Can SSL and TOR be intercepted? Secure Socket Layer.

Slides:

Advertisements

Similar presentations

The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.

Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

SSLstrip Stepan Shykerynets

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

More Trick For Defeating SSL

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

Security Through Encryption. Different ways to achieve security of communication data Keep things under lock and key – Physical Encryption Through password.

Digital Signatures. Anononymity and the Internet.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

The OWASP Foundation Risks of Insecure Communication High likelihood of attack Open wifi, munipical wifi, malicious ISP Easy to exploit.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Online Security Tuesday April 8, 2003 Maxence Crossley.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Chapter 8 Web Security.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

Course 201 – Administration, Content Inspection and SSL VPN

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.

Introduction to Information Security SSL & TLS Story of a protocol Itamar Gilad (infosec15 at modprobe dot net)

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Image from (but I think they stole it from Monsters and Aliens)

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Building Security into Your System Bill Major Gregory Ponto.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Ram Santhanam Application Level Attacks - Session Hijacking & Defences

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Can SSL and TOR be intercepted? Secure Socket Layer.

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Setting and Upload Products

How to Check if a site's connection is secure ?

Good morning ladies and gentlmen

Unit 8 Network Security.

Presentation transcript:

Can SSL and TOR be intercepted?

Secure Socket Layer

De-facto standard to encrypt communications Can ensure the identity of the peer

Prerequisite to decrypt a communication: You have to monitor it!

Most of the SSL attacks are MITM-based

Physically in the middle Rogue AP, ISP, etc.

Logically in the middle Take a look at our 2003 BlackHat presentation…

Ok but…can SSL be intercepted?

Three attacks’ categories

Protocol design and math Chain of trust The User

Let’s start with…

Protocol design and math

Weak encryption can be easily cracked Protocol and algorithms are negotiated during the handshake This “attack” can be performed passively

Weak encryption can be easily cracked ~ 70%* of the Internet uses only “strong” encryption What’s “weak” and what’s “easy”? Ask the NSA… * Trustworthy Internet Movement 2014/10/3 on web sites

SSLv2 Downgrade Attack No integrity check on the handshake Weaker encryption algorithms can be forced

SSLv2 Downgrade Attack SSLv2 disabled by default on most systems

SSLv3 is vulnerable as well… POODLE attack (September 2014) could be used to decrypt HTTPS cookies

SSLv3 is vulnerable as well… Most browsers dismissed SSLv3 Providers are going to dismiss it as well

Protocol versionWebsite Support SSL % SSL % TLS % TLS % TLS % Website coverage

TLS Logjam attack Published on May 2015 Forces TLS connection with weak key

TLS Logjam attack Vendors are patching

Implementation-specific attacks OpenSSL "Heartbleed" (CVE ) Oracle Java JSSE (CVE ) OpenSSL "Freak" (CVE ) And many others...

Implementation-specific attacks Keep your system up to date! Google’s Nogotofail tests connections for known bugs and weak configurations

Chain of Trust

If you have the private key you can see the traffic! Very hard to detect This “attack” can be performed passively if no PFS is used

If you have the private key you can see the traffic! Don’t give your private key to anyone ;) Forward Secrecy available on almost 40% of the websites

Custom CA on the client device Often used by AVs to inspect traffic Sometimes used by vendors to insert Ads

Custom CA on the client device Don’t install untrusted CA certificates Keep your OS/AV up to date

Rogue CA A malicious CA can sign fake certificates CAs’ certificates were stolen in the past (eg: Diginotar 2011) Allows any “active” probe to impersonate any website

Rogue CA Public Key Pinning EFF SSL Observatory monitors trusted CAs Google and Facebook actively search for rogue CAs

Rogue CA In December % of all connections to Facebook were established with forged certificates In 2014 Google found evidence from France and India of certificates signed by rogue Cas In 2015 Google removed all China NIC and EV CAs from their products

Future alternatives to the Chain of Trust Trust Assertion for Certificate Keys DNS-based Authentication of Named Entities

The User

SSL Strip attack Intercept the “redirect to HTTPS” reply HTTP-to-HTTPS Proxy for the whole communication Replace HTTPS with HTTP in any link

SSL Strip attack Pay attention to the “lock” Servers using HSTS can force HTTPS on the clients HTTPS Everywhere plugin doesn’t allow HTTP connections Mozilla pushes for full HTTPS