This material is related at the Security of SSL Service as HTTPS. I used it for my security class at E-government course on the Kookmin university in south Korea.

1. MITM(Man In The Middle) SSL
Proxy attacks on Web https
국민대학교 BIT 전자정부전공
석사과정 Y2015202 안재열
Jae Yeoul Ahn (Jay)

2. INDEX
• 선정이유 및 목적
• SSL/TLS 개요
• SSL 활용
• MITM 개요
• SSL 중간자 공격 원리
• 1) 리다이렉트
• 2) 인증서 위조
• 대응방안
• 사례
• Selected reason and purpose
• SSL/TLS Overview
• Use way of SSL
• MITM Overview
• SSL MITM Principles
• 1) Redirect
• 2) Counterfeit Certificate
• Countermeasures
• case

3. 선정이유 및 목적
Selected reason and purpose
• Almost Korean has one or more smart device.(Smart phone)
• They uses Web Services based on Internet by smart device.
• Web Service is working with HTTP protocol.
• Http has weak-point about security , So Https is coming up.
• Https is advised by Korea Communications Commission.
• But, Gartner has announced HTTPs is main target about Cyber
Attack’s 50%
• 한 사람당 한 개 이상의 스마트폰을 소유 및 사용하고 있다.
• 인터넷 기반의 웹서비스를 많이 이용한다.
• 웹서비스는 http 프로토콜을 사용한다.
• Http는 보안에 취약해, Https가 등장
• Https는 우리나라 방송통신위원회에서 권장기준
• 가트너가 내년(2017년) SSL이 사이버 공격의 50%의 주요 타겟

4. SSL/TLS ?
• (Secure Sockets Layer) SSL was developed by Netscape in 1993 for
secure communication between Web servers and browsers.
• This work at the session layer , it is used to guarantee the security of the
protocol of the FTP , Telnet , Http , including the application layer .
• Since SSL 3.0 standardized, after June 1996, IETF has been standardizing
the TLS protocol.
• SSL (Secure Sockets Layer)은 1993년 웹 서버와 브라우저간의 안전한 통신
을 위해 Netscape에서 개발했다.
• 세션계층에서 적용되며, 응용계층의 FTP, Telnet, Http등의 프로토콜의 안전
성 보장을 위해 사용된다.
• SSL 3.0이 표준화된 이후 IETF는 1996년 6월부터 TLS 프로토콜에 대한 표
준화 작업을 진행하였다.

5. SSL/TLS 동작위치 및 구성요소
SSL / TLS operating position , and components
동작위치
operating position
구성요소
components

6. SSL 동작 과정 (상태)
SSL operation of (state)
SSL은 예비(Pending)상태와 현재(Current)상태가 있다.
예비(Pending)상태는 데이터 암호화를 위한 준비하는 과정.
현재(Current)상태는 데이터 전송을 하는 과정.
There is two SSL‘s state.
One is Pending state for preparing data encryption.
Another is Current state for encrypting data and sending to sender and receiver.

7. SSL 예비상태
SSL Pending state
• SSL 예비상태의 동작은 handshake부터 시작
• handshake는 Full 방식과 Abbreviated 방식 두 가지가 있다.
• Full 방식은 세션수립부터, Abbreviated 방식은 클라이언트와 서버의 세션
이 유지되어 있을 경우 사용한다.
• SSL pending state is begin by handshake.
• There are two way of SSL Pending state as Full, Abbreviated.
• Full way is begin at first connection , Abbreviated is used
on already connecting client and server by session.

8. SSL Hand Shake - full

9. SSL Hand Shake – full : 1
Client sends Server Client Hello which are information about SSL version,
Cipher suite list, Client Random Number(32byte).
Cipher suite is List about that Client can support and use Symmetric
Cryptographic Technique, Public key Cryptographic Technique and Hash
algorithm.
클라이언트가 서버에게 Client Hello(SSL version, cipher suite list, Client Rando
m(32byte))을 보낸다.
Cipher suite list는 클라이언트가 지원하는 공개키, 대칭키, 해쉬 알고리즘의 목
록을 이야기한다.

10. SSL v3.0 cipher suite
RSA - Public key Cryptographic Technique
AES, DES - Symmetric Cryptographic Technique
SHA, MD5 - Hash

11. TLS 1.2 cipher suite
RSA - Public key Cryptographic Technique
AES, DES - Symmetric Cryptographic Technique
SHA, MD5 - Hash

12. SSL Hand Shake – full : 2
Server send Client Server Hello which are information about SSL version,
Cipher suite list, Client Random Number(32byte) chosen by Server.
※ In case of cross certification, Sever send client message about server
wants client’s certificate.

13. SSL Hand Shake - full
Client create Pre-master with SeverRandom from Server and Client.
After then, Client encrypt Pre-master by Server’s public key in Server’s
Certification and send server it.
※ In case of cross certification, Client send own Certificate

14. SSL Hand Shake - full
Server decrypts a encrypted premaster-secret by server’s private key.
And Client and Server create Master Secret with premaster-secret and cipher
suite info.
And then, Server send Client Finished Message.

15. SSL Hand Shake - full
[SSL]
master_secret =
MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random
+ ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_s
ecret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret
+ SHA('CCC' +
pre_master_secret + ClientHello.random +ServerHello.random));
[TLS]
PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + s
eed)

16. SSL state
After Sended Finish message, State chage Pending to Current.
In current state.
When Sender send receiver plain Data, Plain Data is Encrypted with Symmetric Key
which is Master-Secret By chipper suite’s Symmetric Cryptographic Technique
chosen at pending write state.

17. SSL 활용
Use way of SSL
I will focus and deal with Https with SSL.

18. MITM (Man in the Middle Attack)

19. Two Ways of HTTPS MITM
Redirect Counterfeit Certificate

20. ARP(Address Resolution Protocol)
- When Host A send Host B some message, (In this situation A only Knows B’s IP
address)
- First Host A check Own ARP cache Table in Network Adopter(OS) to check MAC
Address bound with IP address.
- Second, If there in not Mac address in ARP Table, ARP send All Computer
Message (ARP Request) about who is this IP address? in LAN.(Broadcast)
- Third Host B which has recieved A’s Message send Host A ARP Response
Message with B’s IP address and MAC address.
- Finally Host A update his ARP table and send B some message or data.

21. My ARP Table

22. ARP – Update
- When Host B’s Address is updated, B send All of computer updated information
as New Mac address by broadcast.
- So, Attacker uses this way.

23. ARP – Spoofing
- Attacker uses this way.
- Attacker send A update fake info (IP : Host B / Mac : Attacker)
- Attacker send B update fake info (IP : Host A / Mac : Attacker)

24. ARP – Spoofing
- So, Attacker can sniff and see information between A and B.

25. DNS (Domain Name Service)

26. DNS Table
• When I get on the
kmu.kookmin.ac.kr,
• First, Find record in my
DNS Table in PC.
• IF there is not info, get it
from DNS Server. And
update it.
• After find out IP, use ARP
Table and connect the
website.

27. DNS Attack
• Attacker change and update target sites ip on ARP
Table.
• If target site is located at outside(WAN), Client
have to pass through Gateway.
• Usually, almost web site is located at outside.
• So, Attacker change Gateway Mac Address in
Client ARP Table. Before Stilling a Client’s authority

28. Scenario
When We get on the internet.(facebook)
URI IP
Facebook.
com
123.
123
llll.Com 333.
ERPsys.kr 123.
123
DNS
Server
123.
123
IP MAC
123.12
3.0.1
Aacc
123.12
3.0.122
Bbb
123.12
3
Ab:ab
…. ….
ARP TableDNS Table
Facebook.com
Destination MAC
address
Source MAC
address
Destination IP
address
Source IP
address
Login infomation
GateWay
IP:111.111.111.111
MAC Aacc
DNS Server
123.123
Ab:ab

29. ARP Spoofing 을 이용한 Gateway 변조
게이트웨이 mac을 해커의 mac로 변경

30. Scenario
When We get on the internet.(facebook)
URI IP
Facebook.
com
123.
123
llll.com 333.
ERPsys.kr 111.
111
DNS
Server
111.
111
IP MAC
123.12
3.0.1
Hh:hh:
hh
123.12
3.0.122
Bbb
….. Abab
…. ….
ARP TableDNS Table
Facebook.com
Destination MAC
address
Source MAC
address
Destination IP
address
Source IP
address
Login infomation
GateWay
IP:111.111.111.111
MAC Aacc
Hacker‘s
IP:111.111.0.11~12
MAC hh:hh:Hh
DNS Server
123.123
Ab:ab
In
Side
Out
Side

31. ARP Spoofing – Gateway
Client’s ARP Table

32. ARP Spoofing - Gateway
Attacker’s Mac

33. ARP Spoofing - Gateway

34. ARP Spoofing – Gateway
Client Host Address is contaminated
Before….

35. Redirect
Redirect Attack induce to use Http and get on the fake login web.
So, Attacker can get a User’s ID, Password.
Attack will use a this account info to login target website and redirect.
User can not realize this.

36. Counterfeit Certificate
This way is that Attacker make a fake Certificate and give client this.
So, Attacker can get a User’s ID, Password. Attack will use a this account info to login
target website and redirect.

37. Countermeasures
• User
1. Check HTTPS. NO HTTP.
2. When you meet this, tell manger and don’t use or get
on this site.

38. Countermeasures
• Administrators
Administrators should check to see
unusual part of our ARP table, DNS cache.
- Check the network traffic to detect
malicious behavior .

39. Countermeasures

40. Countermeasures
• Web-Programmer
• When Developing Web-Site, use HSTS.
• HSTS (Http Strict Tansport Security) has been
defined in RFC-6797 , and was designated as a
standard in 2012 .
• The use of HSTS even if you enter the http address
in the browser, automatically to get on a page that
uses Https. (protecting from SSL-Strip attack.

41. Case - china
• Damage caused to the local level (Local city) in China in 2014
• August , SSL certificate error connecting to your Google page in the CERNET network , HTTPS
communication has changed from a TLSv2 TLSv1
• September 30 , Yahoo China page SSL MITM attacks
• October 2 to 6 , MS of cn.bing.com, login.live.com, outlook.com page SSL MITM attack , the DNS
part of the area being infected
• October 20 , Yahoo China page SSL MITM attacks
• October 21 , iCloud server SSL MITM attacks

42. Microsoft China – live.com

43. Left a real SSL certificate , Right is a fake SSL certificate
Microsoft China – live.com

44. China - Yahoo

45. China - Apple

46. France - Google
In 2013, France Government issues Fake digital certificate.
So Google blocked service. because they thinks it is incident and attack to our
service.
Also, Some People think that France Government tried to monitor user using
GoogleServiece.
But Fance Governments Say It is Just Human Error. We did not try monitoring.

47. Case - Korea
I can not find accident and Incident Korean case.
I guess, They don’t want to notify it.
So I can tell the interested case.
There is Smart Fridge in korea. This is can use
Google Mail with SSL.
But English White Hacker team find out SSL
week point at this fridge. and they success to
still G-mail account infomatin from fridge.

48. case – Our Lab

49. case – Our Lab

50. case – Our Lab

51. case – Our Lab
Only Dan zitta reported it to me.

52. THANKS. DO NOT ASK ME plz.