The Dog’s Biggest Bite. Overview History Start Communication Protocol Weakness POODLE Issues.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Cryptography and Network Security Chapter 17
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
IEEE Wireless Local Area Networks (WLAN’s).
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Cs490ns-cotter1 SSH / SSL Supplementary material.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SSL/TLS How to send your credit card number securely over the internet.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.
Can SSL and TOR be intercepted? Secure Socket Layer.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
1 Secure Socket Layer Originally by Yu Yang and Lilly Wang Originally by Yu Yang and Lilly Wang Modified by T. A. Yang Modified by T. A. Yang.
KERBEROS SYSTEM Kumar Madugula.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
Secure Sockets Layer (SSL)
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

The Dog’s Biggest Bite

Overview History Start Communication Protocol Weakness POODLE Issues

History 1994 – Netscape Communications Design SSL Version Never Released Publicly 1995 – SSL 2.0 Release as Part of Netscape Navigator 1996 – V3.0 Redesign of Protocol Address 2.0 Vulnerabilities First Version to Authenticate Handshake Messages Prevents Attackers from Triggering Downgrade protocol versions 1999 – IETF Publishes TLS 1.0 Standard

Start Communication Handshake Agree on Shared Secret Key Includes Cipher Algorithms Block Cipher Most Common Used If Both Cannot Agree On Protocol Downgrade Dance

Start Communication Handshake Client Hello Information that the server needs to communicate with the client using SSL. Including SSL version number, cipher settings, session- specific data. Server Hello Information that the client needs to communicate with the server using SSL. Including SSL version number, cipher settings, session- specific data. Including Server’s Certificate (Public Key)

Start Communication Authentication and Pre-Mater Secret Client authenticates the server certificate. (e.g. Common Name / Date / Issuer) Client (depending on the cipher) creates the pre-master secret for the session, Encrypts with the server's public key and sends the encrypted pre-master secret to the server Decryption and Master Secret Server uses its private key to decrypt the pre-master secret, Both Server and Client perform steps to generate the master secret with the agreed cipher.

Start Communication Generate Session Keys Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session Encryption with Session Keys Both client and server exchange messages to inform that future messages will be encrypted.

Protocol Weakness Today Agreement on Process to Produce Authenticated Encrypted Data Not True When SSL was Created Today Encrypt-Then-Mac (Message Authentication Code) SSL uses Mac-Then-Encrypt

POODLE POODLE –Padding Oracle On Downgraded Legacy Encryption Attacker Takes Advantage of Downgrade Dance Works by Using Padding Padding is Created by Block Cipher Attacker Gets 1 byte out of Every 256 Requests Attacker Can Retrieve n Bytes of Data in 256 X n Request Work as part of Man-In-The-Middle (MITM)

POODLE

Issues Turn Off SSL V3.0 Could Lock Out 1% - 5% of Users (XP /IE 6) Must Achive MITM Before Using Attack Vector Exploit Not as Bad as HeartBleed, Implementation Hard

References happened.html happened.html sis/ sis/ poodle-affects-oodles.html poodle-affects-oodles.html ssl-work-what-ssl-handshake ssl-work-what-ssl-handshake ow-does-ssl-tls-work ow-does-ssl-tls-work