your client's wi fi experience
Optimizing your client's wi fi experience
Cisco Canada
 
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
A10 Networks
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)
Jeff Green
 
13.) analytics (user experience)
13.) analytics (user experience)13.) analytics (user experience)
13.) analytics (user experience)
Jeff Green
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
Cisco Canada
 

Was ist angesagt? (20)

Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetry
 
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud AdoptionCisco Connect Toronto 2017 - Simplifying Cloud Adoption
Cisco Connect Toronto 2017 - Simplifying Cloud Adoption
 
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruption with Expanded ...
 
Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data Centers
 
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logic
 
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08
 
15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)15.) cloud (opex, capex or hybrid)
15.) cloud (opex, capex or hybrid)
 
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experience Optimizing your client's wi fi experience
Optimizing your client's wi fi experience
 
Preventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP addressPreventing Traffic with Spoofed Source IP address
Preventing Traffic with Spoofed Source IP address
 
Vision one-customer
Vision one-customerVision one-customer
Vision one-customer
 
13.) analytics (user experience)
13.) analytics (user experience)13.) analytics (user experience)
13.) analytics (user experience)
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 
Cisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex updateCisco Connect Toronto 2017 - UCS and Hyperflex update
Cisco Connect Toronto 2017 - UCS and Hyperflex update
 
Leverage the Network
Leverage the NetworkLeverage the Network
Leverage the Network
 
Simplifying Cloud Adoption
Simplifying Cloud AdoptionSimplifying Cloud Adoption
Simplifying Cloud Adoption
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
 
Optimizing your client's wi fi experience
Optimizing your client's wi fi experienceOptimizing your client's wi fi experience
Optimizing your client's wi fi experience
 

Andere mochten auch

Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
A10 Networks
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430S
A10 Networks
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
A10 Networks
 

Andere mochten auch (12)

Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430S
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
 
Sales Analytics by Trucon
Sales Analytics by TruconSales Analytics by Trucon
Sales Analytics by Trucon
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric Vanderburg
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 
Database Security
Database SecurityDatabase Security
Database Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
 
Database Security
Database SecurityDatabase Security
Database Security
 
Web Security
Web SecurityWeb Security
Web Security
 

Ähnlich wie SSL/TLS Eavesdropping with Fullpath Control

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
Amazon Web Services
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
dkaya
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Hacking SSL When Using RC4
Hacking SSL When Using RC4Hacking SSL When Using RC4
Hacking SSL When Using RC4
Khairi Aiman
 

Ähnlich wie SSL/TLS Eavesdropping with Fullpath Control (20)

Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
HTTPS: All you need to know
HTTPS: All you need to knowHTTPS: All you need to know
HTTPS: All you need to know
 
Go paranoid
Go paranoidGo paranoid
Go paranoid
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
F5 tcpdump
F5 tcpdumpF5 tcpdump
F5 tcpdump
 
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Unit 6
Unit 6Unit 6
Unit 6
 
SSL overview
SSL overviewSSL overview
SSL overview
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Hacking SSL When Using RC4
Hacking SSL When Using RC4Hacking SSL When Using RC4
Hacking SSL When Using RC4
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
Wireless LAN Security Fundamentals
Wireless LAN Security FundamentalsWireless LAN Security Fundamentals
Wireless LAN Security Fundamentals
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 

Kürzlich hochgeladen

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 

Kürzlich hochgeladen (20)

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 

SSL/TLS Eavesdropping with Fullpath Control

  • 1. ©A10 Networks, Inc. The Mechanics of SSL/TLS Eavesdropping with Full Path Control Mike Thompson
  • 2. 2©A10 Networks, Inc.  Not a Mathematician!!! -> Don’t fault me on my math.  Work for A10 Networks as a Principal Architect.  Jack of all trades  Formula One Junky  Python Junky  You can find me on LinkedIn: Layer427expert A little about myself
  • 3. 3©A10 Networks, Inc.  The topics of SSL/TLS is enormous.  We will not cover every topic.  We will try to give you the basis of understanding so that we can talk about eavesdropping.  We will not be covering cryptographic attacks in the eavesdropping section.  If you have questions we will be more than happy to talk after class.  There is a lot of things we can discuss but lets stay on point.  I am the only rat hole digger in this lab. After the lab we can dig over a drink.  Actors: About this Lab/Lecture
  • 4. 4©A10 Networks, Inc.  Basics of SSL  Basics of SSL Eavesdropping  Utilizing SSL Eavesdropping for Defense  SSL Eavesdropping for Offense and Detection Lab Agenda
  • 6. 6©A10 Networks, Inc.  The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. - We will come back to this   Through Public key cryptography it is the basis for E-Commerce Security and Trust  Utilized by almost everyone: “Who wants to be secure…”  Source of pain felt globally when vulnerabilities are found.  For non-security people, it is: – Blindly Trusted – Never questioned – Always Secure What is SSL?
  • 7. 7©A10 Networks, Inc.  Think of SSL/TLS having four parts: – The Protocol – Key Exchange – Bulk Crypto Operations – Chain of Trust  The primary purpose of SSL/TLS to compute a secret key that will be utilized for symmetric encryption. – This is accomplished through Asymmetric Cryptography The Purpose of SSL/TLS
  • 8. 8©A10 Networks, Inc.  SSL/TLS can provide: – identification:  When the Chain of Trust can be established. – authentication  When client authentication is enabled. – confidentiality  Encryption of data in flight. – integrity  Through Cipher Suites Benefits
  • 10. 10©A10 Networks, Inc. Protocol Basics Think of the TLS handshake messages similar to TCP handshake. The messages are to negotiate a set of parameters that will be utilized going forward.
  • 11. 11©A10 Networks, Inc. Client Hello Purpose: 1. Establish Protocol Version 2. Send Random Number 1 3. Session ID if it exist 4. Send List of support Cipher Suites 1. Each Cipher will tell you what it is doing. You have to just understand what each segment explains 5. Compression Algorithm
  • 12. 12©A10 Networks, Inc. Purpose: 1. Version Number 2. Send Random Number 2 3. Session ID if exist. 4. Set the Cipher Suite 5. Send Public Certificate. 6. Compression Algorithm Server Hello
  • 13. 13©A10 Networks, Inc. Client Key Exchange Purpose: 1. Send Pre-shared Master encrypted with Public Key Between the Server Hello and the Client Key Exchange the Client Validates the Certificate against its Root CA list. We will discuss this a later section.
  • 14. 14©A10 Networks, Inc. Client Change Cipher Spec Purpose: 1. Notify Server that all further messages will be Encrypted
  • 15. 15©A10 Networks, Inc. Client Encrypted Handshake Message Purpose: 1. First messaged send to server that is encrypted. 2. Will be utilized by server to see if encrypted channel is valid. 3. End of handshake from client
  • 16. 16©A10 Networks, Inc. Server Change Cipher Spec & Encrypted Handshake Message Purpose: 1. Notifies client that server decrypted messages 2. Generates the master secrete and sends the client a finish message encrypted.
  • 17. 17©A10 Networks, Inc.  Version Differences  SSL Alerts  MAC  HMAC What was note covered
  • 18. Public-Key Cryptography and their corresponding cipher suites
  • 19. 19©A10 Networks, Inc.  RSA – RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977. Clifford Cocks, an English mathematician, had developed an equivalent system in 1973, but it was not declassified until 1997.[1]**wikipedia – Currently is the most widely utilized. – Utilizes a modular arithmetic.  DH <- We are not going to cover this topic. We will talk about PFS and ECDH specifically. – first published by Whitfield Diffie and Martin Hellman in 1976.[2] By 1975, James H. Ellis,[3] Clifford Cocks and Malcolm J. Williamson within GCHQ, the British signals intelligence agency, had also shown how public-key cryptography could be achieved; however, their work was kept secret until 1997.[4]Utilizes **wikipedia – Utilizes a modular arithmetic.  ECC – The use of elliptic curves in cryptography was suggested independently by Neal Koblitz[1] and Victor S. Miller[2] in 1985. Elliptic curve cryptography algorithms entered wide use in 2004 to 2005. – Based on the algebraic structure of elliptic curves over finite fields. – Hurts my head to think don’t let the pretty graph fool you…. Public-Key Encryption Algorithms
  • 21. 21©A10 Networks, Inc. Cipher Suites notation cipher id a unique 2-3 byte cipher identifier. For example, SSL2_RC4_128_WITH_MD5 is identified as 0x010080 and TLS_RSA_WITH_3DES_EDE_CBC_SHA is identified as 0x00000A or simply 0x000A. Name common cipher suite name. TLS ciphers have //TLS_Kx_[Au]_FROM_Enc_MAC// format. SSL2 only use RSA for key exchange and authentication, so their names have //SSL2_Enc_WITH_MAC// format. Protocol Most ciphers suites fall into either //TLS// or //SSL/SSL2// protocols. The only exception is Microsoft's proprietary //PCT// protocol. Kx Key exchange algorithm. Most popular exchange methods are RSA and Diffie-Hellman (DH/DHE). Some of the more exotic methods include Kerberos (KRB5), Pre-Shared Key (PSK), and others. Au Authentication algorithm. RSA is commonly used for key authentication. Enc Symmetric encryption algorithm (e.g. DES, 3DES, AES, RC4, etc.) Bits Effective symmetric encryption key size in bits. Export for export outside US are limited to 40-56 bits. MAC Hashing algorithm used for TLS/SSL data packets integrity and authentication checks. Anon Anonymous cipher suites with no key authentication. Highly vulnerable to man in the middle attack. Export Intentionally crippled cipher suite to conform to US export laws. Symmetric cipher used in export cipher suites typically does not exceed 56bits. NULL Null cipher suites do not provide any data encryption and/or data integrity. //TLS_NULL_WITH_NULL_NULL (0x0000)// cipher suite is used during initial session establishment. Source:https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/
  • 22. 22©A10 Networks, Inc. Cipher Suite Examples Cipher ID Name Protocol Kx Au Enc Bits Mac 0x000009 TLS_RSA_WITH_DES_CBC_SHA TLS RSA RSA DES_CBC 56 SHA 0x00003C TLS_RSA_WITH_AES_128_CBC_SHA256 TLS RSA RSA AES_128_CBC 128 SHA256 0x00003D TLS_RSA_WITH_AES_256_CBC_SHA256 TLS RSA RSA AES_256_CBC 256 SHA256 0x00003E TLS_DH_DSS_WITH_AES_128_CBC_SHA256 TLS DH DSS AES_128_CBC 128 SHA256 0x00003F TLS_DH_RSA_WITH_AES_128_CBC_SHA256 TLS DH RSA AES_128_CBC 128 SHA256 0x00C00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS ECDH RSA AES_128_CBC 128 SHA 0x00C00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS ECDH RSA AES_256_CBC 256 SHA x00009E TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS DHE RSA AES_128_GCM 128 SHA256 Green Indicates Perfect Forward Secrecy Support
  • 23. RSA
  • 24. 24©A10 Networks, Inc.  Note: We are not talking about ECC Cipher Suite yet….. We will get to that.  Based on the RSA algorithm  Encryption: c = m^e mod n  Decryption: m = c^d mod n – Encryption and Decryption are inverse functions  Remember how back in school: 15 = 3*5 and the inverse is 5 = 15/3 RSA Asymmetric Cryptography Where: e = exponent m = message n = public cert d = private key c = cipher text
  • 25. 25©A10 Networks, Inc. Non-Padded Example e = 7 d = 1810402843 n = 2534665157 msg = "Hello World!" print "Message Send:", msg cipher_buffer = [] for m in msg: #c = pow(ord(m), e, n) c = pow(ord(m), e, n) print "Clear Text:",m, "| Cipher Text:",c cipher_buffer.append(c) print ”Message in flight", "".join(str(x) for x in cipher_buffer) msg = "" for c in cipher_buffer: m = chr(pow(c,d,n)) print "Cipher Text:", c, "| Clear Text:", m msg = msg + m print "Message Recieved:",msg Message Send: Hello World! Clear Text: H | Cipher Text: 942978039 Clear Text: e | Cipher Text: 2268399915 Clear Text: l | Cipher Text: 1042287397 Clear Text: l | Cipher Text: 1042287397 Clear Text: o | Cipher Text: 1592280001 Clear Text: | Cipher Text: 1409091327 Clear Text: W | Cipher Text: 2057956152 Clear Text: o | Cipher Text: 1592280001 Clear Text: r | Cipher Text: 2200164507 Clear Text: l | Cipher Text: 1042287397 Clear Text: d | Cipher Text: 2390226036 Clear Text: ! | Cipher Text: 2063800465 Message in flight: 94297803922683999151042287397104228739715922800011 40909132720579561521592280001220016450710422873972 3902260362063800465 Cipher Text: 942978039 | Clear Text: H Cipher Text: 2268399915 | Clear Text: e Cipher Text: 1042287397 | Clear Text: l Cipher Text: 1042287397 | Clear Text: l Cipher Text: 1592280001 | Clear Text: o Cipher Text: 1409091327 | Clear Text: Cipher Text: 2057956152 | Clear Text: W Cipher Text: 1592280001 | Clear Text: o Cipher Text: 2200164507 | Clear Text: r Cipher Text: 1042287397 | Clear Text: l Cipher Text: 2390226036 | Clear Text: d Cipher Text: 2063800465 | Clear Text: ! Message Received: Hello World!
  • 26. 26©A10 Networks, Inc.  This is where padding schemas come into play.  However lots of padding attacks are discovered.  Read online about this if you want to dig deeper. . Plain RSA is vulnerable to attack….
  • 27. Basic SSL/TLS Math – Using ECC Cipher Suites and enabling Perfect Forward Secrecy
  • 28. 28©A10 Networks, Inc. ECC Cryptography Equation: y^2 = x^3 + ax + b However there is a lot of complex subject behind it… If you want to read a great set of post visit: http://jeremykun.com/2014/02/08/introduci ng-elliptic-curves/ https://www.certicom.com/10-introduction So lets move on to ECDH to get a practical example.
  • 29. 29©A10 Networks, Inc. Diffie–Hellman Alice and Bob agree to use a prime number p = 23 and base g = 5 (which is a primitive root modulo 23). Alice chooses a secret integer a = 6, then sends Bob A = ga mod p A = 56 mod 23 = 8 Bob chooses a secret integer b = 15, then sends Alice B = gb mod p B = 515 mod 23 = 19 Alice computes s = Ba mod p s = 196 mod 23 = 2 Bob computes s = Ab mod p s = 815 mod 23 = 2 Alice and Bob now share a secret (the number 2). http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
  • 30. 30©A10 Networks, Inc.  Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel.  The shared secrete will be utilized to perform symmetric encryption. – In the case of the following Cipher Specification AES^256 is utilized:  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH When reviewing ECC I was configured about how the Finite Field was initialized and I realized it specified in the domain parameters. For more information http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-56Arev1_3-8- 07.pdf
  • 31. 31©A10 Networks, Inc.  Session 1:  FiniteField: 3851  Secret keys, Alice: 194 , Bob:33  base_point (920 (mod 3851), 303 (mod 3851)) 3014 2809  Public keys, Alice:(3014 (mod 3851), 2809 (mod 3851)) , Bob:(1324 (mod 3851), 2950 (mod 3851))  Shared secret: ALice:(2462 (mod 3851), 3558 (mod 3851)) , Bob:(2462 (mod 3851), 3558 (mod 3851))  Bob is extracing x-coordinate to get an integer shared secret: 2462  Alice is extracing x-coordinate to get an integer shared secret: 2462 ECDH Working Example Session 1
  • 32. 32©A10 Networks, Inc.  FiniteField: 3851  Secret keys, Alice: 90 , Bob:74  base_point (920 (mod 3851), 303 (mod 3851)) 1034 733  Public keys, Alice:(1034 (mod 3851), 733 (mod 3851)) , Bob:(3241 (mod 3851), 1093 (mod 3851))  Shared secret: Alice:(2718 (mod 3851), 3657 (mod 3851)) , Bob:(2718 (mod 3851), 3657 (mod 3851))  Bob is extracing x-coordinate to get an integer shared secret: 2718  Alice is extracing x-coordinate to get an integer shared secret: 2718 ECDH Working Example Session 2
  • 33. 33©A10 Networks, Inc.  forward secrecy is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.  You do not get this with RSA – Remember Client Random 1 and Sever Random 1 – If session was recorded and private key is compromised past sessions can be compromised – If private key is compromised then present and future sessions are also compromised.  Cipher suites that use ephemeral Diffie-Hellman (DHE) or the elliptic-curve variant (ECDHE) will have perfect forward secrecy Perfect Forward Secrecy
  • 34. 34©A10 Networks, Inc.  Lots of things…. Items Not in slides Covered in this section
  • 35. Chain of Trust Anchored by Roots
  • 37. 37©A10 Networks, Inc. The Root Trusted Root Store on your device
  • 38. 38©A10 Networks, Inc.  CRL  CSR Items Not in slides Covered in this section
  • 40. 40©A10 Networks, Inc.  http://threatpost.com/lenovo-superfish- certificate-password-cracked/111165  http://www.pcworld.com/article/2453343/micros oft-revokes-trust-in-certificate-authority-operated- by-the-indian-government.html  http://www.fastcompany.com/3042030/tech- forecast/the-huge-web-security-loophole-that- most-people-dont-know-about-and-how-its-be  on and on and on In the news
  • 41. 41©A10 Networks, Inc.  The rest of the class we will focus on Trusted Root CA Poisoning and Root CA Compromise.  We will focus on full-wire-control eavesdropping a.k.a Man-in-the-Middle  We not cover brute force or crypto attacks for eavesdropping.  If you want to explore server private key compromise then take a private key off the server and utilize wire shark. Eavesdropping
  • 42. 42©A10 Networks, Inc. BGP Route Injection ARP Poison Wireless control so on. Ways to Gain Full Wire Control
  • 43. 43©A10 Networks, Inc. Lets look at the chain of Trust one more time. 1. Lets talk, but I need to know if I should trust you. 2. Here is my cert saying I know ICARus and there is his signature. 3. Have I untrusted ICArus? No 4. Do I Trust ICArus? Let me Check 5. Here is my cert that says Carolyn Trust me and here is her signature. 6. Have I untrusted CArolyn? No 7. Do I Trust CArolyn? 8. Here is my cert that says I Trust myself and here is my signature signature. --- Carolyn’s Signature was Trusted by someone who put it their so I must Trust it, right? Why note…… 9. Hey buddy you’re a swell guy… Your Computer’s Certificate Store TrustUnTrusted You ICArus Someone CArolyn Kim John-Ca 1 2 3 5 4 8 7 9 6
  • 44. 44©A10 Networks, Inc.  Lost of money gets spent to become a CA.  Last time I checked in 2002 it was going to cost more in audit fees the first year then we calculated the first 10 years revenue would be…  Here is how to get into the Windows OS – https://msdn.microsoft.com/en-us/library/cc751157.aspx  If you are “really” a corporation you will do everything to make sure you are Trusted.  Not being Trusted can put you out of business…. An this is the problem… TO be or not to be...Trusted
  • 45. 45©A10 Networks, Inc.  From the time the CA is compromised to the time the compromise is discovered puts anyone who trusted that CA at risk for Man in the Middle Attacks.  After the CA compromise is discovered there is still a delta between a updated Revocation list or security update made available.  There is another delta between the revocation list or security update being made available until it is applied by the home user or the corporate administrator.  This is the WORST OF THE WORST because it could compromise everyone on the internet. Effects Root CA Compromise
  • 46. 46©A10 Networks, Inc.  This is where a ROOT CA certificate is implanted with in the Trusted ROOT CA store with out the knowledge or authorization of the owner of the system.  How can this happen? – Malware – Physical Access – Trusted programs – Ignorance…  This is a more targeted approach. This will also be the most common encountered. Root CA Poisoning
  • 47. 47©A10 Networks, Inc. Eve’s Frame of Reference Eve Offensive EveDefensive Eve Yourbank.dcc.lab Unsupecting Bob aka you Jerk-a-Jerk-a.dcc.lab Eves Frame of Reference www.hotspot.dcc.lab Comprimised Service HotSpot Full Wire Control Lab Overview Infected Bob Corporate Network
  • 48. 48©A10 Networks, Inc. Eve C2 - Defense You are allowed one rule group at a time. What this means is you can fill in every field however this will be the compete rule set. Click the activate button to send the defensive commands. Click the disable protection to remove the commands Active will overwrite the existing rule
  • 49. 49©A10 Networks, Inc. EVE C2 - Offense This tool be be utilized to inject content into the data path. It will also load the data that was captured form the Eavesdropping. Do not goose yourself by putting sensitive information into the lab systems.
  • 50. 50©A10 Networks, Inc. EVEC2 - Exploit This tool in conjunction with your browser or python scripts will give you the ability to send pre defined exploits to the server over SSL. The bot payload will send a pre-defind payload to the command server over SSL
  • 51. 51©A10 Networks, Inc. EVEC2 - Utility This will place your latest pcap file that has data.
  • 52. 52©A10 Networks, Inc.  Add Server Information here when lab it build  We will be utilizing DVWA which is a vulnerable web application written in PHP for as the target.  There are Twisted Instances that are written for Server Type
  • 54. 54©A10 Networks, Inc. Cyber Threats Hidden in SSL Traffic –35%+ of Internet traffic is encrypted –50% of attacks will use encryption to bypass controls by 2017 –80%+ of organizations with firewalls, IPS, or UTM do not decrypt SSL traffic 70%+ SSL Traffic For some organizations Sources: “SSL Performance Problems,” NSS Labs, 2013and service provider data “Security Leaders Must Address Threats From Rising SSL Traffic,” 2013
  • 55. 55©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
  • 56. 56©A10 Networks, Inc. Drivers for SSL Traffic Growth Snowden Leaks in June 2013 –Revelations of NSA snooping increased privacy concerns Privacy watchdogs now publish SSL report cards
  • 57. 57©A10 Networks, Inc. Surveillance and Search Engine Ranking  New disclosures in 2014 that governments were leveraging app vulnerabilities to inject surveillance software in web traffic – Targeted sites YouTube and Microsoft Live used as conduits to inject malware – Now YouTube & MS Live encrypt traffic  In August 2014, Google announced it would rank SSL sites higher for SEO Source: Washington Post
  • 58. 58©A10 Networks, Inc. SSL Performance Impact on Next Gen Firewalls 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Juniper SRX3600 Stonesoft 3202 Palo Alto Networks PA- 5020 SourceFire 8250 Check Point 12600 Dell SonicWALL E10800 Fortinet 3600C SourceFire 8290 Performance Impact with 2048-bit SSL Ciphers 81%: The average of performance loss across 7 NG Firewalls Source: “SSL Performance Problems,” NSS Labs, 2013
  • 59. 59©A10 Networks, Inc. SSL Encryption Risks
  • 60. 60©A10 Networks, Inc. BACKGROUND  Organization had deployed security devices from many leading security vendors  SSL traffic not inspected due to performance, scale, & complexity RESULT OF ATTACK  Attackers infiltrated network, installed malware, and stole data across multiple end-points  Organization dropped internet connectivity for days, performed lengthy forensics and remediation ESTIMATED FINANCIAL COSTS  Lost productivity and forensic investigation= Medium Cost  Loss of intellectual property = High Cost Impact of Not Inspecting SSL: A Case Study FINDINGS: Network security tools could have prevented this attack if the tools had had visibility into SSL traffic
  • 61. 61©A10 Networks, Inc. How Malware Developers Exploit Encrypted Traffic Botnet Herder Clients Data exfiltration over SSL channels Command and Control Servers HTTPS Malicious file in instant messaging Drive-by download from an HTTPS site Malicious attachment sent over SMTPS • Encryption obscures: – Bot installation – C&C communication – Data exfiltration
  • 62. 62©A10 Networks, Inc. Reference Architecture: Inline Deployment 1. A10 Thunder ADC decrypts outbound SSL traffic 2. A third-party security device inspects traffic in clear text 3. A second Thunder ADC appliance encrypts SSL traffic and forwards it to the Internet 4. Thunder ADC decrypts the response from the Internet 5. The third-party security device inspects inbound traffic 6. Thunder ADC encrypts and forwards the response to the server Other DLP UTM IDS Server A10 ADC A10 ADC Encrypted Decrypted Encrypted Inspection and Protection Client 1 6 2 5 3 4
  • 63. 63©A10 Networks, Inc. Reference Architecture: Non-inline Deployment  A Thunder ADC intercepts and decrypts SSL traffic  Thunder ADC forwards decrypted traffic to third party security devices  Security devices inspects traffic for attacks or data loss  Thunder ADC encrypts decrypted traffic and forwards it to the intended destination Encrypted Decrypted Encrypted Client A10 Thunder ADC Security Devices Internet Server
  • 66. 66©A10 Networks, Inc. SSL Eavesdropping Offense
  • 67. 67©A10 Networks, Inc.  Governments – Gathering Intelligence – Hiding exfiltration traffic – Avoid Detection – Bot Command and Control – others?  Criminals – Click Fraud – Theft of personal data – money – Ego What is the motivation?  SKY-NET – Destruction of the human race. – Kill John Conner
  • 68. 68©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
  • 70. 70©A10 Networks, Inc. Lab 3 Scenario You are at some coffee shop. You need to check your bank account because your (“Mine, I am projecting”) calls up and says I need $5000.00 today for college. So you connect to the WIFI hot spot and… Little did you know that DNS has been hijack and a server is in play owned by the attacker. The Eve here has full-wire-control because they own the hotspot. You figure that everything would be alright. So just click ok…
  • 71. 71©A10 Networks, Inc. SSL Eavesdropping Offense
  • 72. 72©A10 Networks, Inc.  Open Your Browser and go to and type in https://www.hotspot.dcc.lab/login/login.html  Enter any username  Enter any password  Click Login  You will be redirected. Lab 3 Instructions: Step 1
  • 73. 73©A10 Networks, Inc.  Once redirected download the application. Lab 3 Instructions: Step 2 Click
  • 74. 74©A10 Networks, Inc.  Install the application Lab 3 Instructions: Step 3
  • 75. 75©A10 Networks, Inc.  Application Will install ICON on Desktop.  If the Application is Not started click on the icon.  Enter any username and password again.  And Click Logon, Lab 3 Instructions: Step 4
  • 76. 76©A10 Networks, Inc.  Since we still need to install the certificate we will utilize a little bit of social engineering to get you do this.  Older Version of Windows or other operating systems this could be bypassed easier if we are delegated foo super user privileges during setup...  Just click ok… You son needs money. Lab 3 Instructions: Step 5
  • 77. 77©A10 Networks, Inc.  Accept is like most users. Lab 3 Instructions: Step 6
  • 78. 78©A10 Networks, Inc. Lab 3 Instructions: Step 7  When you see the log out button you know everything thing is good.  Your Browser will open over the application window. And take you to your banking website.  If you are not able to connect to install the certificate or can not signal to the attacker you will be denied access.
  • 79. 79©A10 Networks, Inc.  Validate the Bad Root CA is installed. Lab 3 Instructions: Step 8
  • 81. 81©A10 Networks, Inc. SSL Eavesdropping Offense
  • 82. 82©A10 Networks, Inc.  Governments – Gathering Intelligence – Hiding exfiltration traffic – Avoid Detection – Bot Command and Control – others?  Criminals – Click Fraud – Theft of personal data – money – Ego What is the motivation?  SKY-NET – Destruction of the human race. – Kill John Conner
  • 83. 83©A10 Networks, Inc. SSL Traffic Observed by a Service Provider  SSL ~40% of Traffic
  • 85. 85©A10 Networks, Inc. Attack Scenario You are at some coffee shop. You need to check your bank account because your (“Mine, I am projecting”) calls up and says I need $5000.00 today for college. So you connect to the WIFI hot spot and… Little did you know that DNS has been hijack and a server is in play owned by the attacker. The Eve here has full-wire-control because they own the hotspot. You figure that everything would be alright. So just click ok…
  • 86. 86©A10 Networks, Inc. SSL Eavesdropping Offense
  • 87. 87©A10 Networks, Inc.  Open Your Browser and go to and type in https://www.hotspot.dcc.lab/login/login.html  Enter any username  Enter any password  Click Login  You will be redirected. Redirect to the webpage
  • 88. 88©A10 Networks, Inc.  Once redirected download the application. Install Agent Click
  • 89. 89©A10 Networks, Inc.  Application Will install ICON on Desktop.  If the Application is Not started click on the icon.  Enter any username and password again.  And Click Logon, Lab 3 Instructions: Step 4
  • 90. 90©A10 Networks, Inc.  Validate the Bad Root CA is installed. Lab 3 Instructions: Step 8
  • 93. 93©A10 Networks, Inc.  Cert Pinning  Embedded Certificate in Compiled Code.  OCSP  CRL How to protect against offensive attacks?
  • 94. 94©A10 Networks, Inc. Validation Server My Financial Server Unsuspecting Larry Eve  Physically Proximity Full-wire-control is needed for a successful attack.  Potentially PGP Encrypted Payload to validation services.  Validation Server outside of last mile different path. Third Party Alternate Path
  • 95. 95©A10 Networks, Inc. Example Code Detected Clear Path