Random Cookie Protocol, a New Solution to Prevent Against Session Cookie Hijacking

Total Page:16

File Type:pdf, Size:1020Kb

Random Cookie Protocol, a New Solution to Prevent Against Session Cookie Hijacking Date of acceptance Grade Instructor Random Cookie protocol, a new solution to prevent against session cookie hijacking Qijia Zeng Helsinki May 4, 2016 UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET UNIVERSITY OF HELSINKI Tiedekunta Fakultet Faculty Laitos Institution Department Faculty of Science Department of Computer Science Tekijä Författare Author Qijia Zeng Työn nimi Arbetets titel Title Random Cookie protocol, a new solution to prevent against session cookie hijacking Oppiaine Läroämne Subject Computer Science Työn laji Arbetets art Level Aika Datum Month and year Sivumäärä Sidoantal Number of pages May 4, 2016 56 pages + 0 appendices Tiivistelmä Referat Abstract With the rapid development of information technology, the network is playing a more and more important role in our life and penetrate to every corner of our life, such as responsible for comput- ing and transacting in business industries, and make great contribution for social communication. However, at the same time, more and more network attacks appears and seriously endanger the security of network. Including the threads for wired network and wireless network. In this thesis, we rst talk about network security, including wired network security and wireless security, we discuss the current threads and attacks we face for the wired network and wireless network, then we introduced the current solution for these threads and attacks.At last,we demonstrate the whole process of session cookie hijacking by manually perform it.We proposed our solution which called random cookie protocol, and we did experiments to compare the performance with HTTP. ACM Computing Classication System (CCS): A.1 [Introductory and Survey], I.7.m [Document and text processing] Avainsanat Nyckelord Keywords layout, summary, list of references Säilytyspaikka Förvaringsställe Where deposited Muita tietoja övriga uppgifter Additional information ii Contents 1 Introduction 1 2 Network security 2 2.1 Wired network . 3 2.2 Wireless network . 4 2.3 Type of network attacks . 4 2.3.1 Eavesdropping . 5 2.3.2 Data Modication . 5 2.3.3 Identity Spoong . 5 2.3.4 Man in the Middle . 6 2.3.5 Denial-of-Service Attack . 6 3 Web session authentication 7 3.1 HTTP cookies . 7 3.2 Dierence between cookie and session . 8 3.3 Cookie mechanism . 9 3.4 The functions of Cookie . 10 3.5 Session mechanism . 11 3.6 The comparison between cookie and session . 11 3.7 The session hijacking thread . 12 4 Current solution for session hijacking 13 4.1 HTTPS . 14 4.2 URL . 17 4.3 HTTPS . 18 4.4 Secure communication . 19 4.4.1 Encryption key delivery . 20 4.4.2 Data encryption . 20 iii 4.5 HTTPS protect against hijacking . 21 4.5.1 Performance impact . 21 4.5.2 HTTPS limitations . 24 4.5.3 XSS(cross-site scripting) . 26 4.5.4 CSRF(cross-site request forgery) . 27 4.6 One-time cookies . 30 4.7 Sessonlock . 34 4.7.1 Session secret generation . 35 4.7.2 Session secret transmission . 36 4.7.3 Session authentication . 36 4.7.4 Rolling code . 38 4.8 VPN . 40 4.8.1 Pros and cons . 42 5 Random Cookie protocol 43 5.1 The demonstration of session cookie hijacking . 43 5.2 Desired goals . 46 5.3 Design . 48 5.4 Formal description . 49 5.5 Security analysis . 51 5.6 Experiments and results . 52 6 Conclusion 53 References 54 1 1 Introduction With the rapid development of information technology, the network is playing a more and more important role in our life and penetrate to every corner of our life, such as responsible for computing and transacting in business industries, and make great contribution for social communication. However, at the same time, more and more network attacks appears and seriously endanger the security of network. Including the threads for wired network and wireless network. Now the use of cookie for storing short and important data is reaching to a universal level, such as session id, by keeping the session id for the session in web browser, can help web server to keep the status for this session with web browser, thus can avoid users to input username and password for every access to web server. However, the traditional HTTP protocol does not provide any security service, and the session cookie is transmitted over network in a plain way, this may cause the risk of being stolen by network adversaries, and we call this attack as session cookie hijacking. Now, some solutions to prevent against session cookie hijacking has been proposed like HTTPS, sessonlock protocol, however, although these solutions can provide some security for session cookie, they have their shortcoming on other aspects, like for HTTPS, it provide authentication, integration and condentiality services, however, as it require expensive computing, lots of website just deploy it for the login page, and leave other pages under HTTP, and thus can give network adversaries chances to lunch network attacks. In order to prevent against session cookie hijacking, in this thesis, we proposed a protocol called random cookie protocol, this method by using hash algorithm to generate a unique session cookie for every communication, once the session cookie is veried by web server, a new session cookie will be generated for next time use, so even if the session cookie is stolen by network adversaries, we don't need to worry about that because the session cookie is expired when it is veried by web server and can not be reused any more. Based on the random cookie protocol, we conducted some experiments to analyze its performance compared with normal HTTP protocol, the result revealed that although the performance of random cookie protocol is less than HTTP protocol, however, the dierence of performance is slightly and can be acceptable, and we think the bonus of security guarantee is worth enough to oset the slight less performance. So the rest of the thesis is like the following: in section 2, we discussed the network security, including the wired network security and wireless network security. In 2 section 3, we discussed web session, and some related concepts include what is cookie and session, the principle of cookie and session, and the session cookie hijacking, next we introduced the current solution for session cookie hijacking in section 4, such as HTTPS, sessionlock, one-time cookie and VPN, and also talked about their pros and cons. Follow by section 5, we give the demonstration of session cookie hijacking, and we proposed a new solution called random cookie project for session cookie hijacking in section6. Finally in section 6, we conclude the whole thesis. 2 Network security Network plays a very critical role in our world. With the rapid development of information technology, network technology has become more and more sophisti- cated and has become an essential part of our modern life in this information era. It has penetrated into every corners of our life, and take responsibility for many important areas like conducting computations and transactions in business indus- tries, or communications in government operations. However, threads always have afterward nature, when network technology is increasingly matured and popular among people's life, some networks attacks has appeared and some network secu- rity incidents has occurred and caused huge loss to companies and consumers. For example, in 2014 a security vulnerability called OpenSSL has been detected. The cause of OpenSSL is due to the failure of checking the boundary value of user's input before using the input as parameters when call memcpy() function. This security vulnerability is severe and cause the leakage of network user accounts and other privacy of network users. An other serious network security incident is the leakage of eBay data. In May 22th 2014, eBay suddenly required almost 128 millions eBay active users to reset their passwords for their eBay accounts as hackers can obtain passwords, telephone numbers, home addresses or other privacy of eBay users from eBay website. Although later eBay claimed the database which has been hacked and the information leaked didn't contain nancial data such as credit card num- ber, and won't cause huge loss for users, however, the increasingly network security incidents has began to gain people's attentions, and network security is becoming a frequent research topic. Network security refer to some operations or measurements that designed to protect network, more specically, that is by some activities based on certain policy to ensure the reliability, condentiality, integrity and safety of net- work, and prevent or stop a variety of network threads from entering or spreading the network. With the shift of type of network from wired network to wireless net- 3 work, the type of network thread is changed and new network thread appears by the time pass, and the network security protection mechanism is also changed. In the below, we will talk about the hardwired network security and wireless network security, among these, we will focus on the wireless LAN and discuss the type of WLAN attack. 2.1 Wired network Figure 1: Wired Network By the shape of network, we can categorize network as wired network and wire- less network. Decades ago before the popular of wireless network, the traditional network is wired network. Dierent from wireless network, the wired network has its own physical shape, and each network components such as hosts or switches are connected by cables. From the Figure 1[Gun10] we can see that a wired network has its own physical scope, the desktop PC, printers and switches are connected by cables. at the entry of wired network with the Internet, a rewall is deployed 4 here to protect the wired network, so wired network is usually protected by re- walls.
Recommended publications
  • Release 2.2.1 Kenneth Reitz
    Requests Documentation Release 2.2.1 Kenneth Reitz January 15, 2016 Contents 1 Testimonials 3 2 Feature Support 5 3 User Guide 7 3.1 Introduction...............................................7 3.2 Installation................................................8 3.3 Quickstart................................................9 3.4 Advanced Usage............................................. 15 3.5 Authentication.............................................. 25 4 Community Guide 29 4.1 Frequently Asked Questions....................................... 29 4.2 Integrations................................................ 30 4.3 Articles & Talks............................................. 30 4.4 Support.................................................. 30 4.5 Community Updates........................................... 31 4.6 Software Updates............................................. 31 5 API Documentation 49 5.1 Developer Interface........................................... 49 6 Contributor Guide 69 6.1 Development Philosophy......................................... 69 6.2 How to Help............................................... 70 6.3 Authors.................................................. 71 Python Module Index 77 i ii Requests Documentation, Release 2.2.1 Release v2.2.1. (Installation) Requests is an Apache2 Licensed HTTP library, written in Python, for human beings. Python’s standard urllib2 module provides most of the HTTP capabilities you need, but the API is thoroughly broken. It was built for a different time — and a different web.
    [Show full text]
  • The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
    The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre­ and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook­ evercookies and respawning and the discovery of a new ev­ ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track­ The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing.
    [Show full text]
  • Preventing Session Hijacking Using Encrypted One-Time-Cookies
    Preventing Session Hijacking using Encrypted One-Time-Cookies Renascence Tarafder Prapty 1, Shuhana Azmin 1 Md. Shohrab Hossain 1, Husnu S. Narman2 1Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Bangladesh 2Weisberg Division of Computer Science, Marshall University, Huntington, WV, USA Email: [email protected],[email protected], [email protected], [email protected] Abstract—Hypertext Transfer Protocol (HTTP) cookies are cryptography-based techniques to achieve cookie confidential- pieces of information shared between HTTP server and client to ity and integrity. However, each mechanism lacks in one aspect remember stateful information for the stateless HTTP protocol or another. The scheme described in [1] does not achieve or to record a user’s browsing activity. Cookies are often used in web applications to identify a user and corresponding authen- cookie confidentiality. In [3], the web server is required to ticated session. Thus, stealing a cookie can lead to hijacking an store one-time keys that lead to key management problems. authenticated user’s session. To prevent this type of attack, a In [2] and [4], a one-time key is encrypted by the web server’s cookie protection mechanism is required. In this paper, we have public key. As public key encryption is computationally expen- proposed a secure and efficient cookie protection system. We have sive, these schemes are not efficient. [5] proposes the use of used one time cookies to prevent attacker from performing cookie injection. To ensure cookie integrity and confidentiality, we have cache cookies as an alternative to cookies for authentication of encrypted sensitive information in the cookie.
    [Show full text]
  • Protecting Encrypted Cookies from Compression Side-Channel Attacks
    Protecting encrypted cookies from compression side-channel attacks Janaka Alawatugoda1, Douglas Stebila1;2, and Colin Boyd3 1 School of Electrical Engineering and Computer Science, 2 School of Mathematical Sciences 1;2 Queensland University of Technology, Brisbane, Australia [email protected],[email protected] 3 Department of Telematics, Norwegian University of Science and Technology, Trondheim, Norway [email protected] December 28, 2014 Abstract Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques|heuristic separation of secrets and fixed-dictionary compression|for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve. 1This is the full version of a paper published in the Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC 2015) in San Juan, Puerto Rico, USA, January 26{30, 2015, organized by the International Financial Cryptography Association in cooperation with IACR. 1 Contents 1 Introduction 3 2 Definitions 6 2.1 Encryption and compression schemes.........................6 2.2 Existing security notions................................7 2.3 New security notions..................................7 2.4 Relations and separations between security notions.................8 3 Technique 1: Separating secrets from user inputs9 3.1 The scheme.......................................9 3.2 CCI security of basic separating-secrets technique.................
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • A Deep Dive Into the Technology of Corporate Surveillance
    Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance Author: Bennett Cyphers and Gennie Gebhart ​ A publication of the Electronic Frontier Foundation, 2019. “Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance” is released under a Creative Commons Attribution 4.0 International License (CC BY 4.0). View this report online: https://www.eff.org/wp/behind-the-one-way-mirror ELECTRONIC FRONTIER FOUNDATION 1 Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance Behind the One-Way Mirror A Deep Dive Into the Technology of Corporate Surveillance BENNETT CYPHERS AND GENNIE GEBHART December 2, 2019 ELECTRONIC FRONTIER FOUNDATION 2 Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance Introduction 4 First-party vs. third-party tracking 4 What do they know? 5 Part 1: Whose Data is it Anyway: How Do Trackers Tie Data to People? 6 Identifiers on the Web 8 Identifiers on mobile devices 17 Real-world identifiers 20 Linking identifiers over time 22 Part 2: From bits to Big Data: What do tracking networks look like? 22 Tracking in software: Websites and Apps 23 Passive, real-world tracking 27 Tracking and corporate power 31 Part 3: Data sharing: Targeting, brokers, and real-time bidding 33 Real-time bidding 34 Group targeting and look-alike audiences 39 Data brokers 39 Data consumers 41 Part 4: Fighting back 43 On the web 43 On mobile phones 45 IRL 46 In the legislature 46 ELECTRONIC FRONTIER FOUNDATION 3 Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance Introduction Trackers are hiding in nearly every corner of today’s Internet, which is to say nearly every corner of modern life.
    [Show full text]
  • Edgex: Edge Replication for Web Applications
    EdgeX: Edge Replication for Web Applications by Hemant Saxena A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics in Computer Science Waterloo, Ontario, Canada, 2015 c Hemant Saxena 2015 I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract Global web applications face the problem of high network latency due to their need to communicate with distant data centers. Many applications use edge networks for caching images, CSS, javascript, and other static content in order to avoid some of this network latency. However, for updates and for anything other than static content, communication with the data center is still required, and can dominate application request latencies. One way to address this problem is to push more of the web application, as well the database on which it depends, from the remote data center towards the edge of the network. This thesis presents preliminary work in this direction. Specifically, it presents an edge-aware dynamic data replication architecture for relational database systems supporting web applications. The objective is to allow dynamic content to be served from the edge of the network, with low latency. iii Acknowledgements I am extremely grateful to my supervisor Ken Salem for his guidance, support, and dedication throughout this thesis and during my graduate studies. His training and enthu- siasm towards addressing challenging problems has had a positive effect in my life.
    [Show full text]
  • Get a Grip on Hosting Costs for Your High Volume Website
    Get a Grip on Hosting Costs for Your High Volume Website Improve performance, scalability and availability, while reducing business risk and costs with the Drupal Open Source social publishing platform and Acquia Hosting services Executive Summary You’ve built a fantastic Drupal website. Traffic growth charts are encouraging. Conversion rates are above industry averages. Lead numbers and revenue from the web site are growing faster than forecast. And yet the pressure remains high to reduce costs and improve the profitability of operations wherever possible in your company. Though you have met or exceeded your commitments to the business, the CEO and the Board of Directors still want more. Perhaps your budget cycle is about to start up, or your hosting contract is up for renewal. You need to ensure you have a grip on the total cost of hosting your website, and to recommend alternative approaches which will cut those costs while improving service levels (performance, scalability and availability). MSKU#: 0023 2 Get a Grip on Hosting Costs for Your High Volume Website You know that success on the web doesn’t come without cost. But there are significant opportunities to dramatically reduce those costs. You can deliver dynamic, highly interactive “social” websites, and handle volumes of millions of page views per month and up. And you can do so with high performance, 100% availability, at a fraction of the cost most companies are paying today. There are significant infrastructure costs associated with hosting a high volume website. Whether those costs are carried internally through hardware and staff in your datacenter, or through outsourced managed hosting solutions – the numbers add up quickly.
    [Show full text]
  • Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros
    ARXIV.ORG DIGITAL LIBRARY 1 Web Tracking: Mechanisms, Implications, and Defenses Tomasz Bujlow, Member, IEEE, Valentín Carela-Español, Josep Solé-Pareta, and Pere Barlet-Ros Abstract—This articles surveys the existing literature on the of ads [1], [2], price discrimination [3], [4], assessing our methods currently used by web services to track the user online as health and mental condition [5], [6], or assessing financial well as their purposes, implications, and possible user’s defenses. credibility [7]–[9]. Apart from that, the data can be accessed A significant majority of reviewed articles and web resources are from years 2012 – 2014. Privacy seems to be the Achilles’ by government agencies and identity thieves. Some affiliate heel of today’s web. Web services make continuous efforts to programs (e.g., pay-per-sale [10]) require tracking to follow obtain as much information as they can about the things we the user from the website where the advertisement is placed search, the sites we visit, the people with who we contact, to the website where the actual purchase is made [11]. and the products we buy. Tracking is usually performed for Personal information in the web can be voluntarily given commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client by the user (e.g., by filling web forms) or it can be collected storage, client cache, fingerprinting, or yet other approaches. indirectly without their knowledge through the analysis of the A special focus is placed on mechanisms that use web caches, IP headers, HTTP requests, queries in search engines, or even operational caches, and fingerprinting, as they are usually very by using JavaScript and Flash programs embedded in web rich in terms of using various creative methodologies.
    [Show full text]
  • VA Handbook 6102 Washington, DC 20420 Transmittal Sheet July 15, 2008
    Department of Veterans Affairs VA Handbook 6102 Washington, DC 20420 Transmittal Sheet July 15, 2008 INTERNET/INTRANET SERVICES 1. REASON FOR ISSUE: This Handbook revises Department-wide procedures for the establishment and administration of Department of Veterans Affairs (VA) Internet/Intranet sites, and sites operating on behalf of VA, and non-VA entities contracted to operate for VA, and/or related services. This Handbook implements the policies contained in VA Directive 6102, Internet/Intranet Services. 2. SUMMARY OF CONTENTS/MAJOR CHANGES: This Handbook provides procedures relating to the establishment and administration of a VA Internet and/or Intranet site, and/or site operating on behalf of VA, and/or related service; it also provides procedures for publishing VA information on the World Wide Web (www). It defines the organizational responsibilities for all Web activities that are related to posting, editing, maintaining, and removing files to or from the Internet and Intranet. Important modifications to this handbook are the enhanced emphases on privacy-related issues, security requirements, accessibility requirements, the utilization of Web applications and tools for enhanced performance, and new technologies developed for use with Web browsers, including but not limited to, all applications, content management systems, audio and/or video broadcasts, blogs, and other types of browser-based social media. It addresses the establishment of the VA Chief Information Officer’s (CIO’s) Office of Enterprise Development (OED), Resource Management Information Technology Development (RMIT (005Q)), as the entity which will have enforcement authority over all VA Web activities. This Handbook also establishes that failure to comply with the requirements could result in serious consequences, including the immediate removal of Web pages and/or VA Web sites from publication for serious breaches of security, privacy or other significant failure(s), or removal of Web pages or Web sites within 30 days as determined by the responsible administrations.
    [Show full text]
  • On the Security of RC4 in TLS and WPA∗
    A preliminary version of this paper appears in the proceedings of the USENIX Security Symposium 2013. This is the full version. On the Security of RC4 in TLS and WPA∗ Nadhem J. AlFardan1 Daniel J. Bernstein2 Kenneth G. Paterson1 Bertram Poettering1 Jacob C. N. Schuldt1 1 Information Security Group Royal Holloway, University of London 2 University of Illinois at Chicago and Technische Universiteit Eindhoven July 8th 2013 Abstract The Transport Layer Security (TLS) protocol aims to provide confidentiality and in- tegrity of data in transit across untrusted networks. TLS has become the de facto protocol standard for secured Internet and mobile applications. TLS supports several symmetric encryption options, including a scheme based on the RC4 stream cipher. In this paper, we present ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption. Variants of these attacks also apply to WPA, a prominent IEEE standard for wireless network encryption. Our attacks build on recent advances in the statistical analysis of RC4, and on new findings announced in this paper. Our results are supported by an experimental evaluation of the feasibility of the attacks. We also discuss countermeasures. 1 Introduction TLS is arguably the most widely used secure communications protocol on the Internet today. Starting life as SSL, the protocol was adopted by the IETF and specified as an RFC standard under the name of TLS 1.0 [7]. It has since evolved through TLS 1.1 [8] to the current version TLS 1.2 [9]. Various other RFCs define additional TLS cryptographic algorithms and extensions. TLS is now used for securing a wide variety of application-level traffic: It serves, for example, as the basis of the HTTPS protocol for encrypted web browsing, it is used in conjunction with IMAP or SMTP to cryptographically protect email traffic, and it is a popular tool to secure communication with embedded systems, mobile devices, and in payment systems.
    [Show full text]
  • Goodies About New Wireshark and Packet Analysis for HTTP
    SharkFest ‘16 Wireshark 2.0 Tips for HTTP 1/2 Analysis: Goodies about New Wireshark and Packet Analysis for HTTP Megumi Takeshita Packet Otaku | ikeriri network service co.,ltd SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Megumi Takeshita, ikeriri network service a.k.a. packet otaku since first Sharkfest • Founder, ikeriri network service co.,ltd • Wrote 10+ books of Wireshark and capturing and network analysis. • Reseller of Riverbed Technology ( former CACE technologies ) and Metageek, Dualcomm etc. in Japan • Attending all Sharkfest 9 times • and translator of QT Wireshark into Japanese SharkFest ‘16 • Computer History Museum • June 13-16, 2016 2 21 Wireshark 2.0 Tips for HTTP 1/2 Analysis: Goodies about New Wireshark and Packet Analysis for HTTP •This session contains TIPS and TRICKs for HTTP 1 / 2 using Wireshark 2.0, and also includes HTTP and HTTP2 analysis for packet analysis beginners. •Limited English skills, so please ask me if you have some question. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 3 sample trace files in the session you can download Download: http://www.ikeriri.ne.jp/wireshark/traces/ At first, open the homepage.pcap The trace file is just open the simple website http://www.ikeriri.ne.jp/sample.html SharkFest ‘16 • Computer History Museum • June 13-16, 2016 TIPS #1 first, check arrows and colors of the frame and the intelligent scroll bar •New Wireshark tell you traffic with arrow and color of the scroll bar. It tells us the traffic DNS TCP Color of the scroll bar SharkFest ‘16 • Computer History Museum • June 13-16, 2016 TIPS #2 Generated fields and links tell us the important information •There are two kinds of fields in Wireshark header, the actual field like Web Server ( http.server) in HTTP header, the generated field ( easily to find [ generated field name ] ) that Wireshark created for understanding the packet.
    [Show full text]