Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.

Published byKyleigh Blanks Modified over 9 years ago

Similar presentations

Presentation on theme: "The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues."— Presentation transcript:

1 The Dog’s Biggest Bite

2 Overview History Start Communication Protocol Weakness POODLE Issues

3 History 1994 – Netscape Communications Design SSL Version Never Released Publicly 1995 – SSL 2.0 Release as Part of Netscape Navigator 1996 – V3.0 Redesign of Protocol Address 2.0 Vulnerabilities First Version to Authenticate Handshake Messages Prevents Attackers from Triggering Downgrade protocol versions 1999 – IETF Publishes TLS 1.0 Standard

4 Start Communication Handshake Agree on Shared Secret Key Includes Cipher Algorithms Block Cipher Most Common Used If Both Cannot Agree On Protocol Downgrade Dance

5 Start Communication Handshake Client Hello Information that the server needs to communicate with the client using SSL. Including SSL version number, cipher settings, session- specific data. Server Hello Information that the client needs to communicate with the server using SSL. Including SSL version number, cipher settings, session- specific data. Including Server’s Certificate (Public Key)

6 Start Communication Authentication and Pre-Mater Secret Client authenticates the server certificate. (e.g. Common Name / Date / Issuer) Client (depending on the cipher) creates the pre-master secret for the session, Encrypts with the server's public key and sends the encrypted pre-master secret to the server Decryption and Master Secret Server uses its private key to decrypt the pre-master secret, Both Server and Client perform steps to generate the master secret with the agreed cipher.

7 Start Communication Generate Session Keys Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session Encryption with Session Keys Both client and server exchange messages to inform that future messages will be encrypted.

8 Protocol Weakness Today Agreement on Process to Produce Authenticated Encrypted Data Not True When SSL was Created Today Encrypt-Then-Mac (Message Authentication Code) SSL uses Mac-Then-Encrypt

9 POODLE POODLE –Padding Oracle On Downgraded Legacy Encryption Attacker Takes Advantage of Downgrade Dance Works by Using Padding Padding is Created by Block Cipher Attacker Gets 1 byte out of Every 256 Requests Attacker Can Retrieve n Bytes of Data in 256 X n Request Work as part of Man-In-The-Middle (MITM)

10 POODLE

11 Issues Turn Off SSL V3.0 Could Lock Out 1% - 5% of Users (XP /IE 6) Must Achive MITM Before Using Attack Vector Exploit Not as Bad as HeartBleed, Implementation Hard

12 References https://www.dfranke.us/posts/2014-10-14-how-poodle- happened.html https://www.dfranke.us/posts/2014-10-14-how-poodle- happened.html http://www.theregister.co.uk/2014/10/16/poodle_analy sis/ http://www.theregister.co.uk/2014/10/16/poodle_analy sis/ http://news.netcraft.com/archives/2014/10/15/googles- poodle-affects-oodles.html http://news.netcraft.com/archives/2014/10/15/googles- poodle-affects-oodles.html http://www.symantec.com/connect/blogs/how-does- ssl-work-what-ssl-handshake http://www.symantec.com/connect/blogs/how-does- ssl-work-what-ssl-handshake http://security.stackexchange.com/questions/20803/h ow-does-ssl-tls-work http://security.stackexchange.com/questions/20803/h ow-does-ssl-tls-work

Download ppt "The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google