Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Cryptography and Network Security
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Web Security Network Systems Security
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
CSCI 555 Adv Computer Security
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Cryptography and Network Security
SSL (Secure Socket Layer)
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
Cryptography and Network Security
Presentation transcript:

Web security (Spoofing & TLS & DNS) Ge Zhang

Web surfing yahoo IP of yahoo? Get index.htm from Response from

Web security Does your request go to the “right” server? How do you trust the Internet?

URL spoofing Hyperlinks in malicious s and web pages v.s. What web is referred by this link? Dotless IP address: – –

Have you ever noticed these?

X.509 certificate Based on public key cryptography and digital signatures CA: certification authority

Verification Others can use the CA’s public key to verify the signature

Validating a Certificate Metaphor (1): –CA: Karlstad university –Certificate owner: the students (who get their master degree) –Verifier: employers Metaphor (2): –CA1: Swedish Ministry of Education –CA2: Karlstad University

Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL) Self-signed certificate?

Man-in-the-middle attacks (by malicious intermediaries) Read the content of HTTP traffics –Your password (even hashed?) Modify the content of HTTP traffics –Transfer money from your account to the attacker. …

Brief History of SSL/TLS SSLv2 –Released in 1995 with Netscape 1.1 –Key generation algorithm kept secret –Reverse engineered & broken by Wagner & Goldberg SSLv3 –Fixed and improved, released in 1996 –Public design process TLS: IETF’s version; the current standard

SSL/TLS Overview Establish a session (handshake layer) –Agree on algorithms –Share secrets –Perform authentication Transfer application data (record layer) –Ensure confidentiality and integrity

SSL Architecture Record Protocol: Message encryption/authentication Handshake P.: Identity authentication & key exchange Alert P.: Error notification (cryptographic or otherwise) Change Cipher P.: Activate the pending crypto suite IP TCP SSL Record Protocol HTTP, etc. SSL Alert Protocol SSL Change Cipher Spec. Protocol SSL Handshake Protocol

SSL Handshake Protocol Two parties: client and server Negotiate version of the protocol and the set of cryptographic algorithms to be used –Interoperability between different implementations of the protocol Authenticate client and server (optional) –Use digital certificates to learn each other’s public keys and verify each other’s identity Use public keys to establish a shared secret

Handshake Protocol (1) Client_hello: version, random, session id, cipher suite, compression method Server_hello: version, random, session id, cipher suite, compression method

Handshake Protocol (2) Certificate: X.509 certificate chain Server_key_exchang e: parameters, signature Certificate_request: type, authorities Server_hello_done: null

Handshake Protocol (3) Certificate: X.509 certificate chain Client_key_exchange: parameters, signature Certificate_verify: signature

Handshake Protocol (4) Change_cipher_spec: a single message, which consists of a single byte with value 1. Finished: hash value

SSL Encryption Master secret –Generated by both parties from premaster secret and random values generated by both client and server Key material –Generated from the master secret and shared random values Encryption keys –Extracted from the key material

SSL Record Protocol

Alerts and Closure Alert the other side of exceptions –Unexpected message –Bad record mac –Handshake failure –Illegal parameter –Bad certificate –… 2 levels –Warning –fatal

SSL Overhead 2-10 times slower than a TCP session Where do we lose time –Handshake phase Calculating the key materials –Data Transfer phase Symmetric key encryption

TLS/SSL Applications HTTP -> HTTPS Telnet -> SSH FTP -> SFTP SIP -> SIPS Resources:

Homework Visit a web site with HTTPS Use wireshark to capture the traffics Read the parsed traffics, especially pay attention on the handshake protocol.

The Domain Name System A database implemented by many name servers (NS) –Distributed –Replicated –Hierarchical. com. se. edu. cmu.edu..kau.se cs.kau.se. ftp.cs.kau.se.

Authoritative Servers Authoritative DNS servers –An organization’s DNS servers, providing authoritative information for organization’s servers –Can be maintained by organization or service provider

DNS Query and Response local DNS Server End-user A? A Root DNS Server se DNS Server kau.se DNS Server Cache: A A? A

DNS Vulnerabilities No authentication. –DNS_response.ID == DNS_request.ID ? (16 bit length) –DNS_response.dport == DNS_request.dport? Significance: DNS is widely used in –Web –VoIP – –…

A Simple DNS Attack local DNS Server User’s Laptop A? A attacker_IP Root DNS Server se DNS Server seb.se DNS Server Attacker’s Laptop Easy to observe UDP DNS query sent to well known server on well known port. A First response wins. Second response is silently dropped on the floor.

A cache poisoning Attack local DNS Server User’s Laptop seb.se DNS Server Attacker A? A attacker_IP With different IDs Cached a bad record: A attacker_IP A? A attacker_IP A? with different IDs

A More Complex Attack ns.attacker.com kau Caching Server Remote attacker Query Response A attacker.com NS ns.attacker.com attacker.com NS ns.attacker.com A A Any kau Computer Query =

Question Is SSL/TLS useful to counteract these DNS attacks? Why? Homewrok: –Read RFC 2535 about DNSSec –

Key points URL spoofing: dotless IP address X.509 certificate Certificate chains SSL/TLS –Handshake protocol –Alert protocol –Record protocol –Change cipher spec protocol The overhead caused by SSL/TLS DNS architecture DNS cache poisoning