Web surfing yahoo IP of yahoo? 220.127.116.11 Get index.htm from 18.104.22.168 Response from 22.214.171.124
Web security Does your request go to the “right” server? How do you trust the Internet?
URL spoofing Hyperlinks in malicious emails and web pages www.paypa1.com v.s. www.paypal.comwww.paypa1.comwww.paypal.com What web is referred by this link? http://www.kau.se@0x82EE0716/index.php http://www.kau.se@0x82EE0716/index.php Dotless IP address: –http://126.96.36.199http://188.8.131.52 –http://0x82EE0716/http://0x82EE0716/ –http://www.kau.se@0x82EE0716/http://www.kau.se@0x82EE0716/ –http://www.kau.se@0x82EE0716/index.phphttp://www.kau.se@0x82EE0716/index.php
X.509 certificate Based on public key cryptography and digital signatures CA: certification authority
Verification Others can use the CA’s public key to verify the signature
Validating a Certificate Metaphor (1): –CA: Karlstad university –Certificate owner: the students (who get their master degree) –Verifier: employers Metaphor (2): –CA1: Swedish Ministry of Education –CA2: Karlstad University
Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL) Self-signed certificate?
Man-in-the-middle attacks (by malicious intermediaries) Read the content of HTTP traffics –Your password (even hashed?) Modify the content of HTTP traffics –Transfer money from your account to the attacker. …
Brief History of SSL/TLS SSLv2 –Released in 1995 with Netscape 1.1 –Key generation algorithm kept secret –Reverse engineered & broken by Wagner & Goldberg SSLv3 –Fixed and improved, released in 1996 –Public design process TLS: IETF’s version; the current standard
SSL/TLS Overview Establish a session (handshake layer) –Agree on algorithms –Share secrets –Perform authentication Transfer application data (record layer) –Ensure confidentiality and integrity
SSL Architecture Record Protocol: Message encryption/authentication Handshake P.: Identity authentication & key exchange Alert P.: Error notification (cryptographic or otherwise) Change Cipher P.: Activate the pending crypto suite IP TCP SSL Record Protocol HTTP, etc. SSL Alert Protocol SSL Change Cipher Spec. Protocol SSL Handshake Protocol
SSL Handshake Protocol Two parties: client and server Negotiate version of the protocol and the set of cryptographic algorithms to be used –Interoperability between different implementations of the protocol Authenticate client and server (optional) –Use digital certificates to learn each other’s public keys and verify each other’s identity Use public keys to establish a shared secret
Handshake Protocol (4) Change_cipher_spec: a single message, which consists of a single byte with value 1. Finished: hash value
SSL Encryption Master secret –Generated by both parties from premaster secret and random values generated by both client and server Key material –Generated from the master secret and shared random values Encryption keys –Extracted from the key material
Homework Visit a web site with HTTPS Use wireshark to capture the traffics Read the parsed traffics, especially pay attention on the handshake protocol.
The Domain Name System A database implemented by many name servers (NS) –Distributed –Replicated –Hierarchical. com. se. edu. cmu.edu..kau.se cs.kau.se. ftp.cs.kau.se.www.cs.kau.se.
Authoritative Servers Authoritative DNS servers –An organization’s DNS servers, providing authoritative information for organization’s servers –Can be maintained by organization or service provider
DNS Query and Response local DNS Server End-user www.kau.se A? www.kau.se A 184.108.40.206 Root DNS Server se DNS Server kau.se DNS Server Cache: www.kau.se A 220.127.116.11 www.kau.se A? www.kau.se A 18.104.22.168
DNS Vulnerabilities No authentication. –DNS_response.ID == DNS_request.ID ? (16 bit length) –DNS_response.dport == DNS_request.dport? Significance: DNS is widely used in –Web –VoIP –Email –…
A Simple DNS Attack local DNS Server User’s Laptop www.seb.se A? www.seb.se A attacker_IP Root DNS Server se DNS Server seb.se DNS Server Attacker’s Laptop Easy to observe UDP DNS query sent to well known server on well known port. www.seb.se A 22.214.171.124 First response wins. Second response is silently dropped on the floor.
A cache poisoning Attack local DNS Server User’s Laptop seb.se DNS Server Attacker www.seb.se A? www.seb.se A attacker_IP With different IDs Cached a bad record: www.seb.se A attacker_IP www.seb.se A? www.seb.se A attacker_IP www.seb.se A? with different IDs
A More Complex Attack ns.attacker.com kau Caching Server Remote attacker Query www.attacker.com Response www.attacker.com A 126.96.36.199 attacker.com NS ns.attacker.com attacker.com NS www.seb.se ns.attacker.com A 188.8.131.52 www.seb.se A 184.108.40.206 Any kau Computer Query www.seb.se www.seb.se = 220.127.116.11
Question Is SSL/TLS useful to counteract these DNS attacks? Why? Homewrok: –Read RFC 2535 about DNSSec –http://www.faqs.org/rfcs/rfc2535.html
Key points URL spoofing: dotless IP address X.509 certificate Certificate chains SSL/TLS –Handshake protocol –Alert protocol –Record protocol –Change cipher spec protocol The overhead caused by SSL/TLS DNS architecture DNS cache poisoning