Can SSL and TOR be intercepted? Secure Socket Layer.

Slides:

Advertisements

Similar presentations

The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.

Advertisements

Cryptography and Network Security

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

More Trick For Defeating SSL

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Chapter 8 Web Security.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

Course 201 – Administration, Content Inspection and SSL VPN

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.

Introduction to Information Security SSL & TLS Story of a protocol Itamar Gilad (infosec15 at modprobe dot net)

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

SSL/TLS after DigiNotar and BEAST

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

Can SSL and TOR be intercepted? Secure Socket Layer.

The Silk Road: An Online Marketplace

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Tor Bruce Maggs relying on materials from

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Tor Bruce Maggs relying on materials from

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v

TECHNOLOGY GUIDE THREE

Practical Censorship Evasion Leveraging Content Delivery Networks

How to Check if a site's connection is secure ?

Man-in-the-Middle Attacks

Exercise ?: TOR.

Good morning ladies and gentlmen

Nessus Vulnerability Scanning

Cryptography and Network Security

Presentation transcript:

Can SSL and TOR be intercepted?

Secure Socket Layer

De-facto standard to encrypt communications Can ensure the identity of the peer

Prerequisite to decrypt a communication: You have to monitor it!

Most of the SSL attacks are MITM-based

Physically in the middle Rogue AP, ISP, etc.

Logically in the middle Take a look at our 2003 BlackHat presentation…

Ok but…can SSL be intercepted?

Three attacks’ categories

Protocol design and math Chain of trust The User

Let’s start with…

Protocol design and math

Weak encryption can be easily cracked Protocol and algorithms are negotiated during the handshake This “attack” can be performed passively

Weak encryption can be easily cracked ~ 70%* of the Internet uses only “strong” encryption What’s “weak” and what’s “easy”? Ask the NSA… * Trustworthy Internet Movement 2014/10/3 on web sites

SSLv2 Downgrade Attack No integrity check on the handshake Weaker encryption algorithms can be forced

SSLv2 Downgrade Attack SSLv2 disabled by default on most systems

SSLv3 is vulnerable as well… POODLE attack recently published (September 2014) Can be used to decrypt HTTPS cookies TLS-to-SSLv3 fallback can be forced

SSLv3 is vulnerable as well… TLS_FALLBACK_SCSV mitigated fallback attack (Chrome, Opera) Browsers are going to dismiss SSLv3 (e.g.: Firefox34, Chrome40) Providers are going to dismiss SSLv3 (Facebook, Google, etc.)

SSL 2.0SSL 3.0TLS 1.0TLS 1.1TLS 1.2 Internet Explorer * Disabled Enabled Chrome 39DisabledEnabled Mozilla Firefox 33DisabledEnabled Opera 25DisabledEnabled Safari 8DisabledEnabled Browser coverage * Microsoft released a patch to disable SSL 3.0 on all versions of Internet Explorer

Protocol versionWebsite Support SSL % SSL % TLS % TLS % TLS % Website coverage

Implementation-specific attacks OpenSSL MITM attack (CVE ) OpenSSL Heartbleed (CVE ) And many others...

Implementation-specific attacks Keep your OpenSSL up to date! 95% of the Internet runs updated OpenSSL versions Google’s Nogotofail tests connections for known bugs and weak configurations

Chain of Trust

If you have the private key you can see the traffic! Very hard to detect This “attack” can be performed passively if no PFS is used Heartbleed attack could be used to get the key from the server

If you have the private key you can see the traffic! Don’t give your private key to anyone ;) Forward Secrecy available on almost 40% of the websites Heartbleed vulnerable sites are now close to 0%

Custom CA on the client device Often used by AVs to inspect traffic

Custom CA on the client device Don’t install untrusted CA certificates

Rogue CA A malicious CA can sign fake certificates CAs’ certificates were stolen in the past (eg: Diginotar 2011) Allows any “active” probe to impersonate any website

Rogue CA Public Key Pinning (Chrome, Firefox) EFF SSL Observatory monitors trusted CAs Google and Facebook actively searched for rogue CAs

Rogue CA In December % of all connections to Facebook were established with forged certificates In 2014 Google found evidence from France and India of certificates signed by rogue CAs (government surveillance?)

Future alternatives to the Chain of Trust Trust Assertion for Certificate Keys DNS-based Authentication of Named Entities

The User

SSL Strip attack Intercept the “redirect to HTTPS” reply HTTP-to-HTTPS Proxy for the whole communication Replace HTTPS with HTTP in any link

SSL Strip attack Pay attention to the “lock” Servers using HSTS can force HTTPS on the clients HTTPS Everywhere plugin doesn’t allow HTTP connections

The Onion Router

De-facto standard to browse and publish content anonymously Less used alternatives are less anonymous (e.g.: I2P)

“Relay Early” Attack Aimed at monitoring clients and publishers of hidden services

“Relay Early” Attack Used malicious Entry Guard and HSDir nodes Sybil attack to gain reputation Traffic Confirmation attack to link the HS and the client IP address

“Relay Early” Attack Malicious nodes joined the network in January 2014 The attack was identified and blocked in July 2014 The author and the real impact are both still unknown

“Relay Early” Attack Presumably described in a BlackHat 2014 speech by Carnegie Mellon University researchers… …that was presumably blocked by some US agency* * any correlation with the takedown of Silk Road 2.0? ;)

“Relay Early” Attack This is just one of the possible attacks that involve controlling at least two nodes in a TOR circuit: Entry Guard & Exit Node Entry Guard & Rendezvous Point

“Relay Early” Attack The protocol has been patched to prevent this specific attack Similar attacks, based on statistical traffic analysis, can be mitigated but not prevented

The Snowden Affair NSA presumably uses several technologies targeting TOR Quantum, FoxAcid, etc.

The Snowden Affair TOR Client Exit Node Entry Guar d Quantum Website TOR Client Malicious Exit Node Entry Guar d Website

The Snowden Affair QuantumCookie injects malicious cookies to track targets’ browsing QuantumInsert inserts malicious code to exploit vulnerabilities inside the TOR browser

Executing arbitrary code allows complete target monitoring

Wanna see it in action? Come to our presentation this afternoon* *it could be not as cool as the NSA one ;)

Intruding personal devices with Remote Control System Ballroom A 13:30