SlideShare a Scribd company logo

TLS Secures the Web

Download as PPTX, PDF
E
ereddick

A story of learning from failures.

Technology
1 of 100
Transport Layer Security A story of recovering from failures Anwar Reddick September 2018
Sometime between 100 BC and 44 BC
Some dude named Gaius … DWWDFN! ATTACK! DWWDFN? Huh? was an early cryptography pioneer G. Julius Mr Spy Mr General
crypt = secret graphy = to write cryptography = The art of secret writing
Caesar’s cipher: A shift cipher Encryption A D T W T W A D C F Decryption D A W T W T D A F C shift fwd shift rev Key Key 3 3 Encryption Decryption
This worked for a little while, but ... DWWDFN! ATTACK! DWWDFN? Huh? too easyG. Julius Mr Spy Mr General Zeke
Fast forward a few centuries
Crypto done poorly Mary QoS 1586 Alan T. U-Boat 1942
Getting better at crypto A cipher is “strong” until the smartest minds in the world can get “close” to breaking it. 1945 Claude S. “A Mathematical Theory of Cryptography” aka “Starting point of modern crypto” All practical ciphers are “breakable”. Contains foundations of mathematical cryptanalysis. We can obtain mathematical proofs of certain levels of cryptographic security.
Meanwhile ...
First message on the ARPANET 1969 Charley K. “L”“O” CRASH!
First message on the ARPANET 1969 Charley K. “L” “O” Crash!
Inter-networking 1983 Vint C. Khan!
Inter-networking 1983 Vint C. Khan!
Inter-networking 1983 Vint C. Bob K. TCP / IP v1 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
Inter-networking 1983 Vint C. Bob K. TCP / IP v2 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
Inter-networking 1983 Vint C. Bob K. TCP / IP v3 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
Inter-networking 1983 Vint C. Bob K. TCP / IP v4 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this! … still used today
The Internet!
The Internet!
Whoa, with the Internet, other computers are handling my data. How can I send secrets?
Crypto getting better 1977 Data Encryption Standard
Crypto getting better 1977 Data Encryption “STANDARD” The first openly published and standardized encryption cipher. A symmetric block cipher.
Symmetric Cryptography Same Key. genkey() = K senc(K, M) = C sdec(K, C) = M DES: - 56 bit key - Block size: 64 bits FAST!
Block Cipher Mode: Electronic Code Book
Houston ... original w/ ECB w/ mode w/ better randomness
Cipher Block Chaining: Better than ECB
Simple and sweet Alice Bob C = senc(K, M) K K M = sdec(K, C)
What if someone in the middle changes my message in transit?
Enter the cryptographic hash function One Way Function. Arbitrary length input; fixed length output. hash(M1) = digest1 hash(M2) = digest2 Hard to convert digest1 to M1. Hard to find My that has the same digest of a Mx. (collision) “Work horse of modern crypto” FAST!
Foundational work done in the 1970s by Ralph Merkle (more on him later), et. al. You’ll see Ronald Rivest’s name pop up again as well.
Keyed-Hash Message Authentication Code (HMAC) Provides integrity and authenticity HMAC(M, K) = hash(M + K) (it’s actually a bit more complicated but that’s the gist) If recipient of M + HMAC(M, K) has K, then: Recipient can verify that M was not modified in transit.
MAC then Encrypt. One type of attempt at providing integrity. Alice Bob C = senc(K, M + hmac(K, M)) K K Bob: M’ + x = sdec(K, C) x == hmac(K, M’)? If true: then M’ is legit
How can two remote parties securely share a key?
Diffie-Hellman (and Merkle) Key Exchange 1976 Whitfield D. Martin H. Ralph M.
Diffie-Hellman (and Merkle) Key Exchange 1976 Whitfield D. Martin H. Ralph M. Asymmetric Cryptography!
Discrete logarithms w/ very large numbers is computationally infeasible Alice Bob p, g a b x = (g^a)mod p y = (g^b)mod p K = (y^a) mod p K = (g^(ab)) mod p K = (x^b) mod p K = (g^(ab)) mod p 4 3 23, 5 c = senc(K, M) 4 10 18 18
How does Alice know if she’s communicating with Bob, or an imposter?
Enter … public key crypto 1976 Ron R. Adi S. Leonard A. Discrete logarithms is hard. You know what else is hard? FACTORING LARGE NUMBERS INTO PRIMES! R-S-A!
(Asymmetric) Public Key Cryptography DIFFERENT Keys. genkeypair() = (Kpr, Kpb) penc(Kpb, M1) = C1 pdec(Kpr, C1) = M1 penc(Kpr, M2) = C2 pdec(Kpb, C2) = M2 RSA: - 2048 bit private key (common) SLOW!
public key crypto for confidentiality Alice Bob C = penc(KpbB, M) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Bob: M = pdec(KprB, C) Trusted Source Only Bob can decrypt, b/c only he has his private key!
What about integrity and authenticity with public key crypto?
Digital Signatures Alice Bob C = penc(KpbB, M) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Bob: M’ = pdec(KprB, C) Trusted Source DS = penc(KprA, hash(M)) digest’ = pdec(KpbA, DS) hash(M’) == digest’ ? DS: A (rudimentary) “Digital Signature”
The first digital signature standard Taher E. 19941984 Elgamal Digital Signature Scheme
The first digital signature standard Taher E. 19941984 Elgamal Digital Signature Scheme He’ll be back!
But public key crypto is SLOW!
Public key + symmetric key encryption Alice Bob C = senc(K, M + hmac(K, M)) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Trusted Source CK = penc(KpbB, K) K = genkey() DS = penc(KprA, hash(K)) Message integrity Message integrity Message integrity Not so slow since payloads are small Fast for large m
We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right?
We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES!
We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
Meanwhile ...
It’s Worldwide. It’s a Web Tim B-L This Internet thing is great! Could it support a system of ... 1989 … documents interconnected w/ hyperlinks? It would be public to everyone. It would be worldwide. It would resemble a spider web!
A couple of guys who didn’t ever do anything Tim B-L Vint C.
Meanwhile ...
Early growth of web browsers 1990 Tim B-L
Early growth of web browsers 1990 Tim B-L
Early growth of web browsers 1990 Tim B-L 1993 Marc A.
Early growth of web browsers 1990 Tim B-L 1993 Marc A.
Early growth of web browsers 1990 Tim B-L 1993 1994 Marc A.
Early growth of web browsers 1990 Tim B-L 1993 1994 Marc A.
Birth of the Secure Sockets Layer Protocol 1995 Taher E. He’s back!
Birth of the Secure Sockets Layer Protocol 1995 Taher E. The Web is being used more and more everyday by individuals. Corporations and governments have the resources and know-how to protect their data on the Internet. Individuals’ data are being sent in PLAINTEXT! We can use all that crypto from the previous slides for ... Chief Scientist
Let’s take a moment ...
The end-to-end principle 1981 Dumb DumbSmart Taher E. 1995 Put the security here
Transport Layer Security 1999 Standards body Internet Engineering Task Force converts SSL to a standard called Transport Layer Security.
Goals of SSL/TLS Some of them anyway ● Honor the end-to-end principle ● Confidentiality ● Integrity ● Server authentication Later goals: ● Client authentication ● Forward secrecy
SSL / TLS versions Protocol Published Notes SSL 1.0 never Immediately deemed too insecure. SSL 2.0 1995 IETF prohibition in 2011. SSL 3.0 1996 IETF prohibition in June 2015. TLS 1.0 1999 “SSL 3.1”. Standardized by the IETF. Supports downgrade to SSL 3.0. Deprecated by PCI in June 2018. TLS 1.1 2006 Added protections against CBC vulnerabilities. TLS 1.2 2008 Prohibits downgrade to SSL. Mandates use of improved hash functions. Supports enhanced encryption modes. TLS 1.3 2018 Mandates forward secrecy. Prohibits non-AEAD cipher suites.
An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established Instead of just one symmetric key, the hosts will continually generate new keys.
An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
Remember? Alice Bob (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Trusted Source What does this “Trusted Source” look like?
X.509 Certificates Name: Bob Public Key: 2k3f98j2f92fjjf2903 … Signature: vmew90v33 … Signed By: Cert Auth X Name: Cert Auth X Public Key: 9d3md9s … Signature: 1kd09nf … Signed By: self Certificate of Certificate Authority aka “trusted third party” Certificate Recipient Certificate Trusted CAs are pre- configured in browsers and are kept up-to-date over time.
Server Authentication Client Server Hello, I’d like to talk Here’s my signed certificate (+ integrity info) Cipher Suite Agreement Verify signed by trusted party. Verify name. Verify integrity + signature. Standard default is: Name == domain name
Mutual Authentication Client Server Hello, I’d like to talk Here’s my signed certificate (w/ integrity). Give me yours. Cipher Suite Agreement Verify name. Here’s my signed certificate (w/ integrity). Verity name. Verify integrity + signature. Verify integrity + signature. Verify signature is by trusted party. Verify signature is by trusted party..
Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 Key exchange with RSA. RSA provides authentication. Key agreement with Diffie- Hellman. Authentication with DSS/DSA. Key agreement with Diffie- Hellman. Anonymous: no authentication.
Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 No encryption: No confidentiality. Confidentiality encryption with Triple- DES using the CBC mode. EDE means “encrypt-decrypt-encrypt”. Confidentiality encryption with RC4 with 128 bit keys.
Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 MD5 as the hash function used in HMAC integrity protection. SHA-1 as the hash function used in HMAC integrity protection. MD5 as the hash function used in HMAC integrity protection.
Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 Don’t use NULL encryption. 3DES in TLS rendered “weak” by CVE- 2016-2183 aka “Sweet32”. RC4 prohibited by IETF in Feb 2015. Also, you probably want server authentication and not anonymity.
Well what ciphers can I use? How can I keep up?
Qualys Scanner
testssl.sh
Mozilla Modern
Mozilla Intermediate
Somebody mentioned something called “forward secrecy”.
A Problem with RSA Key Exchange Client Server TCP handshake. Authentication. Cipher suite agreement. Let’s use this symmetric key for fast encryption Traffic encrypted using symmetric key(s) derived from C. (KprS, KpbS) C = penc(KpbS, genkey()) KpbS Mr Spy Captures trafficCaptures traffic Later, steals KprS. Later, with kprS, Spy can decrypt the symmetric key(s), and read ALL the data.
We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
A Problem with RSA Key Exchange Client Server TCP handshake. Authentication. Traffic encrypted using symmetric key(s) derived from c. “Ephemeral” Diffie-Hellman Key Agreement, and remainder of cipher suite agreement. Mr Spy Captures trafficCaptures traffic Later, steals KprS. W/o the private DH values, Spy cannot recover the encryption keys (KprS, KpbS)KpbS Discard DH values and symmetric keys Discard DH values and symmetric keys
RIP 1028 bit RSA Certificates Killed by CA/Browser Forum because 768 bit certs have been broken and this was next. 1988 - 2013
RIP Secure Sockets Layer Killed by IETF. Replaced by TLS. 1995 - 2015
RIP RC4 Cipher Killed by IETF. In TLS 1995 - 2015
RIP SHA-1 Certificates Killed by CA/Browser Forum. Replaced by SHA-2. 1988 - 2017
RIP Cipher Block Chaining Mode Killed by IETF in TLS 1.3. Replaced by AEAD. In TLS 1995 - 2018
RIP Plaintext HTTP Killed by Chrome 68. 1990 - 2018
RIP Symantec Certificates Killed by Chrome and Firefox in response to apparent certificate mismanagement. ? - 2018
To end on an interesting note ...
RIP This Presentation Killed by time constraints and/or audience boredom. Replaced by Q&A and/or mass exodus. 2018 - 2018

Recommended

Cryptography its history application and beyond
Cryptography its history application and beyondCryptography its history application and beyond
Cryptography its history application and beyondkinleay
 
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...MichaelOLeary82
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3Siddhartha Rao
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainAltoros
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservicesThomas Graf
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Entendendo o Ciclo de Desenvolvimento Seguro
Entendendo o Ciclo de Desenvolvimento SeguroEntendendo o Ciclo de Desenvolvimento Seguro
Entendendo o Ciclo de Desenvolvimento SeguroKleitor Franklint Correa Araujo
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 

Recommended

Cryptography its history application and beyond
Cryptography its history application and beyondCryptography its history application and beyond
Cryptography its history application and beyondkinleay
 
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...MichaelOLeary82
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3Siddhartha Rao
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainA Zero-Knowledge Proof: Improving Privacy on a Blockchain
A Zero-Knowledge Proof: Improving Privacy on a BlockchainAltoros
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservicesThomas Graf
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Entendendo o Ciclo de Desenvolvimento Seguro
Entendendo o Ciclo de Desenvolvimento SeguroEntendendo o Ciclo de Desenvolvimento Seguro
Entendendo o Ciclo de Desenvolvimento SeguroKleitor Franklint Correa Araujo
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Mohamed Loey
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRoberto Franchini
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesDevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesVagner Rodrigues Fernandes
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Cryptography
CryptographyCryptography
CryptographyNiharjyoti Sarangi
 
알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기Byeong Yeong Jeong
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakHitachi, Ltd. OSS Solution Center.
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demoOpsta
 
Securing application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsBinu Ramakrishnan
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
Openssl
OpensslOpenssl
Opensslpsychesnet Hsieh
 
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020OW2
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리HANSUK KIM
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460kicknit123
 
network security
network security network security
network security SayantanRoy14
 

More Related Content

What's hot

Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Mohamed Loey
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRoberto Franchini
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesDevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesVagner Rodrigues Fernandes
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기Byeong Yeong Jeong
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakHitachi, Ltd. OSS Solution Center.
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demoOpsta
 
Securing application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsBinu Ramakrishnan
 
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020OW2
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNIJisc
 
비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리HANSUK KIM
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyNiek Timmers
 

What's hot (20)

Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo Mesh
 
Ssl https
Ssl httpsSsl https
Ssl https
 
Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2Computer Security Lecture 3: Classical Encryption Techniques 2
Computer Security Lecture 3: Classical Encryption Techniques 2
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
 
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de VulnerabilidadesDevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
DevSecOps - CI/CD com Pentest e Análise de Vulnerabilidades
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Cryptography
CryptographyCryptography
Cryptography
 
알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기알아두면 유용한 데이터 암호화 이야기
알아두면 유용한 데이터 암호화 이야기
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demo
 
Securing application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environments
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
Openssl
OpensslOpenssl
Openssl
 
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
Nextcloud Open Source Collaborative Cloud Platform, OW2online, June2020
 
DoH, DoT and ESNI
DoH, DoT and ESNIDoH, DoT and ESNI
DoH, DoT and ESNI
 
비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리비트코인과 블록체인 핵심개념정리
비트코인과 블록체인 핵심개념정리
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 

Similar to TLS Secures the Web

Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)NYversity
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)neonaveen
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developersKai Koenig
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryptionfaffyman
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
Cryptography
CryptographyCryptography
Cryptographymilanmath
 

Similar to TLS Secures the Web (20)

1329 n 9460
1329 n 94601329 n 9460
1329 n 9460
 
network security
network security network security
network security
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
Computer network (3)
Computer network (3)Computer network (3)
Computer network (3)
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
13
1313
13
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
Introduction to encryption
Introduction to encryptionIntroduction to encryption
Introduction to encryption
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)
 
Internet security
Internet securityInternet security
Internet security
 
Cryptography
CryptographyCryptography
Cryptography
 
security
securitysecurity
security
 
b
bb
b
 
Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]Chapter8 nov 29_05[one.]
Chapter8 nov 29_05[one.]
 

Recently uploaded

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

TLS Secures the Web

  • 1. Transport Layer Security A story of recovering from failures Anwar Reddick September 2018
  • 3. Some dude named Gaius … DWWDFN! ATTACK! DWWDFN? Huh? was an early cryptography pioneer G. Julius Mr Spy Mr General
  • 4. crypt = secret graphy = to write cryptography = The art of secret writing
  • 5. Caesar’s cipher: A shift cipher Encryption A D T W T W A D C F Decryption D A W T W T D A F C shift fwd shift rev Key Key 3 3 Encryption Decryption
  • 6. This worked for a little while, but ... DWWDFN! ATTACK! DWWDFN? Huh? too easyG. Julius Mr Spy Mr General Zeke
  • 7. Fast forward a few centuries
  • 8. Crypto done poorly Mary QoS 1586 Alan T. U-Boat 1942
  • 9. Getting better at crypto A cipher is “strong” until the smartest minds in the world can get “close” to breaking it. 1945 Claude S. “A Mathematical Theory of Cryptography” aka “Starting point of modern crypto” All practical ciphers are “breakable”. Contains foundations of mathematical cryptanalysis. We can obtain mathematical proofs of certain levels of cryptographic security.
  • 11. First message on the ARPANET 1969 Charley K. “L”“O” CRASH!
  • 12. First message on the ARPANET 1969 Charley K. “L” “O” Crash!
  • 15. Inter-networking 1983 Vint C. Bob K. TCP / IP v1 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
  • 16. Inter-networking 1983 Vint C. Bob K. TCP / IP v2 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
  • 17. Inter-networking 1983 Vint C. Bob K. TCP / IP v3 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this!
  • 18. Inter-networking 1983 Vint C. Bob K. TCP / IP v4 Yo, our network works! Yeah, but multiple networks would be ... Mo betta! Let’s do this! … still used today
  • 21. Whoa, with the Internet, other computers are handling my data. How can I send secrets?
  • 22. Crypto getting better 1977 Data Encryption Standard
  • 23. Crypto getting better 1977 Data Encryption “STANDARD” The first openly published and standardized encryption cipher. A symmetric block cipher.
  • 24. Symmetric Cryptography Same Key. genkey() = K senc(K, M) = C sdec(K, C) = M DES: - 56 bit key - Block size: 64 bits FAST!
  • 25. Block Cipher Mode: Electronic Code Book
  • 26. Houston ... original w/ ECB w/ mode w/ better randomness
  • 27. Cipher Block Chaining: Better than ECB
  • 28. Simple and sweet Alice Bob C = senc(K, M) K K M = sdec(K, C)
  • 29. What if someone in the middle changes my message in transit?
  • 30. Enter the cryptographic hash function One Way Function. Arbitrary length input; fixed length output. hash(M1) = digest1 hash(M2) = digest2 Hard to convert digest1 to M1. Hard to find My that has the same digest of a Mx. (collision) “Work horse of modern crypto” FAST!
  • 31. Foundational work done in the 1970s by Ralph Merkle (more on him later), et. al. You’ll see Ronald Rivest’s name pop up again as well.
  • 32. Keyed-Hash Message Authentication Code (HMAC) Provides integrity and authenticity HMAC(M, K) = hash(M + K) (it’s actually a bit more complicated but that’s the gist) If recipient of M + HMAC(M, K) has K, then: Recipient can verify that M was not modified in transit.
  • 33. MAC then Encrypt. One type of attempt at providing integrity. Alice Bob C = senc(K, M + hmac(K, M)) K K Bob: M’ + x = sdec(K, C) x == hmac(K, M’)? If true: then M’ is legit
  • 34. How can two remote parties securely share a key?
  • 35. Diffie-Hellman (and Merkle) Key Exchange 1976 Whitfield D. Martin H. Ralph M.
  • 36. Diffie-Hellman (and Merkle) Key Exchange 1976 Whitfield D. Martin H. Ralph M. Asymmetric Cryptography!
  • 37. Discrete logarithms w/ very large numbers is computationally infeasible Alice Bob p, g a b x = (g^a)mod p y = (g^b)mod p K = (y^a) mod p K = (g^(ab)) mod p K = (x^b) mod p K = (g^(ab)) mod p 4 3 23, 5 c = senc(K, M) 4 10 18 18
  • 38. How does Alice know if she’s communicating with Bob, or an imposter?
  • 39. Enter … public key crypto 1976 Ron R. Adi S. Leonard A. Discrete logarithms is hard. You know what else is hard? FACTORING LARGE NUMBERS INTO PRIMES! R-S-A!
  • 40. (Asymmetric) Public Key Cryptography DIFFERENT Keys. genkeypair() = (Kpr, Kpb) penc(Kpb, M1) = C1 pdec(Kpr, C1) = M1 penc(Kpr, M2) = C2 pdec(Kpb, C2) = M2 RSA: - 2048 bit private key (common) SLOW!
  • 41. public key crypto for confidentiality Alice Bob C = penc(KpbB, M) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Bob: M = pdec(KprB, C) Trusted Source Only Bob can decrypt, b/c only he has his private key!
  • 42. What about integrity and authenticity with public key crypto?
  • 43. Digital Signatures Alice Bob C = penc(KpbB, M) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Bob: M’ = pdec(KprB, C) Trusted Source DS = penc(KprA, hash(M)) digest’ = pdec(KpbA, DS) hash(M’) == digest’ ? DS: A (rudimentary) “Digital Signature”
  • 44. The first digital signature standard Taher E. 19941984 Elgamal Digital Signature Scheme
  • 45. The first digital signature standard Taher E. 19941984 Elgamal Digital Signature Scheme He’ll be back!
  • 46. But public key crypto is SLOW!
  • 47. Public key + symmetric key encryption Alice Bob C = senc(K, M + hmac(K, M)) (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Trusted Source CK = penc(KpbB, K) K = genkey() DS = penc(KprA, hash(K)) Message integrity Message integrity Message integrity Not so slow since payloads are small Fast for large m
  • 48. We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right?
  • 49. We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES!
  • 50. We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
  • 52. It’s Worldwide. It’s a Web Tim B-L This Internet thing is great! Could it support a system of ... 1989 … documents interconnected w/ hyperlinks? It would be public to everyone. It would be worldwide. It would resemble a spider web!
  • 53. A couple of guys who didn’t ever do anything Tim B-L Vint C.
  • 55. Early growth of web browsers 1990 Tim B-L
  • 56. Early growth of web browsers 1990 Tim B-L
  • 57. Early growth of web browsers 1990 Tim B-L 1993 Marc A.
  • 58. Early growth of web browsers 1990 Tim B-L 1993 Marc A.
  • 59. Early growth of web browsers 1990 Tim B-L 1993 1994 Marc A.
  • 60. Early growth of web browsers 1990 Tim B-L 1993 1994 Marc A.
  • 61. Birth of the Secure Sockets Layer Protocol 1995 Taher E. He’s back!
  • 62. Birth of the Secure Sockets Layer Protocol 1995 Taher E. The Web is being used more and more everyday by individuals. Corporations and governments have the resources and know-how to protect their data on the Internet. Individuals’ data are being sent in PLAINTEXT! We can use all that crypto from the previous slides for ... Chief Scientist
  • 63. Let’s take a moment ...
  • 64. The end-to-end principle 1981 Dumb DumbSmart Taher E. 1995 Put the security here
  • 65. Transport Layer Security 1999 Standards body Internet Engineering Task Force converts SSL to a standard called Transport Layer Security.
  • 66. Goals of SSL/TLS Some of them anyway ● Honor the end-to-end principle ● Confidentiality ● Integrity ● Server authentication Later goals: ● Client authentication ● Forward secrecy
  • 67. SSL / TLS versions Protocol Published Notes SSL 1.0 never Immediately deemed too insecure. SSL 2.0 1995 IETF prohibition in 2011. SSL 3.0 1996 IETF prohibition in June 2015. TLS 1.0 1999 “SSL 3.1”. Standardized by the IETF. Supports downgrade to SSL 3.0. Deprecated by PCI in June 2018. TLS 1.1 2006 Added protections against CBC vulnerabilities. TLS 1.2 2008 Prohibits downgrade to SSL. Mandates use of improved hash functions. Supports enhanced encryption modes. TLS 1.3 2018 Mandates forward secrecy. Prohibits non-AEAD cipher suites.
  • 68. An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established Instead of just one symmetric key, the hosts will continually generate new keys.
  • 69. An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
  • 70. An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
  • 71. An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
  • 72. An Overview of the TLS Protocol TCP Handshake Client Server Server Authentication Optional Client Authentication Cipher Suite Agreement Secure Tunnel Established
  • 73. Remember? Alice Bob (KprA, KpbA), KpbB KpbA, (KprB, KpbB) Trusted Source What does this “Trusted Source” look like?
  • 74. X.509 Certificates Name: Bob Public Key: 2k3f98j2f92fjjf2903 … Signature: vmew90v33 … Signed By: Cert Auth X Name: Cert Auth X Public Key: 9d3md9s … Signature: 1kd09nf … Signed By: self Certificate of Certificate Authority aka “trusted third party” Certificate Recipient Certificate Trusted CAs are pre- configured in browsers and are kept up-to-date over time.
  • 75. Server Authentication Client Server Hello, I’d like to talk Here’s my signed certificate (+ integrity info) Cipher Suite Agreement Verify signed by trusted party. Verify name. Verify integrity + signature. Standard default is: Name == domain name
  • 76. Mutual Authentication Client Server Hello, I’d like to talk Here’s my signed certificate (w/ integrity). Give me yours. Cipher Suite Agreement Verify name. Here’s my signed certificate (w/ integrity). Verity name. Verify integrity + signature. Verify integrity + signature. Verify signature is by trusted party. Verify signature is by trusted party..
  • 77. Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 Key exchange with RSA. RSA provides authentication. Key agreement with Diffie- Hellman. Authentication with DSS/DSA. Key agreement with Diffie- Hellman. Anonymous: no authentication.
  • 78. Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 No encryption: No confidentiality. Confidentiality encryption with Triple- DES using the CBC mode. EDE means “encrypt-decrypt-encrypt”. Confidentiality encryption with RC4 with 128 bit keys.
  • 79. Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 MD5 as the hash function used in HMAC integrity protection. SHA-1 as the hash function used in HMAC integrity protection. MD5 as the hash function used in HMAC integrity protection.
  • 80. Cipher Suites Per Wikipedia: TLS_RSA_WITH_NULL_MD5 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 Don’t use NULL encryption. 3DES in TLS rendered “weak” by CVE- 2016-2183 aka “Sweet32”. RC4 prohibited by IETF in Feb 2015. Also, you probably want server authentication and not anonymity.
  • 81. Well what ciphers can I use? How can I keep up?
  • 87. A Problem with RSA Key Exchange Client Server TCP handshake. Authentication. Cipher suite agreement. Let’s use this symmetric key for fast encryption Traffic encrypted using symmetric key(s) derived from C. (KprS, KpbS) C = penc(KpbS, genkey()) KpbS Mr Spy Captures trafficCaptures traffic Later, steals KprS. Later, with kprS, Spy can decrypt the symmetric key(s), and read ALL the data.
  • 88. We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
  • 89. We can also use public key crypto to authenticate a Diffie- Hellman key exchange, right? YES! (not shown)
  • 90. A Problem with RSA Key Exchange Client Server TCP handshake. Authentication. Traffic encrypted using symmetric key(s) derived from c. “Ephemeral” Diffie-Hellman Key Agreement, and remainder of cipher suite agreement. Mr Spy Captures trafficCaptures traffic Later, steals KprS. W/o the private DH values, Spy cannot recover the encryption keys (KprS, KpbS)KpbS Discard DH values and symmetric keys Discard DH values and symmetric keys
  • 91.
  • 92. RIP 1028 bit RSA Certificates Killed by CA/Browser Forum because 768 bit certs have been broken and this was next. 1988 - 2013
  • 93. RIP Secure Sockets Layer Killed by IETF. Replaced by TLS. 1995 - 2015
  • 94. RIP RC4 Cipher Killed by IETF. In TLS 1995 - 2015
  • 96. RIP Cipher Block Chaining Mode Killed by IETF in TLS 1.3. Replaced by AEAD. In TLS 1995 - 2018
  • 97. RIP Plaintext HTTP Killed by Chrome 68. 1990 - 2018
  • 98. RIP Symantec Certificates Killed by Chrome and Firefox in response to apparent certificate mismanagement. ? - 2018
  • 99. To end on an interesting note ...
  • 100. RIP This Presentation Killed by time constraints and/or audience boredom. Replaced by Q&A and/or mass exodus. 2018 - 2018