Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.

Published byMelanie Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND."— Presentation transcript:

1 Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND ANALYSIS OF CRYPTOGRAPHIC PROTOCOLS

2 The use of cryptographic protocols as a means to provide security to web servers and applications at the transport layer is becoming increasingly popular. However it is difficult to analyze this sort of traffic as it is encrypted ISP's are often served with court orders to provide logs of clients activity; this data is often encrypted. Attacks that use HTTPS as their means of entry are harder to detect once again as they are encrypted. Its often difficult to debug errors related to cryptographic protocols once again due to the encrypted nature of the data PROBLEM STATEMENT 1

3 So it would be nice if a set of tools existed for dealing with these problems. We approach this problem statement from the prospective of having legitimate access to encrypted traffic for doing analysis, debugging or data collection. There are a number of systems that implement parts of the problem statement. We are looking at building a system that is easy to managed, cross platform and can be extended to implement a number of different protocols. From the popular web-comic XKCD, http://www.xkcd.com/538/ PROBLEM STATEMENT 2

4 Given encrypted data in the form of stored pcap files ( extending to live pcap streams) can we determine the algorithm used and then together with the recovered session key to decrypt to plain text. Of course the algorithm used for encryption is dependant on the protocol used and the algorithms that were negotiated between client and server. Investigate sensible means to store symmetric keys for later use. Provide some analysis on data that may be useful for detection of possible attacks or for debugging purposes. Initially provide implementation for SSL then TLS following up with possible implementation for SSH. OBJECTIVES OF RESEARCH 1

5 Possible extensions Develop plug-ins for Wireshark to allow for similar functionality Implement for a wide variety of different protocols. OBJECTIVES OF RESEARCH 2 The approach taken by one of the Debian openSSL developers. Removing the randomness from a cryptographic function can’t have too negative a effect … http://www.xkcd.com/221/

6 RELEVANCE AND BACKGROUND 1 Recent concerns : SSLStripper: Moxie Marlinspike announced at the 2009 Black Hat Federal that he had developed a tool for performing "man-in-the-middle” attacks on secure websites that make use of SSL. Rogue CA’s exploiting MD5 A research group at the Eindhoven University of Technology has developed a method to create rogue CA (Certification Authority) certificates from commercial CA certificates which are trusted by all common web browsers.

7 Bradley Cowie SANS one of the most respected Information Security trainers and certifiers released a list of the top 10 security menaces for 2008 (compiled by 10 security veterans). The number 1 security menace for 2008 was : “Increasingly Sophisticated Web Site Attacks - Especially On Trusted Web Sites” “..web site attacks have migrated from simple ones based one or two exploits posted on a web site to more sophisticated attacks based on scripts.. attackers are actively placing exploit code on popular, trusted web sites where users have an expectation of effective security” Taken from : http://www.sans.org/2008menaces/ RELEVANCE AND BACKGROUND 2

8 Existing tool suites which partially solve the problem statement The CSUR project : CSUR is a project about automatic analysis of cryptographic protocols written in C. However its distributed under copyright and is still in its beta phase. HTTP Analyzer 4 : HTTP Analyzer is a utility that allows you to capture HTTP/HTTPS traffic in real-time. It can trace and display a wide range of information. However its not sufficiently generic. RELEVANCE AND BACKGROUND 3

9 APPROACH AND DESIGN 1 Research related protocols : develop my own flowcharts and psuedo-code to understand how they function. Setup, configuration and gaining of experience in the use of valuable software like TCPDump, SSLDump, openSSL and modSSL. Experimentation with generation of CA certificates using openSSL and TinyCA Choose the platform for development (currently considering a web-platform using PHP for scripting) Develop tools to perform decryption and develop a front end to the tool set

10 Bradley Cowie Secure Socket Layer SSLv2 Record Layer: Client Hello Length: 103 Handshake Message Type: Client Hello (1) Version: SSL 3.0 (0x0300) Cipher Spec Length: 78 Session ID Length: 0 Challenge Length: 16 Cipher Specs (26 specs) Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080) [ more Cipher Specs deleted ] Challenge

11 Bradley Cowie Implementation of analysis of data (entropy) Possibly compare to other tools that perform similar functions. APPROACH AND DESIGN 2

12 APPROACH AND DESIGN 3 Prototype design of system

13

14 Bradley Cowie QUESTIONS ?

Download ppt "Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
More Trick For Defeating SSL

More Trick For Defeating SSL
Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.

Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Similar presentations

Ads by Google