hackmanit tls security training · 2020-03-06 · dh key exchange rsa signature. 5 certificate...
TRANSCRIPT
![Page 1: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/1.jpg)
1
TLS Security Training
Prof. Dr. Juraj Somorovsky | @jurajsomorovsky
![Page 2: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/2.jpg)
2
Overview of the Training
1. Crypto Basics
2. Transport Layer Security
3. Certificates
4. Attacks on PKI
5. Attacks on TLS
6. TLS Evaluation Tools
7. TLS Implementations
8. Outlook
![Page 3: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/3.jpg)
3
How to Distribute Symmetric Keys?
• Public-key (asymmetric-key) crypto
• Algorithms: RSA
Public key: pub
Private key: priv
Server Public
key: pub
Symmetric key: k
C = Enc (pub, k)
K = Decrypt (priv, C)
![Page 4: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/4.jpg)
4
TLS Cipher Suite
• Collection of crypto algorithms used in a TLS session
TLS_RSA_WITH_AES_128_CBC_SHA
SSL / TLS
RSA key exchange in TLS handshake
AES-128 in CBC mode for data encryption
HMAC-SHA for data authentication
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DH key exchange RSA Signature
![Page 5: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/5.jpg)
5
Certificate Chains
• Root CAs issue intermediate certs
• Intermediate CAs issue certificates for subscribers
CA: Yes
Path length: unlimited
ROOT Cert
CA: Yes
Path length: 0
Intermediate
CA: No
Web Cert
issuesissues
![Page 6: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/6.jpg)
6
6
TLS HistorySecure Sockets Layer (SSL), SSLv2
SSLv3
Trasnsport Layer Security
TLS 1.1
TLS 1.2
TLS 1.3
Wagner, Schneier: Analysis of SSLv3
Bleichenbacher’s attack
Padding oracle attack
BEAST, CRIME, BREACH, Lucky 13
1995
2000
2005
2010
2015
![Page 7: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/7.jpg)
7
TLS Server as an Oracle
• Attacker can query the server
• The server decrypts and responds with valid/invalid
• Possible side channels:– Direct messages
– Timing
C
C1’
valid/invalid
M = Dec(C)
SSL Server
C2’
valid/invalid
…
(repeated several times)
![Page 8: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/8.jpg)
8
CRIME: Compression
• TLS offers compression
• Deflate compression (used in ZIP, GZIP…)
• Compression:
• More redundancy -> more compression
• Less redundancy -> less (no) compression
compression is complex
compression is easy
compression is (-15,4)lex
compression is easy
![Page 9: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/9.jpg)
9
CRIME: Scenario
• Assumption: Streaming-based cipher
GET /SID=4 HTTP/1.1
Cookie: SID=48024820404804
Javascript:
Send(example.com/SID=4)
Length = 51
![Page 10: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/10.jpg)
12
Heartbleed
• Discovered in April 2014
• Riku, Antti and Matti(Codenomicon) and Mehta (Google Security)
• Buffer Overread
• Improper validation of a Heartbeat request
12
Source:
https://xkcd.com/1354/
![Page 11: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/11.jpg)
13
mbed TLS
• Formerly known as PolarSSL
• https://tls.mbed.org/
• Especially for hardware devices
• Running:
– Compile the library
– Dummy test server located in:
mbedtls-2.0.0/programs/ssl/ssl_server2
– Run with the following parameters:
ssl_server2 server_port=54001 key_file=[rsakey.pem] crt_file=[rsacert.pem]
![Page 12: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/12.jpg)
14
Complex Cipher Suite Configuration
• Only SHA1 cipher suites:
• openssl ciphers ‘SHA’
• No SHA1 cipher suites:
• openssl ciphers ‘!SHA’
• ECDH and DH cipher suites, no RSA:
• openssl ciphers ‘ECDH:DH:!RSA’
• “Whitebox” configuration example:
– openssl ciphers ‘ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256‘
![Page 13: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/13.jpg)
15
Apache httpd Installation
• Better do not compile yourself … but you can try it
• Ubuntu 14.04:$ sudo apt-get install apache2
$ apache2 –version
Server version: Apache/2.4.7 (Ubuntu)
Server built: Oct 14 2015 14:20:21
• Install mod_ssl$ sudo a2enmod ssl
![Page 14: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/14.jpg)
16
Apache httpd: Client Authentication
• Given we want to protect “/secure” directory
• Access given only to specific certificates from the company Hackmanit
SSLVerifyClient none
SSLVerifyDepth 10
<Location "/secure">
SSLVerifyClient require
SSLVerifyDepth 10
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq „hackmanit"
</Location>
![Page 15: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/15.jpg)
17
TLS 1.3
TLS-(EC)DHE (TLS 1.3)
TLS
Client
TLS
Server
ClientKeyShare
ServerHello
ServerKeyShare
CertificateVerify
ClientHello
(Client-) Finished
(Server-) Finished
Certificate
EC (DH) public key
EC (DH) public key
RSA Signature over all previous messages
![Page 16: Hackmanit TLS Security Training · 2020-03-06 · DH key exchange RSA Signature. 5 Certificate Chains •Root CAs issue intermediate certs •Intermediate CAs issue certificates for](https://reader034.vdocuments.mx/reader034/viewer/2022050310/5f72627d8ac4f323bb6fecb0/html5/thumbnails/16.jpg)
18
Prof. Dr. Juraj Somorovsky: [email protected] | @hackmanit
SECURITY EXPERTISE | PENETRATION TESTS SECURITY TRAININGS