null Bangalore Chapter - April 2013 Meet

1. BASICS OF
SSL

2. AGENDA
• SSL Evolution
• SSL Handshakes
• Man in the Middle: Proxy Tools, SSLStrip
• Recent Attacks on SSL
• Security guidelines while configuring SSL

3. SSL EVOLUTION
• SSL 1.0 : Developed by Netscape. Never publicly released
• SSL 2.0 : Released by Netscape in 1995. Contained lot of security flaws.
• SSL 3.0 : Released by Netscape in 1996. Complete redesign of the protocol.
Newer versions of SSL/TLS are based on SSL 3.0.
• TLS 1.0 : RFC 2246 published by IETF in 1999. Nearly same as SSL 3.0
• TLS 1.1 : RFC 4346 published by IETF in 2006. Protection against CBC
attacks (BEAST attack) added.
• TLS 1.2 : RFC 5246 published by IETF in 2008. Adds Elliptic Curve
CipherSuites to TLS. Removed DES, RC2 and IDEA CipherSuites.
SHA-256 hashing used.

4. • TLS_RSA_WITH_RC4_128_MD5
• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
SSL HANDSHAKES – CIPHERSUITES

5. SSL HANDSHAKES – RECORD LAYER HEADER

6. SSL RECORD LAYER
Figure from William Stalling‟s article on “SSL: Foundation for Web Security” (http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html)

7. SSL HANDSHAKES

8. SSL HANDSHAKES IN WIRESHARK

9. SSL HANDSHAKES – CLIENT HELLO

10. SSL HANDSHAKES – CLIENT HELLO

11. SSL HANDSHAKES - SERVER HELLO

12. SSL HANDSHAKES – SERVER HELLO

13. SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE

14. SSL HANDSHAKES – CERTIFICATE, SERVER HELLO DONE

15. SSL HANDSHAKES - CLIENT KEY EXCHANGE

16. SSL HANDSHAKES – CLIENT KEY EXCHANGE

17. SSL HANDSHAKES – KEY GENERATION

18. SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED

19. SSL HANDSHAKES – CHANGE CIPHER SPEC, FINISHED

20. SSL APPLICATION DATA

21. SSL APPLICATION DATA

22. MAN IN THE MIDDLE – PROXY TOOL

23. MAN IN THE MIDDLE – PROXY TOOL

25. MAN IN THE MIDDLE - WEBSCARAB, ZAP, BURP, CHARLES

26. MAN IN THE MIDDLE – SSLSTRIP (BEFORE)

27. MAN IN THE MIDDLE – SSLSTRIP

28. MAN IN THE MIDDLE – SSLSTRIP (AFTER)

30. MAN IN THE MIDDLE – SSLSTRIP (AFTER)

31. MAN IN THE MIDDLE - SSLSTRIP

32. • Header could be set in the response as below:
response.setHeader("Strict-Transport-Security", "max-age=31536000;
includeSubdomains");
=> Tells that the domain and its subdomains should always be on
HTTPS till a period of 12 months (31536000 seconds)
• The browser caches this information, and always connects to the
domain/subdomain on HTTPS
• Counter of 12 months is reset every time the browser gets a page with this
header from the domain.
• Setting this header also throws an error if SSL certificate is untrusted or
erroneous, instead of showing a warning that user can override. This adds to
the security and prevents hacker from intercepting the SSL requests and
seeing the SSL packets in clear using the proxy tools like WebScarab.
MAN IN THE MIDDLE – SOLUTION – HSTS (HTTP STRICT
TRANSPORT SECURITY)

33. • BEAST ATTACK
• LUCKY 13 ATTACK
• CRIME ATTACK
• RC4 ATTACK
RECENT ATTACKS ON SSL

34. • Configure all three protocols: TLS 1.0, 1.1 & 1.2
• Choose a strong and secure CipherSuite
• Certificate to be signed by Trusted CA like Verisign.
• Don‟t configure wild card certificates
• Ensure session cookies have “secure=true” flag set, so that it is
transmitted only over SSL.
• Ensure HSTS header is set for the domain and subdomains.
• Run the server through https://www.ssllabs.com/ssltest/ and fix
any issues identified.
SECURITY GUIDELINES WHILE CONFIGURING SSL ON
SERVERS

35. SECURITY CONSIDERATION WHILE CONFIGURING SSL ON
SERVERS

36. SECURITY CONSIDERATION WHILE CONFIGURING SSL ON
SERVERS

37. THANK YOU
SACHIN (sachinraj.shetty@gmail.com)

38. SSL EVOLUTION
Figure from Wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security)

39. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

40. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
• Same key used for encryption and Decryption
• Algorithms are Fast, but Sharing the key is a challenge.
• Stream Cipher : RC4_128
• Block Ciphers : AES_128_CBC, AES_256_CBC,
3DES_EDE_CBC

41. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
Cipher Block Chaining (CBC) Mode
Figure from Wikipedia (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)

42. Public Key Encryption
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

43. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Public Key Encryption
• 2 separate keys used: Public key and Private key
• Sender uses Public key (of the receiver) for Encrypting the
message.
• Receiver uses his Private key for Decrypting the message.
• X509 Certificates are carrier of public key, which is shared.
• Private key is kept secret and is never shared.
• Algorithms are slower compared to symmetric.
• Algorithms: RSA, Diffie–Hellman, Elliptic curve

44. Digital Signature
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

45. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Digital Signature
• Sender generates Hash of the message and then encrypts the
Hash with his Private Key, which is the Digital Signature
• Signature is appended to the message and sent to the Receiver.
• Receiver reads the Signature and decrypts it with Public Key (of
the Sender) to obtain the hash.
• Receiver generates the hash of the message and compares the
generated hash with that of hash obtained by decrypting
Signature.
• Signature Algorithms: Sha1withRSA, MD5withRSA

46. X509 Certificate
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

47. X509 Certificate Entries
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

48. X509 Certificate Extensions
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

49. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Obtaining CA Signed Certificate
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)

50. Certificate Chaining
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)

51. SSL HANDSHAKES – PRF (PSEUDO RANDOM FUNCTION)

52. SSL HANDSHAKES – PFS (PERFECT FORWARD SECRECY)

53. • Prime Numbers shared between Alice and Bob – p, g
• Secret number chosen by Alice - a
• Secret number chosen by Bob – b
• Shared Secret - s
SSL HANDSHAKES – PFS – DIFFIE-HELLMAN KEY EXCHANGE
Figure from Wikipedia (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)

54. SSL HANDSHAKES – 2 WAY SSL

55. SSL HANDSHAKES – SSL RESUMPTION

56. SSL HANDSHAKES – SSL RESUMPTION

57. SSL HANDSHAKES – SSL RENEGOTIATION

58. • Developed by Moxie Marlinspike
• SSLStrip capable of logging packets in clear from SSL enabled sites
including login credentials passed to the site.
• Running SSLStrip (available in BackTrack):
-> sslstrip -l 10000
-> tail –f sslstrip.log
=> Configure browser of any system to redirect the packets
through BackTrack (port 10000). Alternatively you could try
arpspoof command to convince a host that our MAC
address is the router‟s MAC address.
• Details in http://www.thoughtcrime.org/software/sslstrip/.
MAN IN THE MIDDLE – SSLSTRIP

59. • Developed by Moxie Marlinspike
• Originally written to demonstrate IE„s vulnerability to
"basicConstraints" extn - Microsoft fixed this vulnerability.
• Currently can be used as a proxy tool to see SSL traffic in
clear. The tool generates certs for the domain being
accessed on the fly.
• SSLSniff also to demonstrate Null-Prefix attacks and OCSP
attacks.
• Supports modes for hijacking auto-updates from Mozilla
products, as well as for Firefox/Thunderbird addons.
• More Info: http://www.thoughtcrime.org/software/sslsniff
MAN IN THE MIDDLE - SSLSNIFF