Defeating All Man-in-the-Middle Attacks

Size: px
Start display at page:

Download "Defeating All Man-in-the-Middle Attacks"

Transcription

1 Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1

2 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type of attack. There are two main components to the attack. First, the adversary intercepts communication from the victim and relays it to the server the victim wishes to communicate with. Second, the adversary obtains cleartext of the communication between the victim and the victim s server. PrecisionAccess defeats all man-in-the-middle attacks using the combination of mutual TLS, pinned certificates, and a fixed encryption suite that cannot be downgraded or altered. This paper first presents the ways that adversaries intercept traffic, then, the ways they obtain cleartext, and, finally, how PrecisionAccess prevents adversaries from accessing the cleartext. Figure 1. To execute a man-in-the-middle attack, the adversary must first redirect traffic from its normal path (shown in green) to a path such that the traffic flows through the adversary (shown in red). Then, the adversary must decrypt any traffic that is encrypted. Figure 2. PrecisionAccess does not defeat the redirection of traffic. That happens at the networking layer. However, PrecisionAccess defeats the decryption of the traffic as explained in this paper. Vidder, Inc. Defeating All Man-in-the-Middle Attacks 2

3 Table of Contents Executive Summary... 2 Intercepting the Traffic... 4 Spoofing a Wi-Fi Hotspot... 4 Spoofing a Website... 4 ARP Spoofing... 4 DNS Spoofing... 4 Compromised Infrastructure... 5 Internet Route Hijacking... 5 Cleartext... 5 It s Already Cleartext... 5 Transforming HTTPS back to HTTP... 5 Attacks on SSL... 6 Summary... 6 Appendix A... 7 Vidder, Inc. Defeating All Man-in-the-Middle Attacks 3

4 Intercepting the Traffic In a man-in-the-middle attack, the adversary becomes the server to the victim s client computer and the adversary also becomes the client to the server the victim is communicating with. Here are the ways the adversary becomes the man-in-the-middle. Spoofing a Wi-Fi Hotspot One of the easiest ways to perform a man-in-the-middle attack is via spoofing a Wi-Fi access point because the adversary does not need to be on the network prior to creating the attack. There are multiple tools that can be used to do this attack and lots of websites that explain how to take over an existing access point (e.g., a corporate Wi-Fi access point), but it s even easier to spoof Starbucks or AT&T Wi-Fi especially because most clients will automatically connect to any access points they have previously connected to. Then, provided the adversary is also connected to the Internet and running some man-in-the-middle software (e.g., Ettercap), the intercept is complete. It s that easy, and it happens all the time. Spoofing a Website It s relatively easy for an adversary to perform a man-in-the-middle attack via spoofing a website. The adversary begins by cloning the website. There are many tools that automate this function. From there, the adversary registers a domain name for the cloned website that is very similar to the domain name of the real website. It may even be possible to get a legitimate SSL certificate for the cloned website. Finally, the adversary does a phishing attack, or some other type of social engineering, on a group of potential victims to get them to go to the cloned website thinking it is the legitimate website. Obviously, the cloned website is the man-in-the-middle. Therefore, it then relays traffic to the real website with the adversary seeing the cleartext. ARP Spoofing Address Resolution Protocol (ARP) allows servers to give clients their Ethernet MAC address. The typical workflow for this very common networking protocol is that a user types a URL into a browser, the operation system of the client uses the URL to request the IP address of the server from DNS, and then uses the IP address of the server to request the Ethernet MAC address of the server using ARP. Note that if the server is on a different IP subnet, the router will respond to ARP with its MAC access. Note also, that to reduce the number of times the clients perform an ARP, the clients will often listen to the ARP replies from servers and router when other clients make ARP requests. Therefore, an adversary has two ways to become a man-in-the-middle between the client and the server. One way is that the adversary can be very fast at replying to an ARP request with the adversary s MAC address (i.e., the adversary s host replies faster than the legitimate server or router). The other way is that the adversary can generate a gratuitous ARP reply such that the hosts on the network store the adversary s MAC address and associate it with whatever server s IP address is in the gratuitous ARP from the adversary. The downside of both of these methods is that the adversary needs to have control of a host on the LAN of the potential victims. Therefore, typically, the adversary will compromise a computer on the network with a phishing attack, and then use this man-in-the-middle attack to obtain credentials for lateral movement through the network. DNS Spoofing DNS spoofing provides another mechanism to get victims to visit a spoofed website. That is, take the concept above about cloning a website and registering a DNS name, but, instead of using social engineering to get the victims to the website, alter the DNS entry of the legitimate domain name such that the DNS entry points to the cloned website. There are multiple ways to spoof a DNS server. One method is similar to ARP spoofing, where the adversary acts like a DNS server and returns the IP address of the requested DNS name quicker than the legitimate DNS server. This requires the adversary to be close to the victim. Another way is for the Vidder, Inc. Defeating All Man-in-the-Middle Attacks 4

5 adversary to compromise the local DNS server and change the IP address of certain domain names to point to the websites of the adversary. This allows the adversary to DNS spoof a region of the Internet. Finally, there is the possibility of compromising an authoritative DNS server. If a local DNS server does not know the IP address of a requested domain name, it will call upstream DNS servers to get the name. Each DNS server in turn will call additional DNS servers until one reaches the authoritative DNS server for that domain. Therefore, if the adversary compromises an authoritative DNS server, the adversary can redirect everyone in the world to the adversary s fake IP addresses. Compromised Infrastructure There are a lot of networking products between a client and a server, for example: switches, routers, firewalls, lots of security devices, load balancers, etc. If the adversary compromises any of those devices, it is possible to create a man-in-the-middle attack from that device. And it is surprisingly easy to compromise a component of the infrastructure default passwords, poorly configured SNMP, and unpatched vulnerabilities on embedded operating systems that do not get upgraded at the same rate as servers to name just a few. Internet Route Hijacking It is believed that nation states, including China and Russia, have injected fake routes into the Border Gateway Protocol (BGP) routing tables such that they were able to create a man-in-the-middle attack on a huge amount of data. In the cases mentioned, the nation states originated network prefix they did not own such that traffic to those networks passed through the routers in their countries. Clearly, this is not your common everyday adversary, but it does go to show just how many ways there are to execute a man-in-the-middle attack. Cleartext As described above, the first step is for the adversary to intercept the traffic. The second step is to remove any encryption from the traffic to obtain cleartext. However, PrecisionAccess defeats all ways of seeing the cleartext. It s Already Cleartext Obviously, any protocols that do not encrypt traffic provide the cleartext to the adversary without additional effort. The most notable protocol that uses cleartext is HTTP. Importantly, not only is the data in cleartext, but so are the cookies, session tokens, and other input parameters. Cookies and session tokens act as short-term credentials for accessing websites. Therefore, when the man-in-the-middle adversary sees the cleartext cookie or session token, the adversary can impersonate the victim connecting to the website as the victim. PrecisionAccess encrypts all traffic from the user s client to the PrecisionAccess Gateway including HTTP traffic. If the traffic is cleartext, it gets encrypted including the cookies, session tokens and other input parameters. If the traffic is cyphertext, it gets encrypted a second time. Transforming HTTPS back to HTTP To mitigate the attack above, the majority of popular websites are now using HTTPS instead of HTTP, where HTTPS uses TLS encryption to provide secrecy and data integrity of the HTTP traffic. Therefore, the objective of the man-in-the-middle adversary becomes the decryption of the HTTPS traffic. One of the more elegant ways of creating cleartext is for the man-in-the-middle adversary to create the HTTPS connection to the server, but to act like an HTTP server to the victim. This was first demonstrated in 2009 with a program called SSLstrip. To the user, it looks like a regular HTTP session to a server, and all the user s data, cookies, session tokens, and other input parameters are in cleartext. The adversary sees the user s cleartext, but then encrypts it in TLS for the connection to the server. The server sees cyphertext, just like it wants to. In an attempt to defeat the SSLstrip attack, the browser industry created the HTTP Strict Transport Security (HSTS) protocol, a mechanism by which a website is able to inform the browser if it s Vidder, Inc. Defeating All Man-in-the-Middle Attacks 5

6 supposed to be secured with SSL end-to-end. However, a more recent application that is part of the Mana Toolkit now defeats that protocol to again allow the adversary to server HTTP traffic to the victim and HTTPS to the website. PrecisionAccess defeats this attack because it uses mutual TLS to authenticate the client to the server. The adversary does not have the private key for the mutual TLS. Therefore, the adversary cannot impersonate the user to the PrecisionAccess Controllers or Gateways during the TLS handshake. Attacks on SSL There have been so many attacks on SSL and TLS that the list had to be put in an appendix to this paper, but we can generalize the types of attacks as follows. Below, you see how PrecisionAccess defeats each attack. Some of the attacks are based on the fact that the client and the server are verified separately, such that each step can be spoofed separately. Many of the attacks used JavaScript to initiate the attack on the victim s browser. Another set of attacks used forged certificates. This is possible because there are so many Certificate Authorities in the world that are trusted by the browser. A fourth set of attacks was based on the adversary s ability to downgrade the encryption cypher being used or alter other parameters of the HTTP/S protocol suite. Finally, there are the attacks that are possible just because any adversary can connect to a server with TLS. PrecisionAccess defeats all of these attacks. It uses mutual TLS to authenticate both the client and the server in a two-way handshake, where both authenticate each other at the same time. It defeats JavaScript-based attacks because the PrecisionAccess Client that creates the mutual TLS connection is not a browser and does not run JavaScript. It defeats forged certificates by using pinned certificates. That is, instead of trusting the hundreds of the Certificate Authorities in the world like a browser does, the PrecisionAccess Client only trusts certificates issued by the PrecisionAccess Certificate Authority. It defeats the fourth set of attacks by using one, and only one, encryption suite. This is only possible because PrecisionAccess controls the encryption algorithm in the Clients, Controllers, and Gateways. And note that PrecisionAccess uses the strongest encryption algorithm commercially available. Finally, it defeats the fifth set of attacks by requiring Single Packet Authorization prior to allowing access to the TLS protocol. It s also interesting to note that Single Packet Authorization defeats all of the attacks on TLS by unauthorized devices because devices cannot begin the TLS handshake until they have passed Single Packet Authorization. Summary There are two parts to man-in-the-middle attacks: intercepting the traffic from a client to a server and decrypting the traffic. PrecisionAccess defeats all man-in-the-middle attacks because it creates an independent layer of encryption between the client and the PrecisionAccess Gateway using the combination of mutual TLS, pinned certificates, and a fixed encryption suite that cannot be downgraded or altered in any way. Vidder, Inc. Defeating All Man-in-the-Middle Attacks 6

7 Appendix A Appendix A is a list of recent attacks on SSL/TLS. The first column is the common name of the attack. The second column is the date it was announced. The third column is a short description of the attack. The fourth column explains how PrecisionAccess defeats the attack from unauthorized devices. And the fifth column explains how PrecisionAccess defeats the attack by authorized users on authorized devices. Name Date Attack Unauthorized Authorized Users SSLstrip Feb 2009 MitM http to https Mutual TLS THC-SSL-DOS Aug 2011 Server DoS attack SPA --- DigiNotar Sept 2011 MitM forged certs Pinned certs BEAST Apr 2012 MitM Java Applet oracle PA client is not a browser CRIME Sept 2012 MitM SPDY compressing oracle No compression in cypher Lucky 13 Feb 2013 MitM CBC padding oracle GCM cypher not vulnerable TIME Mar 2013 MitM browser JavaScript timing oracle PA client is not a browser RC4 biases Mar 2013 MitM RC4 oracle No cypher negotiation BREACH Aug 2013 Website redirect, compression SPA No redirect or compression goto fail Feb 2014 MitM counterfeit key via coding error Pinned dedicated cert Triple Handshake Mar 2014 MitM on client cert Pinned dedicated cert Heartbleed Apr 2014 OpenSSL bug SPA Not single-ended SSL BERserk Sept 2014 MitM PKCS#1.5 padding Cypher not vulnerable Poodle Oct 2014 MitM SSLv3 oracle No cypher negotiation Poodle++ Dec 2014 MitM JavaScript timing oracle PA client is not a browser FREAK Mar 2015 MitM negotiation 512 bit key No key negotiation Bar-mitzvah Mar 2015 MitM on RC4 No cypher negotiation logjam May 2015 MitM downgrade to 512 bit key No cypher negotiation DROWN Mar 2016 MitM downgrade to SSLv2 No cypher negotiation Sweet32 Aug 2016 MitM birthday attack on 64-bit ciphers 64-bit cypher not used SHA-1collision Jan 2017 MitM collision attack on SHA-1 SHA-1 not used Vidder, Inc. Defeating All Man-in-the-Middle Attacks 7

So.ware Defined Perimeter Internet- scale Security for the Internet2 Community. Junaid Islam Co- Chair SDP Workgroup Cloud Security Alliance

So.ware Defined Perimeter Internet- scale Security for the Internet2 Community. Junaid Islam Co- Chair SDP Workgroup Cloud Security Alliance So.ware Defined Perimeter Internet- scale Security for the Internet2 Community Junaid Islam Co- Chair SDP Workgroup Cloud Security Alliance The challenge: How do you secure an open network? 2 Solution

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

32c3. December 28, Nick https://crypto.dance. goto fail;

32c3. December 28, Nick https://crypto.dance. goto fail; 32c3 December 28, 2015 Nick Sullivan @grittygrease nick@cloudflare.com https://crypto.dance goto fail; a compendium of transport security calamities Broken Key 2 Lock 3 Lock 4 5 6 HTTP HTTPS The S stands

More information

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD SSL/TLS: Still Alive? Pascal Junod // HEIG-VD 26-03-2015 Agenda SSL/TLS Protocol Attacks What s next? SSL/TLS Protocol SSL/TLS Protocol Family of cryptographic protocols offering following functionalities:

More information

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Verifying Real-World Security Protocols from finding attacks to proving security theorems Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis

More information

PrecisionAccess Trusted Access Control

PrecisionAccess Trusted Access Control Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised

More information

Vidder PrecisionAccess

Vidder PrecisionAccess Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...

More information

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Man In The Middle Project completed by: John Ouimet and Kyle Newman Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims

More information

TLS1.2 IS DEAD BE READY FOR TLS1.3

TLS1.2 IS DEAD BE READY FOR TLS1.3 TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are

More information

Securing Office 365 & Other SaaS

Securing Office 365 & Other SaaS Securing Office 365 & Other SaaS PrecisionAccess Vidder, Inc. Securing Office 365 & Other SaaS 1 Executive Summary Securing Office 365 means securing Email, SharePoint, OneDrive, and a number of other

More information

TLS 1.1 Security fixes and TLS extensions RFC4346

TLS 1.1 Security fixes and TLS extensions RFC4346 F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit

More information

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Attacks on SSL/TLS Applied Cryptography Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Timeline of attacks on SSL/TLS 2/41 SSLstrip 2010 2011 2012 2013 2014 2015 2016 BEAST POODLE

More information

SSL Report: ( )

SSL Report:   ( ) Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > www.workbench.nationaldataservice.org SSL Report: www.workbench.nationaldataservice.org (141.142.210.100) Assessed on:

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Overview of TLS v1.3 What s new, what s removed and what s changed?

Overview of TLS v1.3 What s new, what s removed and what s changed? Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.

More information

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger SSL / TLS Crypto in the Ugly Real World Malvin Gattinger 2016-03-17 SSL/TLS Figure 1: The General Picture SSL or TLS Goal: Authentication and Encryption Secure Sockets Layer SSL 1 (never released), 2 (1995-2011)

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Frequently Asked Questions WPA2 Vulnerability (KRACK) Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key

More information

SSL Report: printware.co.uk ( )

SSL Report: printware.co.uk ( ) 1 of 5 26/06/2015 14:27 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > printware.co.uk SSL Report: printware.co.uk (194.143.166.5) Assessed on: Fri, 26 Jun 2015 12:53:08

More information

TLS Security and Future

TLS Security and Future TLS Security and Future Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Fixing issues in practice Trust, Checking certificates and

More information

CIS 5373 Systems Security

CIS 5373 Systems Security CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate

More information

CIS 5373 Systems Security

CIS 5373 Systems Security CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What

More information

Post Connection Attacks

Post Connection Attacks Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all

More information

DROWN - Breaking TLS using SSLv2

DROWN - Breaking TLS using SSLv2 DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Findings for

Findings for Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp

More information

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?

More information

SSL Report: bourdiol.xyz ( )

SSL Report: bourdiol.xyz ( ) Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN

More information

Software Defined Perimeter & PrecisionAccess. Secure. Simple.

Software Defined Perimeter & PrecisionAccess. Secure. Simple. Software Defined Perimeter & PrecisionAccess Secure. Simple. Enterprise Perimeter: Then & Now THEN: Fixed Perimeter blocked attackers NOW: Attackers are Inside the Perimeter Corporate employees Corporate

More information

Lecture 10: Communications Security

Lecture 10: Communications Security INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Introduction Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg

More information

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018 Introduction INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Secure Internet Communication

Secure Internet Communication Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG 09.04.2014 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange

More information

SSL Report: cartridgeworld.co.uk ( )

SSL Report: cartridgeworld.co.uk ( ) 1 of 5 26/06/2015 14:21 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > cartridgeworld.co.uk SSL Report: cartridgeworld.co.uk (95.138.147.104) Assessed on: Fri, 26 Jun

More information

Most Common Security Threats (cont.)

Most Common Security Threats (cont.) Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?

More information

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of

More information

Randomness Extractors. Secure Communication in Practice. Lecture 17

Randomness Extractors. Secure Communication in Practice. Lecture 17 Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 7 Week of March 5, 2018 Question 1 DHCP (5 min) Professor Raluca gets home after a tiring day writing papers and singing karaoke. She opens

More information

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate

More information

Segmentation for Security

Segmentation for Security Segmentation for Security Do It Right Or Don t Do It At All Vidder, Inc. Segmentation for Security 1 Executive Summary During the last 30 years, enterprises have deployed large open (flat) networks to

More information

SECURE YOUR INTEGRATIONS. Maarten Smeets

SECURE YOUR INTEGRATIONS. Maarten Smeets SECURE YOUR INTEGRATIONS Maarten Smeets 07-06-2018 About Maarten Integration consultant at AMIS since 2014 Several certifications SOA, BPM, MCS, Java, SQL, PL/SQL, Mule, AWS, etc Enthusiastic blogger http://javaoraclesoa.blogspot.com

More information

SSL/TLS Security Assessment of e-vo.ru

SSL/TLS Security Assessment of e-vo.ru SSL/TLS Security Assessment of e-vo.ru Test SSL/TLS implementation of any service on any port for compliance with industry best-practices, NIST guidelines and PCI DSS requirements. The server configuration

More information

On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications

On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications Πανεπιστήμιο Κύπρου Τμήμα Πληροφορικής [ΕΠΛ682 Advanced Security Topics] On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications Όνομα: Φιλίππου Χρίστα Καθηγητής : Δρ. Ηλίας Αθανασόπουλος

More information

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 12. Firewalls & VPNs Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Conversation Isolation: Network Layer Virtual Private Networks (VPNs)

More information

But where'd that extra "s" come from, and what does it mean?

But where'd that extra s come from, and what does it mean? SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying

More information

CS670: Network security

CS670: Network security Cristina Nita-Rotaru CS670: Network security ARP, TCP 1: Background on network protocols OSI/ISO Model Application Presentation Session Transport Network Data Link Physical Layer Application Presentation

More information

Your Apps and Evolving Network Security Standards

Your Apps and Evolving Network Security Standards Session System Frameworks #WWDC17 Your Apps and Evolving Network Security Standards 701 Bailey Basile, Secure Transports Engineer Chris Wood, Secure Transports Engineer 2017 Apple Inc. All rights reserved.

More information

SSL/TLS. How to send your credit card number securely over the internet

SSL/TLS. How to send your credit card number securely over the internet SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying

More information

SSL/TLS Server Test of

SSL/TLS Server Test of SSL/TLS Server Test of www.rotenburger-gruene.de Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. WWW.ROTENBURGER-GRUENE.DE

More information

ICS 351: Today's plan. web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder

ICS 351: Today's plan. web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder ICS 351: Today's plan web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder 1 web scripting languages web content described by HTML was originally static, corresponding to files

More information

Securing Internet Communication: TLS

Securing Internet Communication: TLS Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

More information

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Recommendations for Device Provisioning Security

Recommendations for Device Provisioning Security Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

Crypto meets Web Security: Certificates and SSL/TLS

Crypto meets Web Security: Certificates and SSL/TLS CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,

More information

Install the ExtraHop session key forwarder on a Windows server

Install the ExtraHop session key forwarder on a Windows server Install the ExtraHop session key forwarder on a Windows server Published: 2018-12-17 Perfect Forward Secrecy (PFS) is a property of secure communication protocols that enables short-term, completely private

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

Evaluating the Security Risks of Static vs. Dynamic Websites

Evaluating the Security Risks of Static vs. Dynamic Websites Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline

More information

e-commerce Study Guide Test 2. Security Chapter 10

e-commerce Study Guide Test 2. Security Chapter 10 e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the

More information

Coming of Age: A Longitudinal Study of TLS Deployment

Coming of Age: A Longitudinal Study of TLS Deployment Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,

More information

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005 Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based

More information

CIT 380: Securing Computer Systems. Network Security Concepts

CIT 380: Securing Computer Systems. Network Security Concepts CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines

More information

SSL Report: sharplesgroup.com ( )

SSL Report: sharplesgroup.com ( ) 1 of 5 26/06/2015 14:28 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > sharplesgroup.com SSL Report: sharplesgroup.com (176.58.116.26) Assessed on: Fri, 26 Jun 2015

More information

Man in the middle. Bởi: Hung Tran

Man in the middle. Bởi: Hung Tran Man in the middle Bởi: Hung Tran INTRODUCTION In today society people rely a lot on the Internet for studying, doing research and doing business. Internet becomes an integral part of modern life and many

More information

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27

How to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27 How to Render SSL Useless By Ivan Ristic 1 / 27 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2 / 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment

More information

SSL Server Rating Guide

SSL Server Rating Guide SSL Server Rating Guide version 2009k (14 October 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.

More information

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet

More information

Network Attacks Distributed Denial of Service Survey by Arbor Network: 38% op security ppl say they deal with at least 21 DDoS attacks per month Some

Network Attacks Distributed Denial of Service Survey by Arbor Network: 38% op security ppl say they deal with at least 21 DDoS attacks per month Some Denial of Service and Distributed Denial of Service Volumetric UDP/ICMP floods Application Layer Brute Force Attacks password cracking Browser Attacks man-in-the-browser Backdoor Attacks who puts them

More information

Overview of TLS v1.3. What s new, what s removed and what s changed?

Overview of TLS v1.3. What s new, what s removed and what s changed? Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Worldpay Principal Design Engineer. Based in Cambridge, UK. andy.brodie@owasp.org Neither a cryptographer nor a

More information

Types of Attacks That Can Be Carried Out on Wireless Networks

Types of Attacks That Can Be Carried Out on Wireless Networks 1 Types of Attacks That Can Be Carried Out on Wireless Networks Westley Hansen CS 4960 Dr. Martin May 7, 2015 2 Abstract Wireless Networks are very mainstream, it allows a way for computer devices to connect

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

HTTPS and the Lock Icon

HTTPS and the Lock Icon Web security HTTPS and the Lock Icon Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating HTTPS into the browser Lots of user interface

More information

Breaking SSL Why leave to others what you can do yourself?

Breaking SSL Why leave to others what you can do yourself? Breaking SSL Why leave to others what you can do yourself? By Ivan Ristic 1/ 26 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2/ 33 Security (O Reilly, 2005), 3)

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Securing ARP and DHCP for mitigating link layer attacks

Securing ARP and DHCP for mitigating link layer attacks Sādhanā Vol. 42, No. 12, December 2017, pp. 2041 2053 https://doi.org/10.1007/s12046-017-0749-y Ó Indian Academy of Sciences Securing ARP and DHCP for mitigating link layer attacks OSAMA S YOUNES 1,2 1

More information

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015 Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models

More information

Ethical Hacking. Content Outline: Session 1

Ethical Hacking. Content Outline: Session 1 Ethical Hacking Content Outline: Session 1 Ethics & Hacking Hacking history : How it all begin - Why is security needed? - What is ethical hacking? - Ethical Hacker Vs Malicious hacker - Types of Hackers

More information

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise System z Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6880-00 System z Integrating the Hardware Management Console s Broadband Remote Support

More information

DEPLOYMENT GUIDE HOW TO DEPLOY MICROSOFT SHAREPOINT 2016 WITH A10 THUNDER ADC

DEPLOYMENT GUIDE HOW TO DEPLOY MICROSOFT SHAREPOINT 2016 WITH A10 THUNDER ADC DEPLOYMENT GUIDE HOW TO DEPLOY MICROSOFT SHAREPOINT 2016 WITH A10 THUNDER ADC OVERVIEW Microsoft SharePoint Server 2016 is a collaboration platform that organizations of all sizes can use to improve the

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN

More information

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.). Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the

More information

Don t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel

Don t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime

More information

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different

More information

State of TLS usage current and future. Dave Thompson

State of TLS usage current and future. Dave Thompson State of TLS usage current and future Dave Thompson TLS Client/Server surveys Balancing backward compatibility with security. As new vulnerabilities are discovered, when can we shutdown less secure TLS

More information

Protecting TLS from Legacy Crypto

Protecting TLS from Legacy Crypto Protecting TLS from Legacy Crypto http://mitls.org Karthikeyan Bhargavan + many, many others. (INRIA, Microsoft Research, LORIA, IMDEA, Univ of Pennsylvania, Univ of Michigan, JHU) Popular cryptographic

More information

Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit

Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit 1 2 o hai. 3 Why Think About HTTP Strict Transport Security? Roadmap what is HSTS?

More information

ECCouncil Certified Ethical Hacker. Download Full Version :

ECCouncil Certified Ethical Hacker. Download Full Version : ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

HTTPS is Fast and Hassle-free with Cloudflare

HTTPS is Fast and Hassle-free with Cloudflare HTTPS is Fast and Hassle-free with Cloudflare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their

More information

Internet Security VU Web Application Security 3. Adrian Dabrowski, Johanna Ullrich, Aljosha Judmayer, Georg Merzdovnik, and Christian Kudera

Internet Security VU Web Application Security 3. Adrian Dabrowski, Johanna Ullrich, Aljosha Judmayer, Georg Merzdovnik, and Christian Kudera Internet Security VU 188.366 Web Application Security 3 Adrian Dabrowski, Johanna Ullrich, Aljosha Judmayer, Georg Merzdovnik, and Christian Kudera inetsec@seclab.tuwien.ac.at Overview More on session

More information

Man in the Middle Attacks and Secured Communications

Man in the Middle Attacks and Secured Communications FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow

More information

ELEC5616 COMPUTER & NETWORK SECURITY

ELEC5616 COMPUTER & NETWORK SECURITY ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses

More information

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS. Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed

More information