Security Protocols / Attacks / Mitigations 2

DATA AND NETWORK SECURITY

Case Study : Security Protocols / Attacks / Mitigations 2

Overview

• SSLv2/SSLv3/TLS • Kerberos

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 3

SSL

• Secure Socket Layer • Used for web security [https:] • Several versions released over past 2 decades • Numerous attacks, mitigations and patches

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 4

SSL/TLS versions

• SSLv1.0 – 1994 – Never released due to serious security flaws • SSLv2.0 – 1995 – • Deprecated as of 2011 • rfc6176 describes several major defficiencies • SSLv3.0 – 1996 – • Deprecated as of 2015 • Rfc7568 indicates any TLS version is better than any/all SSL versions

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 5 SSL/TLS versions

• TLSv1.0 – 1999 – (rfc2246) – • Replaces SSLv3 • Differences not dramatic but enough to prohibit interoperability • TLSv1.1 – 2006 – (rfc4346) – • Minor update to v1.0 • Adds protection against a Cipher Block Chaining (CBC) attack • TLSv1.2 – 2008 – (rfc5246) – • TLSv1.3 – 2018 – (rfc8446) – • Took 10 years, 28 draft rfcs • Concentration on simplicity • Unsafe technologies removed from support • SHA-1, MD5 • RC4, DES, and 3DES

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 6

SSL Brief Review of Protocol

• Looking at only TLS 1.2 and 1.3 • SSL v3.0 and before are deprecated and nearly dead

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 7

TLS 1.2

• Protocol sequence • Client Hello • Server Hello • Server Hello Done • Key Exchange • Change Cipher Spec • Finished • Change Cipher Spec • Finished • [Encrypted Data Starts]

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 8

TLS 1.3

• Protocol Sequence • Client Hello • Server Hello • [Encrypted Data starts]

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 9 Vulnerabilities vs Attacks

• Vulnerabilities are weaknesses in design that can be exploited in an attack • Attcks are methods that break security of a protocol or application

Table from : https://www.researchgate.net/publication/292615186_Taxonomy_of_SSLTLS_Attacks

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 10 Attacks • Taxonomy of SSL/TLS Attacks

Figure from : https://www.researchgate.net/publication/292615186_Taxonomy_of_SSLTLS_Attacks

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 11 Attacks on Client • SSL Stripping • Also called SSL Downgrade • Method: Attacker sets up a Mitm attack by setting his machine up as an application proxy, then modifies traffic between Victim and Server • Victim: Requests https;//example.com • Mitm: Forwards request to server • Server: Responds: https://example.com • Mitm: sends: http://example.com to victim • Future communicaton is in cleartext over http, not https • Version Rollback • Method: Mitm attack where attacker intercepts, blocks and replaces SSL/TLS negotiation to trick server into using an earlier version of the protocol • Setting up Mitm typically done with ARP cache poisoning

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 12

Attacks During Transit

• BEAST – Browser Exploit Against SSL/TLS • Method: Inject packets into an SSL stream to help guess the Initialization Vector • Involves setting up a man-in-the-middle attack • Attacker needs some control of user’s browser so this is a bit more difficult than other attacks • CRIME – Compression Ratio Info-Leak Made Easy • Method: Leverage compression mode to guess cookie values • Javascript can be loaded to Victim’s browser with a XSS attack • The Javascript injects string like: ‘Cookie: adm=0’ and watches size of response • A string like ‘Cookie: adm= exists in the headers • If Response is short, then compression was used and the ‘digit’ guess (0) was correct. • Otherwise, the character was guessed wrong. Continue trying different values to recover the entire cookie

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 13 Attacks on Server • HEARTBLEED • OpenSSL vulnerability • Heart beat messages are periodically sent to server to make sure it is still ‘alive’ • Heart beat message has short data and a length (i.e. data, 4) • Heart beat response sends back data and length (data, 4) • Method: Fabricate a heart beat message with an incorrect length • Send server (heartbeat, data, 65536) • Server respons with 64K of data from stack! • POODLE • Method: Man-in-the-middle attack • Intercept traffic from client (Client Hello) • Refuse later versions of protocol until client tries SSL 3.0 • SSL 3.0 uses padding and CBC mode. Making modified SSL 3.0 requests and changing a single byte through all 256 possible values will yield a plaintext byte. • Repeat for each byte in packet

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 14

Attack Mitigations

• Most attacks have the approach of: • Side-stepping use of SSL/TLS • Downgrading version of SSL/TLS • Downgrading cipher suite • Guessing information (like IV) using server as an ‘Oracle’ • Most downgrades occur due to design for ‘interoperability’

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 15

Attack Mitigation

• SSL Stripping • HSTS – Hypertext Strict Transport Security • Header information includes enforcement of secure connection • May still not avoid Mitm attack described • Close unsecure ports for the same service (do not run service on 80. Only run on 443) • Version Rollback • Use cipher suite TLS_FALLBACK_SCSV (0x5600) • Does not accept versions below a ‘Threshold’ • Current ‘Threshold’ is TLS 1.0

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 16

Attack Mitigation

• BEAST • Use Ephemeral (changing) Paramaters • Ensure session key is secure • DHE – Diffie-Hellman Ephemeral • ECDHE – Eliptic Curve Diffie-Hellman Ephemeral • CRIME • Turn off data compression [This also solves BREACH] • TLS 1.3 removed support for compression

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 17

Attack Mitigation

• HEARTBLEED • Specifically against older versions of OpenSSL • V1.0.1 -> V1.0.1f are vulnerable. Fixed in 1.0.1g • If can’t upgrade, rebuild from source with compiler switch • -DOPENSSL_NO_HEARTBEATS • POODLE • Same mitigation as for Version Rollback vulnerability

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 18

Kerberos

• Protocol Review • Attacks

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 19

Kerberos

• Basics of the protocol • Servers (Auth Server and Ticket Granting Server) create tickets • Tickets encrypted with keys based on hashed passwords • Passwords never traverse the net • The AS and TGS have copies of all ‘keys’ for users and services

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 20 Kerberos • Abbreviations used: • AS – Authentication Server • TGS – Ticket Granting Server • sK – server (service) key • cK – client (principal) key • tgsK – Ticket Granting Server Key • rsK, rsK1, rsK2 – Session keys for use with protocol messages • t – timestamp • n – random number (nonce) • {}xK – Contents of braces {} encrypted with xK • c, s – client and server principal names • ipC, ipS – IP addresses for client and server • T – ticket • tgt – Ticket granting ticket • sT – Ticket for a network service • A – Authenticator • lt -lifetime

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 21

Kerberos

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 22

Kerberos

• Messages 1. c->AS : c,s,t,n 2. AS->c : {rsK1,s,t,n,}ck, {tgt}tgsK • Client can now request service tickets from the ticket granting server 3. c->TGS : {A}rsK1,{tgt}tgsK, s // Authenticator is: {c,ipC,t}rsK 4. TGS->c : {rsK2,s,t,n,}rsK1, {sT}sK 1. sT is : s,c,ipC,t,lt,rsK2 2. Client can now use service : s. // telnet, ftp, etc. 5. c->s : {A}rsK2, {sT}sK 6. s->c : {t}rsK2. // Optional if client requested ‘server auth’

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 23

Kerberos

• Basic vulnerabilities • Dictionary attacks – Attacker can request a ticket for a different client and try to crack encryption • Time services weakness – NTP (Network time protocol) is not authenticated • An attacker can possibly cause a system’s time to ‘drift’ • This may allow attacker to ‘replay’ a stale authenticator • Spoofing Login Program – Login screens or terminal login prompts can possibly be ‘spoofed’ to capture a user’s login password

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 24

Kerberos

• Microsoft Active Directory is based on Kerberos v5 • KDC is part of the ‘Domain Controller’ • A number of newer attacks are more an abuse of Microsoft’s implementation than they are of the Kerberos protocol

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 25 Kerberos • Mitigations • Dictionary attacks – Enable ‘pre-authentication’ data • Requires client to encrypt some authenticating data in with the initial AS request • This ‘proof’ ensures the KDC does not issue a ticket to any entity requesting a ticket under a particular client’s identity • Network Time Service weakness – Secure time service • 2 Authentication methods added to NTPv4 • A symmetric key approach – Problem: it does not scale well • Autokey approach – This was shown to have serious security flaws in 2012 • Attacker could break secure session in seconds and alter time data • NTS – New protocol introduced in 2019 • Applies TLS to set up extension data for NTP and authenticated NTP packages • NTP protocol is not altered at all

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020] 26 Sources • https://www.researchgate.net/publication/292615186_Taxonomy_of_SSLTL S_Attacks • https://www.acunetix.com/blog/articles/tls-security-what-is-tls-ssl-part-1/ • https://www.acunetix.com/blog/articles/history-of-tls-ssl-part-2/ • https://www.acunetix.com/blog/articles/tls-ssl-terminology-basics-part-3/ • https://www.acunetix.com/blog/articles/tls-ssl-certificates-part-4/ • https://www.acunetix.com/blog/articles/establishing-tls-ssl-connection-part-5/ • https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/ • https://www.tarlogic.com/en/blog/how-kerberos-works/ • https://www.cvedetails.com/vulnerability-list/vendor_id-42/product_id- 61/version_id-4168/MIT-Kerberos-4.html • https://www.csoonline.com/article/2626810/don-t-count-on- kerberos-to-thwart-pass-the-hash-attacks.html • https://nvd.nist.gov/vuln/detail/CVE-2005- 1689#vulnCurrentDescriptionTitle

Data Security: Case Study I : Dyn DDOS Attack (Mirai) [Tony Mione, SUNY Korea, 2020]