TLS had various problems recently. The BEAST attack, the CRIME attack, the Lucky Thirteen attack, problems with RC4 and of course Heartbleed. Standards from the NSA aren't trustworthy any more. Where is TLS today and what improvements are planned?
See also https://blog.hboeck.de/archives/846-Easterhegg-talk-on-TLS.html
TLS (Transport Layer Security) is commonly used to secure HTTPS connections and provide encryption for web traffic. It establishes an encrypted connection between a client and server through a handshake process where the server presents a digital certificate that is verified against trusted certificate authorities. TLS aims to prevent surveillance, spoofing, and modification of transmitted data by providing encryption, authentication, and data integrity. While the certificate authority system has weaknesses, protocols like TLS, HTTPS, and HSTS help secure modern web transactions over the internet.
Random musings on SSL/TLS configurationextremeunix
The document discusses securing applications with SSL/TLS. It recommends disabling SSL v2.0, using ECDHE cipher suites where possible as they provide both fast performance and forward secrecy. Additionally, it advises not trusting default SSL/TLS configurations that come with software packages.
The authors built a symbolic model of the TLS 1.3 specification (draft 10) using the Tamarin prover to verify key properties like secrecy of session keys and unilateral/mutual authentication. They found a potential attack during this analysis and disclosed it to the IETF TLS working group. As the specification continued evolving, they started updating their model but noted it was a moving target.
All you need to know about transport layer securityMaarten Smeets
Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
The document discusses analyzing SSL traffic and decrypting SSL connections. It provides an overview of cryptographic techniques used in SSL like symmetric and asymmetric encryption, hashing, digital signatures, and certificates. It then covers the SSL/TLS protocol structure, analyzing SSL handshakes and record layers, decrypting SSL using private keys, and tools like SSLstrip for man-in-the-middle attacks.
Introduction to SSL and How to Exploit & SecureBrian Ritchie
The document discusses SSL/TLS, how it works to securely transmit data between endpoints, and potential vulnerabilities. It provides an overview of SSL/TLS protocols and how data is encrypted and transmitted. It then outlines several common endpoint issues that can compromise SSL/TLS, such as inconsistent DNS configurations, self-signed certificates, incomplete certificates, and mixing plain text and encrypted sessions. Exploiting these issues allows man-in-the-middle attacks that can intercept and decrypt encrypted traffic.
TLS (Transport Layer Security) is commonly used to secure HTTPS connections and provide encryption for web traffic. It establishes an encrypted connection between a client and server through a handshake process where the server presents a digital certificate that is verified against trusted certificate authorities. TLS aims to prevent surveillance, spoofing, and modification of transmitted data by providing encryption, authentication, and data integrity. While the certificate authority system has weaknesses, protocols like TLS, HTTPS, and HSTS help secure modern web transactions over the internet.
Random musings on SSL/TLS configurationextremeunix
The document discusses securing applications with SSL/TLS. It recommends disabling SSL v2.0, using ECDHE cipher suites where possible as they provide both fast performance and forward secrecy. Additionally, it advises not trusting default SSL/TLS configurations that come with software packages.
The authors built a symbolic model of the TLS 1.3 specification (draft 10) using the Tamarin prover to verify key properties like secrecy of session keys and unilateral/mutual authentication. They found a potential attack during this analysis and disclosed it to the IETF TLS working group. As the specification continued evolving, they started updating their model but noted it was a moving target.
All you need to know about transport layer securityMaarten Smeets
Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
The document discusses analyzing SSL traffic and decrypting SSL connections. It provides an overview of cryptographic techniques used in SSL like symmetric and asymmetric encryption, hashing, digital signatures, and certificates. It then covers the SSL/TLS protocol structure, analyzing SSL handshakes and record layers, decrypting SSL using private keys, and tools like SSLstrip for man-in-the-middle attacks.
Introduction to SSL and How to Exploit & SecureBrian Ritchie
The document discusses SSL/TLS, how it works to securely transmit data between endpoints, and potential vulnerabilities. It provides an overview of SSL/TLS protocols and how data is encrypted and transmitted. It then outlines several common endpoint issues that can compromise SSL/TLS, such as inconsistent DNS configurations, self-signed certificates, incomplete certificates, and mixing plain text and encrypted sessions. Exploiting these issues allows man-in-the-middle attacks that can intercept and decrypt encrypted traffic.
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and ensures privacy and security between communicating applications on the internet. TLS encrypts data transmission, works with most browsers and servers, supports flexible encryption algorithms, and is easy to deploy on many systems transparently. It operates directly above TCP and establishes an encrypted connection by negotiating a cipher suite and exchanging certificates and keys between the client and server. Once handshake is complete, both sides can communicate securely until closing the connection. TLS version and cipher suite used can be viewed in browser.
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
This shows the results of the DNS team at the IETF 93 Hackathon in Prague on July 18-19, 2015. It includes links to the public repositories where code may be found.
This document provides an overview of HTTPS, how it works to protect data through encryption, and why it is important. HTTPS uses both symmetric and asymmetric encryption as well as digital signatures to authenticate sources and verify data integrity. It discusses HTTPS protocols, certificate authorities, different types of certificates, and considerations for implementing HTTPS including browser compatibility and security best practices.
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
The document summarizes the evolution of the Transport Layer Security (TLS) protocol from versions 1.0 to 1.2. It describes the key components of TLS including the record protocol for fragmenting and transmitting encrypted data, handshake protocol for authentication and key exchange, and cipher suites for encryption algorithms. The TLS protocol provides secure communication over the internet by preventing eavesdropping, tampering, and forgery of messages between client and server applications.
SSL/TLS is a protocol that provides encryption and authentication for web requests. It evolved from earlier SSL versions into the current TLS standard. During a TLS handshake, the client and server agree on encryption parameters and verify certificates from a certificate authority to establish a secure connection. TLS allows for session resumption to reuse encryption settings for subsequent connections via session identifiers or tickets. However, TLS is still vulnerable to man-in-the-middle and DNS hijacking attacks if certificate authorities are compromised.
TLS protocol provides transport layer security for internet applications by securing communications between clients and servers. It establishes an encrypted connection through a handshake that negotiates encryption algorithms and authentication, then uses symmetric encryption and message authentication codes to provide confidentiality and integrity for data transfer. TLS has evolved through several versions to strengthen security and address weaknesses in cryptographic algorithms.
Secure Sockets Layer and Transport Layer SecurityAl Mamun
Transport Layer Security and its predecessor, Secure Sockets Layer, are cryptographic protocols that provide communications security over a computer network.
DANE and DNSSEC Authentication Chain Extension for TLSShumon Huque
This document proposes a new TLS extension called "dnssec_chain" that allows the TLS server to deliver the DNSSEC authentication chain needed for a DANE record to the TLS client. The client then authenticates the chain locally using a preconfigured trust anchor. This avoids the client needing to perform DNS queries itself and works around middleboxes that could interfere with DANE/DNSSEC lookups. The rationale is that the client can authenticate the DANE record without needing a secure connection to a validating DNS resolver. Prototypes of the dnssec_chain extension are being developed.
This document discusses SSH (Secure Shell) and SSL (Secure Sockets Layer). SSH is a protocol for securely accessing remote computers over unencrypted networks. It uses encryption algorithms and public key authentication to protect data in transit. SSL is used to secure network communications and relies on certificate authorities to verify user identities. The document also describes how to manually install and configure SSL on an Apache web server, use SSH for encrypted file transfer and port forwarding, and highlights vulnerabilities in SSL renegotiation.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
SSL/TLS is a cryptographic protocol that provides security for network communications by encrypting segments of network connections at the transport layer. It uses asymmetric and symmetric encryption, as well as digital signatures, to authenticate servers and optionally clients, and to encrypt data transmission. The handshake process establishes a shared secret between client and server to derive encryption keys, through asymmetric encryption of a randomly generated symmetric key. Subsequent communications are encrypted using the negotiated cipher suite.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
SSL provides encryption and authentication for secure communication over networks. It uses certificates signed by a certificate authority to authenticate servers and establish an encrypted connection. The SSL handshake process involves the client sending a pre-master secret encrypted with the server's public key, both sides then derive encryption keys to encrypt the connection. Debugging SSL issues may require using tools like tcpdump to monitor network traffic or adding debug flags to examine the SSL handshake.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Dans cette session, Cedric Fournet, chercheur principal à Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous présentera un panorama des types de vulnérabilités classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de révéler une vulnérabilité majeure mais n'ayant pas fait l'objet d'attaques jusqu'à sa découverte. MiTLS est une implémentation expérimentale vérifiée mathématiquement de TLS : MiTLS est implémenté en F# et spécifié en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et régulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus répandu pour sécuriser les communications et les échanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protégées. TLS est omniprésent : HTTPS, 802.1x, VPNs, files, mail, VoIP… Et pourtant, est-ce que la confiance qu'on lui accorde est bien méritée ? Est-ce que TLS est sûr à 100% ? TLS a une histoire longue de 18 ans de défauts et de correctifs, depuis la logique de sa spécification jusqu'aux multiples implémentations. Son omniprésence au cœur du système de confiance du web rend nécessaire une démarche organisée, rationnelle et préventive de détection de ses vulnérabilités. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
Talk at the Chaos Communication Camp about TLS interception Man-in-the-Middle proxies and their dangers.
Vidoe here:
https://media.ccc.de/browse/conferences/camp2015/camp2015-6833-tls_interception_considered_harmful.html
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and ensures privacy and security between communicating applications on the internet. TLS encrypts data transmission, works with most browsers and servers, supports flexible encryption algorithms, and is easy to deploy on many systems transparently. It operates directly above TCP and establishes an encrypted connection by negotiating a cipher suite and exchanging certificates and keys between the client and server. Once handshake is complete, both sides can communicate securely until closing the connection. TLS version and cipher suite used can be viewed in browser.
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
This shows the results of the DNS team at the IETF 93 Hackathon in Prague on July 18-19, 2015. It includes links to the public repositories where code may be found.
This document provides an overview of HTTPS, how it works to protect data through encryption, and why it is important. HTTPS uses both symmetric and asymmetric encryption as well as digital signatures to authenticate sources and verify data integrity. It discusses HTTPS protocols, certificate authorities, different types of certificates, and considerations for implementing HTTPS including browser compatibility and security best practices.
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
The document summarizes the evolution of the Transport Layer Security (TLS) protocol from versions 1.0 to 1.2. It describes the key components of TLS including the record protocol for fragmenting and transmitting encrypted data, handshake protocol for authentication and key exchange, and cipher suites for encryption algorithms. The TLS protocol provides secure communication over the internet by preventing eavesdropping, tampering, and forgery of messages between client and server applications.
SSL/TLS is a protocol that provides encryption and authentication for web requests. It evolved from earlier SSL versions into the current TLS standard. During a TLS handshake, the client and server agree on encryption parameters and verify certificates from a certificate authority to establish a secure connection. TLS allows for session resumption to reuse encryption settings for subsequent connections via session identifiers or tickets. However, TLS is still vulnerable to man-in-the-middle and DNS hijacking attacks if certificate authorities are compromised.
TLS protocol provides transport layer security for internet applications by securing communications between clients and servers. It establishes an encrypted connection through a handshake that negotiates encryption algorithms and authentication, then uses symmetric encryption and message authentication codes to provide confidentiality and integrity for data transfer. TLS has evolved through several versions to strengthen security and address weaknesses in cryptographic algorithms.
Secure Sockets Layer and Transport Layer SecurityAl Mamun
Transport Layer Security and its predecessor, Secure Sockets Layer, are cryptographic protocols that provide communications security over a computer network.
DANE and DNSSEC Authentication Chain Extension for TLSShumon Huque
This document proposes a new TLS extension called "dnssec_chain" that allows the TLS server to deliver the DNSSEC authentication chain needed for a DANE record to the TLS client. The client then authenticates the chain locally using a preconfigured trust anchor. This avoids the client needing to perform DNS queries itself and works around middleboxes that could interfere with DANE/DNSSEC lookups. The rationale is that the client can authenticate the DANE record without needing a secure connection to a validating DNS resolver. Prototypes of the dnssec_chain extension are being developed.
This document discusses SSH (Secure Shell) and SSL (Secure Sockets Layer). SSH is a protocol for securely accessing remote computers over unencrypted networks. It uses encryption algorithms and public key authentication to protect data in transit. SSL is used to secure network communications and relies on certificate authorities to verify user identities. The document also describes how to manually install and configure SSL on an Apache web server, use SSH for encrypted file transfer and port forwarding, and highlights vulnerabilities in SSL renegotiation.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
SSL/TLS is a cryptographic protocol that provides security for network communications by encrypting segments of network connections at the transport layer. It uses asymmetric and symmetric encryption, as well as digital signatures, to authenticate servers and optionally clients, and to encrypt data transmission. The handshake process establishes a shared secret between client and server to derive encryption keys, through asymmetric encryption of a randomly generated symmetric key. Subsequent communications are encrypted using the negotiated cipher suite.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
SSL provides encryption and authentication for secure communication over networks. It uses certificates signed by a certificate authority to authenticate servers and establish an encrypted connection. The SSL handshake process involves the client sending a pre-master secret encrypted with the server's public key, both sides then derive encryption keys to encrypt the connection. Debugging SSL issues may require using tools like tcpdump to monitor network traffic or adding debug flags to examine the SSL handshake.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Dans cette session, Cedric Fournet, chercheur principal à Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous présentera un panorama des types de vulnérabilités classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de révéler une vulnérabilité majeure mais n'ayant pas fait l'objet d'attaques jusqu'à sa découverte. MiTLS est une implémentation expérimentale vérifiée mathématiquement de TLS : MiTLS est implémenté en F# et spécifié en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et régulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus répandu pour sécuriser les communications et les échanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protégées. TLS est omniprésent : HTTPS, 802.1x, VPNs, files, mail, VoIP… Et pourtant, est-ce que la confiance qu'on lui accorde est bien méritée ? Est-ce que TLS est sûr à 100% ? TLS a une histoire longue de 18 ans de défauts et de correctifs, depuis la logique de sa spécification jusqu'aux multiples implémentations. Son omniprésence au cœur du système de confiance du web rend nécessaire une démarche organisée, rationnelle et préventive de détection de ses vulnérabilités. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
TLS Interception considered harmful (Chaos Communication Camp 2015)hannob
Talk at the Chaos Communication Camp about TLS interception Man-in-the-Middle proxies and their dangers.
Vidoe here:
https://media.ccc.de/browse/conferences/camp2015/camp2015-6833-tls_interception_considered_harmful.html
Blog post on the subject here: https://www.linkedin.com/pulse/fail-early-often-well-joshua-simmons
We've all heard the maxim "Fail Fast, Fail Often," but what about "Fail Well?" In this presentation, Josh covers the top ten things NOT to do, and how to recover when things, inevitably, go wrong.
This document discusses improving security by addressing issues with random number generation and timing attacks. It proposes using a random delay at the network interface level to obscure timing signals and prevent timing attacks. It also suggests revisiting an old technique called TrueRand that uses differences between a CPU's clock and other clocks/timers as a source of entropy for random number generation. The document advocates a pragmatic approach of deploying imperfect but effective defenses rather than insisting on perfection.
'The History of Metrics According to me' by Stephen DayDocker, Inc.
Metrics and monitoring are a time honored tradition for any engineering discipline. It is how we ensure the systems we use are working the way we expect. If this is a time honored tradition, why is it not a built into every piece of software we create, from the ground up? With software engineering, usually the trick to solving anything is to make it easier. By solving the hard parts of application metrics in Docker, we should make it more likely that metrics are a part of your services from the start.
Prometheus Design and Philosophy by Julius Volz at Docker Distributed System Summit
Prometheus - https://github.com/Prometheus
Liveblogging: http://canopy.mirage.io/Liveblog/MonitoringDDS2016
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
Docker Community Edition (CE) and Enterprise Edition (EE) are the best expressions of the Docker Platform to date. Whether you’re a developer, an ops team or a enterprise IT-team member, and no matter the infrastructure, Docker CE and EE gives you a way to install, upgrade and maintain Docker with the support and assurances required for your particular workload.
Both Docker CE and EE are available on a wide range of popular operating systems (including Windows Server 2016) and cloud infrastructure. Developers and devOps have the freedom to run Docker on their favorite infrastructure without risk of lock-in.
Michael Friis will give an overview of both editions and highlight the big enhancements to the lifecycle, maintainability and upgradability of Docker.
TLS is a cryptographic protocol that provides communication security over the internet. It allows for confidentiality and authentication of communications through key exchange and encryption of the record layer. However, TLS has faced numerous attacks over the years that exploit weaknesses in its implementations, cipher suites, and compatibility with older versions. Ideal patches often require removing vulnerable features completely, but real-world patches typically aim to preserve compatibility and usability while improving security. As a result, attacks on TLS continue to emerge as new vulnerabilities are discovered.
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
GCM mode in TLS is vulnerable if nonces are not unique per message. The document describes scanning the internet and finding implementations that reuse nonces, allowing an attacker to recover the authentication key and manipulate messages. It proposes a man-in-the-middle attack where an attacker collects nonces from a server, waits for a repeat, recovers the key, and modifies encrypted content served to a victim. While TLS 1.2 specifies nonces, implementations sometimes fail to generate unique nonces correctly. Better guidance and testing tools are needed to prevent such vulnerabilities.
Apresentação realizada pelo Bernardo Rodrigues aka bernardomr durante a 2a.edição da Nullbyte Securite Conference em 21/11/2015.
Resumo:
A tecnologia de de Internet à Cabo evoluiu consideravelmente nos últimos anos, trazendo novos desafios de segurança. A transição para o DOCSIS 3.0 introduziu equipamentos mais modernos, com maior capacidade e novas funcionalidades. Os clientes acessam a Internet com "caixas pretas" e confiam que os fabricantes e provedores vão mantê-los seguros. A ideia da palestra é discutir a segurança dos modems a cabo, assim como a tecnologia de gerência dos dispositivos, transporte das informações e atualizações de firmware.
Basic security principles for information systems development/deployment. Information security is concerned with the confidentiality, integrity, and availability of information. From these three 'pillars', the following principles must be applied when implementing and maintaining an information system: Accountability.
This document provides an introduction to security and cryptography. It begins with an overview of security goals like confidentiality, authenticity, integrity, and non-repudiation. It then discusses symmetric cryptography algorithms like DES and AES, and how they provide confidentiality. Asymmetric cryptography algorithms like RSA and ECC are introduced for providing authentication, non-repudiation through digital signatures, and facilitating key exchange. Hash functions are described for providing integrity and digital signatures. Modes of operation for block ciphers like CBC are covered. Popular algorithms and their application to security goals are summarized.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES as well as modes of operation like CBC.
- Asymmetric cryptography concepts like public/private key pairs, digital signatures, and how RSA works.
- Other cryptographic tools like hash functions, message authentication codes, and key exchange methods like Diffie-Hellman.
- The role of public key infrastructure and certificates in authenticating public keys.
- Attacks on cryptographic algorithms and their implementations are also briefly discussed.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES along with modes of operation like CBC.
- Asymmetric cryptography including key exchange with Diffie-Hellman and digital signatures with RSA and ECC.
- Cryptographic hash functions like SHA and their properties. Message authentication codes (MACs) that provide integrity.
- Public key infrastructure with certificates and how they establish authenticity of public keys.
- Attacks on algorithms, implementations, and protocols and the need for unpredictable
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography, hashes, signatures, and MACs address them.
- Symmetric block ciphers like DES and AES including modes of operation like CBC.
- Asymmetric cryptography concepts like key exchange using Diffie-Hellman and digital signatures using RSA.
- Cryptographic hash functions like SHA and their properties.
- Public key infrastructure concepts like certificates and how they establish authenticity of public keys.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document proposes adding Diffie-Hellman key exchange and digital signatures to the TCP three-way handshake to provide assured identity continuity for TCP connections even when network address translation (NAT) is used. It aims to prevent IP spoofing attacks by allowing endpoints to validate each other's identities during a TCP connection. The proposal outlines adding the cryptographic operations to the TCP handshake in a way that is incrementally deployable and backwards compatible without requiring any pre-existing relationship between endpoints. It also discusses some proof-of-concept implementation issues regarding using iptables and packet manipulation to verify signatures on TCP payloads.
This document summarizes the history of encryption protocols and attacks against them, beginning with the early SSL and TLS protocols in the 1990s. It describes numerous attacks published over the years that exploited vulnerabilities in the protocols, such as padding oracle attacks, timing attacks, traffic analysis attacks, and attacks against specific algorithms like RC4. Each attack paved the way for new, more secure versions of the protocols to be developed. The document outlines advances like TLS 1.1, 1.2, and the removal of insecure or broken algorithms, as well as high-profile security incidents at CAs like DigiNotar and Comodo.
HTTPS: Achievements, Challenges, and Epiphany (Web Engines Hackfest 2015)Igalia
This document summarizes the achievements and challenges of HTTPS, noting that the Epiphany browser is the least secure. It lacks many security features supported by other browsers, such as HTTP Strict Transport Security, public key pinning, certificate transparency, and revocation checking. It also fails to warn users about weaknesses like outdated certificates, weak Diffie-Hellman parameters, or protocol version fallback. While improvements have been made overall, full security requires addressing remaining challenges in all browsers.
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is its flexibility. Modes of operation and security aims can easily be configured through different cipher suites. During its evolutionary development process several flaws were found. However, the flexible architecture of SSL/TLS allowed efficient fixes in order to counter the issues. This paper presents an overview on theoretical and practical attacks of the last 20 years.
This presentation covers common cryptographic attacks, secure cryptographic implementation requirements, an overview of FIPS 140-2 and secure crypto implementation guidelines
This document discusses configuring TCP/IP addressing and internet security. It covers IP addressing schemes like CIDR and subnetting, and how they address problems with classful addressing systems. It also discusses internet security threats like viruses, worms, and trojans. Finally, it covers configuring and managing Windows Firewall to protect systems, including enabling the firewall, setting exceptions, and monitoring logs and alerts.
The TLS protocol is one of the foundations of Internet security. In recent years it's been under attack: Various vulnerabilities, both in the protocol itself and in popular implementations, showed how fragile that foundation is.
On the other hand new features allow to use TLS in a much more secure way these days than ever before. Features like Certificate Transparency and HTTP Public Key Pinning allow us to avoid many of the security pitfals of the Certificate Authority system.
Crypto workshop part 3 - Don't do this yourselfhannob
Slides from a workshop I held on cryptography for web developers.
Part 3 is about the complexity of writing crypto code and why you should avoid doing it yourself it you're not a real expert.
https://blog.hboeck.de/archives/849-Slides-from-cryptography-workshop-for-web-developers.html
Slides from a workshop I held on cryptography for web developers.
Part 1 is about cryptography in web applications and why you should not mix HTTP and HTTPS.
https://blog.hboeck.de/archives/849-Slides-from-cryptography-workshop-for-web-developers.html
Beliebte Webanwendungen und Content-Management-Systeme haben regelmäßig Sicherheitslücken. Nutzer müssen diese Anwendungen regelmäßig updaten, aber viele Betreiber von Webseiten sind sich dessen nicht bewusst. Im Rahmen des Betriebs von Servern mit einigen Hundert Kunden habe ich das Tool FreeWVS entwickelt, mit dem sich Webanwendungen mit bekannten Sicherheitslücken erkennen lassen. Wenn man Updates versäumt, tauchen fast zwangsweise irgendwann gehackte Webanwendungen auf. Diese aufzuspüren ist aber nicht unbedingt trivial. Wenn es zu spät ist, wird der eigene Server unter Umständen zur Spamschleuder oder wird für DDoS-Attacken missbraucht.
SSL, X.509, HTTPS - How to configure your HTTPS serverhannob
SSL and HTTPS configuration can be complex due to the involvement of multiple cryptographic protocols and standards. Many things can go wrong requiring updates to server configurations to support the latest protocols and address vulnerabilities. Proper configuration of certificates, encryption standards, hashes, and protocols is required to ensure a secure connection.
Der durchschnittliche Stromverbrauch in Deutschland liegt bei etwa 1500 bis 2000 Kilowattstunden im Jahr. Manche Menschen kommen aber mit unter 250 Kilowattstunden aus. Es lässt sich deutlich mehr Strom einsparen als den meisten bewußt ist. Was faul am EU-Energielabel ist und woran man stromsparende Netzteile erkennt, darum soll es in diesem Vortrag gehen.
Wirtschaftswachstum, klimawandel und Peak Oilhannob
Wirtschaftswachstum ging in der Vergangenheit fast immer mit dem steigenden Verbrauch von Ressourcen einher. Trotzdem hinterfragen bislang nur wenige das Dogma vom ewigen Wirtschaftswachstum. Im Vortrag soll es darum gehen, warum "nachhaltiges" oder "grünes Wachstum" eine Illussion ist und warum es überhaupt Wirtschaftswachstum im bestehenden Wirtschaftssystem geben muss.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
4. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Introduction
Motivation
History of SSL / TLS
Overview
SSL 1 - only internal (Netscape)
1994: SSL 2 (Netscape, severe security issues, disabled)
1996: SSL 3 (Netscape, no extensions, still used)
1999: TLS 1 (IETF standard, problems with CBC, til today de
facto standard)
2006: TLS 1.1 (half fix for CBC-problems)
2008: TLS 1.2 (introduces authenticated encryption with
GCM and SHA-2)
4 / 44
10. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Certificate Authorities
2011 CA disaster
Revocation
Revocation that costs money
Fixing CAs
Main problem: Every certificate authority can do
Man-in-the-Middle-attacks on every website
You automatically trust all CAs in your browser and all sub
CAs
Weird: It doesn’t matter if your CA is trustworthy, only the
least trustworthy CA matters
10 / 44
11. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Certificate Authorities
2011 CA disaster
Revocation
Revocation that costs money
Fixing CAs
CA-disaster 2011
Diginotar, Comodo, T¨urktrust and others
EFF SSL Observatory finds many valid certificates that
shouldn’t exist (e.g. 512 Bit EV certificate)
Diginotar is the only case where it had consequences
Comodo issued fake certificates for mail.google.com,
www.google.com, login.yahoo.com, login.skype.com,
addons.mozilla.org and login.live.com erstellt
11 / 44
12. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Certificate Authorities
2011 CA disaster
Revocation
Revocation that costs money
Fixing CAs
CRL doesn’t scale, OCSP not privacy friendly
OCSP useless in Firefox and IE, disabled in Chrome
OCSP Stapling could fix things a bit
OCSP Stapling Required - only a draft
Revocation does not work right now
12 / 44
13. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Certificate Authorities
2011 CA disaster
Revocation
Revocation that costs money
Fixing CAs
Heartbleed: StartSSL charges for revocation
This is a problem: It gives incentives to do the wrong thing
Cynics might say: Doesn’t matter, it’s broken anyway
More general problem: It’s expensive and difficult to be secure
(certificates) - it should be the other way round
13 / 44
14. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Certificate Authorities
2011 CA disaster
Revocation
Revocation that costs money
Fixing CAs
Convergence: distributed access (MitM still possible if
attacker near server)
Sovereign Keys: EFF, complicated, uses append-only log
TACK: draft for TLS to pin certificates, shares many ideas
with Sovereign Keys
HTTP Key Pinning: draft from Google, only HTTPS
Certificate Transparency: from Google, append-only log, make
sure MitM gets detected
14 / 44
17. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
TLS supports a lot of algorithm combinations
Example: ECDHE-RSA-AES256-GCM-SHA384
Key exchange with elliptic curves, signature with RSA,
encryption with AES, key size 256 bit, block mode GCM
(Galois/Counter Mode), MAC algorithm SHA385
17 / 44
19. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
TLS needs confidentiality and authenticity
Most common: Encryption with AES-CBC, authentication
with HMAC
TLS does MAC-then-Pad-then-Encrypt
Different error messages for padding and MAC errors allow
Padding Oracle attack
”Solution”: just one error message
19 / 44
20. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
”Canvel et al. [CBCTIME] have demonstrated a timing attack on
CBC padding based on the time required to compute the MAC. In
order to defend against this attack, implementations MUST ensure
that record processing time is essentially the same whether or not
the padding is correct. In general, the best way to do this is to
compute the MAC even if the padding is incorrect, and only then
reject the packet. For instance, if the pad appears to be incorrect,
the implementation might assume a zero-length pad and then
compute the MAC. This leaves a small timing channel, since
MAC performance depends to some extent on the size of the data
fragment, but it is not believed to be large enough to be
exploitable, due to the large block size of existing MACs and the
small size of the timing signal.” (TLS 1.2, RFC 5246, p. 23)
20 / 44
22. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
For all problems with BEAST and Lucky Thirteen there are
workarounds in browsers
But after Lucky Thirteen many wanted to avoid CBC
Solution: RC4 (only non-CBC-algorithm left before TLS 1.2)
PCI verification (credit card standard) required RC4 for some
time
22 / 44
23. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
RC4 was developed 1994 by Ron Rivest, not for public use
Source was published in a newsgroup, is only a few lines long
and you can copy-and-paste it from Wikipedia
March 2013: Bernstein et al show an impractical attack on
RC4 in TLS, no workarounds
After Snowden some people speculate that NSA can attack
RC4 in real time
Today many people think RC4 has to die (draft)
23 / 44
24. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Algorithms
BEAST
CBC, MAC, Padding
From the TLS 1.2 standard
Lucky Thirteen
CBC
RC4
RC4 or CBC
RC4 or CBC with MAC-then-Encrypt? Both are bad, but for
CBC we have workarounds
BEAST, Lucky Thirteen, RC4-attacks are all not very
practical, but this is not good
AES-GCM: Authenticated encryption, only in TLS 1.2, only
new browsers
Encrypt-then-MAC for CBC: draft
ChaCha20/Poly1394: draft - very fast and probably very
secure cipher
24 / 44
25. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Forward Secrecy
Elliptic Curves
NIST Curves
Curve25519
Compression
Forward secrecy is great! If you do it right
but...
Apache before 2.4.7 only supports Diffie-Hellman (DHE) with
1024 bit, Java until 1.7 the same
And there are elliptic curves... (ECDHE)
25 / 44
26. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Forward Secrecy
Elliptic Curves
NIST Curves
Curve25519
Compression
Idea: Diffie-Hellman and El Gamal/DSA use a ”group” (some
math structure)
You can use any group you like
Assumption: If you use an elliptic curve that’s much more
secure (the best known attacks on discrete logarithms don’t
work in elliptic curves)
There are infinitely many elliptic curves - which one should we
use?
26 / 44
27. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Forward Secrecy
Elliptic Curves
NIST Curves
Curve25519
Compression
Solution: We ask the NSA - they have lots of skilled
cryptographers, they should know
In 1999 NIST published some good, well tested elliptic curves
The author works for the NSA
Where does 3045ae6f c8422f64 ed579528 d38120ea e12196d5
come from?
It is not very likely that the NSA has a backdoor, but we can’t
completely rule it out
27 / 44
28. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Forward Secrecy
Elliptic Curves
NIST Curves
Curve25519
Compression
Dan Bernstein developed a better elliptic curve: Curve25519,
255 bit
Draft for TLS
The SafeCurves project also has longer curves
ECDSA doesn’t work and is bad anyway, there is Ed25519 for
Curve25519
28 / 44
29. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Forward Secrecy
Elliptic Curves
NIST Curves
Curve25519
Compression
Compression leaks information about content and leads to
side channel attacks (CRIME attack)
Just disable it, your browser won’t use it anyway
Problem: Similar attacks work on HTTP compression,
workarounds are tricky and have to happen in the web
application (BREACH attack)
29 / 44
30. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
TLS has an internal downgrade protection
But browsers have a ”workaround” for this protection: Try a
lower protocol if the higher one fails
Problem: Broken middleware and load balancers are
everywhere
Downgrades can happen with bad connections (mobile
Internet)
This is a problem for SNI (ServerNameIndication) and other
extensions - please disable SSLv3 everywhere
30 / 44
31. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
BIG-IP from F5 is such a story...
One of the reasons for those ”workarounds”
Also there are devices that don’t like TLS handshakes between
256 and 512 bytes, so we now have a TLS padding extension
to add some useless data
But there is other hardware that breaks with the padding
extensions (Ironware SMTP servers from Cisco)
Browsers do workarounds for broken stuff all the time
There’s now a draft for better downgrade protection (a
workaround for a workaround for broken stuff)
31 / 44
32. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
Frankencerts - take a bunch of real certificates, change things
randomly
And then check if they are valid
In a perfect world every library should come to the same
conclusion
In the real world they don’t
This uncovered severe bugs in MatrixSSL and GnuTLS and
smaller bugs in various other TLS implementations
32 / 44
33. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
Dual EC DRBG has almost certainly a backdoor from the NSA
Research project: We replace the backdoor parameters with
our own parameters
This revealed private keys for DSA and ECDSA in TLS (told
you so: don’t use them)
RSA BSAFE used Dual EC by default
The TLS extended random extension makes this attack easier,
there exists a draft and code in RSA BSAFE (learn: don’t
invent extensions without a clear purpose. Oh, we already
knew that from Heartbleed)
Dual EC rarely used, so no real problem, but exciting research
33 / 44
34. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
Bug in the logic of TLS handshakes and renegotiations
Browser workaround, Adam Langley has a check for your
browser
Interesting fact: some browsers accept insecure parameters for
Diffie-Hellman
Diffie-Hellman needs a large prime - some browsers think 17
or 15 are large primes
34 / 44
35. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
SSL Stripping: Attacker prevents HTTPS by intercepting links
or first HTTP access
HSTS header forces browser to use TLS and forbids HTTP to
same host
Some browsers have build-in HSTS domains
WARNING: There is no way to do hybrid HTTPS/HTTP
solutions secure. Just protecting the login is wrong
35 / 44
36. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
ASN.1 is the most horrible binary format to parse
Know any good software to handle it? I don’t
—–BEGIN CERTIFICATE—–
MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0w
DQYJKoZIhvcNAQEFBQAwXzELMAkG
36 / 44
37. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
Quantum computers kill all public key and key exchange
algorithms in TLS
2012 Nobel price for research that could help building
quantum computers
Post quantum cryptography is very experimental, no
algorithm that could be deployed easily
Quantum cryptography won’t safe you, it is a nice thought
experiment, but it is completely impractical
37 / 44
38. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Downgrades
F5 / BIG-IP
Frankencerts
Dual EC DRBG
Triple Handshake
SSL Stripping / HSTS
ASN.1
Quantum Computers
Tipps for server admins
Use latest Apache
Support TLS 1.2 with AES-GCM and forward secrecy
Disable RC4, TLS compression, SSLv3 and all mostly unused
algorithms (EXPORT, NULL, SEED, IDEA, ...)
Enable OCSP stapling
Use RSA certificates with 2048 or 4096 bit, signed with
SHA256
Use the Qualys SSL test
38 / 44
39. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Two Possible Conclusions
Read and Learn
Sources
Sources
Sources
Final words
a) TLS is broken beyond repair, we need to get rid of it and
make something better
b) TLS is broken on many layers, but we have ideas and fixes
for many problems, we need to get them deployed
Choose your own conclusion - and help making it happen
39 / 44
40. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Two Possible Conclusions
Read and Learn
Sources
Sources
Sources
Final words
I often write about crypto on Golem.de (German) -
http://hboeck.de
Matthew Green‘s Blog
http://blog.cryptographyengineering.com/
Adam Langley‘s Blog https://www.imperialviolet.org/
Dan Bernstein‘s Blog (DJB) http://blog.cr.yp.to/
Very good online course by Dan Boneh on Coursera
https://www.coursera.org/course/crypto
40 / 44
41. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Two Possible Conclusions
Read and Learn
Sources
Sources
Sources
Final words
TLS 1.2, RFC 5246
http://www.ietf.org/rfc/rfc5246.txt
Heartbleed http://heartbleed.com/
OpenSSL Valhalla Rampage http://opensslrampage.org/
EFF SSL Observatory https://www.eff.org/observatory
Internet scans https://scans.io/
Sovereign Keys https://www.eff.org/sovereign-keys
Convergence http://convergence.io/
TACK http://tack.io/
HTTP Key Pinning http://tools.ietf.org/html/
draft-ietf-websec-key-pinning-01
Certificate Transparency
http://certificate-transparency.org
41 / 44
42. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Two Possible Conclusions
Read and Learn
Sources
Sources
Sources
Final words
OCSP Stapling Required http://tools.ietf.org/html/
draft-hallambaker-tlssecuritypolicy-03
MD5 broken
http://media.ccc.de/browse/congress/2008/
25c3-3023-en-making_the_theoretical_possible.html
RSA-PSS thesis https://rsapss.hboeck.de/
Padding Oracle http://www.iacr.org/cryptodb/
archive/2002/EUROCRYPT/2850/2850.pdf
BEAST http://ekoparty.org/2011/juliano-rizzo.php
Lucky Thirteen
http://www.isg.rhul.ac.uk/tls/Lucky13.html
RC4 attack http://www.isg.rhul.ac.uk/tls/
Prohibiting RC4 draft https://tools.ietf.org/html/
draft-popov-tls-prohibiting-rc4-02
BREACH http://breachattack.com/ 42 / 44
43. Introduction
Software
CAs
X.509
Symmetric encryption
TLS misc
Misc
End
Two Possible Conclusions
Read and Learn
Sources
Sources
Sources
Final words
SafeCurves http://safecurves.cr.yp.to/
Frankencerts
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
Dual EC http://dualec.org/
https://projectbullrun.org/dual-ec/
Triple Handshake https://secure-resumption.com/
Browser check for Triple Handshake
https://www.imperialviolet.org/2014/03/03/
triplehandshake.html
Browser check for DH parameters https://dh.tlsfun.de/
Post quantum cryptography http://pqcrypto.org/
TLS – Nuke it from Orbit
http://clearcryptocode.org/tls/
Qualys SSL-Test https://www.ssllabs.com/ssltest/
43 / 44