Presented by Teererai Marange. Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CCNA – Network Fundamentals

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

1 Reading Log Files. 2 Segment Format

Security Through Encryption. Different ways to achieve security of communication data Keep things under lock and key – Physical Encryption Through password.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.

Attacking Session Management Juliette Lessing

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

IEEE Wireless Local Area Networks (WLAN’s).

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Serge Borso The Heartbleed Bug Serge Borso

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

What is Heartbleed? Heartbleed is a vulnerability in OpenSSL software. OpenSSL is encryption software that accesses websites through a “secure” connection,

Office of Campus Information Security Incident Response Briefing Jeffrey Savoy, CISSP.

Zakir Durumeric, James Kasten,David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer,

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.

An Internet-Wide View of Internet-Wide Scanning.  Scanning  IPv4  Horizontal scanning – individual ports  Network telescope - darknet What is internet.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Can SSL and TOR be intercepted? Secure Socket Layer.

Chapter 14 Network Encryption

By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

SSH/SSL Attacks not on tests, just for fun. SSH/SSL Should Be Secure Cryptographic operations are secure SSL uses certificates to authenticate servers.

Mobile IP 순천향대학교 전산학과 문종식

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Cryptography CSS 329 Lecture 13:SSL.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware

Chapter 9: Transport Layer

HEARTBLEED: Technical Description and Fixes

Instructor Materials Chapter 9: Transport Layer

Cryptography and Network Security

Wireless Network Security

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Intro to Ethical Hacking

Intro to Ethical Hacking

Lecture 3: Secure Network Architecture

Slides Credit: Sogand Sadrhaghighi

The Heartbleed Bug and Attack

Presentation transcript:

Presented by Teererai Marange

Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable population Patching behavior Impact on certificate ecosystem Exposing attacks Impact of large scale notification

Conclusion Lessons learned Criticisms Questions and answers

Popular implementation of SSL/TLS protocols. Used to facilitate secure connections for web, , VPN and messaging services. Project initiated in code execution vulnerabilities and 6 information leak vulnerabilities discovered so far.

Motivation: Session management in Datagram TLS. Allows either end-point of connection to detect whether its peer is still present. Support indicated during TLS handshake protocol. Following this, either endpoint confirms connectivity sending a heartbeatRequest

Other endpoint confirms presence by sending heartbeatResponse message.

Example

Implementation of hearbeat assumed that the peer sending HeartbeatRequest would be honest about payload length value!!! Suppose I send a payload of length 1 and say that the actual length is 16 bytes. Then the server would return the 1 byte payload plus 15bytes of its own(supposedly private memory). Thus peer could acquire up to bytes of private memory.

Example

Potency of this vulnerability Compromised confidentiality and Access control as anyone could acquire private cryptographic data and private user data. Easy to understand and exploit. Popularity of HTTPS and TLS resulting in more affected services.

Compares payload length field to actual length of payload. Discards heartbeatRequest message if payload length>actual length of payload.

Modified Zmap to perform vulnerability scan Sending heartbeatRequest with length field set to 0 and no payload and no padding. Non-vulnerable servers reject message. Vulnerable servers respond with a message with padding only. Vulnerability scans performed against Alexa top 1million sites 1% samples of public non-reserved ipv4 address space.

At least 44 of Alexa top 100 remained unpatched at disclosure time. 5 Alexa top 100 sites still unpatched 22 hours post disclosure. Broader impact. Codenomicon estimated that 66% of HTTPS enabled sites affected at disclosure time. 45% of Alexa top 1 million supported HTTPS. Of these 24-55% were vulnerable at disclosure time. This value had dropped to 11% 48 hours post discolosure.

Public ipv4 address space(from 48 hours after disclosure) 11.4% supported HTTPS of which 5.9% were vulnerable. 10 ASes accounted for over 50% of vulnerable hosts. Other devices and products 74 distinct sets of devices and software packages.

Other areas of impact Mail servers Tor project Bitcoin clients Android Wireless networks.

10.1% of vulnerable hosts 48 hours post disclosure replaced their certificates in the month following disclosure vs 73% who patched. Of those that replaced their certificate 19% revoked the old one!!! 14% used the same private key!!!! 23% of all HTTPS sites in Alexa top 1million replaced certificates and only 4% revoked the old one between april 9 and april 30.

10.1% of vulnerable hosts 48 hours post disclosure replaced their certificates in the month following disclosure vs 73% who patched. Of those that replaced their certificate 19% revoked the old one!!! 14% used the same private key!!!! 23% of all HTTPS sites in Alexa top 1million replaced certificates and only 4% revoked the old one between april 9 and april 30.

Predisclosure No evidence of attacks prior to disclosure based on observations between January and April Post disclosure

The vast majority of scan attacks originated from the Amazon address space(4267 out of 5948) and were used by popular heartbleed scan services Filipino.io and ssllabs.com Most attacks targeted less than 10 sites(vertical rather than horizontal). Attacks were also centered on dense address spaces for example Amazon.

hosts were randomly split into 2 groups Group A to be notified on April 28, 2014 Group B to be notified on May 7, Each group notification included information on vulnerability, link to recovery guide and list of vulnerable hosts. Regular scans of each group performed every 8 hours in order to track patching behavior.

hosts were randomly split into 2 groups Group A to be notified on April 28, 2014 Group B to be notified on May 7, Each group notification included information on vulnerability, link to recovery guide and list of vulnerable hosts. Regular scans of each group performed every 8 hours in order to track patching behavior.

HTTPS administration: Educating server operators Certification revocation and replacement behavior suggests a superficial understanding of the protocol. Importance of forward secrecy. Need for more scalable certificate revocation protocols. Support for critical open source projects. Heartbeat originally for DTLS. Why was it enabled everywhere in the first place. “Standard implementations could rely on TCP for equivalent session management”. Code review would also have helped.

Vulnerability disclosure: Largely uncoordinated and poorly organized. Many major operating system vendors not notified prior to disclosure. A plan must be put in place for future events of this scale and importance. Notification and patching. Positive effect of notification is clear from this study. Detection of vulnerable systems on a large scale is easier than most researchers think. Research needed to look into protocols that allow machine to machine notification and automated patching accordingly.

Scans of all forms exclude hosts that previously requested removal from their daily HTTPS scans Potential bias in sample?? Ethics. Server is not given notification to not be scanned prior to initial scans. False negatives due to bug in heartbleed scanner. Impact lowered by subsequent scan in May. Estimated between 6.5%-10.5%

Predisclosure affected patching behavior. Data does not tell us about patching sequence. Some server operators disabled the extension before patching. Author appears to assume that all server operators had the goal of patching as soon as possible. What about leaving servers vulnerable for research purposes? What if server operators are weary of bugs in the patch itself?

Small sample size in determining effect of language barrier on patching rate. 75 responses received. 88% of which were in English and other Common languages. Data does not tell us about patching sequence. Some server operators disabled the extension before patching. Author appears to assume that all server operators had the goal of patching as soon as possible. What about leaving servers vulnerable for research purposes? What if server operators are weary of bugs in the patch itself?