1 / 16

Internet Security 1 ( IntSi1 )

Internet Security 1 ( IntSi1 ). 8 Transport Layer Security (TLS ). Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). TLS Session Example. TLS Market Share of Certification Authorities.

lucus
Download Presentation

Internet Security 1 ( IntSi1 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security 1 (IntSi1) 8 Transport Layer Security (TLS) Prof. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)

  2. TLS Session Example

  3. TLS Market Share ofCertificationAuthorities 2010 Netcraft Ltdhttps://ssl.netcraft.com/ssl-sample-report/CMatch/certs

  4. Communication layers Security protocols Application layer ssh, S/MIME, PGP, Kerberos, WSS Transport layer TLS, [SSL] Network layer IPsec Data Link layer [PPTP, L2TP], IEEE 802.1X,IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layer Quantum Cryptography Secure Network Protocols for the OSI Stack

  5. Application Application Application Sockets TCP TLS Fragmentation IP TCP Compression IP Authentication Insecure Transport Layer SecureTransport Layer Encryption Transport TLS/SSL Protocol Layers

  6. TLS Record Protocol Application Handshake ChangeCipherSpec Alert Application Data (messages) TLS - Record Protocol (records) TCP - Transport Protocol (stream) IP - Network Protocol (packets)

  7. TLS RecordStructure Application Data (Segment 1) Application Data (Segment 2) [Compressed] Data MAC Padding Record Header Record Body 5 Bytes n * Block Cipher Size Record Header TCP Header Encrypted Data

  8. Client Hello RC Server Hello RS Certificate* Client *optional ServerKeyExchange* CertificateRequest* ServerHelloDone Certificate* ClientKeyExchange *optional Server ChangeCipherSpec CertificateVerify* ChangeCipherSpec Finished° Finished° Application Data° Application Data° TLS Handshake Protocol °encrypted

  9. Client Hello RC Server Hello RS ChangeCipherSpec Finished° ChangeCipherSpec Finished° Client Server Application Data° Application Data° Resuming a TLS Session °encrypted

  10. Implemented SSL/TLS Protocol Versions • SSL – Secure Sockets Layer Version 2.0 • Initiallydevelopedby Netscape • SSL 2.0 is sensitive to man-in-the-middleattacksleadinge.g. tothenegotiationofweakencryptionkeys • SSL 2.0 should not beusedanymore • SSL – Secure Sockets Layer Version 3.0 • Internet Draftauthoredby Netscape, November 1996 • Supportedby all browsers • Vulnerable tothe BEAST Cipher-Block-Chaining (CBC) attack • TLS – Transport Layer Security Version 1.0 (SSL 3.1) • IETF RFC 2246, January 1999 • TLS 1.0 ist not backwardscompatibleto SSL 3.0 (differences inMAC computation, PRF functionformaster_secretandkey material) • Supportedby all browsers • Vulnerable tothe BEAST Cipher-Block-Chaining (CBC) attack

  11. BEAST – Browser ExploitAgainst SSL/TLS • Authors • Thai Duong andJuliano Rizzo presentedtheirexploit on September 23 2011 atthe 7th ekoparty Security Conference in Buenos Aires. • Exploit • The exploituses a known-plaintextattack on theCipher-Block-Chaining (CBC) encryptionvulnerabilityof SSL 3.0 and TLS 1.0whichhasbeenknownsince 2001 and was fixedby TLS 1.1 in 2006. • Approach • The BEAST JavaScript coderunning in a browserdecryptsencryptedcookiessent via HTTPS within a coupleofseconds. • Fix • Temporaryworkaround: Set up HTTPS web serverswithstreamciphers (e.g. theratheroutdated RC4 algorithm) • Migration of HTTPS web serversandbrowsersto TLS 1.1 or 1.2.

  12. Latest TLS Protocol Versions • TLS – Transport Layer Security Version 1.1 (SSL 3.2) • IETF RFC 4346, April 2006 • Protectionagainst CBC attacks (Serge Vaudenay, EPFL, 2004): • ImplicitInitializationVector (IV) isreplacedwith an explicit IV • Handling ofpaddingerrorsischangedtousethebad_record_mac alert ratherthendecryption_failed. • TLS – Transport Layer Security Version 1.2 (SSL 3.3) • IETF RFC 5246, August 2008, updatedby RFC • CombinedMD5/SHA-1hashand PRF functionsreplacedby SHA-256 baseddefaultalgorithmsorcipher-suitespecifiedmethods. • Support ofAuthenticated Encryption with Additional Data (AEAD) modes (e.g. AES-GCM acceleratedby Intel AES-NI instructionset) • TLS 1.1 and 1.2 Support • Windows 7, Windows Server 2008 R2 • GnuTLSlibrary, theOpenSSL 1.0.1 snapshotandstrongSwanlibtls.

  13. SSL/TLS Configuration OptionsMozillaFirefox

  14. SSL/TLS Configuration OptionsMozillaFirefox

  15. SSL/TLS Configuration OptionsMicrosoft Internet Explorer

  16. TLS Enhanced TCP-basedApplicationProtocols Service Name Port Secured Service • https 443/tcp http protocoloverTLS • smtps 465/tcpsmtpprotocoloverTLSsmtp 25/tcp STARTTLS keyword (RFC 2487) • imaps 993/tcp imap4 protocoloverTLSimap4 143/tcp STARTTLS keyword (RFC 2595) • pop3s 995/tcp pop3 protocoloverTLSpop3 110/tcp STLS keyword (RFC 2595) • ldaps 636/tcpldapprotocoloverTLS • ircs 994/tcpircprotocoloverTLS • nntps 563/tcpnntpprotocoloverTLS

More Related