It Just (Net)works. The Truth About ios' Multipeer Connectivity Framework. Alban
|
|
- Caroline Foster
- 6 years ago
- Views:
Transcription
1 It Just (Net)works The Truth About ios' Multipeer Connectivity Framework Alban
2 About me ios Security Researcher at Data Theorem Before: Principal Security Consultant at isec Partners Tools: SSLyze, Introspy, ios SSL Kill Switch 2
3 Agenda What is Multipeer Connectivity? Reversing the MC protocol(s) Security analysis of MC 3
4 What is Multipeer Connectivity? 4
5 Multipeer Connectivity 5
6 Demo 6
7 Motivation 7
8 Reversing the MC protocol(s) 8
9 MC API - Encryption The App can specify an encryptionpreference Three encryption levels: No further explanation in the documentation 9
10 MC API - Authentication The App can specify a securityidentity A "security identity" is an X509 certificate and the corresponding private key The peer s identify when pairing with other peers A callback has to be implemented for validating other peers certificates/identities during pairing: 10
11 Test Setup Macbook in WiFi Access Point mode + Wireshark Sample MC App with default MC settings Two devices: ipad Air with Bluetooth disabled ios Simulator 11
12 12
13 13
14 A B 14
15 Bonjour!! A??? over TCP!! STUN / ICE! B??? over UDP!! 15
16 Bonjour!! A??? over TCP!! STUN / ICE! B??? over UDP!! 16
17 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A??? over TCP!! STUN / ICE! B??? over UDP!! 17
18 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A??? over TCP!! STUN / ICE! B??? over UDP!! 18
19 19
20 20
21 Mystery Protocol #1 Peer connects to the other peer over TCP Each peer sends their PeerID first (random) idstring + device name For example: ory2g6r8fkq+iphone Simulator Three plists are then exchanged 21
22 A B 22
23 A B 23
24 A B 24
25 A 25
26 A B 26
27 A B 27
28 A B 28
29 A B 29
30 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation 30
31 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation The peer s security settings as bit fields: Encryption level (optional = X00, none = X10, required = X01 ) Whether authentication is enabled (yes = 1XX, no = 0XX) No X509 certificate/identity yet 31
32 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation Then a list of local "candidate" IP addresses!! 32
33 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation Then a list of local "candidate" IP addresses ! 33
34 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation Then a list of local "candidate" IP addresses Etc 34
35 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation Then some kind of IDs (according to debug logs)?! 35
36 Mystery Protocol #1 Each peer exchanges their MCNearbyConnectionDataKey Main "payload" of the protocol; briefly mentioned as connection data in the documentation Then some kind of IDs (according to debug logs)? 6F7D4FE3, etc 36
37 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! B??? over UDP!! 37
38 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! B??? over UDP!! 38
39 Interactive Connectivy Establishement 39
40 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! Perform connectivity checks and find the best network path to the other peer B??? over UDP!! 40
41 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! Perform connectivity checks and find the best network path to the other peer B??? over UDP!! 41
42 Mystery Protocol #2 42
43 Mystery Protocol #2 43
44 Mystery Protocol #2 It s the protocol used when App data is being exchanged Not plaintext but Wireshark doesn t know what it is Clues: Authentication in the MC API relies on X509 certificates 44
45 Mystery Protocol #2 It s the protocol used when App data is being exchanged Not plaintext but Wireshark doesn t know what it is Clues: Authentication in the MC API relies on X509 certificates When setting a breakpoint on SSLHandshake(), it does get triggered 45
46 Mystery Protocol #2 It s the protocol used when App data is being exchanged Not plaintext but Wireshark doesn t know what it is Clues: Authentication in the MC API relies on X509 certificates When setting a breakpoint on SSLHandshake(), it does get triggered 46
47 Mystery Protocol #2 openssl s_client -dtls1 -connect someserver:443 47
48 Mystery Protocol #2 openssl s_client -dtls1 -connect someserver:443 48
49 Mystery Protocol #2 openssl s_client -dtls1 -connect someserver:443 49
50 Pro Packet Trace Editing 50
51 Pro Packet Trace Editing Success! 51
52 Mystery Protocol #2 DTLS 1.0 with the byte 0xd0 appended to every DTLS record _gcksessionrecvmessage() Inside the DTLS stream Simple plaintext protocol The other peer s PeerID + App data/messages 52
53 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! Perform connectivity checks and find the best network path to the other peer B GCK2 over UDP! Perform DTLS handshake, check the other peer s identity, exchange data 53
54 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service A GCK1 over TCP! Discovery Phase Exchange peer names, security options and network information STUN / ICE! Perform connectivity checks and find the best network path to the other peer B GCK2 over UDP! Session Phase Perform DTLS handshake, check the other peer s identity, exchange data 54
55 Security Analysis of Multipeer Connectivity 55
56 MC Security Analysis None Optional Required Without! Authentication With Authentication 56
57 MC Security Analysis None Optional Required Without! Authentication With Authentication 57
58 MC Security Analysis Required With Authentication: DTLS with mutual authentication Each peer sends their certificate and validate the other side s certificate RSA & EC-DSA TLS Cipher Suites 30 cipher suites supported in total including PFS cipher suites.! In practice, TLS_RSA_WITH_AES_256_CBC_SHA256 is always negotiated, which doesn t provide PFS 58
59 MC Security Analysis None Optional Required Without! Authentication With Authentication No PFS 59
60 MC Security Analysis None Optional Required Without! Authentication With Authentication No PFS 60
61 MC Security Analysis Required Without Authentication: DTLS with Anonymous TLS Cipher Suites No certificates exchanged Anon" AES TLS cipher suites: TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256 61
62 MC Security Analysis None Optional Required Without! Authentication With Authentication MiTM No PFS 62
63 MC Security Analysis None Optional Required Without! Authentication With Authentication MiTM No PFS 63
64 MC Security Analysis None Without Authentication: No DTLS - Plaintext GCK2 protocol 64
65 MC Security Analysis None Optional Required Without! Authentication With Authentication Plaintext MiTM No PFS 65
66 MC Security Analysis None Optional Required Without! Authentication With Authentication Plaintext MiTM No PFS 66
67 MC Security Analysis None With Authentication: DTLS with mutual authentication Each peer send their certificate and validate the other side s certificate Plaintext / No Encryption TLS Cipher Suites! TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256 67
68 MC Security Analysis None Optional Required Without! Authentication With Authentication Plaintext Plaintext MiTM No PFS 68
69 MC Security Analysis None Optional Required Without! Authentication With Authentication Plaintext Plaintext MiTM No PFS 69
70 MC Security Analysis Optional With Authentication! The session prefers to use encryption, but will accept unencrypted connections 70
71 Conclusion None Optional Required Without! Authentication Plaintext MitM MitM With Authentication Plaintext No PFS 71
72 Conclusion None Optional Required Without! Authentication Plaintext MitM MitM With Authentication Plaintext No PFS 72
73 MC Security Analysis Optional With Authentication! The session prefers to use encryption, but will accept unencrypted connections Two peers using Optional with Authentication should get the same security as Required (ie. use DTLS) Authentication should prevent a man-in-themiddle from tampering with the network traffic 73
74 Bonjour! Advertise local MC service, discover nearby devices advertising the MC service GCK1 over TCP! Exchange peer names, security options and "candidate" UDP sockets STUN / ICE! Perform connectivity checks and find the best network path to the other peer GCK2 over UDP! Perform DTLS handshake, check the other peer s identity, exchange data 74
75 Bonjour Optional! Authentication Enabled Optional! Authentication Enabled ICE / STUN DTLS with RSA / AES cipher suite Encrypted & authenticated traffic Same security as Required 75
76 Bonjour 76
77 Bonjour Optional! Authentication Enabled 77
78 Bonjour Optional! Authentication Enabled None! Authentication Enabled 78
79 Bonjour Optional! Authentication Enabled None! Authentication Enabled None! Authentication Enabled Optional! Authentication Enabled 79
80 Bonjour Optional! Authentication Enabled None! Authentication Enabled None! Authentication Enabled Optional! Authentication Enabled ICE / STUN 80
81 Bonjour Optional! Authentication Enabled None! Authentication Enabled None! Authentication Enabled Optional! Authentication Enabled ICE / STUN DTLS with NULL cipher suite Plaintext traffic (authenticated)! No post-auth checks on the parameters exchanged! Same security as None 81
82 Optional Downgrade Attack 82
83 MC Security Analysis None Optional Required Without! Authentication Plaintext MitM MitM With Authentication Plaintext MitM (Downgrade) No PFS 83
84 Conclusion 84
85 Conclusion Most security settings work as advertised by the MC API Except for Optional with Authentication Some combinations should never be used Optional None with Authentication Only Required with Authentication is secure 85
86 Conclusion None Optional Required Without! Authentication Plaintext MitM MitM With Authentication Plaintext MitM (Downgrade) No PFS 86
87 Conclusion None Optional Required Without! Authentication Plaintext MitM MitM With Authentication Plaintext MitM (Downgrade) No PFS 87
88 Conclusion Possible improvements to the MC Framework: Required with Authentication: Prioritize PFS TLS Cipher Suites Optional with Authentication: Peers should validate security parameters postauthentication to prevent downgrade attacks Better: remove Optional and make Required the default setting? 88
89 Thanks! More at 89
Transport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationTLS connection management & application support. Giuseppe Bianchi
TLS connection management & application support Alert Protocol TLS defines special messages to convey alert information between the involved fields Alert Protocol messages encapsulated into TLS Records
More informationReal-Time Communications for the Web. Presentation of paper by:cullen Jennings,Ted Hardie,Magnus Westerlund
Real-Time Communications for the Web Presentation of paper by:cullen Jennings,Ted Hardie,Magnus Westerlund What is the paper about? Describes a peer-to-peer architecture that allows direct,interactive,rich
More informationStaying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf
Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai, Luyi Xing) (co-first authors), Nan Zhang, XiaoFeng Wang, Xiaojing Liao, Tongxin Li, Shi-Min
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCIP Security Phase 1 Secure Transport for EtherNet/IP
CIP Security Phase 1 Secure Transport for EtherNet/IP Brian Batke, Rockwell Automation Dennis Dubé, Schneider Electric Joakim Wiberg, HMS Industrial Networks October 14, 2015 The Need for a Secure Transport
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationConfiguring and Using SSL
ENF0000AN040 Configuring and Using SSL Application Note Version: 1.00 30 October, 2013 General TERMS OF USE OF NEW MATERIALS - PLEASE READ CAREFULLY From time to time, Novatel Wireless, in its sole discretion,
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationtcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt the vast majority of TCP traffic? Performance
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationUsing Access Point Communication Protocols
Information About Access Point Communication Protocols, page 1 Restrictions for Access Point Communication Protocols, page 2 Configuring Data Encryption, page 2 Viewing CAPWAP Maximum Transmission Unit
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationTLSkex: Harnessing virtual machine introspection for decrypting TLS communication
12 TLSkex: Harnessing virtual machine introspection for decrypting TLS communication Benjamin Taubmann, Dominik Dusold, Christoph Frädrich, Hans P. Reiser Juniorprofessur für Sicherheit in Informationssystemen
More informationEncrypted Phone Configuration File Setup
This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationProtocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec
Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Author: Gwen Dente, IBM Gaithersburg, MD Acknowledgments: Alfred Christensen, IBM Erin Farr, IBM Christopher Meyer, IBM Linwood Overby, IBM Richard
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationMatrixDTLS Developer s Guide
MatrixDTLS Developer s Guide Electronic versions are uncontrolled unless directly accessed from the QA Document Control system. Printed version are uncontrolled except when stamped with VALID COPY in red.
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationChapter 8 Network Security
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationRelease Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7
Release Notes for Epilog for Windows v1.7 InterSect Alliance International Pty Ltd Page 1 of 16 About this document This document provides release notes for Snare Enterprise Epilog for Windows release.
More informationIntroduction of New Verse Protocol Jiří Hnídek Technical University of Liberec Czech Republic
Introduction of New Verse Protocol Jiří Hnídek Technical University of Liberec Czech Republic email: jiri.hnidek@tul.cz http://dev.nti.tul.cz/trac/verse2 Introduction & History Network protocol Real-time
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationLink & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationNetwork Requirements
GETTING STARTED GUIDE l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l l
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationA New Internet? RIPE76 - Marseille May Jordi Palet
A New Internet? RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 (a quick) Introduction to HTTP/2, QUIC and DOH and more RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com)
More informationThe Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.0
The Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.0 Nicklas Hasselström, Gunnar Hjern, Richard Hoorn, Marcus Hult, Johan Häger, Jens Syrén, Stefan Alfredsson & Stefan Lindskog
More informationLEAVE THE TECH TO US BLACKBOX.COM/COALESCE
LEAVE THE TECH TO US 1.877.877.2269 BLACKBOX.COM/COALESCE INTRODUCTION: Coalesce Meeting Place Edition is a wireless presentation solution enabling meeting attendees to share the screens of their connected
More informationChallenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London
Challenges in building overlay networks: a case study of Steven Murdoch Principal Research Fellow University College London Who uses? Ordinary people e.g. to avoid unscrupulous marketers, protect children,
More informationMZ Firmware Release Notes
Page 1 MZ Firmware Release Notes This document summarizes the following firmware releases: Firmware Release Number Release Date See Page 11z48 04 October 2011 page 2 11z29 28 July 2010 page 3 11q4 09 May
More informationSensitive Information in a Wired World
Sensitive Information in a Wired World CPSC 457/557, Fall 2013 Lecture 11, October 3, 2013 1:00-2:15 pm; AKW 400 http://zoo.cs.yale.edu/classes/cs457/fall13/ Brian A. LaMacchia, used with permission 1
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationLab 7: Tunnelling and Web Security
Lab 7: Tunnelling and Web Security Objective: In this lab we will investigate the usage of SSL/TLS and VPN tunnels. & Web link (Weekly activities): https://asecuritysite.com/esecurity/unit07 & YouTube
More informationSSL Accelerated Service Configuration Mode Commands
SSL Accelerated Service Configuration Mode Commands SSL accelerated services lets you enable and configure SSL acceleration on your WAAS system, and define services to be accelerated on the SSL path. To
More informationIEEE WiMax Security
IEEE 80.6 WiMax Security Dr. Kitti Wongthavarawat Thai Computer Emergency Response Team (ThaiCERT) National Electronics and Computer Technology Center Thailand Presented at 7 th Annual FIRST Conference,
More informationPlaintext-Recovery Attacks Against Datagram TLS
Information Security Group Royal Holloway, University of London 6th Feb 2012 Contents 1 Results 2 3 4 Padding Oracle Realisation Against OpenSSL 5 Attacking the GnuTLS Implementation of DTLS 6 Results
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationAuditing IoT Communications with TLS-RaR
Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security
More informationA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH and more LACNIC 29 - Panamá May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 Internet is Changing More and more, Internet traffic is moving
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationVPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1
VPN, IPsec and TLS stole slides from Merike Kaeo apricot2017 1 Virtual Private Network Overlay Network a VPN is built on top of a public network (Internet)
More informationHardware Management Console External Connectivity Security for IBM POWER5 Processor-based Systems
Hardware Management Console External Connectivity Security for IBM POWER5 Processor-based Systems March 2, 2007 by: Jason Stapels Ann Burkes Brian Myers Table of Contents 1 Introduction...3 1.1 Disclaimer...3
More informationOverview of TLS v1.3 What s new, what s removed and what s changed?
Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationUsing SRP for TLS Authentication
Using SRP for TLS Authentication Internet Draft Transport Layer Security Working Group D. Taylor Forge Research Pty Ltd Expires: March 5, 2003 September 4, 2002 Using SRP for TLS Authentication draft-ietf-tls-srp-03
More informationMZ Firmware Release Notes
Page 1 MZ Firmware Release Notes This document summarizes the following firmware releases: Firmware Release Number Release Date See Page 11z50 12 March 2012 page 2 11z48 04 October 2011 page 2 11z29 28
More informationLEAVE THE TECH TO US BLACKBOX.EU
LEAVE THE TECH TO US 00800-22552269 BLACKBOX.EU INTRODUCTION: Coalesce MPE (Meeting Place Edition) is a wireless presentation solution enabling meeting attendees to share the screens of their connected
More informationIntrospy Security Profiling for Blackbox ios and Android. Marc Blanchou Alban Diquet
Introspy Security Profiling for Blackbox ios and Android Marc Blanchou Alban Diquet Introduction What is it about? Tool release: Introspy Security profiler for ios and Android applications Useful to developers,
More informationBackdooring the Front Door
Backdooring the Front Door About me Software Engineer by trade Hacker by passion Lock picker for fun The best puzzles are not meant to be solved All opinions are my own, and may not reflect those of my
More informationLehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL
More informationDesign and Implementation of SCTP-aware DTLS
Design and Implementation of SCTP-aware DTLS R. Seggelmann 1, M. Tüxen 2 and E. Rathgeb 3 1 Münster University of Applied Sciences, Steinfurt, Germany - seggelmann@fh-muenster.de 2 Münster University of
More informationSecuring Network Communications
Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise
More informationThe case for ubiquitous transport level encryption. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet,
More informationPerformance implication of elliptic curve TLS
MSc Systems & Network Engineering Performance implication of elliptic curve TLS Maikel de Boer - maikel.deboer@os3.nl Joris Soeurt - joris.soeurt@os3.nl April 1, 2012 Abstract During our research we tested
More informationTransport Layer Security
Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationIntercepting SNC-protected traffic
Intercepting SNC-protected traffic Martin Gallo Penetration Testing SME March 2017 Agenda Introduction Problem SAP Protocols SAP SNC (Secure Network Connections) Attack vectors Vulnerable scenarios Demo
More informationLecture 08: Networking services: there s no place like
Lecture 08: services: there s no place like 127.0.0.1 Hands-on Unix system administration DeCal 2012-10-15 1 / 22 About Common records Other records 2 / 22 About About Common records Other records Domain
More informationHTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia
HTTPS Setup using mod_ssl on CentOS 5.8 Jeong Chul tland12.wordpress.com Computer Science ITC and RUPP in Cambodia HTTPS Setup using mod_ssl on CentOS 5.8 Part 1 Basic concepts on SSL Step 1 Secure Socket
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationRTCWEB Working Group. Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future
RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing dwing@cisco.com IETF83 - March 2012 v2 1 Agenda Scope Upcoming Questions
More informationHacking Smart Home Devices. Fernando Gont
Hacking Smart Home Devices Fernando Gont About... Security Researcher and Consultant at SI6 Networks Published: 30 IETF RFCs 10+ active IETF Internet-Drafts Author of the SI6 Networks' IPv6 toolkit https://www.si6networks.com/tools/ipv6toolkit
More informationWhite Paper for Wacom: Cryptography in the STU-541 Tablet
Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5
More informationEncryption Everywhere
Encryption Everywhere Adapting to a New Reality that favors Security and Privacy Kathleen Moriarty EMC Office of CTO IETF Security Area Director (Speaking for myself, not the IETF) 1 Agenda Protocol and
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-10-09 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Items: TLS V1.2 Suite B RFC 5280 Certificate Validation Element/Component: Cryptographic Services - System SSL Material is current as of June 2013 Agenda Trademarks
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-07-19 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationP2PSIP, ICE, and RTCWeb
P2PSIP, ICE, and RTCWeb T-110.5150 Applications and Services in Internet October 11 th, 2011 Jouni Mäenpää NomadicLab, Ericsson Research AGENDA Peer-to-Peer SIP (P2PSIP) Interactive Connectivity Establishment
More information