Security Protocols/Standards

Transcription

1 Security Protocols/Standards

2 Security Protocols/Standards

3 Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity of communications?

4 Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic mechanisms TCP/IP Stack Application (HTTP,SMTP) Transport (TCP/UDP) Internet (IP) Network (Ethernet) Security Protocols HTTPS/ DNSSEC TLS Transport (TCP/UDP) Internet (IPSEC) Network (802.11i) Unsecure Secure

5 Transport Layer Security (TLS)

6 TLS Previous Secure Sockets Layer (SSL) Originally designed to support secure HTTP (HTTPS) Runs over TCP Datagram TLS TLS equivalent for UDP Currently used to secure many other protocols Provides: Authentication/Integrity uses MACs Confidentiality encryption of messages

7 TLS/SSL Versions Older SSL well known security vulnerabilities SSL 3.0 weak key generation Government Approved (based on NIST SP rev 1) TLS 1.0 not significantly different than SSLv3 Only when dealing with business/public (not govt only comm.) Browser Exploit Against SSL/TLS (BEAST) vulnerabilitiy TLS 1.1 fixes some issues with CBC mode, other fixes TLS 1.2 specify SHA-2 (256,512 bit) hash functions

8 TLS Protocol Stack

9 TLS Record Protocol TLS exchanges records Records is compressed, encrypted, depending on state of the connection Record types: Handshake Application data (HTTP) Alert Cipher change spec

10 Type: Handshake Stateful connection Handshake used to communicate/agree on various parameters TLS/SSL versions Ciphers Certificates Pre-master secret Master secret Session ID

11 TLS Handshake Proposes 1) version, 2) ciphers, 3) session ID, 4) random number Specifies: 1) version, 2) cipher, 3) random number Server certificate Public key parameters Client certificate (optional) Premaster secret Change cipher suite (encrypted in future Change cipher suite (encrypted in future)

12 TLS Handshake Continued Premaster secret Random number created by client Encrypted with server s public key Master secret Generated from premaster secret Data used to compute the encryption keys/ivs

13 TLS Ciphers Cipher contains set of crypto algorithms necessary to perform following functions: Key exchange algorithm E.g. RSA, Diffie Hellman, ECDH Bulk encryption algorithm Stream(RC4, etc.), Block(3DES, DES, AES, etc.) Data Integrity/Auth. MAC algorithms, HMAC with (MD5, SHA1, SHA256)

14 Type: Application Data

15 More Record Types Change Cipher Spec Protocol Signal transition in cipher strategy Example: plaintext to ciphertext Alert Identify problems with connection Warning vs Fatal (causes connection termination) Examples: Bad certificate, decrypt error, certificate expired/revoked, etc

16 . Example

17 HTTP/HTTPS

18 HTTP/HTTPS Hypertext Transfer Protocol Used for WWW communicate HTML, Javascript, Flash, pictures, etc. Common Requests GET - retrieve some resource Variables can be passed in line POST - retrieve some resource Variables sent as message body Request Headers Cookies, Content type, user-agent, cache control, etc..

19 HTTP Session ID Special Cookie used for authentication JSESSIONID (Java), ASP.NET_SessionID (ASP.,NET) Forms base authentication 1. User sends username/password in request (GET or POST [preferred]) 2. Server authenticates and sets SessionID to some random value 3. Browser includes session ID in all future 4. Server uses Session ID to authenticate all future requests from browser 5. Logoff terminates session id If you can steal a valid session ID, you can hijack the user s sessions

20 HTTP/HTTPS Examples Web Proxy Intercept HTTP/HTTPS between browser and system

21 POODLE Attack POODLE Attack POODLE = Padding Oracle On Downgraded Legacy Encryption SSLv3 Totally broken still generally used for legacy needs (old versions of Windows) Similar to previous TLS/SSL-HTTPS attacks (BEAST/CRIME) Vulnerable? Systems using SSL3 Man-in-time-Middle attacks that can downgrade browsers from TLS to SSLv3 Attacker needs man-in-the middle attack Unencrypted wifi? Ability to run Javascript from some webpage (or inject JS from the MitM attack)

22 POODLE Problem: SSLv3 mishandles CBC (used for block ciphers) block padding not covered by MAC!!! User can influence GET/POST to disclose session id data Mitigations 1. Completely disable SSL 3 2. Set TLS_FALLBACK_SCSV prevents fallback attack

23 Cipher Block Chaining Encryption: C0 = IV Cj = E(K, (Cj-1 Pj)) Decryption: C0 = IV Pj = Cj-1 D(K, Cj-1)

24 Resources the-poodle-attack-and-the-end-of-ssl-3-0/