SlideShare a Scribd company logo
CNIT 141


Cryptography for Computer Networks
13. TLS
Updated 12-8-21
Topics
• Target Applications and Requirements


• The TLS Protocol Suite


• TLS 1.3 Improvements Over TLS 1.2


• The Strengths of TLS Security


• How Things Can Go Wrong
TLS
• Protects communications at layer 4


• Can carry any type of content


• Email, Web traffic, mobile apps, ...


• Machine-to-machine comms for IoT
TLS Vulnerabilities
• TLS grew too big and bloated


• Many attacks


• Heartbleed


• BEAST


• CRIME


• POODLE
TLS 1.3
• Overhaul of protocol


• Removed unnecessary features


• Replaced old algorithms


• Simpler, faster, and more secure
Target Applications and
Requirements
Secure Channel
• TLS ensures that data is confidential,
authenticated, and unmodified


• Prevents MiTM attacks


• By authenticating servers with trusted
Certificate Authorities
Four Requirements
• Efficient


• Minimizing CPU load compared to unencrypted
comms


• Interoperable


• Work on any hardware or OS


• Extensible


• Support additional features & algorithms


• Versatile


• Not bound to any specific application
The TLS Protocol Suite
Transport Layer
• TLS is not in the transport
layer


• It's above layer 4,
adding security to it


• Can run over TCP or UDP


• UDP version is called
DTLS


• Datagram Transport
Layer Security
History
• SSL: began in 1995, from Netscape


• SSL 2.0 and SSL 3.0 had security flaws


• Should no longer be used


• TLS


• TLS 1.0 (1999): least secure


• TLS 1.1 (2006): better but contains weak
algorithms
TLS 1.2
• From 2008


• Better than previous versions


• Complex and hard to configure


• Supports AES-CBC, vulnerable to padding
oracle attacks


• Inherited dozens of features and design
choices from earlier versions


• TLS 1.3 is a major overhaul and improvement
TLS in a Nutshell
• Record protocol


• Data encapsulation


• Handshake protocol


• Key agreement
TLS Handshake
• From Cloudflare (link Ch 13a)
Hello
• ClientHello


• Lists ciphers available


• ServerHello


• Selects a cipher to use
ClientHello
ServerHello
Certificates and


Certificate Authorities (CA)
• Server uses a certificate to authenticate itself


• Verified by a CA


• CA's public keys hard-coded into browsers


• Trusted third party
Certificate
Certificate Chain
Record Protocol
Zero Padding
• Adds zeroes to plaintext for short messages


• Mitigates traffic analysis


• Deducing contents from message size
TLS 1.3 Cryptographic
Algorithms
• Three types of algorithms are used


• Authenticated encryption


• Key derivation function


• Hash function that derives secret keys
from a shared secret


• A Diffie-Hellman operation
Authenticated Ciphers
• TLS 1.3 supports only three algorithms


• AES-GCM


• AES-CCM


• Slightly less efficient than AES-GCM


• ChaCha20 stream cipher


• Combined with Poly1305 MAC


• Secret key can be 128 or 256 bits


• Unsafe 64-bit or 80-bit keys not allowed
Key Derivation Function


(KDF)
• HKDF, based on HMAC


• Uses SHA-256 or SHA-384
Diffie-Hellman


Two Options
• Elliptic Curve


• With three NIST curves, or


• Curve25519, or Curve448


• Group of integers modulo a prime number


• Traditional Diffie-Hellman


• 2048 - 8192 bits


• Security of 2048-bit group is weak link


• Less than 100 bits
TLS 1.3 Improvements
Over TLS 1.2
Removed Weak
Algorithms
• MD5, SHA-1


• RC4, AES-CBC


• MAC-then-Encrypt alorithms


• Like HMAC-SHA-1


• Replaces with authenticated ciphers


• More efficient and secure
Removed Insecure
Feature
• Optional data compression


• Enabled the CRIME attack


• Length of the compressed message
leaked information about contents
New Features
• That make TLS 1.3 more secure


• Downgrade protection


• Single round-trip handshake


• Session resumption
Downgrade Attack
• MiTM attacker modifies ClientHello
I want 

TLS 1.3
Sending

ServerHello

for TLS 1.1
Send her

TLS 1.1

instead
Downgrade Protection
• To prevent this, 8 bytes in the ServerHello
denote the TLS version


• They are cryptographically signed so the
MiTM can't change them


• The client can check them to see what TLS
version is being provided
Single Round-Trip
Handshake
• In TLS 1.2


• Client sends some data, waits for response


• Client sends more data, waits for response


• TLS 1.3 combines it all into one round-trip


• Saves time
Session Resumption
• Leverages the pre-shared key exchanged in a
previous session


• To bootstrap a new session


• Two benefits


• Client can start encrypting immediately


• No need for certificates
The Strengths of TLS
Security
Authentication
• TLS 1.3 handshake authenticates the server
with a certificate and CA


• Client is not authenticated, but can
authenticate after the TLS handshake with:


• Username & password in a TLS record


• Secure cookie over TLS


• A client certificate (rarely used)
Forward Secrecy
• TLS 1.3 provides forward secrecy in both a
data leak and a breach


• If an attacker can steal a client's RAM


• Exposes keys and secrets for the current
session


• And any old sessions still stored in RAM


• Solution: use Secure Strings
• Provided by Microsoft


• Since 2005 in .NET 2.0


• Link Ch 13b
How Things Can Go
Wrong
Compromised CA
• Happened in 2011 to DigiNotar


• CA's private key compromised


• Attacker created fake certificates for Google
services
Compromised Client
• Attacker who controls client can


• Capture session keys


• Read decrypted data


• Or install a rogue CA certificate
Bugs in Implementation
• Heartbleed


• Leaked secrets from HTTPS servers in 2014
Improving TLS
• SSL Labs TLS test


• Lets you test any site's certificate


• Or a browser's TLS configuration


• Let's Encrypt


• Free TLS certificates for everyone
CNIT 141 13. TLS
CNIT 141 13. TLS
CNIT 141 13. TLS
CNIT 141 13. TLS

More Related Content

What's hot

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Florian Roth
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
SHAAMILIVARSAGV
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz
 
CNIT 126 11. Malware Behavior
CNIT 126 11. Malware BehaviorCNIT 126 11. Malware Behavior
CNIT 126 11. Malware Behavior
Sam Bowne
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 

What's hot (20)

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
 
CNIT 126 11. Malware Behavior
CNIT 126 11. Malware BehaviorCNIT 126 11. Malware Behavior
CNIT 126 11. Malware Behavior
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 

Similar to CNIT 141 13. TLS

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
Sam Bowne
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
PranavUndre1
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
Sirish Kumar
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
Adeel Ahmed
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
AmnaNadeem27
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
Hatem Mahmoud
 
Unit08
Unit08Unit08
Secure socket later
Secure socket laterSecure socket later
Secure socket later
Muhammad Ahmad Nazar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
Huda Seyam
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
omkar bhagat
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured  CommunicationsTLS/SSL - Study of Secured  Communications
TLS/SSL - Study of Secured Communications
Nitin Ramesh
 
Transportsec
TransportsecTransportsec
Transportsec
Bogdan Korniyenko
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
Maarten Smeets
 

Similar to CNIT 141 13. TLS (20)

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Unit08
Unit08Unit08
Unit08
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured  CommunicationsTLS/SSL - Study of Secured  Communications
TLS/SSL - Study of Secured Communications
 
Transportsec
TransportsecTransportsec
Transportsec
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 

More from Sam Bowne

Cyberwar
CyberwarCyberwar
Cyberwar
Sam Bowne
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
Sam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
Sam Bowne
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
Sam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
Sam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
Sam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
10 RSA
10 RSA10 RSA
10 RSA
Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
Sam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
Sam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
Sam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
Sam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
Sam Bowne
 

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
 3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
ShwetaGawande8
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
Celine George
 
Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)
nitinpv4ai
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
Mohammad Al-Dhahabi
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
 
adjectives.ppt for class 1 to 6, grammar
adjectives.ppt for class 1 to 6, grammaradjectives.ppt for class 1 to 6, grammar
adjectives.ppt for class 1 to 6, grammar
7DFarhanaMohammed
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
shreyassri1208
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
sonukumargpnirsadhan
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Information and Communication Technology in Education
Information and Communication Technology in EducationInformation and Communication Technology in Education
Information and Communication Technology in Education
MJDuyan
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
EduSkills OECD
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
heathfieldcps1
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray  (9)Bonku-Babus-Friend by Sathyajith Ray  (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
Kalna College
 

Recently uploaded (20)

Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
INTRODUCTION TO HOSPITALS & AND ITS ORGANIZATION
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
 
Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)Oliver Asks for More by Charles Dickens (9)
Oliver Asks for More by Charles Dickens (9)
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
 
adjectives.ppt for class 1 to 6, grammar
adjectives.ppt for class 1 to 6, grammaradjectives.ppt for class 1 to 6, grammar
adjectives.ppt for class 1 to 6, grammar
 
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGHKHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
KHUSWANT SINGH.pptx ALL YOU NEED TO KNOW ABOUT KHUSHWANT SINGH
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Information and Communication Technology in Education
Information and Communication Technology in EducationInformation and Communication Technology in Education
Information and Communication Technology in Education
 
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray  (9)Bonku-Babus-Friend by Sathyajith Ray  (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 
220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx220711130088 Sumi Basak Virtual University EPC 3.pptx
220711130088 Sumi Basak Virtual University EPC 3.pptx
 

CNIT 141 13. TLS

  • 1. CNIT 141 Cryptography for Computer Networks 13. TLS Updated 12-8-21
  • 2. Topics • Target Applications and Requirements • The TLS Protocol Suite • TLS 1.3 Improvements Over TLS 1.2 • The Strengths of TLS Security • How Things Can Go Wrong
  • 3. TLS • Protects communications at layer 4 • Can carry any type of content • Email, Web traffic, mobile apps, ... • Machine-to-machine comms for IoT
  • 4. TLS Vulnerabilities • TLS grew too big and bloated • Many attacks • Heartbleed • BEAST • CRIME • POODLE
  • 5. TLS 1.3 • Overhaul of protocol • Removed unnecessary features • Replaced old algorithms • Simpler, faster, and more secure
  • 7. Secure Channel • TLS ensures that data is confidential, authenticated, and unmodified • Prevents MiTM attacks • By authenticating servers with trusted Certificate Authorities
  • 8. Four Requirements • Efficient • Minimizing CPU load compared to unencrypted comms • Interoperable • Work on any hardware or OS • Extensible • Support additional features & algorithms • Versatile • Not bound to any specific application
  • 10. Transport Layer • TLS is not in the transport layer • It's above layer 4, adding security to it • Can run over TCP or UDP • UDP version is called DTLS • Datagram Transport Layer Security
  • 11. History • SSL: began in 1995, from Netscape • SSL 2.0 and SSL 3.0 had security flaws • Should no longer be used • TLS • TLS 1.0 (1999): least secure • TLS 1.1 (2006): better but contains weak algorithms
  • 12. TLS 1.2 • From 2008 • Better than previous versions • Complex and hard to configure • Supports AES-CBC, vulnerable to padding oracle attacks • Inherited dozens of features and design choices from earlier versions • TLS 1.3 is a major overhaul and improvement
  • 13. TLS in a Nutshell • Record protocol • Data encapsulation • Handshake protocol • Key agreement
  • 14. TLS Handshake • From Cloudflare (link Ch 13a)
  • 15. Hello • ClientHello • Lists ciphers available • ServerHello • Selects a cipher to use
  • 18.
  • 19. Certificates and Certificate Authorities (CA) • Server uses a certificate to authenticate itself • Verified by a CA • CA's public keys hard-coded into browsers • Trusted third party
  • 23. Zero Padding • Adds zeroes to plaintext for short messages • Mitigates traffic analysis • Deducing contents from message size
  • 24. TLS 1.3 Cryptographic Algorithms • Three types of algorithms are used • Authenticated encryption • Key derivation function • Hash function that derives secret keys from a shared secret • A Diffie-Hellman operation
  • 25. Authenticated Ciphers • TLS 1.3 supports only three algorithms • AES-GCM • AES-CCM • Slightly less efficient than AES-GCM • ChaCha20 stream cipher • Combined with Poly1305 MAC • Secret key can be 128 or 256 bits • Unsafe 64-bit or 80-bit keys not allowed
  • 26. Key Derivation Function (KDF) • HKDF, based on HMAC • Uses SHA-256 or SHA-384
  • 27. Diffie-Hellman Two Options • Elliptic Curve • With three NIST curves, or • Curve25519, or Curve448 • Group of integers modulo a prime number • Traditional Diffie-Hellman • 2048 - 8192 bits • Security of 2048-bit group is weak link • Less than 100 bits
  • 29. Removed Weak Algorithms • MD5, SHA-1 • RC4, AES-CBC • MAC-then-Encrypt alorithms • Like HMAC-SHA-1 • Replaces with authenticated ciphers • More efficient and secure
  • 30. Removed Insecure Feature • Optional data compression • Enabled the CRIME attack • Length of the compressed message leaked information about contents
  • 31. New Features • That make TLS 1.3 more secure • Downgrade protection • Single round-trip handshake • Session resumption
  • 32. Downgrade Attack • MiTM attacker modifies ClientHello I want TLS 1.3 Sending ServerHello for TLS 1.1 Send her TLS 1.1 instead
  • 33. Downgrade Protection • To prevent this, 8 bytes in the ServerHello denote the TLS version • They are cryptographically signed so the MiTM can't change them • The client can check them to see what TLS version is being provided
  • 34. Single Round-Trip Handshake • In TLS 1.2 • Client sends some data, waits for response • Client sends more data, waits for response • TLS 1.3 combines it all into one round-trip • Saves time
  • 35. Session Resumption • Leverages the pre-shared key exchanged in a previous session • To bootstrap a new session • Two benefits • Client can start encrypting immediately • No need for certificates
  • 36.
  • 37. The Strengths of TLS Security
  • 38. Authentication • TLS 1.3 handshake authenticates the server with a certificate and CA • Client is not authenticated, but can authenticate after the TLS handshake with: • Username & password in a TLS record • Secure cookie over TLS • A client certificate (rarely used)
  • 39. Forward Secrecy • TLS 1.3 provides forward secrecy in both a data leak and a breach • If an attacker can steal a client's RAM • Exposes keys and secrets for the current session • And any old sessions still stored in RAM • Solution: use Secure Strings
  • 40. • Provided by Microsoft • Since 2005 in .NET 2.0 • Link Ch 13b
  • 41. How Things Can Go Wrong
  • 42. Compromised CA • Happened in 2011 to DigiNotar • CA's private key compromised • Attacker created fake certificates for Google services
  • 43.
  • 44.
  • 45.
  • 46. Compromised Client • Attacker who controls client can • Capture session keys • Read decrypted data • Or install a rogue CA certificate
  • 47. Bugs in Implementation • Heartbleed • Leaked secrets from HTTPS servers in 2014
  • 48. Improving TLS • SSL Labs TLS test • Lets you test any site's certificate • Or a browser's TLS configuration • Let's Encrypt • Free TLS certificates for everyone