SSL DOES NOT MEAN SOL What if you don t have the server keys?



Similar documents
Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Cornerstones of Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

, ) I Transport Layer Security

TLS/SSL in distributed systems. Eugen Babinciuc

B6: GET /started/with/ HTTP Analysis

Chapter 7 Transport-Level Security

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Computer Networks. Secure Systems

Securing Ship-to-Shore Data Flow

Security vulnerabilities in the Internet and possible solutions

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Einführung in SSL mit Wireshark

Security Policy Revision Date: 23 April 2009

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Transport Layer Security Protocols

VPN Lesson 2: VPN Implementation. Summary

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CS5008: Internet Computing

As enterprises conduct more and more

SSL Handshake Analysis

DMZ Network Visibility with Wireshark June 15, 2010

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Security Protocols/Standards

CSC Network Security

Advantage for Windows Copyright 2012 by The Advantage Software Company, Inc. All rights reserved. Internet Performance

CSC 474 Information Systems Security

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Experian Secure Transport Service

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 5. Data Communication And Internet Technology

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

Overview. SSL Cryptography Overview CHAPTER 1

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

The Secure Sockets Layer (SSL)

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Network Security Part II: Standards

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Key Management (Distribution and Certification) (1)

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Secure Sockets Layer

Communication Systems SSL

Network Security Essentials Chapter 5

Transport Level Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Web Security Considerations

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Chapter 10. Network Security

TLS and SRTP for Skype Connect. Technical Datasheet

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Client Server Registration Protocol

Chapter 17. Transport-Level Security

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

NETASQ MIGRATING FROM V8 TO V9

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

TFTP TRIVIAL FILE TRANSFER PROTOCOL OVERVIEW OF TFTP, A VERY SIMPLE FILE TRANSFER PROTOCOL FOR SIMPLE AND CONSTRAINED DEVICES

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

SSL A discussion of the Secure Socket Layer

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security Fundamentals

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Xerox FreeFlow Digital Publisher Information Assurance Disclosure. Onsite, Cloud and epublishing Configurations

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

PrintFleet Enterprise Security Overview

CTS2134 Introduction to Networking. Module Network Security

Who Moved My Firewall. Clinton Thomson Derivco (PTY) Ltd

GlobalSCAPE DMZ Gateway, v1. User Guide

Lecture 10: Communications Security

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Topics in Network Security

Introduction to Computer Security

Introduction to Computer Security

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Solution of Exercise Sheet 5

Network Forensics Network Traffic Analysis

Mike Canney Principal Network Analyst getpackets.com

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

What we hired the network to do in the

Transcription:

SSL DOES NOT MEAN SOL What if you don t have the server keys? J. Scott Haugdahl Architect, Blue Cross Blue Shield MN Robert Bullen Systems Engineer, Blue Cross Blue Shield MN

Setting Expectations This session is not about.. An introduction to SSL encryption How to set up SSL decryption in Wireshark A detailed walk through of the SSL handshake and all the variants This session is about What you can do when you do not have access to server keys Calculating server command response time from SSL, even in the cloud Using encrypted data to your advantage Identifying application layer behavior based on SSL patterns Walking through real world examples using Wireshark Focus will be on helping you to analyze application performance more so than security breaches, suspicious activity, etc.

A (very) Brief History of Secure Sockets Layer (SSL) Used to encrypt + protect integrity of network data SSL 2.0 was first public release in 1995 SSL 3.0 released in 1996 forming the foundation for Transport Layer Security (TLS) 1.0 (RFC 2246, 1999) TLS 1.0 is not backward compatible with SSL 3.0! Upgraded to TLS 1.1 (RFC 4346, 2006) and TLS 1.2 (RFC 5346, 2008) Supports a wide variety of encryption algorithms RSA and DSA are asymmetric (public key encrypts; private key decrypts) used to exchange and generate key information during the SSL handshake AES and 3DES are symmetric algorithms (one key encrypts and decrypts) used to transfer data (much faster to compute) after the SSL handshake TLS 1.0 or higher is recommended practice Many clients & systems now support TLS 1.2 which addresses some vulnerabilities

What s so Special About the Client Key Exchange? Client Network Server Client generates pre-master secret Client encrypts using public key Client sends secret to server Server decrypts secret with private key Both Client and Server generate the master secret from the pre-master to generate the session key. Therefore, Wireshark needs the server s private key to decrypt the client pre-master secret to order to generate the master secret to generate the session key to decrypt the SSL packet data!

A Tale of Two Connections

What if we don t have the client key exchange*? If your SSL session reused the Session ID Try to find a trace containing the original handshake containing the key exchange and pre-pend it Use Fiddler or similar As a proxy that runs on the client As a proxy on another workstation & point the remote client to it Use client pre-master secret logged by Chrome or Firefox + Wireshark This is cool cuz we don t need the server key to decrypt it When all else fails Use knowledge of TCP & SSL segmentation to watch for inefficiencies SSL payload size (small is probably ok for SSH but not FTP)! Identify unlike flows across firewalls using encrypted data pattern matching Look for other factors that throttle throughput in other sessions *Or the client key exchange uses Diffie-Hellman in which we are toast even if we posses the server key.

Diffie-Hellman Described in a 1976 White Paper by Whitfield Diffie and Martin Hellman Protects against long-term key compromise (i.e. server keys!) Is not SSL specific, can be used for any secret information exchange Client generates a random number, as does server Thus forms a way for the client to encrypt the pre-master (already encrypted with the server s public key) back to the server

Diffie-Hellman

Use Case: Firewall Pattern Matching Perimeter firewalls NAT from private to public IP Terminates TCP but maintain SSL session data Unfortunately, we cannot say the same for proxy servers, load balancers, or anything else that terminates SSL connections Simply grab some binary data (i.e. encrypted) from SSL on one side of the firewall and filter on it to find the other side Once you have a match, you can then filter on the TCP streams and determine the firewall delay and other characteristics Do not use SPANs nor multiple sniffers due to delays and timestamp synchronization Best practice is to use taps above and below the firewall that feed a common sniffer or are combined via a visibility fabric (Apcon, Big Switch, Gigamon, Ixia, VSS, etc.) Also works great for following encrypted VMWare VDI streams (filter on UDP payload) across multiple tiers

Using Wireshark to Find NATed SSL Flows

Use Case: Slow email Migration Migrating user s mailboxes from internal Lotus Notes servers to Microsoft Office 365 in the Cloud Typical mailbox size was 50 GB Throughput varied from 200-500 kbps over a 1 gig Internet pipe 4k users @ 1 hour per user = 166 days! Subsequent web proxy bypass did not help nor did moving to DMZ Graphing the I/O revealed a potential problem area Data Bursts Delay Delay Delay Delay

Use Case: Slow email Migration A pattern emerged when walking through the SSL & checking neighboring flows A second flow (in red below) running was clearly controlling the throughput The throttling was set to approximate three bursts or blocks of data per second Properties could not be changed, i.e. they are controlled by the (MS) cloud server Stop Start Wait... Stop Wait Start

Use Case: Slow email Migration Each data stream was equated to one piece of mail Due to control channel, conversion rate was approximately three emails per second(!) Another potential optimization was to increase the application layer block size to greater than 12k (which we derived from the SSL segment size of 4112 bytes x 3 per turn) Solution was to run multiple severs simultaneously with multiple mailbox migrations per server to the cloud, which is per MS recommendation We were running up to 40 migrations in parallel at the peak All mailboxes were migrated in under 30 days

Wrapping it Up First gain a solid understanding of the general application layer commandresponse characteristics in the unencrypted world (HTTP, SQL, mail, etc.) Pretend that the SSL layer *is* the application layer and apply those characteristics Figure out who is the client and who provides the data Usually the client opens the connection, but not always! Breakdown the TCP segmentation and the SSL segmentation Ensure that the SSL segment size makes sense for the application (SSH vs. HTTPS for instance) Identifying network from back-end response time is easier but must use patterns and neighboring flows for more complex cases

Thank You! Contact us! scott.haugdahl@bluecrossmn.com robert.bullen@bluecrossmn.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information