SSL Protect your users, start with yourself

SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten <philip@kulnet.kuleuven.be>

Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service philip@kulnet.kuleuven.be 2

Introduction Danger zone Countermeasures Eavesdropping Data encryption IP spoofing Authentication Connection hijacking Tampering Data integrity checks http://www.monkey.org/~dugsong/dsniff/ philip@kulnet.kuleuven.be 3

Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service philip@kulnet.kuleuven.be 4

Cryptographic Algorithms Symmetric key encryption Public key encryption Hash functions Message Authentication Codes Digital Signatures philip@kulnet.kuleuven.be 5

Symmetric key encryption Sender (Alice) Shared key abc Encryption algoritm #%! Receiver (Bob) Shared key #%! Decryption algoritm abc philip@kulnet.kuleuven.be 6

Symmetric key encryption Pro's Con's Fast Key must remain secret Key exchange Key length Performance philip@kulnet.kuleuven.be 7

Symmetric key encryption Common algorithms 3DES (112 bits) AES (>128 bits): Rijndael algorithm Developed at K.U.Leuven Encryption standard in USA philip@kulnet.kuleuven.be 8

Symmetric key encryption Commands Encryptie $ openssl enc -aes-128-cbc -e -salt -in text.txt -out encryptedtext.bin Decryptie $ openssl enc -aes-128-cbc -d -salt -in encryptedtext.bin -out text.txt philip@kulnet.kuleuven.be 9

Public key encryption Sender (Alice) Public key Bob abc Encryption algoritm #%! Receiver (Bob) Private key Bob #%! Decryption algoritm abc philip@kulnet.kuleuven.be 10

Public key encryption Pro's Con's Privacy Slow Key distribution Key length Performance philip@kulnet.kuleuven.be 11

Public key encryption Common algorithms RSA (> 1024 bits, 2048 bits recommended) DSA Diffie-Hellman (key exchange) philip@kulnet.kuleuven.be 12

Public key encryption Commands Generate private key $ openssl genrsa -out rsaprivatekey.pem -passout pass:kulsysmn -aes-128-cbc 2048 Generate public key $ openssl rsa -in rsaprivatekey.pem -passin pass:kulsysmn -pubout -out rsapublickey.pem Encrypt $ openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in text.txt -out encryptedtext.txt Decrypt $ openssl rsautl -decrypt -inkey rsaprivatekey.pem -in encryptedtext.txt -out text.txt philip@kulnet.kuleuven.be 13

Hash functions Sender (Alice) abc Hash function Message digest A Receiver (Bob) abc Hash function Message digest A philip@kulnet.kuleuven.be 14

Hash functions Pro's Con's Irreversible No authentication Small size philip@kulnet.kuleuven.be 15

Hash functions Common algorithms MD5 (128 bit) SHA1 (160 bit) RIPEMD-160 Usage Password storage Integrity checks philip@kulnet.kuleuven.be 16

Hash functions Commands Md5 $ openssl dgst -md5 text.txt MD5(text.txt)= ff3a4d858e65920dc67e9ef2977d4b8a sha1 $ openssl dgst -sha1 text.txt SHA1(text.txt)= 1d229271928d3f9e2bb0375bd6ce5db6c6d348d9 philip@kulnet.kuleuven.be 17

Message Authentication Codes Sender (Alice) Shared key abc Hash function MAC A Receiver (Bob) Shared key abc Hash function MAC A philip@kulnet.kuleuven.be 18

Message Authentication Codes Pro's Con's Fast Authentication Key must remain secret Key exchange Key length Performance philip@kulnet.kuleuven.be 19

Digital signatures Sender (Alice) Private key Alice abc Hash function Signature A Receiver (Bob) Public key Alice abc Hash function Signature A philip@kulnet.kuleuven.be 20

Digital signatures Pro's Con's Authentication Very slow First hash, then sign (eg eid) Use MAC with symmetric key when possible philip@kulnet.kuleuven.be 21

Digital signatures Private key Alice abc Hash function Message digest Hash function Signature A 160 bit 600Mb philip@kulnet.kuleuven.be 22

Digital signatures Common algorithms RSA DSA Usage Authentication Integrity checks Software distributions philip@kulnet.kuleuven.be 23

Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service philip@kulnet.kuleuven.be 24

Secure Socket Layer Situation Handshake protocol Trust philip@kulnet.kuleuven.be 25

Situation SSL (Secure Socket Layer) philip@kulnet.kuleuven.be 26

SSL SSL Protocol independent (eg: HTTP, POP3, IMAP, LDAP,...) SSL v3 = TLS v1 (Transport Layer Security) Open protocol (cfr openssl) philip@kulnet.kuleuven.be 27

Handshake protocol 4 phases 1.Establish security capabilities 2.Server Authentication and key exchange 3.Client Authentication and key exchange 4.Finish philip@kulnet.kuleuven.be 28

Establish security capabilities Client Hello Client Server Server Hello Client Hello Server Hello Highest SSL Version Selected SSL Version Supported algorithms Selected algorithms Session ID (resume?) Assigned session ID philip@kulnet.kuleuven.be 29

Server Authentication and key exchange Certificate Client Server Server hello done Certificate Certificate (+ chain) Server hello done Optionally request for client certificate (Mutual authentication) philip@kulnet.kuleuven.be 30

Client Authentication and key exchange Certificate Client Server Certificate verify Certificate Certificate (+ chain) Certificate verify Server certificate verified philip@kulnet.kuleuven.be 31

Finish Client Client Finish Server Finish Symmetric key Encrypted data Server Client Finish Digest of previous commands Server Finish Digest of previous commands Symmetric key Symmetric key, encrypted with public key server philip@kulnet.kuleuven.be 32

Trust It's all about trust... Certificate Authority (CA) Certificate chain Certificate revocation philip@kulnet.kuleuven.be 33

Certificate Authority Certificate Authority CSR CSR sign Client Client hello Server hello Server CSR Trust store philip@kulnet.kuleuven.be 34

Certificate chain Root Certificate Authority A (selfsigned) signs Certificate Authority B signs Certificate Authority C signs Server philip@kulnet.kuleuven.be 35

Certificate chain Example philip@kulnet.kuleuven.be 36

Certificate revocation Private key compromised Two possibilities Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) philip@kulnet.kuleuven.be 37

Certificate Revocation List Certificate Authority CRL Client Server CRL CRL Trust store philip@kulnet.kuleuven.be 38

Certificate Revocation List Pro's Con's Safe Compromised CA Offline Latency Scaling ΔCRL LDAP philip@kulnet.kuleuven.be 39

Certificate Revocation List Certificate Authority LDAP lookup LDAP Client Server Trust store philip@kulnet.kuleuven.be 40

Certificate Revocation List philip@kulnet.kuleuven.be 41

Online Certificate Status Protocol OCSP responder Certificate Authority CA1 CA2 CA3 Client - good - revoked - unknown Server Trust store philip@kulnet.kuleuven.be 42

Online Certificate Status Protocol Pro's Con's Multiple CA DoS Revoke CA Man-in-the-middle Latency Offline philip@kulnet.kuleuven.be 43

Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service philip@kulnet.kuleuven.be 44

Certificate signing service BelNet SCS project Free service for educational institutions (Not commercial!) Signed with Cybertrust Educational CA Root certificate GTE Cybertrust Global root trusted in most browsers Server certificates (no personal certificates) Max 3 years philip@kulnet.kuleuven.be 45

Certificate signing service Formal confirmation approve K.U.Leuven Proxy Cybertrust Educational CA CSR CSR https://certificates.kuleuven.be You philip@kulnet.kuleuven.be 46

https://certificates.kuleuven.be philip@kulnet.kuleuven.be 47

https://certificates.kuleuven.be HOWTO create CSR OpenSSL (un*x or windows) IIS Java keytool Required attributes C, O, CN O= Katholieke Universiteit Leuven philip@kulnet.kuleuven.be 48

https://certificates.kuleuven.be Multiple CN Server with multiple hosts Works in most browsers philip@kulnet.kuleuven.be 49

References http://certificates.kuleuven.be http://certificates.belnet.be http://www.securityfocus.com/infocus/1818 http://nl.wikipedia.org/wiki/advanced_encryption_standard http://eid.belgium.be http://www.openvalidation.org Network security with openssl ISBN 0-596-00270-X philip@kulnet.kuleuven.be 50

Any questions? philip@kulnet.kuleuven.be 51