More Trick For Defeating SSL

Slides:



Advertisements
Similar presentations
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSLstrip Stepan Shykerynets
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
“Defeating SSL” Impact of Hash collisions on cyber security By vaibhav.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
SSL Serguei Mokhov SOEN321, Fall Contents Background SET SSL –origins –protocol.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
DNS and HTTPs ACN Presentation. Domain Names We refer to computers on the Internet (Internet hosts), by names like: sharda.ac.in These are called domain.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Electronic Transaction Security (E-Commerce)
Online Security Tuesday April 8, 2003 Maxence Crossley.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.
By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.
CSCI 6962: Server-side Design and Programming
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.
Introduction to Information Security SSL & TLS Story of a protocol Itamar Gilad (infosec15 at modprobe dot net)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
06 APPLYING CRYPTOGRAPHY
Module 9: Fundamentals of Securing Network Communication.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
SSL(Secure Socket Layer) Guided By:- Presented By:- Richard Sinn Jimmy Mehta
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.
Can SSL and TOR be intercepted? Secure Socket Layer.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
SSH/SSL Attacks not on tests, just for fun. SSH/SSL Should Be Secure Cryptographic operations are secure SSL uses certificates to authenticate servers.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
Can SSL and TOR be intercepted? Secure Socket Layer.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Setting and Upload Products
Information Security message M one-way hash fingerprint f = H(M)
How to Check if a site's connection is secure ?
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Using SSL – Secure Socket Layer
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
Information Security message M one-way hash fingerprint f = H(M)
Presentation transcript:

More Trick For Defeating SSL DEFCON 17 Moxie Marlinspike

Outline 1. Introduction 2. Background Knowledge 3. sslstrip SSL/TLS protocol 3. sslstrip 4. sslsniff A. Basic Constraints vulnerability B. Null-Prefix Attack C. bypassing OCSP 5. Conclusion

Introduction Demonstrate some new tricks for defeating SSL/TLS in places where sslstrip does not reach.

Background Knowledge SSL/TLS Protocol

SSL/TLS Introduction abbreviation for Transport Layer Security and it’s successor Secure Socket Layer Provide communication security over the Internet. Even when the network is being MITM attack.

Network Stack

Handshake Process

Handshake Process

SSLstrip

SSLstrip Introduction[1] demonstration of the HTTPS stripping attacks It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links

How it work Bridge 302 redirect Hyper link www.facebook.com bridge https://www.facebook.com? 302 redirect Hyper link

302 Redirect

Detail – Normal Scenario Server User User type: example.com Browser http://example.com Server reply 302 redirect to https://abc.example.com https://abc.example.com SSL/TLS handshake Serve reply 200 ok

Detail – Normal Scenario

Detail – Attack Scenario http://example.com http://example.com Strip https to http http://abc.example.com Record url Server reply 302 redirect to https://abc.example.com Server reply 302 redirect to http://abc.example.com https://abc.example.com SSL/TLS handshake Application Data url match http://abc.example.com Strip https to http Stripped Application Data User/browser Attacker Server

Result(without strip)

Result(with strip)

What can’t sslstirp do the browser query https://abc.example.com directly. Bookmark User typing Other protocol smtps Ftps Sftp….

SSLsniff - Basic Constraints vulnerability

Certificate Chaining

Certificate Chaining

How we verify Verify that the name of the leaf node is the same as the site you're connecting to. Verify that the leaf certificate has not expired. Check the signature If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat.

What they say Verify that the name of the leaf node is the same as the site you're connecting to. Verify that the leaf certificate has not expired. Check the signature If the signing CA is in our list of trusted root CAs, stop. Otherwise, move one up the chain and repeat.

Something must be wrong, but... All the signatures are valid. Nothing has expired. The chain is in tact. The root CA is embedded in the browser and trusted. But we just created a valid certificate for PayPal, and we're not PayPal?

The missing piece

Back in the day Most CAs didn't explicitly set basicConstraints: CA=False Whether the field was there or not, most SSL implementations didn't bother to check it. Anyone with a valid leaf node certificate could create and sign a leaf node certificate for any other domain. When presented with a complete chain, IE, Outlook, Konqueror, OpenSSL, and others considered it valid...

And then in 2002... Microsoft claimed that it was impossible to exploit. So The Author published the tool that exploits it.

SSLsniff detail User/browser Attacker https://abc.example.com 1. Generate a certificate for the site it is connected to 2. Sign it with any random valid leaf node certificate. 3. Pass that certificate chain to the client. SSL/TLS handshake SSL/TLS handshake Get the Data from server 2. Encrypt it with our private key 3. Send to user Application Data Application Data User/browser Attacker

SSLsniff – Null Prefix Attack Author’s PPT

What's with certificates, anyways? X509 Certificate Version Serial Number Issuer Validity Subject PublicKey Signature Algorithm Signature Issue by some Issuer Identify some subjects Get the public key Issuer Signature

The Big Three Secrecy - Encryption algorithm Authenticity - Digital Signature Integrity - Checksum

SSL Handshake Beginnings

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.