HW/Lab 3: SSL/TLS. CS 336/536: Computer Network Security DUE 11am on Nov 16 (Monday)

Similar documents
HW/Lab 2: Network Mapping and Attacks. CS 336/536: Computer Network Security DUE at 10/19/2015 (11am)

HW/Lab 1: Security with PGP, and Crypto CS 336/536: Computer Network Security DUE 09/28/2015 (11am)

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Remote Desktop Web Access. Using Remote Desktop Web Access

Network Forensics Network Traffic Analysis

TCP Packet Tracing Part 1

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Wireshark Tutorial INTRODUCTION

Lab 7. Answer. Figure 1

Chapter 17. Transport-Level Security

More on SHA-1 deprecation:

Einführung in SSL mit Wireshark

Implementing Secure Sockets Layer on iseries

Topics in Network Security

Websense Content Gateway HTTPS Configuration

SSL EXPLAINED SSL EXPLAINED

Lab Conducting a Network Capture with Wireshark

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Lab - Using Wireshark to View Network Traffic

Cleaning Encrypted Traffic

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Accessing the Online Meeting Room (Blackboard Collaborate)

, SNMP, Securing the Web: SSL

Introduction to Network Security Lab 1 - Wireshark

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

SSL SSL VPN

MAC Web Based VPN Connectivity Details and Instructions

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

mystanwell.com Installing Citrix Client Software Information and Business Systems

CTERA Agent for Linux

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Wireshark Tutorial. Figure 1: Packet sniffer structure

Modern snoop lab lite version

Overview. SSL Cryptography Overview CHAPTER 1

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Key Management and Distribution

How To Understand And Understand The Security Of A Key Infrastructure

Network Security Essentials Chapter 5

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

How to Disable Browser Support for the SSL 3.0 Protocol

Chapter 7 Transport-Level Security

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Computer Networking LAB 2 HTTP

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60

Microsoft SharePoint 2010 End User Quick Reference Card

Web Security: Encryption & Authentication

Docufide Client Installation Guide for Windows

Displaying SSL Certificate and Key Pair Information

Transport Level Security

WHITE PAPER Citrix Secure Gateway Startup Guide

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

SSL VPN Service. To get started using the NASA IV&V/WVU SSL VPN service, you must verify that you meet all required criteria specified here:

Instructions on TLS/SSL Certificates on Yealink Phones

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

E-Learning User Manual

Eucalyptus User Console Guide

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

Understanding Digital Certificates and Secure Sockets Layer (SSL)

ERserver. iseries. Securing applications with SSL

New York University Computer Science Department Courant Institute of Mathematical Sciences

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

EKT 332/4 COMPUTER NETWORK

Network Security. Network Packet Analysis

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Project X Mass interception of encrypted connections

Transport Layer Security Protocols

Using the FDO Remote Access Portal

1. LAB SNIFFING LAB ID: 10

SSL Certificates 101

Basic Firewall Lab. Lab Objectives. Configuration

Wireshark Lab: Assignment 1w (Optional)

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Junos Pulse VPN Client Installation

HTTP Reverse Proxy Scenarios

CUNY TUMBLEWEED (SECURE TRANSPORT) USER GUIDE

Windows Web Based VPN Connectivity Details & Instructions

Integrated SSL Scanning

Network Management Card Security Implementation

Implementing Secure Sockets Layer (SSL) on i

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS

VCL Access. VCL provides access to Linux and Windows 7 Virtual Machines. Users will only see those images that they are authorized to access.

Kaspersky Security Center Web-Console

What in the heck am I getting myself into! Capitalware's MQ Technical Conference v

SSL Guide. (Secure Socket Layer)

[SMO-SFO-ICO-PE-046-GU-

Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates

CTERA Agent for Mac OS-X

New CICS support for Secure Sockets Layer

SSL DOES NOT MEAN SOL What if you don t have the server keys?

Transcription:

HW/Lab 3: SSL/TLS CS 336/536: Computer Network Security DUE 11am on Nov 16 (Monday) This HW/Lab assignment covers Lectures 8. Please review these thoroughly before starting to work on the assignment. It is a combination of a hands-on lab exercise and conceptual problems. Problem 2 is a lab exercise while Problem 1 is a conceptual problem. You are strongly encouraged to utilize your lab session to accomplish the lab exercise. All soft copy submissions (with answers to the problems) must be turned in via Blackboard Learn. Name your files as Lastname_Firstname_HW3. Please make sure that you have correctly submitted/uploaded the files. You can submit hand-written hard copies, if you wish. However, we would prefer that you submit soft copies. If you choose to submit hard copies in any case, please turn them into my mailbox in the CS office or hand them in before the lectures. Please also make sure that your hand-written solutions and handwriting is legible and easy to understand. You must submit by the deadline 11 am on 11/16/2015. This applies to both soft and hard copy submissions. Late submissions will not be graded. You will be graded based on the correctness of your answer and also on the steps that you took to come to that answer, whenever possible and applicable. Please try to show all your work, when feasible. The assignment needs to be solved individually by every student. No collaboration of any sort is allowed, unless stated otherwise. No plagiarism is allowed. Please check the course policies against misconduct (discussed in Lecture 1). When in doubt, please consult the instructor. Please submit early to avoid any last minute issues. Please do start working on the homework early and do not wait until the deadline.

A. Lab Exercise and Conceptual Problems [Please review Section B, which will be useful in answering these questions] 1. [35pts] Analyze the certificate for https://www.regions.com/ a. [5pts] Who has signed the certificate, i.e., who is the CA? Is the CA trusted by your browser? b. [5pts] What is the certification authority hierarchy for the certificate? c. [5pts] Has the certificate expired? d. [5pts] What is the CRL Distribution Point (the URL from which the CRL can be downloaded) corresponding to this certificate? e. [5pts] What digital signature scheme is used to sign the certificate? f. [5pts] What cryptosystem is used to generate the pubic (private) keys for the subject, regions? g. [5pts] What is the public key that s being certified (just copy-paste it)? 2. [65pts] Do a Wireshark trace for establishing a connection to https://google.com and answer the following questions. Provide a snapshot from your trace to support your answer (highlight specific parts in the snapshot). Also, specify the web browser used and its version, and the TLS version used by the browser in the trace. a. [5pts] What number identifies the SSL Handshake content type? b. [5pts] What number identifies the SSL Application Data content type? c. [5pts] What number identifies the SSL Change Cipher Spec content type? d. [5pts] In your Wireshark trace, what all sets of messages are bundled together into single frames? e. [5pts] What is the cipher suite selected for this session? f. [5pts] What are the first 5 cipher suites suggested by the client machine? g. [5pts] What is ClientRandomValue included in the Client Hello message? h. [5pts] Is it possible for you to learn the pre-master secret from this trace? If yes, provide the pre-master secret. If not, explain your answer. i. [25pts] Establish another (fresh) session with https://google.com, (close the browser and start a new session from the same browser), and identify whether the answers to each of the above questions (a-h) change or not?

B. Lab Description In this lab, we are going to cover two main parts: Certificate Analysis and examining the SSL/TLS handshaking procedure. Certificate analysis can be done using your browser. We will discuss methodologies for doing this in both Firefox and Chrome. In this lab, we will also introduce Wireshark, which is a network activity analysis (and sniffing) tool. In this lab, we are going to use Wireshark to examine the SSL/TLS handshake between a client and server. Certificate Analysis There s a few ways we can analyze a web certificate. Firefox Method Launch Firefox, go to Preferences->Advanced->View Certificates->Add Exception. To get the certificate of the remote server, type in the URL and select Get Certificate. Select View to get a more detailed overview of the certificate s contents.

Certificate General View for https://stackexchange.com Alternatively, you can navigate to the desired website, click the lock icon on the navigation bar, and then View Certificate. Chrome Method To view a certificate on Chrome, you can navigate to the website, select the padlock icon on the navigation bar, and then select Certificate Information. Select Details to see all the certificate information.

Internet Tool Method There are several websites that will allow you to lookup SSL Certs on websites (generally these tools are made available so users can check if their SSL Certificates are properly installed). One such tool can be found here: http://www.digicert.com/help/ SSL/TLS Analysis Now that we have analyzed x509 Certificates, let s take a look at the actual handshake protocol that allows the client and server to negotiate a session key and initiate encrypted/authenticated communication. We will accomplish this by using Wireshark to analyze the messages sent to and received from the server.

Starting Wireshark We can initiate wireshark with the following command: sudo wireshark We need to run it using the sudo command because we will be actively accessing and monitoring network interfaces. To start capturing packets, go to Capture->Interfaces (or Ctrl+I), select eth0, and click start. You should then see the capture interface, and a lot of traffic appearing in the top third of the application. Navigate to a website that uses an SSL connection (e.g.,https://google.com), and after the page loads, stop the capture.

As you can tell, there are a huge number of packets (even in such a short time period). Let s reduce them by typing the following into the Filter section (ssl), which should filter it down to only SSL/TLS packets. Below is a snapshot for a sample Wireshark capture to Amazon. Note, this is the Wireshark Interface for OS X, it will vary somewhat from that of Linux or Windows. Once filtered, you can easily break down the individual packets in the SSL handshake protocol used when connecting to https://google.com (or any other website). Also note that portions of the handshake will be bundled together in the same frame for efficiency. Note: Wireshark s breaks each packet down according to the OSI Network Layer Model, and presents it in a human readable format, the hexadecimal data of the frame, and an ASCII representation of the data. Wireshark s usage will be covered as part of the lab.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information