Session Layer Security

1
Session Layer Security

• Lecture 6
• Supakorn Kungpisdan
• supakorn_at_mut.ac.th

2
Roadmap

• Introduction
• SYN Attack
• Session Hijacking
• DNS Poisoning
• SSH Downgrade Attack
• Authentication Techniques and Attacks

3
Introduction

• Session layer provides a set of features that
  contributes to the reliability and usefulness of
  modern network communications
• Session Checkpoint
• Session Adjournment
• Session Termination
• Half- and Full-Duplex Operations

4
Session Checkpoint

• TCP acknowledgement (ACK) packets are regularly
  passed between hosts to identify the last packet
  that was received
• TCP delays the transmission of an ACK packet
  until either a timeout is reached or a number of
  packets equal to the TCP window size have been
  sent
• This delays increases the efficiency of the
  protocol and establishes checkpoints
• At any point, TCP can resume transmission from
  the previous checkpoint if a delivery failure
  occurs

5
Session Adjournment

• TCP sessions may be adjourned through setting the
  TCP window to 0 byte.
• This informs the sending host that no buffer is
  available to hold transmitted data and halts
  communications without losing the connection

6
Session Termination

• TCP provides a means for both graceful and
  immediate session terminations
• Graceful termination occur by setting a finish
  (FIN) flag that is subsequently acknowledged by
  the recipient
• Immediate termination occur by using packets with
  the reset (RST) flag set

Half- and Full-Duplex Operations

• While TCP operates at full duplex, the session
  layer allows for both full- and half-duplex
  operations

7
Attacking the Session Layer

• Rely primarily on abuses of the TCP and IP
  headers
• Several behavior designed into the TCP
  specification allow a wide variety of attacks
• In particular, TCP flags and Sequence and
  Acknowledgement numbers enable several methods of
  attack
• Newer attacks may focus on higher layer protocol
  like Session Description Protocol (SDP) and
  Session Initiation Protocol (SIP)

8
SYN Attack

• Using legitimate TCP functions permits attackers
  with a small number of hosts to conduct DoS,
  which can completely saturate the bandwidth of a
  corporation
• In TCP three-way handshake, a new source port is
  selected on the client host for each new
  connection that is opened to a particular port on
  a server
• The server has to allocate a number of resources
  to handle each connection
• A large number of hosts can use this to great
  effect when attacking a web site

9
SYN Attack (cont.)

• From an attackers perspective, this approach is
  less than ideal
• Creating multiple connections is extremely
  inefficient
• Every established connection consumes a lot of
  resources on the server and the attacking client
• This kind of attack is not anonymous
• Many servers limit the number of connections that
  they will accept from a single host

10
Performing SYN Attack

• Our goal is to consume resources on the victim
  server but not on the DoS client
• We want to avoid using any system calls to open
  network connections

11
SYN Attack with hping2

• Hping2 tool provides a simple means for producing
  crafted packets
• Executing a single SYN packet to port 6666 on the
  victim server
• hping c 1 p 6666 S 10.10.1.9
• In this case, we use the attacking machines IP
  as source IP

12
SYN Attack with hping2 (cont.)
Using real IP (196.254.34.6) as source will
immediately terminate SYNACK from target
(10.10.1.9)
13
SYN Attack with hping2 (cont.)

• However, the DoS client was stymied by attempts
  to circumvent its resource consumption
• Any TCP stack that meets an unsolicited SYN/ACK
  packet will respond with an RST
• The solution is to spoof a source IP address
• hping c 1 a 10.12.250.250 p 6666 S 10.1.1.9

Spoofed IP address
14
SYN Attack with hping2 (cont.)
Target keeps sending SYN/ACK to the spoofed
source until reaching timeout
15
SYN Attack with hping2 (cont.)

• The victim server attempts to reply to the
  non-existent host with SYN/ACK
• TCP tries to ensure reliable delivery and will
  continue to complete the handshake until timeout
• The DoS client can now produce packets as fast as
  it can spoof them, while at the same time the
  victim server attempts to complete handshakes in
  vain

16
Note on SYN Attack

• Careful selection of the spoofed IP is necessary
  to conduct a successful DoS attack
• The most successful method to ensure delivery of
  a spoofed packet is to select an unused IP on the
  same subnet as the attacking host

17
Reflective Attack

• A variation of SYN attack
• Launched by sending a large number of SYN packets
  to a web server but alters the source address so
  that it is to match the address of the victim
• The web server responds to the large number of
  SYN packets by issuing a flood of traffic back to
  the spoofed victims address

18
Session Hijacking

• Session hijacking works by taking advantage of
  the fact that most communications are protected
  (by providing credentials) at session setup, but
  not thereafter.
• These attacks generally fall into three
  categories
• Man-in-the-middle (MITM)
• Blind Hijacking
• Session Theft

Ref http//technet.microsoft.com/en-us/magazine/c
c160809(TechNet.10).aspx
19
MITM Attacks

• Attacker intercepts all communications between
  two hosts.
• With communications between a client and server
  now flowing through the attacker, he or she is
  free to modify their content.
• Protocols that rely on the exchange of public
  keys to protect communications are often the
  target of these types of attacks

20
Blind Hijacking

• An attacker injects data such as malicious
  commands into intercepted communications between
  two hosts commands like "net.exe localgroup
  administrators /add EvilAttacker".
• This is called blind hijacking because the
  attacker can only inject data into the
  communications stream, but cannot see the
  response to that data (such as "The command
  completed successfully.")
• Essentially, the blind hijack attacker is
  shooting data in the dark, but this method is
  still very effective

21
Session Theft Attacks

• Attacker neither intercepts nor injects data into
  existing communications between two hosts.
• Instead, the attacker creates new sessions or
  uses old ones.
• This type of session hijacking is most common at
  the application level, especially Web
  applications.

22
Hijacking A TCP Session
Session establishment
Data transfer
23
Hijacking A TCP Session (cont.)

• If the attacker wanted to inject data into the
  TCP session as the client, he or she would need
  to
• Spoof the client's IP address
• Determine the correct sequence number that is
  expected by the server from the client
• Inject data into the session before the client
  sends its next packet
• To achieve the third, the attacker could just
  send the data to inject and hope it is received
  before the real client does
• Or, the attacker could perform a DoS attack on
  the client, or use ARP spoofing

24
Blind Injection
When the client receives the ACK packet, it will
be confused, either because it did not send any
data or because the next expected sequence is
incorrect.
25
Hijacking A TCP Session (cont.)

• Maybe the attacker can send something "nice" like
  "mv which emacs /vmunix shutdown r now" and
  not just a single character)
• This confusion can cause a TCP ACK storm, which
  can disrupt a network
• Attackers can automate the session hijacking
  process with tools such as Juggernaut, Hunt, and
  Ettercap

26
Hijacking A UDP Session

• Attackers do not have to worry about the overhead
  of managing sequence numbers and other TCP
  mechanisms.
• Since UDP is connectionless, injecting data into
  a session without being detected is extremely easy

DNS queries, online games like the Quake series
and Half-Life, and peer-to-peer sessions are
common protocols that work over UDP all are
popular targets for this kind of session hijacking
27
Determining Susceptibility

• One way to check if your network is vulnerable to
  session hijacking is to hijack actual network
  sessions using common attacker tools e.g.
  Juggernaut or Hunt (now Ettercap)
• Alternatively, try to find out if using transport
  protocols that do not use cryptographic
  protection
• Protocols such as Telnet and FTP are extremely
  susceptible to hijacking when not protected
  inside encrypted tunnels
• Countermeasure is to use SSL, SSH, and IPSec

28
Tricks and Techniques

• TCP ACK Storm
• ARP Table Modification
• TCP Resynchronizing
• Remotely Modifying Routing Table

29
TCP ACK Packet Storm
As the attacker injects more and more data, the
size of the ACK storm increases and can quickly
degrade network performance.
If neither the attacker nor the client explicitly
closes the session, the storm will likely stop
itself eventually when ACK packets are lost in
the storm.
30
ARP Table Modification
Finding owner of MAC address
Spoofed reply
31
ARP Table Modification (cont.)
Stopping TCP ACK Storm
32
TCP Resynchronizing

• To hide his/her tracks, an attacker who is
  finished session hijacking might want to
  resynchronize the communicating hosts.
• The problem is that, after the attack, the two
  hosts whose session was hijacked will be at
  different points in the session.
• In other words, each host will be expecting
  different sequence numbers.
• For example, server might think that it is 40
  bytes into the session when the client might have
  sent only 29 bytes.

33
TCP Resynchronizing (cont.)

• Since sequence numbers move in only a positive
  direction, it's not possible to manipulate the
  server so that its expected sequence number moves
  downward to match the client's sequence number.
• Tools like Hunt try to solve this problem by
  sending a message to the client
• msg from root power failure try to type 13
  chars

34
Remotely Modifying Routing Table

• Attacker who wants to hijack a session wants to
  route all communications between a client and
  server through him or her making it easy to
  monitor, modify, and inject data into the
  session, as in MITM attacks.
• Attacker modifies the routing table of the host
  is to forge ICMP Redirect (type 5) packets and
  advertise them as the route to take when sending
  data.
• To protect Windows hosts from forged ICMP
  redirect, set the EnableICMPRedirect value to 0
  under the registry key HKLM\System\CurrentControlS
  et\Services\AFD\Parameters

35
DNS Poisoning

• A more common example of session hijacking is DNS
  poisoning
• DNS poisoning allows you to convince a DNS server
  that a hostname resolves to an arbitrary IP

36
DNS Resolution
Client does not query the canonical nameserver
because of the efficiency provided by caching at
the local nameserver
4
3
5
6
1
2
37
DNS Poisoning (cont.)
Attackers nameserver
4
3
6
7
5
Spoofed web server
1
2
37
NETE4630
38
DNS Poisoning (cont.)

• Implementing DNS poisoning is difficult
• Each DNS query contains a 2-byte identification
  field that allows responses to be matched to
  queries
• An attacker has a 1 in 65,536 (216) chance of
  guessing the correct identification value
• Normally an attacker needs to sniff the
  identification number of the query in order to
  successfully spoof a response

39
DNS Poisoning with Ettercap
1
3
2
40
DNS Poisoning with Ettercap (cont.)
4
5
41
DNS Poisoning with Ettercap (cont.)
6
8
7
42
DNS Poisoning with Ettercap (cont.)
Ettercap.dns
9
10
43
SSL Spoofing with Ettercap
44
SSH Downgrade Attack

• SSH is the most famous example of a downgrade
  attack where the attacker forces the client and
  the server to use the insecure SSH1 protocol.
• The client sends a request to establish a SSH
  link to the server and asks it for the version it
  supports
• The server answers either with
• ssh-2.xx The server supports only SSH2
• ssh-1.99 The server supports SSH1 and SSH2
• ssh-1.51 The server supports only SSH1
• This attack occurs at the server that supports
  both SSH1 and SSH2

Ref http//openmaniak.com/ettercap_filter.php
45
SSH Downgrade Attack (cont.)
46
SSH Downgrade Attack (cont.)
47
SSH Downgrade Attack with ettercap

• Configure SSH server to support SSH1 and SSH2
• apt-get install openssh-server
• vim /etc/ssh/sshd_config
• Protocol 1, 2
• 2. Create a SSH1 key pair
• ssh-keygen t rsa1 f /etc/ssh/ssh_host_key N
  
• 3. Add the key path into sshd_config file
• HostKey /etc/ssh/ssh_host_key
• 4. Try to telnet to server to check if it has
  SSH1
• Trying server_ip_address...Connected to
  server_ip_address.Escape character is
  ''.SSH-1.99-OpenSSH_4.6p1 Debian-5ubuntu0.1

48
Clients PuTTY Screen
Version 2 is preferred but not restricted
49
Ettercap Filter
50
SSH Downgrade Attack Filter
/usr/share/ettercap/ettercap.filter.ssh
51
Compiling the Filter
52
Loading the Compiled Filter
53
SSH Downgrade Attack Result
54
Avoiding SSH Downgrade Attack

• Never use SSH1 on both server and client
• At /etc/ssh/sshd_config file
• Protocol 2
• telnet server_ip_address 22
• Trying server_ip_address
• Connected to server_ip_Address.
• Escape character is .
• SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.1

55
Avoiding SSH Downgrade Attack (cont.)
SSH Client
56
Authentication

• Two main categories of authentication
• Synchronous and asynchronous authentication
  protocols
• Synchronous authentication protocols provide
  credentials at the start of the authentication
  process
• Asynchronous authentication involves a
  challenge-response model

57
Password Authentication Protocol

• Password Authentication Protocol (PAP) is one of
  the least secure authentication protocol
• Password and username are sent in cleartext to
  the authentication server after a connection has
  been established.
• Some systems revert to PAP if they cannot agree
  on any other authentication protocol.
• Both entities will try to negotiate and agree
  upon the most secure method of authentication
• Start with EAP, CHAP, then PAP

58
Challenge Handshake Authentication Protocol
59
NT Lan Manager v1 (NTLMv1)
8-byte random number
Enter password
Compare hash value
R1, R2
60
NTLMv1 (cont.)

• User password and challenge are used to calculate
  LANMAN hash and MD4 hash
• C 8-byte random challenge
• Hash1 MD4(password)
• K1, K2, K3 Hash1, 5-byte-0s
• R1 DES(K1, C), DES(K2, C), DES(K3, C)
• Hash2 LM-hash(password)
• K4, K5, K6 Hash2, 5-byte-0s
• R2 DES(K4, C), DES(K5, C), DES(K6, C)
• Client sends R1, R2 as a response to the server

61
LM challenge/response
uppercase(password1..7)
as KEY
magic word
LM_hash1..8
DES
uppercase(password8..14)
as KEY
magic word
LM_hash9..16
DES
LM_hash17..21
00
00
00
00
00
magic word is KGS!_at_
Urity_at_SecurityFriday.com, Cracking NTMLv2
Authentication
62
LM challenge/response (cont.)
LM_hash1..7
as KEY
challenge code
DES
LM_response1..8
LM_hash8..14
as KEY
challenge code
LM_response9..16
DES
00
00
00
00
00
LM_hash15..21
as KEY
DES
LM_response17..24
challenge code
Urity_at_SecurityFriday.com, Cracking NTMLv2
Authentication
63
NTLM 2 Authentication
unicode(password)
MD4
as KEY
unicode( uppercase(account name) domain_or_hostna
me)
HMAC_MD5
as KEY
NTLMv2 Response
server_challenge client_challenge
HMAC_MD5
Urity_at_SecurityFriday.com, Cracking NTMLv2
Authentication
64
LM, NTLMv1, NTLMv2
LM NTLMv1 NTLMv2
Password case sensitive No Yes Yes
Hash key length 56bit 56bit - -
Password hash algorithm DES (ECB mode) MD4 MD4
Hash value length 64bit 64bit 128bit 128bit
C/R key length 56bit 56bit 16bit 56bit 56bit 16bit 128bit
C/R algorithm DES (ECB mode) DES (ECB mode) HMAC_MD5
C/R value length 64bit 64bit 64bit 64bit 64bit 64bit 128bit
Urity_at_SecurityFriday.com, Cracking NTMLv2
Authentication
65
Authenticating with Kerberos

• Default authentication mechanism used by Windows
  2000, XP, and 2003 hosts when part of an active
  directory
• Strong protocol, relying on a central server
  (normally Active Directory Controller) to grant
  access privileges to systems
• The main weakness of Kerberos is that all
  authentication tokens have a lifespan
• Any network using Kerberos must synchronize
  clocks on all systems using a protocol e.g.
  Network Time Protocol (NTP)

66
Attacks Against Password Hashes

• Brute Force Attack
• Iterate through every possible input and hashes
  it, comparing the output with the hash value
• Guaranteed to crack the hash if run long enough
• Dictionary Attack
• Iterate through possible passwords and common
  substitutions of these words
• Not guaranteed to produce results
• E.g. John The Ripper (or John The Ripper Pro for
  Commercial version) available at
  http//www.openwall.com/john/

67
Attacks Against Password Hashes (cont.)

• Rainbow Table Attack
• Compute every hash ahead of time, allowing the
  attacker to check his/her database of hashes just
  for one he/she is trying to crack
• Several tools can be used for password cracking
  including windows password in SAM, LM, NTLM
  password hashes
• Rainbow Crack, Ophcrack, John the Ripper, Cain
  and Abel
• Rainbow Crack can be used to crack LM, MD5,
  Office hashes

68
Rainbow Table
69
Rainbow Table (cont.)
70
Cracking LM Password with Rainbow Crack

• Dump password hashes using samdump, pwdump,
  fgdump
• Install Rainbow Crack
• Before cracking the password, generate the
  rainbow table first
• LM Configuration0 6
• Sort the rainbow table using rtsort command
• Crack the password using rcrack command

Ref http//www.ethicalhacker.net/content/view/94/
24/
71
Password Hashes from pwdump

• testuser1""0F20048EFC645D0A179B4D5D6690BDF31120
  ACB74670C7DD46F1D3F5038A5CE8
• remote""E52CAC67419A9A224A3B108F3FA6CB6D8846F7E
  AEE8FB117AD06BDD830B7586C
• joeuser""E52CAC67419A9A224A3B108F3FA6CB6D8846F7
  EAEE8FB117AD06BDD830B7586C
• averageguy""299CCF964D9A359BAAD3B435B51404EEA5C
  07214487C87B584E8877DE72DCA0B
• harderpass""B75838F7A57EE67993E28745B8BF4BA6EC5
  0F8A8149C93EF45AECB8AF96658E6
• demouser""261A6631FE44BA4993E28745B8BF4BA6371D5
  760453C1B000BCC016F8E23A83C
• randy""98B5AFEB67293D6AAAD3B435B51404EEA9F34664
  151F6360757B31644F37E025
• Asmith""E165F0192EF85EBBAAD3B435B51404EEE4EBE0E
  7EF708DC9FD240135D3D43D89

72
Generating Rainbow Table

• To generate other configuration, use rtgen
  command
• rtgen lm alpha-numeric 1 7 0 2400 40000000
  all rtgen lm alpha-numeric 1 7 1 2400 40000000
  all rtgen lm alpha-numeric 1 7 2 2400 40000000
  all rtgen lm alpha-numeric 1 7 3 2400 40000000
  all rtgen lm alpha-numeric 1 7 4 2400 40000000
  all

73
Generating Rainbow Table (cont.)

• 1 and 7 are our plaintext ranges.  So we want
  passwords from A to ZZZZZZZ. 
• If we had put plaintext length range "4-6",
  "AAAA" and "ZZZZZZ" would be among the key space
• 0, 1, 2, 3, 4 are table numbers
• 2400 is chain length. Chain length increases the
  success rate per table but does not increase
  table size. 
• It computes more hashes per chain but also takes
  longer to create and search the tab
• 8000000 is chain count of each rainbow table. 
• Chain count is simply how many chains you want
  per table.  Increasing this value produces larger
  files with higher success rates, but the overall
  computation time isnt affected.

74
Rainbow Table Configuration
75
Generating Rainbow Table with Winrtgen

• Winrtgen (now in Cain and Abel) is a graphical
  Rainbow Tables Generator that supports LM,
  FastLM, NTLM, LMCHALL, HalfLMCHALL, NTLMCHALL,
  MSCACHE, MD2, MD4, MD5, SHA1, RIPEMD160,
  MySQL323, MySQLSHA1, CiscoPIX, ORACLE, SHA-2
  (256), SHA-2 (384) and SHA-2 (512) hashes.
• Winrtgen can generate only rainbow table
  configuration0

76
Generating Rainbow Table with Winrtgen (cont.)
Generating 1 configuration0 table takes 2 days
on P3 1GHz machine
77
Generating Rainbow Table with Winrtgen (cont.)
Generating 5 configuration0 tables take 12 days
on P3 1GHz machine
78
Generating Rainbow Table (cont.)

• 128,000,000 bytes    lm_alpha1-7_0_2100x8000000_a
  ll.rt
• 128,000,000 bytes    lm_alpha1-7_1_2100x8000000_a
  ll.rt
• 128,000,000 bytes    lm_alpha1-7_2_2100x8000000_a
  ll.rt
• 128,000,000 bytes    lm_alpha1-7_3_2100x8000000_a
  ll.rt
• 128,000,000 bytes    lm_alpha1-7_4_2100x8000000_a
  ll.rt
• Sort the rainbow table
• rtsort lm_alpha1-7_0_2100x8000000_all.rt
• rtsort lm_alpha1-7_1_2100x8000000_all.rt
• rtsort lm_alpha1-7_2_2100x8000000_all.rt
• rtsort lm_alpha1-7_3_2100x8000000_all.rt
• rtsort lm_alpha1-7_4_2100x8000000_all.rt

79
Cracking the Password

• C\rainbowcrack-1.2-win\rainbowcrack-1.2-wingtrcrac
  k
• RainbowCrack 1.2 - Making a Faster Cryptanalytic
  Time-Memory Trade-Off
• by Zhu Shuanglei lt shuanglei_at_hotmail.com This
  e-mail address is being protected from spam bots,
  you need JavaScript enabled to view it gt
• http//www.antsight.com/zsl/rainbowcrack/
• usage rcrack rainbow_table_pathname -h hash
•        rcrack rainbow_table_pathname -l
  hash_list_file
•        rcrack rainbow_table_pathname -f
  pwdump_file
• rainbow_table_pathname pathname of the rainbow
  table(s), wildchar(, ?) supported
• -h hash             use raw hash as input
• -l hash_list_file   use hash list file as input,
  each hash in a line
• -f pwdump_file      use pwdump file as input,
  this will handle LAN Manager  hash only
•  
• example rcrack .rt -h 5d41402abc4b2a76b9719d9110
  17c592
•          rcrack .rt -l hash.txt
•          rcrack .rt -f hash.txt

80
Cracking the Password (cont.)

• rcrack c\rainbowcrack\.rt -f pwdumpfile.txt
• rcrack c\rainbowcrack\.rt -l justhashlist.txt
• rcrack  c\rainbowcrack\.rt h
  213D466DB5B288F0F82E44EC0938F4F4
• Where pwdumpfile.txt is the results of using a
  hash dumping utility like pwdump2, pwdump3,
  samdump, etc to dump the LAN Manager's passwords.
  
• If your password consists of only letters only,
  rcrack should be able to crack it with a success
  rate of  99.9.

81
Cracking the Password (cont.)
82
Cracking the Password (cont.)

• 26 of our 41 hashes found in about 12 minutes. 
• Also notice that the hash for the password
  password is the same because there is no
  salting with the LAN Manager hashing algorithm.

83
Protecting yourself against RainbowCrack attacks
and other password attacks

• Limiting physical access
• Continue to force the use of special characters
• Use ALT-XXX characters in your passwords
• Keep up with updates
• Use Pass phrases
• Use Multi-factor authentication
• Password Policy
• Use NTLM or NTLMv2

84
Limiting Physical Access

• One common attack if you have physical access to
  a machine is to use a bootable Linux distro to
  simply boot into Linux and grab the SAM file off
  the windows partition. 
• IronGeek wrote a good tutorial on this method and
  even has a video you can watch.  You can get it
  here http//www.irongeek.com/i.php?pagesecurity/
  localsamcrack2. 
• Another interesting tool released by Eeye is
  SysRQ2 http//research.eeye.com/html/tools/RT2006
  0801-8.html.
• SysRq is a bootable CD image that allows a user
  to open a fully privileged (SYSTEM) command
  prompt on Windows 2000, Windows XP, and Windows
  Server 2003 systems by pressing CtrlShiftSysRq
  at any time after startup.

85
Continue to force the use of special characters

• Rainbow tables can rip thru a LM password with
  any type of special character it still takes a
  large amount of time (1-2 years) to generate
  them 
• In LC4 we go from 9-11 hours to brute force
  alpha-numeric password to 91 days to brute force
  passwords with the possibility of all special
  characters (not including ALT-XXX passwords).

86
Use ALT-XXX characters in your passwords

• ALT characters are produced by holding down the
  ALT key and pressing a three or four digit number
  sequence on your keypad. 
• Most password crackers cannot crack passwords
  with ALT characters. 
• Most ALT characters also have the added benefit
  that passwords that have ALT characters in them
  cannot be stored as LM hashes.
• It causes password hashes to disappear

87
ALT-XXX Characters
88
Use Passphrases

• Easiest and simplest way to protect you network
  from password cracking. 
• Use of pass phrases that are greater than 14
  characters AND use special characters you can
  protect yourself from all but the determined
  attackers. 
• If your network is Windows 2000 and above you
  have a maximum length of 127 characters on your
  password/pass phrase so skys the limit. 
• A pass phrase like This is my Stupid Pass
  Phrase! is long enough to be stored as NTLM or
  NTLMv2, has Uppercase, Lowercase, Spaces, and
  Special Characters, and is easy to remember. 
• This is a much more secure password than even
  _at_w3cjdBeumDr. 

89
Question?

• Next week
• Presentation Layer Security