Secure Communication: Is It Possible with SSL and Or SSH?
Total Page:16
File Type:pdf, Size:1020Kb
Secure Communication: Is it possible with SSL and or SSH? Edvard Wikström Supervisor, [email protected] Tina Lindkvist, [email protected] TDDC03 Information Security Project Linköping University May 8, 2004 Abstract 2. Formatting your paper The purpose of this project is to gather information This document will analyze the SSH and SSL about SSL and SSH as tools for security protocols for secure communication. To achieve this, communication and present them in relation to their white papers and information from reliable sources features, usability and vulnerabilities. Short related to this domain have been studied. Descriptions instructions of installation and configuration will be of how the protocols work and their vulnerabilities are presented for both technologies, this will only provide presented in sufficiently detail to understand their the necessary information to get a quick start. The weaknesses. focus is directed towards vulnerabilities and attacks against these utilities. SSL and SSH are both among 3. SSL the most used methods for transporting information securely through networks. The conclusion is that they 3.2 Background offer good security in open networks if proper configuration and updates are applied The SSL protocol is intended to provide a practical, application-layer, widely connection oriented 1. Introduction mechanism for Internet client/server communication security developed by Netscape. To use the SSL Secure communication is essential for exchange of protocol, the host computer, the client, must be sensitive information. For a long time weak protocols equipped with an SSL Certificate. A digital certificate like Telnet, FTP, the old UNIX utilities, rlogin, rsh is an electronic message that verifies that a user and rcp have been used but they do not provide a sending a message is who he or she claims to be, and secure way for the interchange of data. The growth to provide a way to the receiver the means to encode a and broad expansion of the World Wide Web has reply. A digital certificate contains the public key of changed its intended use from the beginning. More the certificate holder and a variety of other and more businesses have established online-shops, identification information. Digital certificates are banks allow their customers to connect to their website issued by a Certificate Authority, such as VeriSign [1], and make transactions instantaneously. This new e- which are trusted third-party sources that have been commerce era is changing the way we purchase authorized by banks, governments and other products and services. In this document I will present institutions to guarantee the identity of the holder of and analyze two methods for the secure interchange of the certificate. information in open networks. The objective with this SSL works by using a public key to encrypt data document is to answer three questions about these that is transferred over the SSL connection. The tools: biggest browsers like Internet Explorer, Netscape, Mozilla and Opera supports it. Currently two versions • How easy are they to use? of SSL are available, 2.0 and 3.0. Many websites use • How secure are they? the protocol to obtain confidential information, such • Do you need to be an expert to use them? as credit card numbers. By convention, URL: s (Uniform Resource Locator) that requires an SSL encrypted SSL connection is protected with a connection starts with https:// instead of the normal mechanism for detecting tampering, whether data http://. Today, SSL has become the de facto standard has been altered in transit. for cryptographic protection of Web http traffic. The picture below shows where the SSL layer is Improvements and development to the protocol is placed in relation to the other layers in the protocol made by the IETF TLS (Transport Layer Security) stack. workgroup. Its is defined by RFC 2246. 3.2 Features and functionality The SSL protocol runs above TCP/IP and below high-level application protocols such as HTTP or IMAP. It uses TCP/IP on behalf of the higher-level protocols, and allows an SSL-enabled server to authenticate itself to an SSL enabled client, at the same time the client authenticates itself to the server and allows both machines to establish an encrypted connection. SSL client authentication allows a server to confirm the user’s identity using the same techniques as those used for the server. There are a great number of SSL implementations; here is a list of the most common companies and The fundamental steps for the SSL protocol are the organizations providing SSL implementations: following: • SSL server authentication – allows a user to • Cisco confirm a server’s identity. The SSL enabled client • Sun software can use standard techniques of public key • IBM cryptography to check that a server’s certificate • SSL.com and public ID are valid and have been issued by a • OpenSSL – open source. certificate authority (CA) which is listed in the client’s list of trusted CA: s. This confirmation is OpenSSL is an open source variant widely used in important if the user sends the credit card number both the open source community and in the to the server. It also allows the client and server to commercial world due to its attractive license. select the cryptographic algorithms or ciphers supported by both parts. The SSL protocol consists of two sub-protocols, the SSL record protocol and the SSL handshake protocol. • SSL client authentication allows a server to The record part defines the format used to transmit confirm the user’s identity. Using the same data, the handshake part involves using the SSL techniques as those used for server authentication, record protocol to exchange a series of messages SSL enabled server software can check that a between an SSL enabled server and an SSL enabled client’s certificate and public ID are valid and have client at the establishment of a connection. The been issued by a certificate authority (CA), listed exchange of messages is designed to facilitate in the server’s list of trusted CA: s. This the following actions: confirmation is important if the server sends confidential financial information to a customer. More specifically, the record layer provides confidentiality, authenticity and replay protection over • An encrypted SSL connection requires all a connection-oriented reliable transport protocol such information sent between a client and a server to as TCP. The handshake layer which takes care of the be encrypted by the sending software and key-exchange which initializes and synchronized decrypted by the receiving software, thus providing cryptographic state at the two endpoints of a high degree of confidentiality. Confidentiality is communication. important for both parties to any private transaction. In addition, all data sent over an Both SSL 2.0 and 3.0 protocols support The nice thing about SSL is that its use is almost overlapping sets of ciphers suites. These can be transparent to the user. Having a SSL capable browser enabled or disabled by an administrator. When a client or e-mail client it’s all that is needed, which today and server exchange information during the SSL applications supports by default. When connecting for handshake, they identify the strongest enabled cipher the first time to a server requiring SSL, it will first ask suit they have in common for the SSL session. you to download a certificate so you can verify your identity from then on. This is normally done by These ciphers below are used to authenticate the entering some credentials validating the user. If this client and server, transmit certificates and establish verification step is approved the server sends to the session keys. client a certificate. The user simply needs to check that the certificate comes from the claimed source by • DES - Data Encryption Standard, an encryption inspecting the information presented. If the source is algorithm used by the U.S Government. trusted, accepting the certificate is all that is required. • DSA - Digital Signature Algorithm, part of the Further visits to the server will not ask for the digital authentication standard used by the U.S certificate again, the browser will automatically take Government. care of it. The user needs to be aware of the padlock icon in the bottom corner of the browser which • KEA - Key Exchange Algorithm, used for key indicates that a secure connection with SSL is taking exchange by the U. S Government. place. • MD5. Message - Digest algorithm developed by Recently, the simplicity of SSL has caused a vast Rivest. amount of new VPN (Virtual Private Network) products to use SSL as the communication protocol • RC2 and RC4 - Rivest encryption ciphers instead of the IPSec (IP Security) protocol. With IPSec developed for RSA Data Security special software is normally needed at the client and server side, careful and detailed configuration makes it • RSA - A public key-algorithm for both an inappropriate solution compared to SSL based encryption and authentication. Developed by VPN: s. Rivest, Shamir and Adleman 3.5 Vulnerabilities • RSA key exchange - A key-exchange algorithm for SSL based on RSA. SSL is not invulnerable. It has shown a vast number of flaws during the years. I will only name the • SHA-1- Secure Hash Algorithm, a hash function most serious ones implicating different used by the U.S Government. implementations of the SSL protocol. A paper from • SKIPJACK- A classified symmetric-key the security expert Bruce Schneier and David Wagner algorithm used by the U.S Government. [2] gives an analysis of the cryptographic strength of the SSL 3.0 protocol. A number of flaws in the • Triple-DES – DES applied three times. protocol are presented, but his conclusion is that it is a good improvement compared to the SSL 2.0 version. As we will see, other vulnerabilities were found and 3.3 Installation and Configuration exploited.