1
Back Doors in SSL/TLS
Team members Akshay veerayyagari Jaya Surya Dondapati Avinash Yeluri
George Mason University ECE646 2 CONTENTS
Attacks on SSL/TLS
Evaluation criteria
Server security levels
Experiment
Conclusion
George Mason University ECE646 3 CATEGORIZING ATTACKS ON SSL/TLS
Attacks on the SSL/TLS Handshake Protocol.
Attacks on the SSL/TLS Record and Application
Data Protocols.
Attacks on the SSL/TLS Public Key Infrastructure.
Various other attacks.
George Mason University ECE646 4 TIMELINE OF ATTACKS
George Mason University ECE646 5 EVALUATION CRITERIA FOR COMPARISON
Required intruder’s knowledge Type of attack Dependence of version Time of attack Countermeasures Probability of reoccurrence Severity of attack Limitations of the attacker
George Mason University ECE646 6 COMPARISON
CRIME Lucky13
Required By leveraging Pre-implementation intruder’s property of of man in the knowledge compression middle attack in to functions, and intercept the noting how the encrypted packets. length of the compressed data changes.
George Mason University ECE646
7 CRIME Lucky13
Dependence of The latest versions of all TLS 1.1, TLS 1.2 version browsers will not offer compression in SSL. HTTP response compression, is not vulnerable.
Severity of the Only the client is Only the client is attack effected. The clients effected. The sensitive information is encrypted data is obtained. leaked.
George Mason University ECE646 8
CRIME Lucky13
Limitations The attacker must be •The attacker should of the the man in the middle be in the same attacker and he must also network. control the plaintext. The attack is based on the repetitive guess work.
Type of Active Active attack
George Mason University ECE646 9
CRIME Lucky13
Counter measures Upgrade to the most Abandonment of recent version. CBC-mode Disable compression encryption if your web software eliminates this allows you to do it. flaw in TLS.
Probability of The vulnerable Dependence on CBC-mode. reoccurrence clients will thus be restricted to those using older clients.
George Mason University ECE646 10
George Mason University ECE646 11 EVALUATING SERVER SECURITY LEVELS
Inspection of certificates to verify that it is valid and trusted.
We inspect server configuration in three categories:
• Protocol support • Key exchange support • Cipher support
George Mason University ECE646 12 CERTIFICATE INSPECTION
Server certificate is often the weakest point of an SSL server configuration.
A certificate that is not trusted fails to prevent man-in- the-middle (MITM) attacks and renders SSL effectively useless.
A certificate that is incorrect in some other way erodes trust and, in the long term, jeopardizes the security of the internet as a whole.
George Mason University ECE646 13 CIPHER SUPPORT
A cipher suite is a collection of symmetric and asymmetric encryption algorithms. These are used to protection, encryption and generate signatures. The structure for cipher suite
George Mason University ECE646 Before POODLE
14
After POODLE
George Mason University ECE646
15 Forward Secrecy Specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised.
OCSP Stapling When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. Using OCSP, only one record is retrieved at a time.
George Mason University ECE646
16 EXPERIMENT: Cain & Abel
George Mason University ECE646 17
George Mason University ECE646 18 CONCLUSION
Any new attack occurred is always a modified form of one or more previous attacks.
Most of the attacks are directed at specific cryptographic algorithms and every new attack occurring is mostly based on those specific cryptographic algorithms.
At the time of analyzing the present server security the majority of the servers and modern browsers still support SSL version 3.0 despite it being vulnerable to attacks. It is time to phase out SSL version 3.0 and to implement TLS version 1.2.
SSL ~ “Intercept Today, Decrypt Tomorrow.”
George Mason University ECE646 19
THANK YOU
George Mason University ECE646