Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Published byAva Silverthorn Modified over 9 years ago

Similar presentations

Presentation on theme: "Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4."— Presentation transcript:

1 Web security (Spoofing & TLS & DNS) Ge Zhang

2 Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4

3 Web security Does your request go to the “right” server? How do you trust the Internet?

4 URL spoofing Hyperlinks in malicious emails and web pages www.paypa1.com v.s. www.paypal.comwww.paypa1.comwww.paypal.com What web is referred by this link? http://www.kau.se@0x82EE0716/index.php http://www.kau.se@0x82EE0716/index.php Dotless IP address: –http://130.238.7.22http://130.238.7.22 –http://0x82EE0716/http://0x82EE0716/ –http://www.kau.se@0x82EE0716/http://www.kau.se@0x82EE0716/ –http://www.kau.se@0x82EE0716/index.phphttp://www.kau.se@0x82EE0716/index.php

5 Have you ever noticed these?

6 X.509 certificate Based on public key cryptography and digital signatures CA: certification authority

7 Verification Others can use the CA’s public key to verify the signature

8 Validating a Certificate Metaphor (1): –CA: Karlstad university –Certificate owner: the students (who get their master degree) –Verifier: employers Metaphor (2): –CA1: Swedish Ministry of Education –CA2: Karlstad University

9 Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL) Self-signed certificate?

10 Man-in-the-middle attacks (by malicious intermediaries) Read the content of HTTP traffics –Your password (even hashed?) Modify the content of HTTP traffics –Transfer money from your account to the attacker. …

11 Brief History of SSL/TLS SSLv2 –Released in 1995 with Netscape 1.1 –Key generation algorithm kept secret –Reverse engineered & broken by Wagner & Goldberg SSLv3 –Fixed and improved, released in 1996 –Public design process TLS: IETF’s version; the current standard

12 SSL/TLS Overview Establish a session (handshake layer) –Agree on algorithms –Share secrets –Perform authentication Transfer application data (record layer) –Ensure confidentiality and integrity

13 SSL Architecture Record Protocol: Message encryption/authentication Handshake P.: Identity authentication & key exchange Alert P.: Error notification (cryptographic or otherwise) Change Cipher P.: Activate the pending crypto suite IP TCP SSL Record Protocol HTTP, etc. SSL Alert Protocol SSL Change Cipher Spec. Protocol SSL Handshake Protocol

14 SSL Handshake Protocol Two parties: client and server Negotiate version of the protocol and the set of cryptographic algorithms to be used –Interoperability between different implementations of the protocol Authenticate client and server (optional) –Use digital certificates to learn each other’s public keys and verify each other’s identity Use public keys to establish a shared secret

15 Handshake Protocol (1) Client_hello: version, random, session id, cipher suite, compression method Server_hello: version, random, session id, cipher suite, compression method

16 Handshake Protocol (2) Certificate: X.509 certificate chain Server_key_exchang e: parameters, signature Certificate_request: type, authorities Server_hello_done: null

17 Handshake Protocol (3) Certificate: X.509 certificate chain Client_key_exchange: parameters, signature Certificate_verify: signature

18 Handshake Protocol (4) Change_cipher_spec: a single message, which consists of a single byte with value 1. Finished: hash value

19 SSL Encryption Master secret –Generated by both parties from premaster secret and random values generated by both client and server Key material –Generated from the master secret and shared random values Encryption keys –Extracted from the key material

20 SSL Record Protocol

21 Alerts and Closure Alert the other side of exceptions –Unexpected message –Bad record mac –Handshake failure –Illegal parameter –Bad certificate –… 2 levels –Warning –fatal

22 SSL Overhead 2-10 times slower than a TCP session Where do we lose time –Handshake phase Calculating the key materials –Data Transfer phase Symmetric key encryption

23 TLS/SSL Applications HTTP -> HTTPS Telnet -> SSH FTP -> SFTP SIP -> SIPS Resources: http://www.openssl.org/related/apps.html

24 Homework Visit a web site with HTTPS Use wireshark to capture the traffics Read the parsed traffics, especially pay attention on the handshake protocol.

25 The Domain Name System A database implemented by many name servers (NS) –Distributed –Replicated –Hierarchical. com. se. edu. cmu.edu..kau.se cs.kau.se. ftp.cs.kau.se.www.cs.kau.se.

26 Authoritative Servers Authoritative DNS servers –An organization’s DNS servers, providing authoritative information for organization’s servers –Can be maintained by organization or service provider

27 DNS Query and Response local DNS Server End-user www.kau.se A? www.kau.se A 193.10.226.10 Root DNS Server se DNS Server kau.se DNS Server Cache: www.kau.se A 193.10.226.10 www.kau.se A? www.kau.se A 193.10.226.10

28 DNS Vulnerabilities No authentication. –DNS_response.ID == DNS_request.ID ? (16 bit length) –DNS_response.dport == DNS_request.dport? Significance: DNS is widely used in –Web –VoIP –Email –…

29 A Simple DNS Attack local DNS Server User’s Laptop www.seb.se A? www.seb.se A attacker_IP Root DNS Server se DNS Server seb.se DNS Server Attacker’s Laptop Easy to observe UDP DNS query sent to well known server on well known port. www.seb.se A 129.178.89.80 First response wins. Second response is silently dropped on the floor.

30 A cache poisoning Attack local DNS Server User’s Laptop seb.se DNS Server Attacker www.seb.se A? www.seb.se A attacker_IP With different IDs Cached a bad record: www.seb.se A attacker_IP www.seb.se A? www.seb.se A attacker_IP www.seb.se A? with different IDs

31 A More Complex Attack ns.attacker.com kau Caching Server Remote attacker Query www.attacker.com Response www.attacker.com A 128.9.128.127 attacker.com NS ns.attacker.com attacker.com NS www.seb.se ns.attacker.com A 128.9.128.2 www.seb.se A 128.9.128.127 Any kau Computer Query www.seb.se www.seb.se = 128.9.128.127

32 Question Is SSL/TLS useful to counteract these DNS attacks? Why? Homewrok: –Read RFC 2535 about DNSSec –http://www.faqs.org/rfcs/rfc2535.html

33 Key points URL spoofing: dotless IP address X.509 certificate Certificate chains SSL/TLS –Handshake protocol –Alert protocol –Record protocol –Change cipher spec protocol The overhead caused by SSL/TLS DNS architecture DNS cache poisoning

Download ppt "Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security

Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Cryptography and Network Security

Cryptography and Network Security
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Similar presentations

Ads by Google