Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.

Published byAnjali Dinsdale Modified over 9 years ago

Similar presentations

Presentation on theme: "Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING."— Presentation transcript:

1 Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND ANALYSIS OF CRYPTOGRAPHIC PROTOCOLS

2 I NTRODUCTION Agenda Introduction Problem Statement Background Applications of Research Relevance and Background Existing Tool Suites Research Objectives Research Design SSL Handshake Objectives and progress

3 I NTRODUCTION Problem Statement Cryptographic protocols have become incredibly popular in recent times and have a variety of application such as securing web based communications. We have a reliance on these protocols to provide authentication, integrity and confidentiality to our communications. However, we note that it is rather difficult to perform legitimate analysis, intrusion detection and debugging on cryptographic protocols, as the data that passes through is encrypted.

4 I NTRODUCTION Problem Statement (cont.) So it would be nice if a set of tools existed for dealing with these problems. We approach this problem statement from the prospective of having legitimate access to encrypted traffic for doing analysis, debugging or data collection. We are looking at building a system to decrypt encrypted traffic that is easy to managed, cross platform and can be extended to implement a number of different protocols.

5 B ACKGROUND Applications of Research ISP's are often served with court orders to provide logs of clients activity; this data is often encrypted. Attacks that use HTTPS as their means of entry are harder to detect once again as they are encrypted. While tools do exist to do this, they aren’t sufficiently generic. Its often difficult to debug errors related to cryptographic protocols once again due to the encrypted nature of the data.

6 B ACKGROUND Relevance and Background SANS one of the most respected Information Security trainers and certifiers released a list of the top 10 security menaces for 2008 (compiled by 10 security veterans). The number 1 security menace for 2008 was : “Increasingly Sophisticated Web Site Attacks - Especially On Trusted Web Sites” “..web site attacks have migrated from simple ones based one or two exploits posted on a web site to more sophisticated attacks based on scripts.. attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of effective security” Source: http://www.sans.org/2008menaces/

7 B ACKGROUND Existing Tool Suites The CSUR Project CSUR is a project about automatic analysis of cryptographic protocols written in C. However its distributed under copyright and is still in its beta phase. HTTP Analyzer 4 HTTP Analyzer is a utility that allows you to capture HTTP/HTTPS traffic in real-time. It can trace and display a wide range of information. However its not sufficiently generic. SSLDump A tool that can be used to decrypt live SSL encrypted traffic

8 R ESEARCH O BJECTIVES Objectives of Research Given encrypted data in the form of stored pcap files, extending to live pcap streams, be able to determine the algorithm used and then together with the recovered session key to decrypt to plain-text. Once the plain has be derived we can continue on to provide some analysis on data that may be useful for detection of possible attacks or for debugging purposes. Investigate sensible means to store symmetric keys for later use. Initially provide implementation for SSL then TLS following up with possible implementation for SSH.

9 R ESEARCH O BJECTIVES Prototype Design Start Load PCAP file or stream Obtain crypto suite used Get Session key Remove packet header DecryptAnalysis

10 SSL H ANDSHAKE SSL Handshake (cont.) ClientServer Authentic- ation Handshake phase Bootstrap Client Hello Server Hello Client Hello Server Auth Client Hello Server Hello

11 SSL Handshake (cont.) ClientServer Cipher Change Data exchange phase Server Finish Client Finish

12 Project Goals Capture traffic using libpcap [Complete] Obtain the parameters used in the SSL Handshake [Complete] Get back the session keys from Client.random and Hello.Random [In progress] Use the keys together with OpenSSL and the information from the traffic capture to decrypt the traffic [No progress of yet] Build Webfront for tools [No progress] Perform the same process for TLS and potentially SSH [No progress] Analyze solution built [No progress]

13 Screenshots!

14

15 QUESTIONS AND COMMENTS ?

Download ppt "Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google