Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Teererai Marange. Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable.

Published byKerrie Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by Teererai Marange. Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable."— Presentation transcript:

1 Presented by Teererai Marange

2 Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable population Patching behavior Impact on certificate ecosystem Exposing attacks Impact of large scale notification

3 Conclusion Lessons learned Criticisms Questions and answers

4 Popular implementation of SSL/TLS protocols. Used to facilitate secure connections for web, email, VPN and messaging services. Project initiated in 1998. 8 code execution vulnerabilities and 6 information leak vulnerabilities discovered so far.

5 Motivation: Session management in Datagram TLS. Allows either end-point of connection to detect whether its peer is still present. Support indicated during TLS handshake protocol. Following this, either endpoint confirms connectivity sending a heartbeatRequest

6 Other endpoint confirms presence by sending heartbeatResponse message.

7 Example

8 Implementation of hearbeat assumed that the peer sending HeartbeatRequest would be honest about payload length value!!! Suppose I send a payload of length 1 and say that the actual length is 16 bytes. Then the server would return the 1 byte payload plus 15bytes of its own(supposedly private memory). Thus peer could acquire up to 65536 bytes of private memory.

9 Example

10 Potency of this vulnerability Compromised confidentiality and Access control as anyone could acquire private cryptographic data and private user data. Easy to understand and exploit. Popularity of HTTPS and TLS resulting in more affected services.

11 Compares payload length field to actual length of payload. Discards heartbeatRequest message if payload length>actual length of payload.

12

13 Modified Zmap to perform vulnerability scan Sending heartbeatRequest with length field set to 0 and no payload and no padding. Non-vulnerable servers reject message. Vulnerable servers respond with a message with padding only. Vulnerability scans performed against Alexa top 1million sites 1% samples of public non-reserved ipv4 address space.

14 At least 44 of Alexa top 100 remained unpatched at disclosure time. 5 Alexa top 100 sites still unpatched 22 hours post disclosure. Broader impact. Codenomicon estimated that 66% of HTTPS enabled sites affected at disclosure time. 45% of Alexa top 1 million supported HTTPS. Of these 24-55% were vulnerable at disclosure time. This value had dropped to 11% 48 hours post discolosure.

15 Public ipv4 address space(from 48 hours after disclosure) 11.4% supported HTTPS of which 5.9% were vulnerable. 10 ASes accounted for over 50% of vulnerable hosts. Other devices and products 74 distinct sets of devices and software packages.

16 Other areas of impact Mail servers Tor project Bitcoin clients Android Wireless networks.

17

18

19 10.1% of vulnerable hosts 48 hours post disclosure replaced their certificates in the month following disclosure vs 73% who patched. Of those that replaced their certificate 19% revoked the old one!!! 14% used the same private key!!!! 23% of all HTTPS sites in Alexa top 1million replaced certificates and only 4% revoked the old one between april 9 and april 30.

20 10.1% of vulnerable hosts 48 hours post disclosure replaced their certificates in the month following disclosure vs 73% who patched. Of those that replaced their certificate 19% revoked the old one!!! 14% used the same private key!!!! 23% of all HTTPS sites in Alexa top 1million replaced certificates and only 4% revoked the old one between april 9 and april 30.

21 Predisclosure No evidence of attacks prior to disclosure based on observations between January and April 7 2014. Post disclosure

22 The vast majority of scan attacks originated from the Amazon address space(4267 out of 5948) and were used by popular heartbleed scan services Filipino.io and ssllabs.com Most attacks targeted less than 10 sites(vertical rather than horizontal). Attacks were also centered on dense address spaces for example Amazon.

23 152805 hosts were randomly split into 2 groups Group A to be notified on April 28, 2014 Group B to be notified on May 7, 2014. Each group notification included information on vulnerability, link to recovery guide and list of vulnerable hosts. Regular scans of each group performed every 8 hours in order to track patching behavior.

24 152805 hosts were randomly split into 2 groups Group A to be notified on April 28, 2014 Group B to be notified on May 7, 2014. Each group notification included information on vulnerability, link to recovery guide and list of vulnerable hosts. Regular scans of each group performed every 8 hours in order to track patching behavior.

25

26

27 HTTPS administration: Educating server operators Certification revocation and replacement behavior suggests a superficial understanding of the protocol. Importance of forward secrecy. Need for more scalable certificate revocation protocols. Support for critical open source projects. Heartbeat originally for DTLS. Why was it enabled everywhere in the first place. “Standard implementations could rely on TCP for equivalent session management”. Code review would also have helped.

28 Vulnerability disclosure: Largely uncoordinated and poorly organized. Many major operating system vendors not notified prior to disclosure. A plan must be put in place for future events of this scale and importance. Notification and patching. Positive effect of notification is clear from this study. Detection of vulnerable systems on a large scale is easier than most researchers think. Research needed to look into protocols that allow machine to machine notification and automated patching accordingly.

29 Scans of all forms exclude hosts that previously requested removal from their daily HTTPS scans Potential bias in sample?? Ethics. Server is not given notification to not be scanned prior to initial scans. False negatives due to bug in heartbleed scanner. Impact lowered by subsequent scan in May. Estimated between 6.5%-10.5%

30 Predisclosure affected patching behavior. Data does not tell us about patching sequence. Some server operators disabled the extension before patching. Author appears to assume that all server operators had the goal of patching as soon as possible. What about leaving servers vulnerable for research purposes? What if server operators are weary of bugs in the patch itself?

31 Small sample size in determining effect of language barrier on patching rate. 75 responses received. 88% of which were in English and other Common languages. Data does not tell us about patching sequence. Some server operators disabled the extension before patching. Author appears to assume that all server operators had the goal of patching as soon as possible. What about leaving servers vulnerable for research purposes? What if server operators are weary of bugs in the patch itself?

Download ppt "Presented by Teererai Marange. Background Open SSL Hearbeat extension Heartbleed vulnerability Description of work Methodology Summary of results Vulnerable."

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Security Through Encryption. Different ways to achieve security of communication data Keep things under lock and key – Physical Encryption Through password.

Security Through Encryption. Different ways to achieve security of communication data Keep things under lock and key – Physical Encryption Through password.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.

Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.

ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google