Web security (Spoofing - PowerPoint PPT Presentation

About This Presentation

Title:

Web security (Spoofing

Description:

Web security (Spoofing & TLS & DNS) Ge Zhang Web surfing URL spoofing Hyperlinks in malicious emails and web pages www.paypa1.com v.s. www.paypal.com What web is ... – PowerPoint PPT presentation

Number of Views:180

Avg rating:3.0/5.0

Slides: 34

Provided by: csKauSec

Category:

more less

Transcript and Presenter's Notes

Title: Web security (Spoofing

1
Web security (Spoofing TLS DNS)

Ge Zhang

2
Web surfing
3
Web security

Does your request go to the right server?
How do you trust the Internet?

4
URL spoofing

Hyperlinks in malicious emails and web pages
www.paypa1.com v.s. www.paypal.com
What web is referred by this link?
http//www.kau.se_at_0x82EE0716/index.php
Dotless IP address
http//130.238.7.22
http//0x82EE0716/
http//www.kau.se_at_0x82EE0716/
http//www.kau.se_at_0x82EE0716/index.php

5
Have you ever noticed these?
6
X.509 certificate

Based on public key cryptography and digital
signatures
CA certification authority

7
Verification

Others can use the CAs public key to verify the
signature

8
Validating a Certificate

Metaphor (1)
CA Karlstad university
Certificate owner the students (who get their
master degree)
Verifier employers
Metaphor (2)
CA1 Swedish Ministry of Education
CA2 Karlstad University

9
Validating a Certificate

Must recognize accepted CA in certificate chain
One CA may issue certificate for another CA
Must verify that certificate has not been revoked
CA publishes Certificate Revocation List (CRL)
Self-signed certificate?

10
Man-in-the-middle attacks (by malicious
intermediaries)

Read the content of HTTP traffics
Your password (even hashed?)
Modify the content of HTTP traffics
Transfer money from your account to the attacker.

11
Brief History of SSL/TLS

SSLv2
Released in 1995 with Netscape 1.1
Key generation algorithm kept secret
Reverse engineered broken by Wagner Goldberg
SSLv3
Fixed and improved, released in 1996
Public design process
TLS IETFs version the current standard

12
SSL/TLS Overview

Establish a session (handshake layer)
Agree on algorithms
Share secrets
Perform authentication
Transfer application data (record layer)
Ensure confidentiality and integrity

13
SSL Architecture
SSL Change Cipher Spec. Protocol
SSL Alert Protocol
SSL Handshake Protocol
HTTP, etc.
SSL Record Protocol
TCP
IP

Record Protocol Message encryption/authentication
Handshake P. Identity authentication key
exchange
Alert P. Error notification (cryptographic or
otherwise)
Change Cipher P. Activate the pending crypto
suite

14
SSL Handshake Protocol

Two parties client and server
Negotiate version of the protocol and the set of
cryptographic algorithms to be used
Interoperability between different
implementations of the protocol
Authenticate client and server (optional)
Use digital certificates to learn each others
public keys and verify each others identity
Use public keys to establish a shared secret

15
Handshake Protocol (1)

Client_hello version, random, session id, cipher
suite, compression method
Server_hello version, random, session id, cipher
suite, compression method

16
Handshake Protocol (2)

Certificate X.509 certificate chain
Server_key_exchange parameters, signature
Certificate_request type, authorities
Server_hello_done null

17
Handshake Protocol (3)

Certificate X.509 certificate chain
Client_key_exchange parameters, signature
Certificate_verify signature

18
Handshake Protocol (4)

Change_cipher_spec a single message, which
consists of a single byte with value 1.
Finished hash value

19
SSL Encryption

Master secret
Generated by both parties from premaster secret
and random values generated by both client and
server
Key material
Generated from the master secret and shared
random values
Encryption keys
Extracted from the key material

20
SSL Record Protocol
21
Alerts and Closure

Alert the other side of exceptions
Unexpected message
Bad record mac
Handshake failure
Illegal parameter
Bad certificate
2 levels
Warning
fatal

22
SSL Overhead

2-10 times slower than a TCP session
Where do we lose time
Handshake phase
Calculating the key materials
Data Transfer phase
Symmetric key encryption

23
TLS/SSL Applications

HTTP -gt HTTPS
Telnet -gt SSH
FTP -gt SFTP
SIP -gt SIPS
Resources http//www.openssl.org/related/apps.ht
ml

24
Homework

Visit a web site with HTTPS
Use wireshark to capture the traffics
Read the parsed traffics, especially pay
attention on the handshake protocol.

25
The Domain Name System

A database implemented by many name servers (NS)
Distributed
Replicated
Hierarchical

26
Authoritative Servers

Authoritative DNS servers
An organizations DNS servers, providing
authoritative information for organizations
servers
Can be maintained by organization or service
provider

27
DNS Query and Response
Cache www.kau.se A 193.10.226.10
www.kau.se A?
Root DNS Server
www.kau.se A 193.10.226.10
local DNS Server
End-user
se DNS Server
www.kau.se A?
www.kau.se A 193.10.226.10
www.kau.se A 193.10.226.10
kau.se DNS Server
28
DNS Vulnerabilities

No authentication.
DNS_response.ID DNS_request.ID ? (16 bit
length)
DNS_response.dport DNS_request.dport?
Significance DNS is widely used in
Web
VoIP
Email

29
A Simple DNS Attack
Easy to observe UDP DNS query sent to well known
server on well known port.
www.seb.se A?
Root DNS Server
www.seb.se A 129.178.89.80
Users Laptop
local DNS Server
www.seb.se A attacker_IP
se DNS Server
Attackers Laptop
First response wins. Second response is silently
dropped on the floor.
seb.se DNS Server
30
A cache poisoning Attack
Cached a bad record www.seb.se A attacker_IP
www.seb.se A?
Users Laptop
www.seb.se A attacker_IP
local DNS Server
seb.se DNS Server
Attacker
31
A More Complex Attack
Response www.attacker.com A
128.9.128.127 attacker.com NS
ns.attacker.com attacker.com NS
www.seb.se ns.attacker.com A
128.9.128.2 www.seb.se A
128.9.128.127
kau Caching Server
www.seb.se 128.9.128.127
ns.attacker.com
Query www.attacker.com
Query www.seb.se
Any kau Computer
Remote attacker
32
Question