, ) I Transport Layer Security



Similar documents
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Communication Security for Applications

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Transport Level Security

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Chapter 7 Transport-Level Security

Network Security Essentials Chapter 5

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

CSC Network Security

CSC 474 Information Systems Security

Secure Sockets Layer

Lab 7. Answer. Figure 1

Communication Systems SSL

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Web Security Considerations

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

As enterprises conduct more and more

Web Security. Mahalingam Ramkumar

Security Protocols/Standards

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

The Secure Sockets Layer (SSL)

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

SSL Secure Socket Layer

Chapter 10. Network Security

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Network Security Part II: Standards

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

SSL Protect your users, start with yourself

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Einführung in SSL mit Wireshark

SSL Secure Socket Layer

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

SSL A discussion of the Secure Socket Layer

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Secure Socket Layer. Security Threat Classifications

Information Security

Netzwerksicherheit Übung 6 SSL/TLS, OpenSSL

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Lecture 9: Application of Cryptography

Key Management (Distribution and Certification) (1)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Transport Layer Security Protocols

SSL Handshake Analysis

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CS 758: Cryptography / Network Security

SECURE SOCKETS LAYER (SSL)

Security. Learning Objectives. This module will help you...

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Chapter 8. Network Security

EXAM questions for the course TTM Information Security May Part 1

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

How To Encrypt Data With Encryption

Chapter 17. Transport-Level Security

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS by Nikos Mavroyanopoulos

SSL DOES NOT MEAN SOL What if you don t have the server keys?

Bit Chat: A Peer-to-Peer Instant Messenger

CS 772. Network Security: Concepts, Protocols and Programming Fall 2008 Final Exam Time 2 & 1/2 hours Open Book & Notes.

Security Policy Revision Date: 23 April 2009

Overview. SSL Cryptography Overview CHAPTER 1

T Cryptography and Data Security

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Configuring SSL Termination

SECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Factory Application Certificates and Keys Products: SB700EX, SB70LC

Is Your SSL Website and Mobile App Really Secure?

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Lecture 9 - Network Security TDTS (ht1)

Some solutions commonly used in order to guarantee a certain level of safety and security are:

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

An Introduction to Cryptography as Applied to the Smart Grid

SSL/TLS: The Ugly Truth

Lecture 7: Transport Level Security SSL/TLS. Course Admin

[SMO-SFO-ICO-PE-046-GU-

Three attacks in SSL protocol and their solutions

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Table of Contents. Bibliografische Informationen digitalisiert durch

CSE/EE 461 Lecture 23

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

SSL: Secure Socket Layer

SBClient SSL. Ehab AbuShmais

HTTPS is Fast and Hassle-free with CloudFlare

Computer Networks. Secure Systems

Transcription:

Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213

UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent of packet boundaries " Multiple SSL records can be sent per packet " SSL records can span packets UNCLASSIFIED

UNCLASSIFIED Public Key Algorithms -+-; Key Exchange used to derive session keys for encryption: RSA Diffie-Hellman (DH I EDH I ADH) Elliptic Curve Diffie-Hellman (ECDH I ECDHE) Pre-Shared Key (PSK) Secure Remote Password (SRP) Fortezza Kerberos ~ Authentication mechanisms RSA DSA None (Anonymous) UNCLASSIFIED

UNCLASSIFIED Symmetric Key Algorithms +~ Work horse of algorithms ~ Can offer near perfect secrecy ~ Block - encrypt data block RC2-128 bit key DES - 56 bit key or Triple DES IDEA- 128 bit key, PGP AES - 128 or 256 bit key SEED - 128 bit key CAMELLIA- 128 or 256 bit key ~ Stream - encrypt byte by byte RC4-128 bit key UNCLASSIFIED

SECRET//COMINT//20320108 Client Hello - Version I + 3(fLS SSL 3/TLS handshake. Version Message length Client hello message Length Version Client Hello Random Session ID length Session ID Cipher suite length Cipher suites Compression length Compression methods <1 byte> <2 bytes> <2 bytes> <1 byte = <3 bytes> <2 bytes <32 bytes> 81> <1 byte - usually 8x28 or 8> If present, resumed session <2 bytes> <Set of 2 byte cipher suites> <1 byte> SECRET//COMINT//20320108

SECRET//COMINT//20320108 Server Hello- Version ' + 3/TLS SSL 3/TLS message Version Length Server hello message Length Version Server hello random <1 byte - <2 bytes> <2 bytes> <1 byte - <3 bytes> <2 bytes> <32 bytes> 8x16> 8x82> Session ID length Session ID Cipher selected Compression <1 byte - usually 8x28> <2 byte cipher suite> <1 byte> SECRET//COMINT//20320108

SECRETIICOMINTII20320108 Sample Parsed Certificate + Certificate: Data: Version: 1 (OxO) Serial Number: f4: bf: 15:eb:73:ef:e2: 16 Signature Algorithm: sha1 WithRSAEncryption Issuer: C=CA, ST=server-ca-state, L=server-ca-city, O=server-ca-company, OU =server-ca-section, CN=server-ca-name/emailAddress=server-ca@server.ca.com Validity Not Before: Apr 24 21:07:13 2008 GMT Not After: May 24 21:07:13 2008 GMT Subject: C=SE, ST=server-state, L=server-city, O=server-company, OU=server-section, CN=servername/emailAddress=server@server.com SECRET I IC OMINT I 120320108

SECRETIICOMINTII20320108 ' Certificate (con't) Subj, ct Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): OO:ad:e3:64:3f:45:75:44:be:b8:5f:ab:74:35:e0:12:ef:2f:41:23:ca:10:96:2e:e3:1a:48:da:c4:ef: 8d:ca:67:d9:11:8a:9f:45:6c:f2:7c:e9:cb:fd:51:9b:Sd:Ob:02:1b:9d:fa:9c:28:ae:8c:ef:43:eb:cc: 7e:50:27:52:2d:af:28:7c:89:c5:37:43:01:f8:e5:98:03:9d:fe:dc:d2:ba:74:84:86:be:6f:f6:93:c6: 5a:15:36:85:11:9e:24:f1:cO:c7:e8:05:d1:91:86:7f:Od:58:be:f8:80:8b:1a:fO:Ob:f5:0d:28:10:1e: b1:fe:9f:61:9b:27: 15:06:b7 Exponent: 65537(0x10001) Signature Algorithm: sha1 WithRSAEncryption 05:5e:a6:5a:eb:9c:ab:f6:2e:67:b2:7e:91:45:40:47:56:3d:76:5b:9a:d2:82:63:16:9a:d1:5a:4d:a0: 87:ed:2e:98:2a1a:4e:d9:04:bb:bO:b6:28:f6:a3:0b:f9:74:6f:c2:e1:dd:98:08:63:ff:2d:53:c5:b7:7c: a8:c7:66:ea:6a:1a:cc:f9:4b:52:b1:bd:60:5e:d7:8c:aa:82:01:09:ef:15:d9:3a:98:45:0d:f1:9a:2c:be: 07:db:72:4c:b9:a2:90:c1:d1:06:fd:81:76:19:c5:4d:bf:30:df:81:c5:22:6b:Se:09:3f:9e:bc:b8:67:d5: 12:bb:24:da:7d SECRET I IC OMINT I 120320108

Server Info CA priv (hash)

Hash function Decipher with public key

SECRETIICOMINTII20320108, Master Secret ~ Master secret is same across a session/resumed session. i ~ Used for generating encryption keys, MAC secrets and IV s. ~ Formed differently for SSL and TLS, but both use a combination of: SHAl MDS Client Random Server Random Pre-Master Secret Fixed Constant ( eg, "A" "client write key") SECRET I IC OMINT I 120320108

SECRET//COMINT//REL TO USA, FVEY//20320108 Session Keys "*ro~ the Key Block, pull out the keys as follows: Client Write MAC Secret Server Write MAC Secret Client Write Key Server Write Key Client Write IV Server Write IV (Hash size bytes) (Hash size bytes) (Key Material Length) (Key Material Length) (IV Size) (IV Size) Example: 3DES_EDE_CBC_SHA 2 x 24 byte keys, 2 x 20 byte MAC secrets,2 x 8 byte IVs = 104 bytes of key SECRET//COMINT//REL TO USA, FVEY//20320108

TOP SECRET//COMINT//REL TO USA, FVEY. SSL Exploitation + ~ Not impossible! ' ~ RSA key exchange ''easy'' to do because of fixed key. ~ EDH key exchange not exploitable by the "easy" way. TOP SECRET//COMINT//REL TO USA, FVEY

UN CLASSIFIED RSA Keys (Stating the + Obvious) If the Key Exchange type is RSA: ~ If we can get a hold of the server's RSA private key, we can decrypt the Client Key Exchange message and read the premaster secret key. No other heavy work need be done. ~ Valid for life of certificate UN CLASSIFIED

TOP SECRET//COMINT//REL TO USA, FVEY RSA Exploitation Steps +~ Is it the key exchange RSA? (server hello) ~If so, is the modulus match a known private key? (server certificate) ~ If so, is there 2 -sided collect? ~If so, do we have: ~ Client Hello ~ Server Hello ~ Client Key Exchange DECRYPTION! TOP SECRET//COMINT//REL TO USA, FVEY

CONFIDENTIAL//COMINT Problems in + p_rocess1ng ' ~ Literally millions of sessions per day ~ Need to have good filtering and selection ~ Need both sides of conversation ~ USSID 18 issues CONFIDENTIAL//COMINT

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information