Systematization of Knowledge Lessons Learned From SSL/TLS Attacks 20.08.2013

Similar documents
Vulnerabilità dei protocolli SSL/TLS

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using BroadSAFE TM Technology 07/18/05

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Public Key Infrastructure (PKI)

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Security Goals Services

Cryptography and Network Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Chap. 1: Introduction

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

544 Computer and Network Security

Chapter 7 Transport-Level Security

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Information System Security

Virtual Private Networks

How To Understand And Understand The Security Of A Key Infrastructure

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Overview. SSL Cryptography Overview CHAPTER 1

TELNET CLIENT 5.0 SSL/TLS SUPPORT

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Cryptography and Network Security Chapter 1

Advance Technique for Online Payment Security in E-Commerce : Double Verification

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

SSL implementieren aber sicher!

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Web Security Considerations

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Transport Layer Security Protocols

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Programming Flaws and How to Fix Them

Last update: February 23, 2004

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Security Protocols/Standards

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

TLS and SRTP for Skype Connect. Technical Datasheet

Authenticity of Public Keys

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Security in the PEPPOL

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Chapter 17. Transport-Level Security

Introduction to Cryptography

Network Security Essentials Chapter 5

SSL/TLS: The Ugly Truth

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

IBX Business Network Platform Information Security Controls Document Classification [Public]

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Lecture 10: Communications Security

Using EMV Cards to Protect E-commerce Transactions

Security + Certification (ITSY 1076) Syllabus

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

DNS security: poisoning, attacks and mitigation

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

Cipher Suite Rollback: A Misuse Pattern for the SSL/TLS Client/Server Authentication Handshake Protocol

Introduction to Computer Security

TLS/SSL in distributed systems. Eugen Babinciuc

Lesson 10: Attacks to the SSL Protocol

CPSC 467b: Cryptography and Computer Security

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

More on SHA-1 deprecation:

Introduction to Network Security Key Management and Distribution

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Implementation Vulnerabilities in SSL/TLS

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

SSL A discussion of the Secure Socket Layer

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

PCI Security Standards Council

SSL: Secure Socket Layer

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

IPv4 Shortage Multiple SSL Certificates on a single IP address

Authentication and Security in IP based Multi Hop Networks

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Server-Assisted Generation of a Strong Secret from a Password

Chapter 10. Network Security

Low-Level TLS Hacking

CSE/EE 461 Lecture 23

Savitribai Phule Pune University

Introduction to Computer Security

Certificates and network security

Three attacks in SSL protocol and their solutions

The Secure Sockets Layer (SSL)

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Transport Level Security

Transcription:

Systematization of Knowledge Lessons Learned From SSL/TLS Attacks 20.08.2013 christopher.meyer@rub.de Source: http://www.digicert.com

Source: http://www.digicert.com

Source: http://www.digicert.com

What if we don't even need the private key? 4

Nearly 20 years of SSL/TLS 5

Nearly 20 years of SSL/TLS Some key data Invented in 1994 6

Nearly 20 years of SSL/TLS Some key data Invented in 1994 Evolutionary development 7

Nearly 20 years of SSL/TLS Some key data Invented in 1994 Evolutionary development 5 official and 1 unpublished revision SSL 2.0, SSL 3.0 TLS 1.0, TLS 1.1, TLS 1.2 SSL 1.0 8

Nearly 20 years of SSL/TLS Some key data Invented in 1994 Evolutionary development 5 official and 1 unpublished revision SSL 2.0, SSL 3.0 TLS 1.0, TLS 1.1, TLS 1.2 SSL 1.0 ~ 39 theoretical and practical attacks so far 9

Timeline 10

Contribution 11

Contribution Collected attacks on SSL/TLS 12

Contribution Collected attacks on SSL/TLS Analyzed all attacks 13

Contribution Collected attacks on SSL/TLS Analyzed all attacks Categorized each attack 14

Contribution Collected attacks on SSL/TLS Analyzed all attacks Categorized each attack Identified the root cause of the vulnerabilities for each attack 15

Contribution Collected attacks on SSL/TLS Analyzed all attacks Categorized each attack Identified the root cause of the vulnerabilities for each attack Concluded Lessons Learned for each attack 16

Contribution Collected attacks on SSL/TLS Analyzed all attacks Categorized each attack Identified the root cause of the vulnerabilities for each attack Concluded Lessons Learned for each attack Created a Guideline for Protocol Designers and Implementers 17

Attack Patterns Abnormalities during the analysis of attacks 18

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS 19

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS Attacks can be grouped into 4 categories 20

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS Attacks can be grouped into 4 categories 1. Attacks on the Handshake Protocol 21

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS Attacks can be grouped into 4 categories 1. Attacks on the Handshake Protocol 2. Attacks on the Record Layer 22

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS Attacks can be grouped into 4 categories 1. Attacks on the Handshake Protocol 2. Attacks on the Record Layer 3. Attacks on the PKI 23

Attack Patterns Abnormalities during the analysis of attacks Attacks focus on specific parts/layers of SSL/TLS Attacks can be grouped into 4 categories 1. Attacks on the Handshake Protocol 2. Attacks on the Record Layer 3. Attacks on the PKI 4. Various other Attacks 24

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase 25

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase A R I S E 26

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase Alter messages or message parts R I S E 27

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase Alter messages or message parts Replay communication or parts of it I S E 28

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase Alter messages or message parts Replay communication or parts of it Interfere messages or message parts S E 29

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase Alter messages or message parts Replay communication or parts of it Interfere messages or message parts Systematically analyze communication E 30

Attacks on the Handshake Protocol Details Main goal: Influence Handshake Phase Alter messages or message parts Replay communication or parts of it Interfere messages or message parts Systematically analyze communication Establish own Cryptographic Primitives 31

Attacks on the Handshake Protocol Details 32

Attacks on the Record Layer Details Main goal: Violate Confidentiality or Integrity 33

Attacks on the Record Layer Details Main goal: Violate Confidentiality or Integrity B A T 34

Attacks on the Record Layer Details Main goal: Violate Confidentiality or Integrity Break Encryption A T 35

Attacks on the Record Layer Details Main goal: Violate Confidentiality or Integrity Break Encryption Analyze Encrypted Traffic T 36

Attacks on the Record Layer Details Main goal: Violate Confidentiality or Integrity Break Encryption Analyze Encrypted Traffic Tamper with MAC 37

Attacks on the Record Layer Details 38

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI 39

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI R I T C H 40

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI Recover or Break Private Keys I T C H 41

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI Recover or Break Private Keys Influence Certificate Revocation Systems T C H 42

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI Recover or Break Private Keys Influence Certificate Revocation Systems Trick Certificate Validation C H 43

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI Recover or Break Private Keys Influence Certificate Revocation Systems Trick Certificate Validation Compute Colliding Certificates H 44

Attacks on the PKI Details Main goal: Influence, Compromise or Trick PKI Recover or Break Private Keys Influence Certificate Revocation Systems Trick Certificate Validation Compute Colliding Certificates Hack or Trick Certification Authorities 45

Attacks on the PKI Details 46

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable 47

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable G A S P 48

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable Guess Random Numbers A S P 49

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable Guess Random Numbers Affect Reliability S P 50

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable Guess Random Numbers Affect Reliability Smuggle Data into Running Connections P 51

Various Other Attacks Details Main goal: Predict, Disturb, Inject, Disable Guess Random Numbers Affect Reliability Smuggle Data into Running Connections Prevent Traffic Encryption (disable SSL/TLS) 52

Various Other Attacks Details 53

Finally... I tried to put the keywords in a meaningful context 54

Finally... I tried to put the keywords in a meaningful context e t a n u t r o f n u u s t u o h it w ly s s e cc 55

Lessons Learned 1/2 what can we conclude? 56

Lessons Learned 1/2 what can we conclude? 1. Theoretical attacks can turn into practice 57

Lessons Learned 1/2 what can we conclude? 1. 2. Theoretical attacks can turn into practice Side channels may appear at different layers in different situations 58

Lessons Learned 1/2 what can we conclude? 1. 2. 3. Theoretical attacks can turn into practice Side channels may appear at different layers in different situations Reliable cryptographic primitives are important 59

Lessons Learned 1/2 what can we conclude? 1. 2. 3. 4. Theoretical attacks can turn into practice Side channels may appear at different layers in different situations Reliable cryptographic primitives are important Processes must leak as little information as possible 60

Lessons Learned 1/2 what can we conclude? 1. 2. 3. 4. 5. Theoretical attacks can turn into practice Side channels may appear at different layers in different situations Reliable cryptographic primitives are important Processes must leak as little information as possible Specifications have to be implemented without own improvements 61

Lessons Learned 1/2 what can we conclude? 1. 2. 3. 4. 5. 6. Theoretical attacks can turn into practice Side channels may appear at different layers in different situations Reliable cryptographic primitives are important Processes must leak as little information as possible Specifications have to be implemented without own improvements Critical parts in specifications and source code have to be highlighted 62

Lessons Learned 2/2 what can we conclude? 7. Specifications have to verbose, unambiguous and technically detailed 63

Lessons Learned 2/2 what can we conclude? 7. 8. Specifications have to verbose, unambiguous and technically detailed Details on requirements and preconditions are necessary 64

Lessons Learned 2/2 what can we conclude? 7. 8. 9. Specifications have to verbose, unambiguous and technically detailed Details on requirements and preconditions are necessary Data has to be protected 65

Lessons Learned 2/2 what can we conclude? 7. 8. 9. 10. Specifications have to verbose, unambiguous and technically detailed Details on requirements and preconditions are necessary Data has to be protected The interplay between different layers must be part of the security analysis 66

Lessons Learned 2/2 what can we conclude? 7. 8. 9. 10. 11. Specifications have to verbose, unambiguous and technically detailed Details on requirements and preconditions are necessary Data has to be protected The interplay between different layers must be part of the security analysis Flexibility mostly means additional risks 67

Lessons Learned 2/2 what can we conclude? 7. 8. 9. 10. 11. 12. Specifications have to verbose, unambiguous and technically detailed Details on requirements and preconditions are necessary Data has to be protected The interplay between different layers must be part of the security analysis Flexibility mostly means additional risks Always be careful and alarmed 68

Source: https://www.trustworthyinternet.org/ssl-pulse/ Chris Meyer christopher.meyer@rub.de http://armoredbarista.blogspot.com http://www.nds.rub.de/chair/people/cmeyer @armoredbarista 69

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information