This paper is focused on study on some practically feasible attacks and threats against TLS based connection. The reader can also get an idea on SSL Strip attack presented here based on an experiment in a testbed environment. There are also some other attacks on TLS protocol such as BEAST, Padding Oracle Attack, STARTTLS command injection attack, Theft of RSA Private Keys, Triple Handshake etc. which are also discussed here descriptively. This study summarizes the common known attacks following RFC 7457 and their existence, appliance and remedies for the TLS activated server.
Study and Analysis of some Known attacks on Transport Layer Security
1. Study and Analysis
Researcher
Mohammad Nazmul Hossain
MSc student in
Communication Systems & Network
Technische Hochschule Köln
Research A 24th May 2017
of some Known attacks
on Transport Layer Security
Instructor
Prof. Dr. Heiko Knospe
Faculty of Information, Media and Electrical
Engineering Institute of Telecommunications
Technische Hochschule Köln
2. Abstract
SSL/TLS
Threats on TLS
SSL Strip in Testbed
Protections against threats on TLS
Recommendations To Implement TLS
Acknowledgements
OUTLINES
3. Study on some attacks and threats against TLS based connection
A vast discussion on SSL Strip attack
Run a TestBed experiment on SSL Strip
Recommendations to implement successful TLS based connection
ABSTRACT
5. SSL = Secure Socket Layer
TLS = Transport Layer Security
SSL 3.1 = TLS 1.0
Using this protocol the connection become private and secure
Ensures integrity using integrity check with each messages
Each Application data is encrypted using symmetric key rather than
plain text commnication
Current version is TLS v1.2. Version 1.3 is in draft process
SSL/TLS
7. ATTACK
on TLS
SSL Strip
BEAST
Attack
ATTACK
on TLS
ATTACK
on TLS
STARTTLS
Command
Injection
ATTACK
on TLS
Certificate and
RSA related
attack
ATTACK
on TLS
Theft of
RSA private
Keys
ATTACK
on TLS
Diffie-Hellman
Parameters
ATTACK
on TLS
Attacks on
RC4
ATTACK
on TLS
Triple
Handshake
ATTACK
on TLS
Padding
ORACLE
attacks
ATTACK
on TLS
THREATS on TLS
SSL Strip
SSL Strip
8. Simple Client Server Model
Client - Server
Client Discovers Server using ARP
and send data to the MAC address
10. • Attacker targets victims IP address and gateways IP Address.
• Sends spoofed ARP messages.
• Aim: Map the Attackers MAC address to IP address of another host or
the default gateway.
• Result: Attacker impersonate himself as the gateway to the victim and
as the client to the gateway.
ARP Spoofing
Attacker MAC address
Client IP address
Gateway IP address
Attacker MAC address
Gateway
25. Strict HTTPS
• HSTS = HTTPS Strict Transport Policy
• HSTS header added by Server over HTTPS connection
• Browser remembers for certain amount of age
• Browsers first visit is still insecure
• Browser has a preload list of HSTS supported websites
33. Recommendations
• Off course TLS 1.2 is
• Use HSTS and apply browsers for HSTS preaload list entry
• To mitigate BEAST attacks use TLS 1.2 and GCM cipher suites
• SHA-3 is only accepted algorithm by NIST for Certificate issuing
• Prefer forward secrecy and should not negotiate RSA key transport
• Key Length: DH ( more than 2048 bits); Eliptic curves (more than 192
bits)
35. There is an old saying attributed to the US National Security Agency
(NSA):
"Attacks always get better; they
never get worse”
[RFC 7457] Summarizing Known Attacks on Transport Layer
Security (TLS) and Datagram TLS (DTLS),
<https://tools.ietf.org/html/rfc7457>
41. Attacks makes the cyber world
more secure
More we learn about attacks
the more we can know how to
make secure
42. Acknowledgements
• Thanks to Prof. Heiko Knospe for tips, advices and for the more than
enough LAB equipments
• Also thanks to the PYTHEM tool developer who supported me
through E-Mail communication
• To make the web page I have used Apache server, My SQL Database
and php language.
nazmul@engineer.com
Editor's Notes
SSL Strip = Remove SSL/TLS protocol
BEAST = attack on CBC mode guessing IV
START TLS = inject poisoned commads ´with STARTTLS command
CERT and RSA = Cert usuing security rules and secured hashing and key length for RSA
RSA private key if stolen
DH parameter = client use RSA and server use DH
RC4 = weakness in key scheduling algorithm
Triple = Attacker force the session to use RSA
Padding = Guessing the right padding in CBC mode
Data send not IP to IP Rather than to MAC address
Data send not IP to IP Rather than to MAC address
TLS = Protocol in use
DHE = Key exchange algorithm
RSA = digital signature algorithm used to authenticate
AES_128 = session data encryption algorithm
SHA256 = Secure hashing algorithm used for mesasge integrity
GCM = Galois/Counter mode