Day by day as the complexity in the Internet increasing the vulnerabilities about the security is also increasing. So the knowledge about these flaws has to be spread. So this report discuss about the one of the vulnerability that exists for a long time called ‘Heartbleed’. The purpose of this report is to create awareness about the Heartbleed vulnerability in OpenSSL Library, using which attackers can get access to passwords, private keys or any encrypted data. It explains how Heartbleed works, what code causes data leakage and explains the resolution with code fix. It also explains perform how to perform heartbeat attack.
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
Secure Socket Layer (SSL) is a cryptographic protocol which has been used broadly for making secure connection to a web server. SSL relies upon the use of dependent cryptographic functions to perform a secure connection. The first function is the authentication function which facilitates the client to identify the server and vice versa [1]. There have been used, several other functions such as encryption and integrity for the imbuement of security. The most common cryptographic algorithm used for ensuring security is RSA. It still has got several security breaches that need to be dealt with. An improvement over this has been implemented in this paper. In this paper, a modification of RSA has been proposed that switches from the domain of integers to the domain of bit stuffing to be applied to the first function of SSL that would give more secure communication. The introduction of bit stuffing will complicate the access to the message even after getting the access to the private key. So, it will enhance the security which is the inevitable requirement for the design of cryptographic protocols for secure communication.
The document discusses various application layer protocols used in networking. It covers:
1. The application layer is the top layer that interacts with users and user applications to initiate communication. It uses lower layer protocols to transfer data.
2. Common application layer protocols include HTTP, FTP, SMTP, POP3, IMAP, and DNS for tasks like web browsing, file transfer, and email.
3. Other applications discussed are peer-to-peer applications like BitTorrent and Skype, as well as socket programming which allows network applications to communicate using standard mechanisms.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
MIME (Multipurpose Internet Mail Extensions) allows for the exchange of rich content beyond plain text in internet messages. It defines a format for describing message content types like text, images, audio and video. MIME uses techniques like character set encoding and base64 encoding to package binary files for transmission over the internet in email and web protocols. It is specified in a series of RFC documents and involves setting the Content-Type in the message header to indicate the MIME type and encoding.
E mail security using Certified Electronic Mail (CEM)Pankaj Bhambhani
The document discusses certified electronic mail (CEM) and its properties like non-repudiation, fairness, use of a trusted third party, and timeliness. It also summarizes the S/MIME protocol and proposes adding non-repudiation of receipt to S/MIME to improve its security. Finally, it outlines a key chain based CEM protocol that uses a transparent trusted third party and satisfies properties like non-repudiation of origin and receipt as well as fairness.
Sip Overload Control Testbed: Design, Building And Evaluationijasa
This document describes the design, implementation, and evaluation of a SIP overload control testbed using a window-based mechanism on the Asterisk open source proxy platform. The mechanism aims to maintain server throughput near capacity during overload by adjusting the window size for active transactions based on average transaction delay. Evaluation results show that with this mechanism, the proxy maintains maximum throughput even under heavy loads and reduces average call establishment delays and message resend rates compared to without overload control.
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
Secure Socket Layer (SSL) is a cryptographic protocol which has been used broadly for making secure connection to a web server. SSL relies upon the use of dependent cryptographic functions to perform a secure connection. The first function is the authentication function which facilitates the client to identify the server and vice versa [1]. There have been used, several other functions such as encryption and integrity for the imbuement of security. The most common cryptographic algorithm used for ensuring security is RSA. It still has got several security breaches that need to be dealt with. An improvement over this has been implemented in this paper. In this paper, a modification of RSA has been proposed that switches from the domain of integers to the domain of bit stuffing to be applied to the first function of SSL that would give more secure communication. The introduction of bit stuffing will complicate the access to the message even after getting the access to the private key. So, it will enhance the security which is the inevitable requirement for the design of cryptographic protocols for secure communication.
The document discusses various application layer protocols used in networking. It covers:
1. The application layer is the top layer that interacts with users and user applications to initiate communication. It uses lower layer protocols to transfer data.
2. Common application layer protocols include HTTP, FTP, SMTP, POP3, IMAP, and DNS for tasks like web browsing, file transfer, and email.
3. Other applications discussed are peer-to-peer applications like BitTorrent and Skype, as well as socket programming which allows network applications to communicate using standard mechanisms.
The document discusses denial of service (DoS) and distributed denial of service (DDoS) attacks. It describes different types of DoS attacks such as sending malformed packets to exploit protocol or application flaws. It notes that DDoS attacks involve aggregating malicious traffic from many zombie machines to flood the victim with packets. Most defense methods focus on mitigating bandwidth consumption from packet flooding. However, attackers may also directly target applications to exhaust computational resources. The document proposes an acknowledgment-based port hopping protocol for secure communication between a sender and receiver that is resistant to such attacks.
MIME (Multipurpose Internet Mail Extensions) allows for the exchange of rich content beyond plain text in internet messages. It defines a format for describing message content types like text, images, audio and video. MIME uses techniques like character set encoding and base64 encoding to package binary files for transmission over the internet in email and web protocols. It is specified in a series of RFC documents and involves setting the Content-Type in the message header to indicate the MIME type and encoding.
E mail security using Certified Electronic Mail (CEM)Pankaj Bhambhani
The document discusses certified electronic mail (CEM) and its properties like non-repudiation, fairness, use of a trusted third party, and timeliness. It also summarizes the S/MIME protocol and proposes adding non-repudiation of receipt to S/MIME to improve its security. Finally, it outlines a key chain based CEM protocol that uses a transparent trusted third party and satisfies properties like non-repudiation of origin and receipt as well as fairness.
Sip Overload Control Testbed: Design, Building And Evaluationijasa
This document describes the design, implementation, and evaluation of a SIP overload control testbed using a window-based mechanism on the Asterisk open source proxy platform. The mechanism aims to maintain server throughput near capacity during overload by adjusting the window size for active transactions based on average transaction delay. Evaluation results show that with this mechanism, the proxy maintains maximum throughput even under heavy loads and reduces average call establishment delays and message resend rates compared to without overload control.
Monitoring of traffic over the victim under tcp syn flood in a laneSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
The document discusses email clients like Outlook and Thunderbird and their security features. It explains how junk email is filtered into a junk folder while bulk email is harder to classify. It then covers various security protocols used in email like SPA, SSL, TLS, and encryption methods like symmetric and asymmetric. Management of items, folders and customization options are outlined for Outlook. Thunderbird is introduced as an open-source alternative for managing email, feeds and groups.
The document discusses various topics related to information security. It contains 19 multiple choice questions about topics such as public key cryptography, digital signatures, worms, SSL/TLS, information security policies, penetration testing, and security incidents. The questions cover technical aspects of security as well as appropriate security practices and procedures.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
The document discusses configuring various client services on Linux networks, including superservers that handle multiple services, administrative services like logging and printing, and basic information services like finger and talk. It provides details on setting up and using services like TCP Wrappers, NTP, SNMP, printing with lpd, networking testing with tools like echo and chargen, mailing lists, news servers, and more.
Privacy Enhanced Mail (PEM)-
It is an Internet standard adopted by IAB
(Internet architecture Board) for secure
electronic mail communications over Internet.
Described in four specification documents
which are RFC no. 1421 to 1424.
Security features provided by PEM
Working of PEM:-
Broad steps in PEM are –
1. Canonical conversion
2. Digital signature
3. Encryption
4. Base - 64 - encoding
As growth of internet and computer increase day by day so as the growth of attacks on network is also
tremendously increased day by day. In this paper we introduced a wired network and create two TCP
source node and one attacker node (Distributed denial-of-service) flooding type attack which is the attack
on the bandwidth of TCP node at source side sends data to destination through router and also measure the
impact of Denial-of-service attack (DoS) on that wired network how packets of other source nodes and that
node will drop down due to the impact of flooding type denial-of-service attack and shows the result using
NS-2 NAM & Xgraph windows in simulation.
This document provides an overview of electronic mail (email) and its components. The three main components of email are:
1) User agents which allow users to compose, read, and manage emails. Examples include Outlook and Thunderbird.
2) Mail servers which store and transmit emails. Each user has a mailbox on a mail server.
3) SMTP (Simple Mail Transfer Protocol) which is used to transfer emails between mail servers over TCP port 25.
When a user composes an email, their user agent sends it to their mail server which stores it in the outgoing queue. The mail server then uses SMTP to transmit the email to the recipient's mail server, which stores it in the recipient's
The document provides an overview of basic internet concepts including what the internet and world wide web are, parts of URLs, domain names, packet switching, standards bodies, and several common internet protocols. It defines the internet as a network of networks that connects computers worldwide and the world wide web as a system of interlinked web pages accessed via the internet. Key points covered include parts of URLs like protocols, domains, ports, and file paths. It also describes standards organizations like IETF and W3C and protocols for email (SMTP), file transfer (FTP), remote access (Telnet), and more.
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSIJNSA Journal
This document summarizes an algorithm called the GI (Group Intruders) Time Frequency Algorithm that is proposed to identify hackers attempting distributed denial of service (DDoS) attacks on websites. The algorithm works by maintaining a history of all user access to the site that includes their IP address and time/date of each access. It identifies users that access the site repeatedly from the same IP address on a single date by calculating the average time between accesses. If the time frequency of accesses exceeds a predefined threshold, the user is added to an intruders list to deny future access. This aims to improve server performance by preventing hackers from overloading the server with requests.
The document describes the implementation of a peer-to-peer server that allows peers to register, deregister, search for, and download content. The server uses TCP sockets and threads to handle multiple client connections simultaneously. Issues encountered included buffers not clearing properly and thread arrays causing segmentation faults. These were resolved by adding buffer clearing logic and allocating memory for thread indices. The implemented code now meets specifications by allowing peers to share a centralized content registry and download files from each other.
This document provides an introduction and overview of network security and cyber attacks. It begins with objectives of the session and introduces concepts like standardization in information security and the OSI security architecture. Next, it discusses different types of security attacks at various layers of the OSI model and the hacker methodology of information gathering, vulnerability assessment, exploitation, and post-exploitation. The document then covers topics such as types of web domains, security of web cameras and CCTV, wireless hacking techniques, industrial control system vulnerabilities, cyber laws, and case studies of ransomware attacks exploiting Windows vulnerabilities.
This document discusses email security and encryption. It explains that email travels through unprotected networks and is exposed to attacks. It describes how email privacy aims to protect email from unauthorized access. Some remedies discussed are encrypting communication between servers using TLS and SASL authentication. The document also discusses using public-key cryptography for email encryption with tools like PGP and S/MIME, which can encrypt email content and add digital signatures for authentication. S/MIME is described as a security enhancement to the MIME email standard that provides encrypted and signed data functionality.
This document discusses various types of denial of service (DoS) attacks against wireless networks and techniques for detecting them. It describes three main types of DoS attacks: 1) selective forwarding attacks, where a compromised router selectively drops packets; 2) pollution attacks, where corrupted packets are injected into the network; and 3) jamming attacks, which block communication channels. It then explains detection techniques for each type of attack, including channel aware detection for selective forwarding, code guarding using digital signatures to detect pollution, and using honey nodes to detect jamming attacks. The objective is to survey issues related to different DoS attacks on wireless networks and present strategies for both attacking and defending against such threats.
DDoS attacks target companies and institutions that provide online services. They work by overloading servers with traffic from multiple compromised systems known as "bots" or "zombies". Common DDoS attack types include SMURF, TCP SYN/ACK, UDP flood, DNS amplification, and attacks using peer-to-peer networks. Defenses include configuring routers and firewalls to filter unauthorized traffic, limiting response messages, and tracking malicious activity on peer-to-peer networks. As attack methods evolve, continued development of detection and mitigation techniques is needed.
The document discusses web security considerations and threats. It provides 3 levels at which security can be implemented - at the IP level using IPSec, at the transport level using SSL/TLS, and at the application level using protocols like SET. SSL/TLS works by establishing an encrypted channel between the client and server for secure communication. It uses handshake, change cipher spec, and alert protocols for negotiation and management of the secure session. Common web security threats include eavesdropping, message modification, denial of service attacks, and impersonation which can be mitigated using encryption, authentication and other cryptographic techniques.
This document discusses a statistical approach for classifying and identifying different types of Distributed Denial of Service (DDoS) attacks using the UCLA dataset. It first introduces DDoS attacks and their increasing prevalence. It then discusses related work on DDoS attack detection. The document outlines the architecture of DDoS attacks and describes some common types like SYN flooding and ACK flooding attacks. The proposed system is described which involves collecting packets, extracting features, using a packet classification algorithm to initially classify attacks, then using a K-Nearest Neighbors classifier for more accurate results. Finally, the system aims to classify and identify specific types of DDoS attacks from the network traffic analysis.
Day by day as the complexity in the Internet increasing the vulnerabilities about the security is also increasing. So the knowledge about these flaws has to be spread. So this report discuss about the one of the vulnerability that exists for a long time called ‘Heartbleed’. The purpose of this report is to create awareness about the Heartbleed vulnerability in OpenSSL Library, using which attackers can get access to passwords, private keys or any encrypted data. It explains how Heartbleed works, what code causes data leakage and explains the resolution with code fix. It also explains perform how to perform heartbeat attack.
Transport Layer Security (TLS) is the successor to the Secure Sockets Layer (SSL) protocol. TLS ensures privacy and security between communicating applications and users on the internet by preventing eavesdropping, tampering, and message forgery. It works by having the client and server negotiate a cipher suite and protocol version to use to securely transmit encrypted messages. This establishes a secure channel over an unsecured network like the internet to provide confidentiality, integrity, and authentication of communications.
The document discusses the Heartbleed bug, which was a vulnerability in the OpenSSL implementation of the TLS/SSL protocols. The bug allowed attackers to read portions of servers' memory, potentially leaking sensitive data like private keys and passwords. It was discovered in 2014 by a team at Codenomicon and Neel Mehta of Google. Around 17.5% of SSL-enabled sites were affected. To protect against attacks, system administrators were advised to remove the vulnerable OpenSSL heartbeat extension, upgrade to a patched version, and revoke old key pairs and force password changes.
Monitoring of traffic over the victim under tcp syn flood in a laneSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
The document discusses email clients like Outlook and Thunderbird and their security features. It explains how junk email is filtered into a junk folder while bulk email is harder to classify. It then covers various security protocols used in email like SPA, SSL, TLS, and encryption methods like symmetric and asymmetric. Management of items, folders and customization options are outlined for Outlook. Thunderbird is introduced as an open-source alternative for managing email, feeds and groups.
The document discusses various topics related to information security. It contains 19 multiple choice questions about topics such as public key cryptography, digital signatures, worms, SSL/TLS, information security policies, penetration testing, and security incidents. The questions cover technical aspects of security as well as appropriate security practices and procedures.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
The document discusses configuring various client services on Linux networks, including superservers that handle multiple services, administrative services like logging and printing, and basic information services like finger and talk. It provides details on setting up and using services like TCP Wrappers, NTP, SNMP, printing with lpd, networking testing with tools like echo and chargen, mailing lists, news servers, and more.
Privacy Enhanced Mail (PEM)-
It is an Internet standard adopted by IAB
(Internet architecture Board) for secure
electronic mail communications over Internet.
Described in four specification documents
which are RFC no. 1421 to 1424.
Security features provided by PEM
Working of PEM:-
Broad steps in PEM are –
1. Canonical conversion
2. Digital signature
3. Encryption
4. Base - 64 - encoding
As growth of internet and computer increase day by day so as the growth of attacks on network is also
tremendously increased day by day. In this paper we introduced a wired network and create two TCP
source node and one attacker node (Distributed denial-of-service) flooding type attack which is the attack
on the bandwidth of TCP node at source side sends data to destination through router and also measure the
impact of Denial-of-service attack (DoS) on that wired network how packets of other source nodes and that
node will drop down due to the impact of flooding type denial-of-service attack and shows the result using
NS-2 NAM & Xgraph windows in simulation.
This document provides an overview of electronic mail (email) and its components. The three main components of email are:
1) User agents which allow users to compose, read, and manage emails. Examples include Outlook and Thunderbird.
2) Mail servers which store and transmit emails. Each user has a mailbox on a mail server.
3) SMTP (Simple Mail Transfer Protocol) which is used to transfer emails between mail servers over TCP port 25.
When a user composes an email, their user agent sends it to their mail server which stores it in the outgoing queue. The mail server then uses SMTP to transmit the email to the recipient's mail server, which stores it in the recipient's
The document provides an overview of basic internet concepts including what the internet and world wide web are, parts of URLs, domain names, packet switching, standards bodies, and several common internet protocols. It defines the internet as a network of networks that connects computers worldwide and the world wide web as a system of interlinked web pages accessed via the internet. Key points covered include parts of URLs like protocols, domains, ports, and file paths. It also describes standards organizations like IETF and W3C and protocols for email (SMTP), file transfer (FTP), remote access (Telnet), and more.
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSIJNSA Journal
This document summarizes an algorithm called the GI (Group Intruders) Time Frequency Algorithm that is proposed to identify hackers attempting distributed denial of service (DDoS) attacks on websites. The algorithm works by maintaining a history of all user access to the site that includes their IP address and time/date of each access. It identifies users that access the site repeatedly from the same IP address on a single date by calculating the average time between accesses. If the time frequency of accesses exceeds a predefined threshold, the user is added to an intruders list to deny future access. This aims to improve server performance by preventing hackers from overloading the server with requests.
The document describes the implementation of a peer-to-peer server that allows peers to register, deregister, search for, and download content. The server uses TCP sockets and threads to handle multiple client connections simultaneously. Issues encountered included buffers not clearing properly and thread arrays causing segmentation faults. These were resolved by adding buffer clearing logic and allocating memory for thread indices. The implemented code now meets specifications by allowing peers to share a centralized content registry and download files from each other.
This document provides an introduction and overview of network security and cyber attacks. It begins with objectives of the session and introduces concepts like standardization in information security and the OSI security architecture. Next, it discusses different types of security attacks at various layers of the OSI model and the hacker methodology of information gathering, vulnerability assessment, exploitation, and post-exploitation. The document then covers topics such as types of web domains, security of web cameras and CCTV, wireless hacking techniques, industrial control system vulnerabilities, cyber laws, and case studies of ransomware attacks exploiting Windows vulnerabilities.
This document discusses email security and encryption. It explains that email travels through unprotected networks and is exposed to attacks. It describes how email privacy aims to protect email from unauthorized access. Some remedies discussed are encrypting communication between servers using TLS and SASL authentication. The document also discusses using public-key cryptography for email encryption with tools like PGP and S/MIME, which can encrypt email content and add digital signatures for authentication. S/MIME is described as a security enhancement to the MIME email standard that provides encrypted and signed data functionality.
This document discusses various types of denial of service (DoS) attacks against wireless networks and techniques for detecting them. It describes three main types of DoS attacks: 1) selective forwarding attacks, where a compromised router selectively drops packets; 2) pollution attacks, where corrupted packets are injected into the network; and 3) jamming attacks, which block communication channels. It then explains detection techniques for each type of attack, including channel aware detection for selective forwarding, code guarding using digital signatures to detect pollution, and using honey nodes to detect jamming attacks. The objective is to survey issues related to different DoS attacks on wireless networks and present strategies for both attacking and defending against such threats.
DDoS attacks target companies and institutions that provide online services. They work by overloading servers with traffic from multiple compromised systems known as "bots" or "zombies". Common DDoS attack types include SMURF, TCP SYN/ACK, UDP flood, DNS amplification, and attacks using peer-to-peer networks. Defenses include configuring routers and firewalls to filter unauthorized traffic, limiting response messages, and tracking malicious activity on peer-to-peer networks. As attack methods evolve, continued development of detection and mitigation techniques is needed.
The document discusses web security considerations and threats. It provides 3 levels at which security can be implemented - at the IP level using IPSec, at the transport level using SSL/TLS, and at the application level using protocols like SET. SSL/TLS works by establishing an encrypted channel between the client and server for secure communication. It uses handshake, change cipher spec, and alert protocols for negotiation and management of the secure session. Common web security threats include eavesdropping, message modification, denial of service attacks, and impersonation which can be mitigated using encryption, authentication and other cryptographic techniques.
This document discusses a statistical approach for classifying and identifying different types of Distributed Denial of Service (DDoS) attacks using the UCLA dataset. It first introduces DDoS attacks and their increasing prevalence. It then discusses related work on DDoS attack detection. The document outlines the architecture of DDoS attacks and describes some common types like SYN flooding and ACK flooding attacks. The proposed system is described which involves collecting packets, extracting features, using a packet classification algorithm to initially classify attacks, then using a K-Nearest Neighbors classifier for more accurate results. Finally, the system aims to classify and identify specific types of DDoS attacks from the network traffic analysis.
Day by day as the complexity in the Internet increasing the vulnerabilities about the security is also increasing. So the knowledge about these flaws has to be spread. So this report discuss about the one of the vulnerability that exists for a long time called ‘Heartbleed’. The purpose of this report is to create awareness about the Heartbleed vulnerability in OpenSSL Library, using which attackers can get access to passwords, private keys or any encrypted data. It explains how Heartbleed works, what code causes data leakage and explains the resolution with code fix. It also explains perform how to perform heartbeat attack.
Transport Layer Security (TLS) is the successor to the Secure Sockets Layer (SSL) protocol. TLS ensures privacy and security between communicating applications and users on the internet by preventing eavesdropping, tampering, and message forgery. It works by having the client and server negotiate a cipher suite and protocol version to use to securely transmit encrypted messages. This establishes a secure channel over an unsecured network like the internet to provide confidentiality, integrity, and authentication of communications.
The document discusses the Heartbleed bug, which was a vulnerability in the OpenSSL implementation of the TLS/SSL protocols. The bug allowed attackers to read portions of servers' memory, potentially leaking sensitive data like private keys and passwords. It was discovered in 2014 by a team at Codenomicon and Neel Mehta of Google. Around 17.5% of SSL-enabled sites were affected. To protect against attacks, system administrators were advised to remove the vulnerable OpenSSL heartbeat extension, upgrade to a patched version, and revoke old key pairs and force password changes.
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is its flexibility. Modes of operation and security aims can easily be configured through different cipher suites. During its evolutionary development process several flaws were found. However, the flexible architecture of SSL/TLS allowed efficient fixes in order to counter the issues. This paper presents an overview on theoretical and practical attacks of the last 20 years.
This document provides an overview of Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL). It begins with an introduction to TLS/SSL, explaining what they are and their purposes of providing encryption, authentication and integrity verification. It then discusses digital certificates, the TLS/SSL handshake protocol and record protocol. It explains the four upper layer protocols: record, change cipher spec, alert and handshake. It provides details on SSL, TLS, their implementations and applications. The document is intended to explore how TLS works, best practices for its use, and its various applications in securing business computing.
This paper analyzes vulnerabilities of the SSL/TLS
Handshake
protocol
, which
is
responsible
for
authentication of
the parties in the
communication
and
negotiation of
security parameters
that
will be used
to protect
confidentiality and
integrity of the
data
. It
will
be
analyzed the
attacks
against the implementation of Handshake
protocol, as well as the
attacks against the other
elements
necessary to SSL/TLS protocol to discover security
flaws that were exploited, modes of
attack, the potential consequences, but also studyi
ng methods of defense
.
All versions of the
protocol are going to be the subject of the researc
h but
emphasis will be placed
on the critical
attack that
the most endanger the safety of data.
The goal of
the research
is
to point out the
danger of
existence
of at least
vulnerability
in the SSL/TLS protocol
, which
can be exploited
and
endanger the safety of
the data
that should be protected.
This paper analyzes vulnerabilities of the SSL/TLS Handshake protocol, which is responsible for authentication of the parties in the communication and negotiation of security parameters that will be used to protect confidentiality and integrity of the data. It will be analyzed the attacks against the implementation of Handshake protocol, as well as the attacks against the other
elements necessary to SSL/TLS protocol to discover security flaws that were exploited, modes of
attack, the potential consequences, but also studying methods of defense. All versions of the
protocol are going to be the subject of the research but emphasis will be placed on the critical attack that the most endanger the safety of data. The goal of the research is to point out the
danger of existence of at least vulnerability in the SSL/TLS protocol, which can be exploited and endanger the safety of the data that should be protected.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that secure internet connections between clients and servers. SSL was originally developed by Netscape in the 1990s to provide HTTPS secure connections for web browsing. It uses public/private key encryption and digital certificates to authenticate servers and establish encrypted connections to securely transmit data over TCP/IP networks like the internet. TLS improved upon SSL by addressing security vulnerabilities and supporting newer encryption algorithms. HTTP (Hypertext Transfer Protocol) is the underlying protocol used to request and transmit web pages and other files over the internet. Combining HTTP with SSL/TLS results in HTTPS, the secure version of HTTP used for encrypted web browsing and transactions.
Impact of HeartBleed Bug in Android and Counter Measures ijcsa
Now a days smart phones revolving around the globe. The no of
Android users are also increasing day by
day, the main problem arises here. The Android operating syste
m based devices are more advance and also
prone to bugs when compared to other OS devices. Mainly Android co
mes with lot of Apps so in order to
provide the services to the user. So the App developers was i
n a hurry to release the Apps as per market
strategy which causes vulnerabilities. Some of them intentional
ly creates the Apps in order to hack the
device. When compared to other operating system Android is a ope
n source so everybody trys to perform
the reverse-engineering of Apks and perform some modification
s, release the Apks into the market. We
believe that our study will awaken the developers and researches
.
OpenSSL is a cryptography library that provides SSL/TLS encryption. The Heartbleed bug was a serious vulnerability in OpenSSL that allowed stealing encrypted data. It exploited a programming mistake in OpenSSL versions 1.0 to 1.02 related to "heartbeat" requests, which could leak up to 64kb of memory from services using affected OpenSSL versions. Over 66% of web servers use OpenSSL and were vulnerable until fixes were released and deployed.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
Heartbleed, how it works, is it virus, how it check, smartphone hacked, how to protect, password hacked, man in the middle attack, server or client side attack, exploit code available,
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
This document provides an introduction to information and cyber security concepts. It defines information security as protecting data from all threats, while cyber security specifically addresses cyber threats. The three pillars of cybersecurity are outlined as confidentiality, integrity, and availability of data. Common computer protocols like HTTP, HTTPS, FTP, and protocols that make up the TCP/IP model are explained. Basic security terminology and functions of cookies are also covered to introduce fundamental IT and cyber security concepts.
Standard Client / Server Protocols: Worldwide- web and HTTP,FTP, Electronic mail, Telnet, Secured Shell, Domain name system. Application layer: DNS: Name space – domain name space – distribution of name space Electronic mail Architecture – FILE transfer: FTP WWW and HTTP: Architecture – web documents – HTTP Network Security: Introduction - definitions – two categories - symmetric key cryptography – traditional ciphers – asymmetric key cryptography
Study and analysis of some known attacks on transport layer securityNazmul Hossain Rakib
This paper is focused on study on some practically feasible attacks and threats against TLS based connection. The reader can also get an idea on SSL Strip attack presented here based on an experiment in a testbed environment. There are also some other attacks on TLS protocol such as BEAST, Padding Oracle Attack, STARTTLS command injection attack, Theft of RSA Private Keys, Triple Handshake etc. which are also discussed here descriptively. This study summarizes the common known attacks following RFC 7457 and their existence, appliance and remedies for the TLS activated server.
TLS protocol provides transport layer security for internet applications by securing communications between clients and servers. It establishes an encrypted connection through a handshake that negotiates encryption algorithms and authentication, then uses symmetric encryption and message authentication codes to provide confidentiality and integrity for data transfer. TLS has evolved through several versions to strengthen security and address weaknesses in cryptographic algorithms.
TCP and UDP use ports to direct data packages to applications. Ports are numbered openings that operating systems use to direct incoming data to the correct destination. Common port numbers include 80 for HTTP, 443 for HTTPS, 22 for SSH, and 25 for SMTP. Protocols like HTTP and HTTPS operate at the application layer and use plain text requests and responses, while HTTPS additionally implements encryption through SSL to secure the connection.
SMTP (Simple Mail Transfer Protocol) is an Internet standard protocol for electronic mail transmission. It was first defined in 1982 and became widely used in the early 1980s as a complement to UUCP mail. SMTP uses a client-server model where the client initiates a connection and sends messages to the server, which then acknowledges receipt. It allows messages to be transferred between machines that are intermittently connected. Common SMTP commands include HELO, MAIL FROM, RCPT TO, DATA, QUIT, and RSET. SMTP can be secured using SSL/TLS to encrypt the communication channel. The latest developments include supporting real-time dynamic content in emails and internationalized email addresses encoded in UTF-8.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
How Barcodes Can Be Leveraged Within Odoo 17Celine George
In this presentation, we will explore how barcodes can be leveraged within Odoo 17 to streamline our manufacturing processes. We will cover the configuration steps, how to utilize barcodes in different manufacturing scenarios, and the overall benefits of implementing this technology.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
1. 1
ABSTRACT
Encryption is the backbone of Internet security. It protects users data, passwords and transaction
details from attackers. To achieve encryption over Internet, one of the famous and widely used
protocols is HTTPS. HTTPS is simply HTTP over SSL/TLS. For example any online payment or
banking transactions over Internet happens through HTTPS as it is secured. But the new
vulnerability –Heartbleed has put a question mark on this security of Internet itself and has
broken a trust on the open source community.
Heartbleed is the devastating vulnerability in the OpenSSL library that make possible any
attacker to steal tons of protected information from a system that using a broken and vulnerable
version of the OpenSSL library. This horrendous attack can happens through the internet
allowing a hacker to read the memory and supposed protected data such as passwords, secret
keys and usernames from an exposed system without leaving any trace and the situation. There
can be a leak from the vulnerable server to client and from client to a vulnerable server.
Day by day as the complexity in the Internet increasing the vulnerabilities about the security is
also increasing. So the knowledge about these flaws has to be spread. So this report discuss about
the one of the vulnerability that exists for a long time called ‘Heartbleed’. The purpose of this
report is to create awareness about the Heartbleed vulnerability in OpenSSL Library, using
which attackers can get access to passwords, private keys or any encrypted data. It explains how
Heartbleed works, what code causes data leakage and explains the resolution with code fix. It
also explains perform how to perform heartbeat attack.
2. 2
HEARTBLEED
1 Introduction
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software
library. This weakness allows stealing the information protected, under normal conditions, by the
SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and
privacy over the Internet for applications such as web, email, instant messaging (IM) and some
virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the
memory of the systems protected by the vulnerable versions of the OpenSSL software. This
compromises the secret keys used to identify the service providers and to encrypt the traffic, the
names and passwords of the users and the actual content. This allows attackers to eavesdrop on
communications, steal data directly from the services and users and to impersonate services and
users.
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and
Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.
Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us,
should not be used, since others independently went public with the CVE-2014-0160 identifier.
Bugs in single software or library come and go and are fixed by new versions. However this bug
has left large amount of private keys and other exposed to the internet. Considering the long
exposure, ease of exploitation and attacks leaving no trace this exposure should be taken
seriously.
The name ‘Heartbleed’ itself explains the vulnerability – ‘Heart’ of the Heartbleed came from
Heartbeat protocol and ‘bleed’ stands for data leakage. That means data leakage in the Heartbeat
protocol implementation, specifically the OpenSSL implementation of the protocol. This bug is
actually a programming mistake in popular OpenSSL library that provides cryptographic
services such as SSL/TLS to the applications and services. TLS heartbeats can be sent by either
side of a TLS connection, so it can be used to attack clients as well as servers. An Attacker can
obtain up to 64K memory from the server or client as well that uses an OpenSSL implementation
vulnerable to Heartbleed. Researcher estimated two-thirds of the world's servers i.e. half a
million servers are affected by the Heartbleed Bug, including websites, email, and instant
messaging services.
This bug was independently discovered by a team of security engineers (Riku, Antti and Matti)
at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team.
Codenomicon team found Heartbleed bug while improving the Safeguard feature in
Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for
vulnerability coordination and reporting to OpenSSL team.
3. 3
2 The Heartbleed Explanation
2.0 The OpenSSL project
OpenSSL library provides implementation of cryptographic protocols such as SSL and TLS. It is
open source software written in C programming language. The development is completely
volunteer driven and the library is free to use for commercial and non-commercial purposes
under an Apache-style license.
2.1 The SSL, TLS, DTLS Protocols
Security over Internet can be achieved in many ways. Network layer security is one of them.
Security over TCP/IP can be improved by using the Secure Socket Layer (SSL) or its follow-on
protocol Transport Layer Security (TLS). These two protocols are commonly referred to together
as SSL/TLS.
HTTP is a stateless application level protocol to format and transmit data between web servers
and web browsers. With the increase in the threats and frauds over Internet, there is always a
need for a more secure transmission of data. HTTPS is used for improve the security of
communication over a network by providing a layer of SSL/TLS the between HTTP and TCP
layer.
DTLS (Datagram Transport Layer Security) is a communication protocol which implements TLS
over unreliable transport protocol i.e. Datagram Congestion Control Protocol (DCCP) or User
Datagram Protocol (UDP).
Figure 1. Common Internet Protocol layers.
4. 4
2.2 TLS/DTLS Heartbeat Extension
The heartbeat extension to the TLS/DTLS protocol is used to check if the connection between
two communication devices using TLSDTLS are still “alive,” i.e. able to communicate. the
Heartbeat protocol runs on top of the TLS Record Layer and maintains the connection between
the two peers alive requiring them to exchange a “heartbeat.” The heartbeat extension was
introduced because the then-current TLS/DTLS renegotiation technique to figure out if a peer is
still alive was a costly process.
The heartbeat extension protocol consists of two message types: HeartbeatRequest message and
HeartbeatResponse message and the extension protocol depends on which TLS protocol is being
used as describe below:
• When using reliable transport protocol:
One side of the peer connection sends a HeartbeatRequest message to the other side. The
other side of the connection should immediately send a HeartbeatResponse message.
This makes one successful Heartbeat and thus, keeping connection alive – this is called
‘keep-alive’ functionality. If no response is received within a specified timeout, the TLS
connection is terminated.
• Unreliable transport protocol:
One side of the peer connection sends HeartbeatRequest message to the other side.
The other side of the connection should immediately send a HeartbeatResponse message.
If no response is received within specified timeout another HeartbeatRequest message is
retransmitted. If expected response is not received for specified number of
retransmissions, the DTLS connection is terminated.
2.3 Heartbeat in OpenSSL
The OpenSSL team implemented the heartbeat extension in December 2011. It also explains the
bug in the code and its fix in detail. The bug exists in OpenSSL from version 1.0.1 to 1.0.1f.
2.30 HeartbeatRequest Message:
The OpenSSL implementation of the HeartbeatRequest message has a Message Type of 1
byte to identify that this message is a ‘TLS Heartbeat Request’ message, 2 bytes for the payload
length, a 2 byte sequence number in the payload to identify to specified number of messages sent
before a timeout, and 16 bytes for actual payload and any padding. The Heartbeat request
message is created and sent to the receiver. The timer for timeout starts and the specified number
of retransmission is updated. There in no problem in the OpenSSL Heartbeat request
implementation.
5. 5
2.31 HeartbeatResponse Message:
HeartbeatResponse sends a copy of the received HeartbeatRequest payload data which
verifies that the secured connection between the peers is still alive. The HeartbeatResponse
implementation first checks to determine if the received message type is ‘TLS Heartbeat
Request’ message and extracts the request payload length. It then allocates memory for the
HeartbeatResponse message. The HeartbeatResponse message has a 1 byte of message type to
indicate it is the ‘TLS Heartbeat Response’ message and 2 bytes to indicate the payload length. It
copies the payload from the HeartbeatRequest message to the HeartbeatResponse message and
sends the response message back to the requestor. Requestor receives the Heartbeat response
message and validates it with the original message sent. Thus, OpenSSL Heartbeat request and
response implementation ensures that the secured connection between the peers is still alive or
not.
2.32 Data Leakage leading to Heartbleed
There is a bug in the above implementation of the Heartbeat reply to the received
Heartbeat request message. The problem here is that the OpenSSL heartbeat response code does
not check to make sure that the payload length field in the heartbeat request message matches the
actual length of the payload. If the heartbeat request payload length field is set to a value larger
than the actual payload, the response C code will copy the payload from the heartbeat message
and whatever is in memory beyond the end of the payload. A heartbeat request the payload
length can be set to a maximum value of 65535 bytes. Therefore the bug in the OpenSSL
heartbeat response code could copy as much as 65535 bytes from the machine's memory and
send it to the requestor.
2.33 Fixing the Error in the Code
• First, it checks to determine if the length of the payload is zero or not. It simply
discards the message if the payload length is 0.
• The second task performed by the bug fix makes sure that the heartbeat payload length
field value matches the actual length of the request payload data. If not, it discards the message.
2.4 The Real World Impact of Heartbleed
By exploiting the Heartbleed vulnerability, an attacker can send a Heartbeat request
message and retrieve up to 64 KB of memory from the victim's server. The contents of the
retrieved memory depends on what's in memory in the server at the time, but could potentially
contain usernames, passwords, session IDs or secret private keys or other sensitive information.
Following figure illustrates how an attacker can exploit this vulnerability. This attack can be
made multiple times without leaving any trace of it.
7. 7
It is little early to estimate the impact of this vulnerability, but no one can deny that this scenario
is an important one for Internet users, potentially putting their private, secret and encrypted data
at risk. Bruce Schneier, in his blog has classified the Heartbleed bug as “Catastrophic” and has
given it a rating of 11 on the scale of 1 to 10.
The Pew Research Internet Project states that ‘39% of Internet users have changed passwords or
cancelled accounts; 6% think their personal information was swiped’.
2.40 Affected Devices
To add more on that, Heartbleed has not only affected the ‘web’ but also the embedded devices.
Many home routers and operating systems incorporate OpenSSL. Wikipedia has collected report
of affected devices. Some of these devices are:
• Android smart phones running version 4.1.1 (Jelly Bean) of Android.
• Cisco routers.
• Juniper routers.
• Western Digital My Cloud product family firmware
2.41 Affected Operating System
The website http://heartbleed.com maintains a list of affected operating systems, some of which
include:
• Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
• Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
• CentOS 6.5, OpenSSL 1.0.1e-15
• Fedora 18, OpenSSL 1.0.1e-4
• OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
• FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
• NetBSD 5.0.2 (OpenSSL 1.0.1e)
• OpenSUSE 12.2 (OpenSSL 1.0.1c)
2.42 Status Of different version
• OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable.
• OpenSSL 1.0.1g is NOTVulnerable.
• OpenSSL 1.0.0 branch is NOT Vulnerable.
• OpenSSL 0.9.8 branch is not Vulnerable.
8. 8
3 The Implementation
A very particular characteristic of this attack is that the attacker can repeat the attack any number
of times until to discover some vulnerable information from the memory of vulnerable system.
Preparing the test Environment
To demonstrate Heartbleed attack, it require two systems running each one in a Separate
Workstation namely: an attacker system (kali Linux) and a vulnerable system (Ubuntu 12.04
LTS). The kali Linux system is available for downloading from http://www.kali.org/ and it is
suggested to use the latest possible version. The Ubuntu 12.04 LTS is available to download
from http://www.ubuntu.com/download/desktop. Furthermore it is required to configure an
apache service with SSL Support on the Ubuntu to explode the Heartbleed flaw.
Confirm if your kali system is fully updated:
root@kali:~# apt-get update
root@kali:~# apt-get upgrade
On Ubuntu system, you should confirm the Ubuntu version of your target system,
Figure 3. Confirming Ubuntu version from terminal.
Now, we have to configure the Apache with SSL support on Ubuntu:
root@ubuntu1:~# a2enmod ssl
root@ubuntu1:~# service apache2 restart
root@ubuntu1:~# mkdir /etc/apache/ssl/
After executing the above commands, a self-signed certificate has to be created using the below
command:
9. 9
Now, The apache server has to be configured to use the above certificate by modifying the
required username and server name according to the user perspective in the file
/etc/apache2/sites-available/default-ssl/ as per required by the user:
Activating the viral host is done by running:
root@ubuntu1:~# a2ensite default-ssl
root@ubuntu1:~# service apache2 restart
Now we need to verify whether the apache SSL configuration in working, so go to
http://192.168.154.137:
Figure 4.Running the server. Figure 5. Server ports for Services.
10. 10
Client Configuration and Connection
On the Client, The Heartbeat bug can be explored using the fantastic Metasploit. Its
recommended to update the Metasploit framework if you are not sure it’s already updated. Then
on Kali Linux the following task to be done:
root@kali:~# msfupdate
root@kali:~# msfconsole
Now, change the kernel verbose to use msf by executing the command:
root@kali:~# msf
next step is to choose the auxiliary scanner “openssl_heartbleed”, It is a default library available
in Linux kali system to see actually how the Heartbeat protocol works and to detect If there is a
leakage of data in the protocol:
msf > use auxiliary/scanner/ssl/openssl_heartbleed
Now, we are able to see the available options from scanner by executing:
msf auxiliary(openssl_heartbleed) > show options
Figure 5. Verbose displaying all the options available for services.
As we can see the only parameter we need to define is RHOSTS , because all other attributes has
a default value. SSL service will be running in port 443, so it is possible to define options at any
point of time.
11. 11
We can proceed to the attack:
msf auxiliary(openssl_heartbleed) > set RHOSTS 192.168.154.137
RHOSTS is to say that client has to connect to the above server IP address. These setting will be
taken by the administrator in case of LAN.(eg. Nitk router will assign one default IP to clients).
We can cross verify it whether the IP address of server assigned or not using the above option
command.
Everything is set now we can run the heartbeat request command by simply using run command,
when the results are analysed properly, We can see the data leakage from heartbeat response:
Figure 6. Data leakage from the response.
The detailed observation of the above results reveals the details of my own Email account, all
the passwords, private keys that I have used while communicating. With the help of private keys
(Top level keys to be secured by OpenSSL using SSL/TLS) we can view all the web pages
actually accessed and all the other clients I have connected to. Basically My profile will be
Shared among other users.
Figure 7. My own profile details leaked among connected clients.
12. 12
4 Heartbleed Precautionsand preventions
All Heartbleed-vulnerable systems should immediately upgrade to OpenSSL 1.0.1g. If you are
not sure whether an application you want to access is Heartbleed vulnerable or not - try any one
of the Heartbleed detector tools from section "Heartbleed detector tools." No action required if
your application is not vulnerable. But if the application is vulnerable, wait for it to be patched
with OpenSSL 1.0.1g. Once the patch is applied, all the users of such applications should follow
the application's release documents from the service providers. Typically, steps to follow once
the patch is applied are:
• Changing your password.
• generating private keys again.
• Certificate revocation and replacement.
An important step is to restart the services that are using OpenSSL (like HTTPS, SMTP etc).
Before accessing any SSL/TLS application such as HTTPS, check to see if the application is
vulnerable. Do not access or login to any affected sites. Ensure all such vendors or enterprises
related to your business have applied this security patch. Keep your eyes open on such news of
security vulnerabilities.
The Heartbleed bug has shaken the Internet community on its dependency on the open source
software. Even though OpenSSL is a very popular library, it was not properly scrutinized. One
reason might be because of lack of resources and funds. The organizations and developers using
open source software should contribute back to these open source communities in terms of
donations, reviewing the code, testing and designing. Amazon, Facebook, Google have recently
come forward to donate funds to improve open-source security systems.
4.0 Heartbleed detector Tools
The following list of tools may help you detect whether a website is vulnerable to
Heartbleed:
• https://filippo.io/Heartbleed/
• http://csc.cyberoam.com/cyberoamsupport/webpages/webcat/2014-0160.jsp/
• http://heartbleed.criticalwatch.com/
• https://blog.lookout.com/blog/2014/04/09/heartbleed-detector/.
• https://lastpass.com/heartbleed/
• http://www.tripwire.com/securescan/?home-banner/
• http://www.arbornetworks.com/asert/2014/04/heartbleed/
13. 13
4.1 Does this resolve all the problems?
No, not at all. This is the scariest part of the OpenSSL Heartbleed bug is that, even after
taking these measures, no one can completely relax. This vulnerability has existed for more than
2 years. No one knows if their application has been exploited because the attack leaves no traces
of it. There is a possibility that attackers might have been reading passwords, secret keys and
other encrypted data. This theft cannot be known unless the misuse of the data is observed or the
attacker discloses it.
4.2 Immediate aftermath Of Heartbleed
The Heartbleed bug affects many different stakeholders:
• Developers: The immediate action for developers is to upgrade their application
to OpenSSL 1.0.1g. If not possible they should disable OpenSSL Heartbeat by
recompiling OpenSSL.
• System Administrators: System administrator should ensure that no impacted
certificates could be reused. All impacted certificates should be revoked and
replaced. Restart all such vulnerable services after applying patches. Users should be
required to change the passwords after the patch has been applied.
• Users: Do not access any vulnerable sites. Check it using any Heartbleed detector tools.
Follow the released document of the patched sites before using their application.
• Organizations and service providers using OpenSSL: The damage caused by this
vulnerability could not be traced. So, organizations should presume the worst and prepare
themselves accordingly. They should be prepared if attacker has already got access to
their secured data. They should also apply these patches and provide a ‘to-do’ document
for their users.
5 Conclusion
Heartbleed is a big stain on today’s fast moving technology world. It is time to halt a little bit and
do some introspection. Are we running too fast but forgot to tie our shoelaces? We cannot afford
even such a minute mistake. Nothing has changed and the world will move on, but there is a big
question mark on the trust this security vulnerability has broken. It will be hard to close this trust
gap as Heartbleed will always remind us. Only time will tell how much actual damage it has
caused, since it existed for more than two years. Nevertheless, it is about owning more
responsibility towards creating more secured system by industry, organizations, developers and
the open source community.
14. 14
References
[1] Bipin Chandra, Technical Writer, IBM. A technical View of the OpenSSL ‘Heartbleed’
Vulnerability. Version 1.2.1, May 13, 2014.
[2] Alexander Borges. How to perform The Heartbleed Attack. Version A.1 , April 15, 2014.
[3] Stephan Weisand, Technical Seminar, DESY, Zeuthen . The Heartbleed Vulnerability in
OpenSSL, Version A.1, April 15, 2014.
[4]Technical Team, Massachusetts Institute Technology, Cambridge, MA . CloudFare: Staying
Ahead of OpenSSL Vulnerabilities. April 7, 2014.
[5] Technical Team, Blue Coat. What is the Heartbleed Epidemic?. April 30, 2014.
[6] Official Heartbleed Website by Codenomicon, https://www.heartbleed.com/
[7] Heartbleed:Vulnerabilty, http://vimeo.com/91425662/
[8] Education-Heartbleed, http://slideshare.com/
[9] Hacker news on Heartbleed, http://thehackernews.com/2014/04/heartbleed-bug-explained-
10-most.html
[10] Article about Heartbleed, http://blog.csdn.net/fanbird2008/article/details/18623141
.