AVG Internet Security 2014€¦ · AVG Internet Security 2014 ... 2014,.
Internet Security 1 ( IntSi1 )
16
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport Layer Security (TLS)
description
Internet Security 1 ( IntSi1 ). 8 Transport Layer Security (TLS ). Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). TLS Session Example. TLS Market Share of Certification Authorities. - PowerPoint PPT Presentation
Transcript of Internet Security 1 ( IntSi1 )
ITA, 2.11.2011, 8-TLS.pptx 1
Internet Security 1 (IntSi1)
Prof. Dr. Andreas Steffen
Institute for Internet Technologies and Applications (ITA)
8 Transport Layer Security (TLS)
ITA, 2.11.2011, 8-TLS.pptx 2
TLS Session Example
ITA, 2.11.2011, 8-TLS.pptx 3
TLS Market Share of Certification Authorities
2010 Netcraft Ltdhttps://ssl.netcraft.com/ssl-sample-report/CMatch/certs
ITA, 2.11.2011, 8-TLS.pptx 4
Secure Network Protocols for the OSI Stack
Application layer ssh, S/MIME, PGP, Kerberos, WSS
Transport layer TLS, [SSL]
Network layer IPsec
Data Link layer [PPTP, L2TP], IEEE 802.1X,IEEE 802.1AE, IEEE 802.11i (WPA2)Physical layer Quantum Cryptography
Communication layers
Security protocols
ITA, 2.11.2011, 8-TLS.pptx 5
TLS/SSL Protocol Layers
SecureTransport
Layer
TLS
TCP
IP
Application
Transport
Fragmentation
Compression
Authentication
EncryptionInsecure Transport
Layer
TCP
IP
ApplicationApplicationSocket
s
ITA, 2.11.2011, 8-TLS.pptx 6
Handshake ChangeCipherSpec Alert
Application
Application Data (messages)
TLS - Record Protocol (records)
TLS Record Protocol
TCP - Transport Protocol (stream)
IP - Network Protocol (packets)
ITA, 2.11.2011, 8-TLS.pptx 7
[Compressed] Data MAC Padding
TCP Header
Record Header
n * Block Cipher Size
Record Body
TLS Record Structure
Application Data (Segment 1)
Record Header Encrypted Data
Application Data (Segment 2)
5 Bytes
ITA, 2.11.2011, 8-TLS.pptx 8
TLS Handshake Protocol
Server
Server Hello RS
ServerHelloDone
Client
Client Hello RC
Application Data°Application Data°
Certificate*ClientKeyExchangeCertificateVerify*
*optional
ServerKeyExchange*Certificate*
CertificateRequest**optional
Finished°ChangeCipherSpec
Finished°ChangeCipherSpec
°encrypted
ITA, 2.11.2011, 8-TLS.pptx 9
Resuming a TLS Session
Client
Client Hello RC
Application Data°Application Data°
Finished°ChangeCipherSpec
Server
Server Hello RS
Finished°ChangeCipherSpec
°encrypted
ITA, 2.11.2011, 8-TLS.pptx 10
Implemented SSL/TLS Protocol Versions
• SSL – Secure Sockets Layer Version 2.0• Initially developed by Netscape• SSL 2.0 is sensitive to man-in-the-middle attacks leading
e.g. to the negotiation of weak encryption keys• SSL 2.0 should not be used anymore
• SSL – Secure Sockets Layer Version 3.0 • Internet Draft authored by Netscape, November 1996• Supported by all browsers• Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack
• TLS – Transport Layer Security Version 1.0 (SSL 3.1)• IETF RFC 2246, January 1999• TLS 1.0 ist not backwards compatible to SSL 3.0 (differences
inMAC computation, PRF function for master_secret and key material)
• Supported by all browsers• Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack
ITA, 2.11.2011, 8-TLS.pptx 11
BEAST – Browser Exploit Against SSL/TLS
• Authors• Thai Duong and Juliano Rizzo presented their exploit on
September 23 2011 at the 7th ekoparty Security Conference in Buenos Aires.
• Exploit• The exploit uses a known-plaintext attack on the Cipher-Block-
Chaining (CBC) encryption vulnerability of SSL 3.0 and TLS 1.0which has been known since 2001 and was fixed by TLS 1.1 in 2006.
• Approach• The BEAST JavaScript code running in a browser decrypts
encrypted cookies sent via HTTPS within a couple of seconds. • Fix
• Temporary workaround: Set up HTTPS web servers with stream ciphers (e.g. the rather outdated RC4 algorithm)
• Migration of HTTPS web servers and browsers to TLS 1.1 or 1.2.
ITA, 2.11.2011, 8-TLS.pptx 12
Latest TLS Protocol Versions
• TLS – Transport Layer Security Version 1.1 (SSL 3.2)• IETF RFC 4346, April 2006• Protection against CBC attacks (Serge Vaudenay, EPFL,
2004):• Implicit Initialization Vector (IV) is replaced with an explicit IV• Handling of padding errors is changed to use the
bad_record_mac alert rather then decryption_failed. • TLS – Transport Layer Security Version 1.2 (SSL 3.3)
• IETF RFC 5246, August 2008, updated by RFC• Combined MD5/SHA-1 hash and PRF functions replaced by
SHA-256 based default algorithms or cipher-suite specified methods.
• Support of Authenticated Encryption with Additional Data (AEAD) modes (e.g. AES-GCM accelerated by Intel AES-NI instruction set)
• TLS 1.1 and 1.2 Support• Windows 7, Windows Server 2008 R2• GnuTLS library, the OpenSSL 1.0.1 snapshot and strongSwan
libtls.
ITA, 2.11.2011, 8-TLS.pptx 13
SSL/TLS Configuration OptionsMozilla Firefox
ITA, 2.11.2011, 8-TLS.pptx 14
SSL/TLS Configuration OptionsMozilla Firefox
ITA, 2.11.2011, 8-TLS.pptx 15
SSL/TLS Configuration OptionsMicrosoft Internet Explorer
ITA, 2.11.2011, 8-TLS.pptx 16
TLS Enhanced TCP-based Application Protocols
Service Name Port Secured Service• https 443/tcp http protocol over TLS• smtps 465/tcp smtp protocol over TLS
smtp 25/tcp STARTTLS keyword (RFC 2487)
• imaps 993/tcp imap4 protocol over TLSimap4 143/tcp STARTTLS keyword (RFC 2595)
• pop3s 995/tcp pop3 protocol over TLSpop3 110/tcp STLS keyword (RFC 2595)
• ldaps 636/tcp ldap protocol over TLS• ircs 994/tcp irc protocol over TLS• nntps 563/tcp nntp protocol over TLS
