Web security (Spoofing - PowerPoint PPT Presentation

About This Presentation
Title:

Web security (Spoofing

Description:

Web security (Spoofing & TLS & DNS) Ge Zhang Web surfing URL spoofing Hyperlinks in malicious emails and web pages www.paypa1.com v.s. www.paypal.com What web is ... – PowerPoint PPT presentation

Number of Views:195
Avg rating:3.0/5.0
Slides: 34
Provided by: csKauSec
Category:
Tags: security | spoofing | web

less

Transcript and Presenter's Notes

Title: Web security (Spoofing


1
Web security (Spoofing TLS DNS)
  • Ge Zhang

2
Web surfing
3
Web security
  • Does your request go to the right server?
  • How do you trust the Internet?

4
URL spoofing
  • Hyperlinks in malicious emails and web pages
  • www.paypa1.com v.s. www.paypal.com
  • What web is referred by this link?
    http//www.kau.se_at_0x82EE0716/index.php
  • Dotless IP address
  • http//130.238.7.22
  • http//0x82EE0716/
  • http//www.kau.se_at_0x82EE0716/
  • http//www.kau.se_at_0x82EE0716/index.php

5
Have you ever noticed these?
6
X.509 certificate
  • Based on public key cryptography and digital
    signatures
  • CA certification authority

7
Verification
  • Others can use the CAs public key to verify the
    signature

8
Validating a Certificate
  • Metaphor (1)
  • CA Karlstad university
  • Certificate owner the students (who get their
    master degree)
  • Verifier employers
  • Metaphor (2)
  • CA1 Swedish Ministry of Education
  • CA2 Karlstad University

9
Validating a Certificate
  • Must recognize accepted CA in certificate chain
  • One CA may issue certificate for another CA
  • Must verify that certificate has not been revoked
  • CA publishes Certificate Revocation List (CRL)
  • Self-signed certificate?

10
Man-in-the-middle attacks (by malicious
intermediaries)
  • Read the content of HTTP traffics
  • Your password (even hashed?)
  • Modify the content of HTTP traffics
  • Transfer money from your account to the attacker.

11
Brief History of SSL/TLS
  • SSLv2
  • Released in 1995 with Netscape 1.1
  • Key generation algorithm kept secret
  • Reverse engineered broken by Wagner Goldberg
  • SSLv3
  • Fixed and improved, released in 1996
  • Public design process
  • TLS IETFs version the current standard

12
SSL/TLS Overview
  • Establish a session (handshake layer)
  • Agree on algorithms
  • Share secrets
  • Perform authentication
  • Transfer application data (record layer)
  • Ensure confidentiality and integrity

13
SSL Architecture
SSL Change Cipher Spec. Protocol
SSL Alert Protocol
SSL Handshake Protocol
HTTP, etc.
SSL Record Protocol
TCP
IP
  • Record Protocol Message encryption/authentication
  • Handshake P. Identity authentication key
    exchange
  • Alert P. Error notification (cryptographic or
    otherwise)
  • Change Cipher P. Activate the pending crypto
    suite

14
SSL Handshake Protocol
  • Two parties client and server
  • Negotiate version of the protocol and the set of
    cryptographic algorithms to be used
  • Interoperability between different
    implementations of the protocol
  • Authenticate client and server (optional)
  • Use digital certificates to learn each others
    public keys and verify each others identity
  • Use public keys to establish a shared secret

15
Handshake Protocol (1)
  • Client_hello version, random, session id, cipher
    suite, compression method
  • Server_hello version, random, session id, cipher
    suite, compression method

16
Handshake Protocol (2)
  • Certificate X.509 certificate chain
  • Server_key_exchange parameters, signature
  • Certificate_request type, authorities
  • Server_hello_done null

17
Handshake Protocol (3)
  • Certificate X.509 certificate chain
  • Client_key_exchange parameters, signature
  • Certificate_verify signature

18
Handshake Protocol (4)
  • Change_cipher_spec a single message, which
    consists of a single byte with value 1.
  • Finished hash value

19
SSL Encryption
  • Master secret
  • Generated by both parties from premaster secret
    and random values generated by both client and
    server
  • Key material
  • Generated from the master secret and shared
    random values
  • Encryption keys
  • Extracted from the key material

20
SSL Record Protocol
21
Alerts and Closure
  • Alert the other side of exceptions
  • Unexpected message
  • Bad record mac
  • Handshake failure
  • Illegal parameter
  • Bad certificate
  • 2 levels
  • Warning
  • fatal

22
SSL Overhead
  • 2-10 times slower than a TCP session
  • Where do we lose time
  • Handshake phase
  • Calculating the key materials
  • Data Transfer phase
  • Symmetric key encryption

23
TLS/SSL Applications
  • HTTP -gt HTTPS
  • Telnet -gt SSH
  • FTP -gt SFTP
  • SIP -gt SIPS
  • Resources http//www.openssl.org/related/apps.ht
    ml

24
Homework
  • Visit a web site with HTTPS
  • Use wireshark to capture the traffics
  • Read the parsed traffics, especially pay
    attention on the handshake protocol.

25
The Domain Name System
  • A database implemented by many name servers (NS)
  • Distributed
  • Replicated
  • Hierarchical

26
Authoritative Servers
  • Authoritative DNS servers
  • An organizations DNS servers, providing
    authoritative information for organizations
    servers
  • Can be maintained by organization or service
    provider

27
DNS Query and Response
Cache www.kau.se A 193.10.226.10
www.kau.se A?
Root DNS Server
www.kau.se A 193.10.226.10
local DNS Server
End-user
se DNS Server
www.kau.se A?
www.kau.se A 193.10.226.10
www.kau.se A 193.10.226.10
kau.se DNS Server
28
DNS Vulnerabilities
  • No authentication.
  • DNS_response.ID DNS_request.ID ? (16 bit
    length)
  • DNS_response.dport DNS_request.dport?
  • Significance DNS is widely used in
  • Web
  • VoIP
  • Email

29
A Simple DNS Attack
Easy to observe UDP DNS query sent to well known
server on well known port.
www.seb.se A?
Root DNS Server
www.seb.se A 129.178.89.80
Users Laptop
local DNS Server
www.seb.se A attacker_IP
se DNS Server
Attackers Laptop
First response wins. Second response is silently
dropped on the floor.
seb.se DNS Server
30
A cache poisoning Attack
Cached a bad record www.seb.se A attacker_IP
www.seb.se A?
Users Laptop
www.seb.se A attacker_IP
local DNS Server
seb.se DNS Server
Attacker
31
A More Complex Attack
Response www.attacker.com A
128.9.128.127 attacker.com NS
ns.attacker.com attacker.com NS
www.seb.se ns.attacker.com A
128.9.128.2 www.seb.se A
128.9.128.127
kau Caching Server
www.seb.se 128.9.128.127
ns.attacker.com
Query www.attacker.com
Query www.seb.se
Any kau Computer
Remote attacker
32
Question
  • Is SSL/TLS useful to counteract these DNS
    attacks? Why?
  • Homewrok
  • Read RFC 2535 about DNSSec
  • http//www.faqs.org/rfcs/rfc2535.html

33
Key points
  • URL spoofing dotless IP address
  • X.509 certificate
  • Certificate chains
  • SSL/TLS
  • Handshake protocol
  • Alert protocol
  • Record protocol
  • Change cipher spec protocol
  • The overhead caused by SSL/TLS
  • DNS architecture
  • DNS cache poisoning
Write a Comment
User Comments (0)
About PowerShow.com