SSL/TLS And MITM Attacks
SSL/TLS and MITM attacksA case study in Network SecurityBy Lars Nybom & Alexander Wall
SSL/TLS – Background SSL/TLS – Secure Socket Layer/Transport LayerSecurity (rfc 2246)
SSL/TLS – Background SSL/TLS – Secure Socket Layer/Transport LayerSecurity (rfc 2246)Originally developed by Netscape.
SSL/TLS – Background SSL/TLS – Secure Socket Layer/Transport LayerSecurity (rfc 2246)Originally developed by Netscape.Used to deploy confidentiality, authenticity andintegrity between web client and web server.
SSL/TLS – How does it work?Based on public keycryptography andcertificate authority.
SSL/TLS - Components Tree structure where Certificate Authorities (CA)is nodes and Servers leafs.
SSL/TLS - Components Tree structure where Certificate Authorities (CA)is nodes and Servers leafs.Server certificate issued by CA one level above –meaning that it's signed by CA one level above.
SSL/TLS - Components Tree structure where Certificate Authorities (CA)is nodes and Servers leafs.Server certificate issued by CA one level above –meaning that it's signed by CA one level above.If Client doesn't trust Server identity he/she usesthe CA's public key to verify that the Servercertificate is legit.
SSL/TLS - Components Tree structure where Certificate Authorities (CA)is nodes and Servers leafs.Server certificate issued by CA one level above –meaning that it's signed by CA one level above.If Client doesn't trust Server identity he/she usesthe CA's public key to verify that the Servercertificate is legit.Root CA in top of tree – trusted by everyone.
SSL/TLS - Problem If there's a lot of intermediate CA's between theServer and Root CA, authenticity is weak.Server CA 1 CA 2 Root CA This allowed for older form of attack SSLSniff,where a MITM generates a bogus self-signedcertificate sent to Client while connectingnormally to Server.New attack SSLStrip.
MITM Man-In-The-Middle attack is virtuallytransparent to the victim.
ARP Spoofing In order to become ”in the middle” attacker needsto redirect the victims network traffic throughhis/hers computer – acting like a gateway.
ARP Spoofing In order to become ”in the middle” attacker needsto redirect the victims network traffic throughhis/hers computer – acting like a gateway.Every network interface has a MAC addressassociated with its IP.
ARP Spoofing In order to become ”in the middle” attacker needsto redirect the victims network traffic throughhis/hers computer – acting like a gateway.Every network interface has a MAC addressassociated with its IP.When a computer wants to communicate withanother computer within it's subnet it needs toknow that computers MAC address so it sends anARP query.
ARP Spoofing In a MITM attack the attacker sends out a falseARP reply telling the victim his/hers computer isthe computer the victim is looking for.
SSLStrip Client normally connects via HTTPS (SSL/TLS)to a Server because an user tries to GET/POSTinformation on a webpage by a link/button thatbegins with ”https://.” (i.e. Facebook, Gmail andHotmail)
SSLStrip Client normally connects via HTTPS (SSL/TLS)to a Server because an user tries to GET/POSTinformation on a webpage by a link/button thatbegins with ”https://.” (i.e. Facebook, Gmail andHotmail)SSLStrip rewrites all HTTPS addresses as HTTPaddresses and then saves traffic content.
SSLStrip – How does it look?
SSLStrip – How does it look?
Countermeasures Before logging on webpage make sure that addressin address bar begins with ”https://.”. If it doesn't,retype it so it does. (This only helps againstSSLStrip, not SSLSniff.)
Countermeasures Before logging on webpage make sure that addressin address bar begins with ”https://.”. If it doesn't,retype it so it does. (This only helps againstSSLStrip, not SSLSniff.)If the address begins with ”https://.” make surethat the certificate doesn't look fishy.
Countermeasures
SSL/TLS and MITM attacksThe End
SSL/TLS – Background SSL/TLS – Secure Socket Layer/Transport La
administrators of Windows Server 2003 & 2008R2 to harden SSL/TLS support. Administrators can manually edit and backup the SSL configuration and set PCI-DSS compliant SSL rules with a click of a button. Link SSL Audit (alpha) - A remote SSL audit tool able scan for SSL/TLS support against remote servers.
3 Injection (MitM) Com. Inj. 1 Inject random commands 4 Injection (MitM) Com. Inj. 2 Inject sensical commands chosen by researcher 5 Injection (MitM) Resp. Inj. 1 Inject random response values 6 Injection (MitM) Resp. Inj. 2 Inject sensical response values 7 Injection (MitM
The TLS-5 is a portable unit weighing just over 4 pounds. A detachable power cord is supplied with the TLS-5A and TLS-5C; it is not supplied with the TLS-5B and TLS-5D. As shown in Figure 1, the front panel provides four modular RJ-11 ja
What Is SSL/TLS? Secure Sockets Layer and Transport Layer Security protocols Same protocol design, different crypto algorithms . Internet standard, Jan 1999 Based on SSL 3.0, but not interoperable (uses different cryptographic algorithms) TLS 1.1 - Apr 2006 TLS 1.2 - Aug 2008 . slide 6
injection) Code injection attacks: also known as "code poisoning attacks" examples: Cookie poisoning attacks HTML injection attacks File injection attacks Server pages injection attacks (e.g. ASP, PHP) Script injection (e.g. cross-site scripting) attacks Shell injection attacks SQL injection attacks XML poisoning attacks
MitM (Man-in-the-Middle) attacks MitM attack: attacker gets between the browser a
2. To begin, enter and apply a display filter of "ssl". (see below) This filter will help to simplify the display by showing only SSL and TLS messages. It will exclude other TCP segments that are part of the trace, such as Acks and connection open/close. Figure 2: Trace of "SSL" traffic showing the details of the SSL header 3.
Iowa, 348 P. Sharma, O. P. (1986) Textbook of algae. Tata Mcgrawhill Publishing company Ltd. New Delhi. 396. p. UNESCO (1978) Phytoplankton manual. Unesco, Paris. 337 p. Table 1: Relative abundance of dominant phytoplankton species in water sarnples and stomach/gut of bonga from Parrot Island. Sample Water date 15/1/04 LT (4, 360 cells) Diatom 99.2%, Skeletonema costatum-97.3% HT (12, 152 .
