2. AGENDA
• SSL Evolution
• SSL Handshakes
• Man in the Middle: Proxy Tools, SSLStrip
• Recent Attacks on SSL
• Security guidelines while configuring SSL
3. SSL EVOLUTION
• SSL 1.0 : Developed by Netscape. Never publicly released
• SSL 2.0 : Released by Netscape in 1995. Contained lot of security flaws.
• SSL 3.0 : Released by Netscape in 1996. Complete redesign of the protocol.
Newer versions of SSL/TLS are based on SSL 3.0.
• TLS 1.0 : RFC 2246 published by IETF in 1999. Nearly same as SSL 3.0
• TLS 1.1 : RFC 4346 published by IETF in 2006. Protection against CBC
attacks (BEAST attack) added.
• TLS 1.2 : RFC 5246 published by IETF in 2008. Adds Elliptic Curve
CipherSuites to TLS. Removed DES, RC2 and IDEA CipherSuites.
SHA-256 hashing used.
6. SSL RECORD LAYER
Figure from William Stalling‟s article on “SSL: Foundation for Web Security” (http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html)
32. • Header could be set in the response as below:
response.setHeader("Strict-Transport-Security", "max-age=31536000;
includeSubdomains");
=> Tells that the domain and its subdomains should always be on
HTTPS till a period of 12 months (31536000 seconds)
• The browser caches this information, and always connects to the
domain/subdomain on HTTPS
• Counter of 12 months is reset every time the browser gets a page with this
header from the domain.
• Setting this header also throws an error if SSL certificate is untrusted or
erroneous, instead of showing a warning that user can override. This adds to
the security and prevents hacker from intercepting the SSL requests and
seeing the SSL packets in clear using the proxy tools like WebScarab.
MAN IN THE MIDDLE – SOLUTION – HSTS (HTTP STRICT
TRANSPORT SECURITY)
34. • Configure all three protocols: TLS 1.0, 1.1 & 1.2
• Choose a strong and secure CipherSuite
• Certificate to be signed by Trusted CA like Verisign.
• Don‟t configure wild card certificates
• Ensure session cookies have “secure=true” flag set, so that it is
transmitted only over SSL.
• Ensure HSTS header is set for the domain and subdomains.
• Run the server through https://www.ssllabs.com/ssltest/ and fix
any issues identified.
SECURITY GUIDELINES WHILE CONFIGURING SSL ON
SERVERS
39. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
40. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
• Same key used for encryption and Decryption
• Algorithms are Fast, but Sharing the key is a challenge.
• Stream Cipher : RC4_128
• Block Ciphers : AES_128_CBC, AES_256_CBC,
3DES_EDE_CBC
41. BUILDING BLOCKS – SYMMETRIC KEY ENCRYPTION
Cipher Block Chaining (CBC) Mode
Figure from Wikipedia (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)
42. Public Key Encryption
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
43. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Public Key Encryption
• 2 separate keys used: Public key and Private key
• Sender uses Public key (of the receiver) for Encrypting the
message.
• Receiver uses his Private key for Decrypting the message.
• X509 Certificates are carrier of public key, which is shared.
• Private key is kept secret and is never shared.
• Algorithms are slower compared to symmetric.
• Algorithms: RSA, Diffie–Hellman, Elliptic curve
44. Digital Signature
BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
45. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Digital Signature
• Sender generates Hash of the message and then encrypts the
Hash with his Private Key, which is the Digital Signature
• Signature is appended to the message and sent to the Receiver.
• Receiver reads the Signature and decrypts it with Public Key (of
the Sender) to obtain the hash.
• Receiver generates the hash of the message and compares the
generated hash with that of hash obtained by decrypting
Signature.
• Signature Algorithms: Sha1withRSA, MD5withRSA
49. BUILDING BLOCKS – PUBLIC KEY INFRASTRUCTURE (PKI)
Obtaining CA Signed Certificate
Figure from MSDN site: (http://msdn.microsoft.com/en-us/library/ff647097.aspx)
53. • Prime Numbers shared between Alice and Bob – p, g
• Secret number chosen by Alice - a
• Secret number chosen by Bob – b
• Shared Secret - s
SSL HANDSHAKES – PFS – DIFFIE-HELLMAN KEY EXCHANGE
Figure from Wikipedia (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)
58. • Developed by Moxie Marlinspike
• SSLStrip capable of logging packets in clear from SSL enabled sites
including login credentials passed to the site.
• Running SSLStrip (available in BackTrack):
-> sslstrip -l 10000
-> tail –f sslstrip.log
=> Configure browser of any system to redirect the packets
through BackTrack (port 10000). Alternatively you could try
arpspoof command to convince a host that our MAC
address is the router‟s MAC address.
• Details in http://www.thoughtcrime.org/software/sslstrip/.
MAN IN THE MIDDLE – SSLSTRIP
59. • Developed by Moxie Marlinspike
• Originally written to demonstrate IE„s vulnerability to
"basicConstraints" extn - Microsoft fixed this vulnerability.
• Currently can be used as a proxy tool to see SSL traffic in
clear. The tool generates certs for the domain being
accessed on the fly.
• SSLSniff also to demonstrate Null-Prefix attacks and OCSP
attacks.
• Supports modes for hijacking auto-updates from Mozilla
products, as well as for Firefox/Thunderbird addons.
• More Info: http://www.thoughtcrime.org/software/sslsniff
MAN IN THE MIDDLE - SSLSNIFF