Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption...
Transcript of Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption...
![Page 1: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/1.jpg)
1
Understanding Encryption Services Using Wireshark
Sunday June 24th 2012
Larry Greenblatt Jedi Knight | InterNetwork Defense
SHARKFEST ‘12 UC Berkeley
June 24-27, 2012
![Page 2: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/2.jpg)
About me Musician: Gung Ho! - Lead Guitar / Vocals / Songwriter
– Produced by Otto Capobianco
Max Quasar & Lorenzo Verti - “” & Producer The Swinging Johnsons – Vocals Martial Artist: Black Sash Taiji 3rd Degree Black Belt JLFS
Hobbies (my day job): Network nerd (& InfoSec geek) 1984 Consultant / Instructor / Author CISM, CISSP, CEH, ECSA, Security+
![Page 3: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/3.jpg)
Slide 3
with Bob & Alice
A Consumers Guide to:
By Employing: Symmetric, Asymmetric and Hashing Algorithms
1) Confidentiality 2) Authentication 3) Integrity 4) Non-Repudiation
Intro to Crypt0
![Page 4: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/4.jpg)
It is said that “Packets Do Not Lie”
![Page 5: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/5.jpg)
Slide 5
The Intelligent Consumer
RC4 AES
Twofish Blowfish
DES &3DES E0
Diffie-Hellman RSA ECC
El Gamal
MD5 SHA1, SHA2 & SHA3
Skein Whirlpool
![Page 6: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/6.jpg)
![Page 7: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/7.jpg)
Slide 7
Part 1
Symmetric Encryption • Bob wants to share a secret with Alice
– First they must both secretly agree on a shared key. How?
Bob Alice
![Page 8: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/8.jpg)
Slide 8
Symmetric Encryption
• Strengths – Fast
• Challenges – Key Agreement – Scalability
• N(N-1)/2 • Security Services:
– Confidentiality – Limited* authenticity
*Alice knows it is Bob, but she can’t prove it!
![Page 9: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/9.jpg)
Slide 9
Part 2 Asymmetric Encryption
• Alice creates a related key pair – She keeps one to herself (private key will sign) – Gives the other to anyone who wants it (public) • Public key: – ID card – PKI: Validates x.509 name
![Page 10: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/10.jpg)
![Page 11: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/11.jpg)
Slide 11
Asymmetric Encryption
• Advantages over symmetric – Key Distribution – Scalability (2N) – Provides Non-Repudiation
• Disadvantages – Much slower – Requires Trusted 3rd Party • PKI Hierarchy • OpenPGP Web of Trust
![Page 12: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/12.jpg)
![Page 13: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/13.jpg)
![Page 14: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/14.jpg)
![Page 15: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/15.jpg)
Slide 15
Encrypting eMail
![Page 16: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/16.jpg)
Slide 16
Decrypting eMail
![Page 17: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/17.jpg)
Slide 17
Part 3 Hashing Algorithms
Understand Integrity checks with:
a) Message Digests b) Message Authentication Codes
c) Digital Signatures
![Page 18: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/18.jpg)
Slide 18
Authen8ca8ng the Hash
• Message Digest – Not-Authenticated
• Message Authentication Code (MAC) – Authenticated Symmetrically
• Authentication only (message can be repudiated)
• Digital Signatures – Authenticated Asymmetrically
• Authentication • Non-Repudiation
![Page 19: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/19.jpg)
Slide 19
Message Authen8ca8on Codes
Message digest is salted with symmetric key Hash provides integrity Symmetric key provides authenticity
Important! - Does not provide non-repudiation - Bob Claims “Alice sent the message”
![Page 20: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/20.jpg)
Slide 20
Message Authen8ca8on Codes
![Page 21: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/21.jpg)
Slide 21
Signing a message
![Page 22: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/22.jpg)
Slide 22
Validating the Signature
![Page 23: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/23.jpg)
![Page 24: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/24.jpg)
Who is a “Trusted 3rd party”
“Captain, the Federation's x.500 based hierarchical trust model of PKI is very logical. Perhaps we can trust the public Certificate Authorities”
“But Spock, I have never met Thawte or Verisign. I feel I can trust my friends. Call it a hunch, I trust OpenPGP more”
![Page 25: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/25.jpg)
Slide 25
PKI Hierarchical Trust Model
![Page 26: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/26.jpg)
![Page 27: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/27.jpg)
Slide 27
Why Trust a CA?
RFC-3280 (updated in 4630)
• Top tier – Internet Policy Registration Authority (IPRA)
• Internet PCA Registration Authority (MIT),? • Second tier
– Policy Certification Authorities (PCAs) • UNINETT, DFN-PCA, SURFnetPCA
• Third tier – Certification Authorities (CAs)
• VeriSign, Duetsche Telekom, Thawte, etc.
![Page 28: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/28.jpg)
Slide 28
Certificate Revocation Compromised Private Keys
• Certificate Revocation Lists (CRL) • Online Certificate Status Protocol (OCSP) • Problems:
– Client checking may be disabled – Browsers configured to fail soft – Upstream servers may block CRL – Compromised CA certificates – Algorithms cracked – More...
![Page 29: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/29.jpg)
Slide 29
![Page 30: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/30.jpg)
![Page 31: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/31.jpg)
![Page 32: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/32.jpg)
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
How Well Does Cer8ficate Revoca8on Really Work?
![Page 33: Understanding Encryption Services Using Wireshark · 2017-12-08 · Understanding Encryption Services Using Wireshark Sunday June 24th 2012 Larry Greenblatt Jedi Knight | InterNetwork](https://reader033.fdocuments.net/reader033/viewer/2022042117/5e9592b4807e2a1414316da5/html5/thumbnails/33.jpg)
Improvise Adapt
Overcome
Thank You!