Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

Similar presentations


Presentation on theme: "ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport."— Presentation transcript:

1 ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport Layer Security (TLS)

2 ITA, , 8-TLS.pptx 2 TLS Session Example

3 ITA, , 8-TLS.pptx 3 TLS Market Share of Certification Authorities 2010 Netcraft Ltd https://ssl.netcraft.com/ssl-sample-report/CMatch/certs

4 ITA, , 8-TLS.pptx 4 Secure Network Protocols for the OSI Stack Application layerssh, S/MIME, PGP, Kerberos, WSS Transport layerTLS, [SSL] Network layerIPsec Data Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE i (WPA2) Physical layerQuantum Cryptography Communication layersSecurity protocols

5 ITA, , 8-TLS.pptx 5 TLS/SSL Protocol Layers Secure Transport Layer TLS TCP IP Application Transport Fragmentation Compression Authentication Encryption Insecure Transport Layer TCP IP Application Sockets

6 ITA, , 8-TLS.pptx 6 Handshake Change CipherSpec Alert Application Application Data (messages) TLS - Record Protocol (records) TLS Record Protocol TCP - Transport Protocol (stream) IP - Network Protocol (packets)

7 ITA, , 8-TLS.pptx 7 [Compressed] Data MAC Padding TCP Header Record Header n * Block Cipher Size Record Body TLS Record Structure Application Data (Segment 1) Record Header Encrypted Data Application Data (Segment 2) 5 Bytes

8 ITA, , 8-TLS.pptx 8 TLS Handshake Protocol Server Server Hello RSRS RSRS ServerHelloDone Client Client Hello RCRC RCRC Application Data° Certificate* ClientKeyExchange CertificateVerify* *optional ServerKeyExchange* Certificate* CertificateRequest* *optional Finished° ChangeCipherSpec Finished° ChangeCipherSpec °encrypted

9 ITA, , 8-TLS.pptx 9 Resuming a TLS Session Client Client Hello RCRC RCRC Application Data° Finished° ChangeCipherSpec Server Server HelloRSRS Finished° ChangeCipherSpec °encrypted

10 ITA, , 8-TLS.pptx 10 Implemented SSL/TLS Protocol Versions SSL – Secure Sockets Layer Version 2.0 Initially developed by Netscape SSL 2.0 is sensitive to man-in-the-middle attacks leading e.g. to the negotiation of weak encryption keys SSL 2.0 should not be used anymore SSL – Secure Sockets Layer Version 3.0 Internet Draft authored by Netscape, November 1996 Supported by all browsers Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack TLS – Transport Layer Security Version 1.0 (SSL 3.1) IETF RFC 2246, January 1999 TLS 1.0 ist not backwards compatible to SSL 3.0 (differences in MAC computation, PRF function for master_secret and key material) Supported by all browsers Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack

11 ITA, , 8-TLS.pptx 11 BEAST – Browser Exploit Against SSL/TLS Authors Thai Duong and Juliano Rizzo presented their exploit on September at the 7th ekoparty Security Conference in Buenos Aires. Exploit The exploit uses a known-plaintext attack on the Cipher-Block-Chaining (CBC) encryption vulnerability of SSL 3.0 and TLS 1.0 which has been known since 2001 and was fixed by TLS 1.1 in Approach The BEAST JavaScript code running in a browser decrypts encrypted cookies sent via HTTPS within a couple of seconds. Fix Temporary workaround: Set up HTTPS web servers with stream ciphers (e.g. the rather outdated RC4 algorithm) Migration of HTTPS web servers and browsers to TLS 1.1 or 1.2.

12 ITA, , 8-TLS.pptx 12 Latest TLS Protocol Versions TLS – Transport Layer Security Version 1.1 (SSL 3.2) IETF RFC 4346, April 2006 Protection against CBC attacks (Serge Vaudenay, EPFL, 2004): Implicit Initialization Vector (IV) is replaced with an explicit IV Handling of padding errors is changed to use the bad_record_mac alert rather then decryption_failed. TLS – Transport Layer Security Version 1.2 (SSL 3.3) IETF RFC 5246, August 2008, updated by RFC Combined MD5/SHA-1 hash and PRF functions replaced by SHA-256 based default algorithms or cipher-suite specified methods. Support of Authenticated Encryption with Additional Data (AEAD) modes (e.g. AES-GCM accelerated by Intel AES-NI instruction set) TLS 1.1 and 1.2 Support Windows 7, Windows Server 2008 R2 GnuTLS library, the OpenSSL snapshot and strongSwan libtls.

13 ITA, , 8-TLS.pptx 13 SSL/TLS Configuration Options Mozilla Firefox

14 ITA, , 8-TLS.pptx 14 SSL/TLS Configuration Options Mozilla Firefox

15 ITA, , 8-TLS.pptx 15 SSL/TLS Configuration Options Microsoft Internet Explorer

16 ITA, , 8-TLS.pptx 16 TLS Enhanced TCP-based Application Protocols Service Name PortSecured Service https 443/tcp http protocol over TLS smtps 465/tcp smtp protocol over TLS smtp 25/tcpSTARTTLS keyword (RFC 2487) imaps 993/tcp imap4 protocol over TLS imap4143/tcpSTARTTLS keyword (RFC 2595) pop3s 995/tcp pop3 protocol over TLS pop3110/tcpSTLS keyword (RFC 2595) ldaps 636/tcp ldap protocol over TLS ircs 994/tcp irc protocol over TLS nntps 563/tcp nntp protocol over TLS


Download ppt "ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport."

Similar presentations


Ads by Google