Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

www.seb.se A attacker_IP www.seb.se A?

advertisement 
Web security
(Spoofing & TLS & DNS)
Ge Zhang
Web surfing
DNS server
yahoo
Internet
Get index.htm from 1.2.3.4
Response from 1.2.3.4
Web server
Web security
• Does your request go to the “right” server?
• How do you trust the Internet?
URL spoofing
• Hyperlinks in malicious emails and web pages
• www.paypa1.com v.s. www.paypal.com
• What web is referred by this link?
http://www.kau.se@0x82EE0716/index.php
• Dotless IP address:
–
–
–
–
http://130.238.7.22
http://0x82EE0716/
http://www.kau.se@0x82EE0716/
http://www.kau.se@0x82EE0716/index.php
Have you ever noticed these?
X.509 certificate
• Based on public key
cryptography and
digital signatures
• CA: certification
authority
Unsigned
certificate
Hash
algorithm
Hash digest
H
E
Sign
algorithm
CA’s private
key
signature
signed
certificate
Verification
• Others can use the
CA’s public key to
verify the signature
Unsigned
certificate
Hash
algorithm
Hash digest
H
Compare
D
CA’s public
key
signed
certificate
signature
Validating a Certificate
• Metaphor (1):
us
t
tr
Certificate
owner
Verifier
• Metaphor (2):
issu
e
CA 2
CA 4
ue
is
s
ue
CA 1
s
is
– CA1: Swedish Ministry of
Education
– CA2: Karlstad University
issue
– CA: Karlstad university
– Certificate owner: the students
(who get their master degree)
– Verifier: employers
CA
CA 3
Validating a Certificate
• Must recognize accepted CA in certificate
chain
– One CA may issue certificate for another CA
• Must verify that certificate has not been
revoked
– CA publishes Certificate Revocation List
(CRL)
• Self-signed certificate?
Man-in-the-middle attacks (by
malicious intermediaries)
• Read the content of HTTP traffics
– Your password (even hashed?)
• Modify the content of HTTP traffics
– Transfer money from your account to the
attacker.
• …
Brief History of SSL/TLS
• SSLv2
– Released in 1995 with Netscape 1.1
– Key generation algorithm kept secret
– Reverse engineered & broken by Wagner & Goldberg
• SSLv3
– Fixed and improved, released in 1996
– Public design process
• TLS: IETF’s version; the current standard
SSL/TLS Overview
• Establish a session (handshake layer)
– Agree on algorithms
– Share secrets
– Perform authentication
• Transfer application data (record layer)
– Ensure confidentiality and integrity
SSL Architecture
SSL Handshake
Protocol
SSL Change Cipher
Spec. Protocol
SSL Alert
Protocol
HTTP,
etc.
SSL Record Protocol
TCP
IP
•
•
•
•
Record Protocol: Message encryption/authentication
Handshake P.: Identity authentication & key exchange
Alert P.: Error notification (cryptographic or otherwise)
Change Cipher P.: Activate the pending crypto suite
SSL Handshake Protocol
• Two parties: client and server
• Negotiate version of the protocol and the
set of cryptographic algorithms to be used
– Interoperability between different
implementations of the protocol
• Authenticate client and server (optional)
– Use digital certificates to learn each other’s
public keys and verify each other’s identity
• Use public keys to establish a shared
secret
Handshake Protocol (1)
• Client_hello: version,
random, session id,
cipher suite,
compression method
• Server_hello: version,
random, session id,
cipher suite,
compression method
Client
Server
Client_hello
Server_hello
Handshake Protocol (2)
• Certificate: X.509
certificate chain
• Server_key_exchang
e: parameters,
signature
• Certificate_request:
type, authorities
• Server_hello_done:
null
Client
Server
Client_hello
Server_hello
Certificate
xchange
Server_key_e
quest
Certificate_re
done
Server_hello_
Handshake Protocol (3)
• Certificate: X.509
certificate chain
• Client_key_exchange:
parameters, signature
• Certificate_verify:
signature
Client
Server
Client_hello
Server_hello
Certificate
xchange
Server_key_e
quest
Certificate_re
done
Server_hello_
Certificate
Client_key_ex
change
Certificate_ve
rify
Handshake Protocol (4)
• Change_cipher_spec:
a single message,
which consists of a
single byte with value
1.
• Finished: hash value
Client
Server
Client_hello
Server_hello
Certificate
xchange
Server_key_e
quest
Certificate_re
done
Server_hello_
Certificate
Client_key_ex
change
Certificate_ve
rify
Change_ciph
er_spec
Finished
er_spec
Change_ciph
Finished
SSL Encryption
• Master secret
– Generated by both parties from premaster
secret and random values generated by both
client and server
• Key material
– Generated from the master secret and
shared random values
• Encryption keys
– Extracted from the key material
SSL Record Protocol
Content Major
type
version
Minor Lengt
version
h
Data (optionally
compressed)
MAC (0,16, or 20 bytes)
Alerts and Closure
• Alert the other side of exceptions
–
–
–
–
–
–
Unexpected message
Bad record mac
Handshake failure
Illegal parameter
Bad certificate
…
• 2 levels
– Warning
– fatal
SSL Overhead
• 2-10 times slower than a TCP session
• Where do we lose time
– Handshake phase
• Calculating the key materials
– Data Transfer phase
• Symmetric key encryption
TLS/SSL Applications
•
•
•
•
•
HTTP -> HTTPS
Telnet -> SSH
FTP -> SFTP
SIP -> SIPS
Resources:
http://www.openssl.org/related/apps.html
Homework
• Visit a web site with HTTPS
• Use wireshark to capture the traffics
• Read the parsed traffics, especially pay
attention on the handshake protocol.
The Domain Name System
• A database implemented
by many name servers
(NS)
– Distributed
com.
– Replicated
– Hierarchical
.
se.
.kau.se
edu.
cmu.edu.
cs.kau.se.
www.cs.kau.se.
ftp.cs.kau.se.
Authoritative Servers
• Authoritative DNS servers
– An organization’s DNS servers, providing
authoritative information for organization’s
servers
– Can be maintained by organization or
service provider
DNS Query and Response
www.kau.se A?
End-user
www.kau.se A
193.10.226.10
Cache:
www.kau.se A
193.10.226.10
Root DNS Server
local
DNS Server
se DNS Server
kau.se DNS Server
DNS Vulnerabilities
• No authentication.
– DNS_response.ID == DNS_request.ID ? (16 bit length)
– DNS_response.dport == DNS_request.dport?
• Significance: DNS is widely used in
– Web
– VoIP
– Email
– …
A Simple DNS Attack
Easy to observe UDP DNS query sent to
well known server on well known port.
www.seb.se A?
Root DNS Server
www.seb.se A
129.178.89.80
User’s
Laptop
www.seb.se A
attacker_IP
local
DNS Server
se DNS Server
Attacker’s
Laptop
First response wins. Second response is
silently dropped on the floor.
seb.se DNS Server
A cache poisoning Attack
Cached a bad record:
www.seb.se A attacker_IP
www.seb.se A?
www.seb.se A
attacker_IP
local
DNS Server
www.seb.se A
attacker_IP
With different IDs
User’s
Laptop
seb.se DNS Server
Attacker
A More Complex Attack
kau
Caching Server
Response
www.attacker.com
attacker.com
attacker.com
ns.attacker.com
www.seb.se
A
www.seb.se
= 128.9.128.127
A 128.9.128.127
NS ns.attacker.com
NS www.seb.se
A 128.9.128.2
128.9.128.127
ns.attacker.com
Query
www.attacker.com
Query www.seb.se
Any kau Computer
Remote attacker
Question
• Is SSL/TLS useful to counteract these
DNS attacks? Why?
• Homewrok:
– Read RFC 2535 about DNSSec
– http://www.faqs.org/rfcs/rfc2535.html
Key points
•
•
•
•
URL spoofing: dotless IP address
X.509 certificate
Certificate chains
SSL/TLS
–
–
–
–
Handshake protocol
Alert protocol
Record protocol
Change cipher spec protocol
• The overhead caused by SSL/TLS
• DNS architecture
• DNS cache poisoning
Related documents
PAFCPIC "We Care Abuloy"
PAFCPIC "We Care Abuloy"
Buiteman B.V. Global Standard for Food Safety
Buiteman B.V. Global Standard for Food Safety
Transition Year Powerpoint Presentation
Transition Year Powerpoint Presentation
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
Implementing SSL/TLS - Command Line Fanatic
Implementing SSL/TLS - Command Line Fanatic
Download
advertisement