SSL/TLS FOR MORTALS.

Similar documents
Overview. SSL Cryptography Overview CHAPTER 1

Crypto meets Web Security: Certificates and SSL/TLS

Internet security and privacy

Cryptography (Overview)

Auth. Key Exchange. Dan Boneh

But where'd that extra "s" come from, and what does it mean?

Practical Issues with TLS Client Certificate Authentication

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Computer Security Course. Public Key Crypto. Slides credit: Dan Boneh

Datasäkerhetsmetoder föreläsning 7

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CS 161 Computer Security

CSCE 715: Network Systems Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

PROVING WHO YOU ARE TLS & THE PKI

Public-Key Infrastructure NETS E2008

CSE 565 Computer Security Fall 2018

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

MTAT Applied Cryptography

Chapter 4: Securing TCP connections

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Trust Infrastructure of SSL

Transport Layer Security

One Year of SSL Internet Measurement ACSAC 2012

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

Public-Key Infrastructure (PKI) Lab

(Continue) Cryptography + (Back to) Software Security

Information Security CS 526

E-commerce security: SSL/TLS, SET and others. 4.1

SSL Report: bourdiol.xyz ( )

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Configuring SSL Security

TLS authentication using ETSI TS and IEEE certificates

Managing SSL certificates in the ServerView Suite

Securing Connections with Digital Certificates in Router OS. By Ezugu Magnus PDS Nigeria

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CIS 5373 Systems Security

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Introduction to SSL. Copyright 2005 by Sericon Technology Inc.

Public-key Infrastructure

SSL/TLS CONT Lecture 9a

SSL Report: ( )

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Defeating All Man-in-the-Middle Attacks

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Securely Deploying TLS 1.3. September 2017

Understanding Traffic Decryption

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky

CYBER SECURITY MADE SIMPLE

Understanding HTTPS CRL and OCSP

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Most Common Security Threats (cont.)

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Securing IoT applications with Mbed TLS Hannes Tschofenig

SSL Report: cartridgeworld.co.uk ( )

Security Protocols and Infrastructures. Winter Term 2010/2011

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

SSL Report: printware.co.uk ( )

Configuring SSL CHAPTER

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Transport Layer Security

Configuring SSL. SSL Overview CHAPTER

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Exposing The Misuse of The Foundation of Online Security

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Innovative uses as result of DNSSEC

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

TLS Security and Future

Managing SSL/TLS Traffic Flows

Key Management and Distribution

Security Protocols and Infrastructures

SSL Report: sharplesgroup.com ( )

Public-key Infrastructure

Proving who you are. Passwords and TLS

DTLS over SNMP. Wes Hardaker. 14 November Wes Hardaker () DTLS over SNMP 14 November / 15

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Security in the CernVM File System and the Frontier Distributed Database Caching System

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

KEY DISTRIBUTION AND USER AUTHENTICATION

Encryption. INST 346, Section 0201 April 3, 2018

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Public Key Infrastructures. Using PKC to solve network security problems

VSP18 Venafi Security Professional

TLS 1.2 Protocol Execution Transcript

Configuring SSL. SSL Overview CHAPTER

Security Protocols and Infrastructures. Winter Term 2015/2016

CS 356 Internet Security Protocols. Fall 2013

CS Certificates, part 2. Prof. Clarkson Spring 2017

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Network Security Essentials

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Transcription:

SSL/TLS FOR MORTALS maartenm@infosupport.com @mthmulders

Exception in thread "main" javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: PKIX path building failed: sun at sun.security.ssl.alerts.getsslexception(alerts.java:192) at sun.security.ssl.sslsocketimpl.fatal(sslsocketimpl.java:1949) at sun.security.ssl.handshaker.fatalse(handshaker.java:302) at sun.security.ssl.handshaker.fatalse(handshaker.java:296) at sun.security.ssl.clienthandshaker.servercertificate(clienthandshaker.java:1506) at sun.security.ssl.clienthandshaker.processmessage(clienthandshaker.java:216) at sun.security.ssl.handshaker.processloop(handshaker.java:979) at sun.security.ssl.handshaker.process_record(handshaker.java:914) at sun.security.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1062) at sun.security.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1375) at sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1403) at sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1387) at sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java:559) at sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java:185) at sun.net.www.protocol.http.httpurlconnection.getinputstream0(httpurlconnection.java:1512) at sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java:1440) at sun.net.www.protocol.https.httpsurlconnectionimpl.getinputstream(httpsurlconnectionimpl.java:254) at com.infosupport.maartenm.demo.main(demo.java:13) Caused by: sun.security.validator.validatorexception: PKIX path building failed: sun.security.provider.certpath.suncertpathbuilderexcepti at sun.security.validator.pkixvalidator.dobuild(pkixvalidator.java:387) at sun.security.validator.pkixvalidator.enginevalidate(pkixvalidator.java:292) at sun.security.validator.validator.validate(validator.java:260) at sun.security.ssl.x509trustmanagerimpl.validate(x509trustmanagerimpl.java:324) at sun.security.ssl.x509trustmanagerimpl.checktrusted(x509trustmanagerimpl.java:229) at sun.security.ssl.x509trustmanagerimpl.checkservertrusted(x509trustmanagerimpl.java:124) at sun.security.ssl.clienthandshaker.servercertificate(clienthandshaker.java:1488)... 13 more Caused by: sun.security.provider.certpath.suncertpathbuilderexception: unable to find valid certification path to requested target at sun.security.provider.certpath.suncertpathbuilder.build(suncertpathbuilder.java:146) at sun.security.provider.certpath.suncertpathbuilder.enginebuild(suncertpathbuilder.java:131) at java.security.cert.certpathbuilder.build(certpathbuilder.java:280) at sun.security.validator.pkixvalidator.dobuild(pkixvalidator.java:382)... 19 more

WHY BOTHER? Using SSL/TLS correctly is o en hard to achieve...and understand! Crucial for secure connection between systems Globally deployed (intra-)cloud applications

Host Layers data unit Data Data Data Segments layers Application Network Process to Application Presentation Data Representation and Encryption Session Interhost Communication Transport End to End Connections and Reliability Media Layers Packets Frames Bits Network Path Determination and Logical Addressing (IP) Data Link Physical Addressing (MAC and LLC) Physical Media, Signal and Binary Transmission

SSL 1.0 never released SSL 2.0 1995 - POODLE (2011) SSL 3.0 1996 - POODLE (2014) TLS 1.0 1999 - BEAST (2011) TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 dra

DEMO TIME! What's the issue?

HOW TO PREVENT THIS? 1. public/private key encryption 2. signed certificates 3. certificate authorities

PUBLIC/PRIVATE KEY ENCRYPTION

Math time! p = 11, q = 17 // two prime numbers modulus = 187 // p * q e = 3 // random number between 1 and modulus // find d, so that (d * e) - 1 % (p - 1) * (q - 1) is zero 320 % 160 = 0 (321-1) % (10 * 16) = 0 (107 * 3) = 321 d = 107 Note that d varies with e: e = 7 // find d, so that (d * e) - 1 % (p - 1) * (q - 1) is zero 1280 % 160 = 0 (1281-1) % (10 * 16) = 0 (183 * 7) = 1281 d = 183

Now, what if p and q are unknown? p = 13 // prime number q = 23 // prime number modulus = 299 // p * q e = 5 // random number between 1 and modulus // find d, so that (d * e) - 1 % (p - 1) * (q - 1) is zero 1584 % 264 == 0 (1585-1) % (12 * 22) = 0 (317 * 5) = 1585 d = 317 Turns out this is pretty hard!

For big enough p and q, finding those factors will cost an eternity! So we can distribute ( p * q ) and even e!

G 7 7 e 7 3 343 343 % 187 156 d = 107 LET'S ENCRYPT THE LETTER 'G' 156 107 4.6 * 10 234 156 107 % 187 7 7 G LET'S DECRYPT THE MESSAGE '156'

Negotiating a secure connection Client Server 1 ClientHello 2 ServerHello 3 Certificate 4 ServerKeyExchange 5 ServerHelloDone 6 ClientKeyExchange 7 ChangeCipherSpec 8 Finished 9 ChangeCipherSpec 10 Finished

DEMO TIME! No-one is eavesdropping!

SIGNED CERTIFICATES

Certificate contents Serial Number Subject Validity Usage Public Key Fingerprint Algorithm Fingerprint

But wait... anyone could create a certificate! So we also need Signature Algorithm Signature Issuer... and a way to sign stuff

A signature is a mathematical relationship between a message x, a private key sk and a public key pk. It consists of two functions: 1. signing function t = f (sk, x) 2. verifying function [accept, reject] = g(pk, t, x) So, given x and t and knowing pk, we can tell if x is indeed signed by sk.

CERTIFICATE AUTHORITIES

An entity that issues digital certificates, certifying the ownership of a public key by the subject of the certificate.

"I can trust you, because I trust John, and John trusts Alice, and Alice trusts you" I John Alice? Who knows who "John" is? Many "John"'s in todays browsers and operating systems!

Top-notch security procedures, including "key ceremonies" And yet...

FAIRYTALE TIME! Once upon a time, a Dutch certificate authority named DigiNotar was living happily and carefree in the town of Beverwijk. But on a bad day, evil hurt it... Real hard.

An attacker compromised a webserver of DigiNotar due to a vulnerability that is present within the DotNetNuke so ware. DotNetNuke version 4.8.2.0 is installed on host winsrv119. This version is affected by a file upload vulnerability.

Due to the weak security of Windows passwords it must be assumed that the attacker was able to compromise the passwords [...] of the accounts found on the system. On the system, [...] the domain administrator account [...] is present.

The attacker was able to traverse the infrastructure and obtain access to at least two CA's that were used to generate certificates.

/** intentionally le blank */

Google blacklists 247 certificates in Chromium Microso removes the DigiNotar root certificate from all supported Windows-releases * Mozilla revokes trust in the DigiNotar root certificate in all supported versions Apple issued Security Update 2011-005 Update Certificate Revocation Lists (except these are self-signed)

DEMO TIME! Trust (for what it's worth)

TOOLS curl -v -k <address> openssl s_client -showcerts -servername <address> -connect <address>:443

JVM SETTINGS (1) -Djavax.net.ssl.trustStore=<file> Denotes where a truststore can be found: a file that contains trusted certs. -Djavax.net.ssl.trustStorePassword=... is the password to that file.

JVM SETTINGS (2) -Djavax.net.ssl.keyStore=<file> Denotes where a keystore can be found: a file that contains private keys. -Djavax.net.ssl.keyStorePassword=... is the password to that file.

JVM SETTINGS (3) -Djavax.net.debug=all Include debug logging for TLS handshake and connections.

Portecle

SO LONG AND THANKS FOR ALL THE FISH IMAGE ATTRIBUTIONS Beverwijk by Gerard Hogervorst @ Wikimedia Commons.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback