This paper is focused on study on some practically feasible attacks and threats against TLS based connection. The reader can also get an idea on SSL Strip attack presented here based on an experiment in a testbed environment. There are also some other attacks on TLS protocol such as BEAST, Padding Oracle Attack, STARTTLS command injection attack, Theft of RSA Private Keys, Triple Handshake etc. which are also discussed here descriptively. This study summarizes the common known attacks following RFC 7457 and their existence, appliance and remedies for the TLS activated server.

1. Study and Analysis
Researcher
Mohammad Nazmul Hossain
MSc student in
Communication Systems & Network
Technische Hochschule Köln
Research A 24th May 2017
of some Known attacks
on Transport Layer Security
Instructor
Prof. Dr. Heiko Knospe
Faculty of Information, Media and Electrical
Engineering Institute of Telecommunications
Technische Hochschule Köln

2. Abstract
SSL/TLS
Threats on TLS
SSL Strip in Testbed
Protections against threats on TLS
Recommendations To Implement TLS
Acknowledgements
OUTLINES

3.  Study on some attacks and threats against TLS based connection
 A vast discussion on SSL Strip attack
 Run a TestBed experiment on SSL Strip
 Recommendations to implement successful TLS based connection
ABSTRACT

4. SSL/TLS
SSL
TLS

5.  SSL = Secure Socket Layer
 TLS = Transport Layer Security
 SSL 3.1 = TLS 1.0
 Using this protocol the connection become private and secure
 Ensures integrity using integrity check with each messages
 Each Application data is encrypted using symmetric key rather than
plain text commnication
 Current version is TLS v1.2. Version 1.3 is in draft process
SSL/TLS

6. SSL/TLS (TLS Handshake)
Encrypted Data

7. ATTACK
on TLS
SSL Strip
BEAST
Attack
ATTACK
on TLS
ATTACK
on TLS
STARTTLS
Command
Injection
ATTACK
on TLS
Certificate and
RSA related
attack
ATTACK
on TLS
Theft of
RSA private
Keys
ATTACK
on TLS
Diffie-Hellman
Parameters
ATTACK
on TLS
Attacks on
RC4
ATTACK
on TLS
Triple
Handshake
ATTACK
on TLS
Padding
ORACLE
attacks
ATTACK
on TLS
THREATS on TLS
SSL Strip
SSL Strip

8. Simple Client Server Model
Client - Server
Client Discovers Server using ARP
and send data to the MAC address

9.  ARP = Address Resolution Protocol
 Maps IP address to the Hardware address
Address Resolution Protocol
Internet Protocol (IPv4) over Ethernet ARP packet
octet offset 0 1
0 Hardware type (HTYPE)
2 Protocol type (PTYPE)
4 Hardware address length (HLEN) Protocol address length (PLEN)
6 Operation (OPER)
8 Sender hardware address (SHA) (first 2 bytes)
10 (next 2 bytes)
12 (last 2 bytes)
14 Sender protocol address (SPA) (first 2 bytes)
16 (last 2 bytes)
18 Target hardware address (THA) (first 2 bytes)
20 (next 2 bytes)
22 (last 2 bytes)
24 Target protocol address (TPA) (first 2 bytes)
26 (last 2 bytes)

10. • Attacker targets victims IP address and gateways IP Address.
• Sends spoofed ARP messages.
• Aim: Map the Attackers MAC address to IP address of another host or
the default gateway.
• Result: Attacker impersonate himself as the gateway to the victim and
as the client to the gateway.
ARP Spoofing
Attacker MAC address
Client IP address
Gateway IP address
Attacker MAC address
Gateway

11. ARP Spoofing (Testbed Work)

12. HTTP ?
OR
HTTPS?

13. 301 Redirect
HTTP
Plain Text
Communication

14. HTTP
Plain Text
Communication
301 Redirect

15. HTTP Connection (ARP Poisoned)
MITM reads and can modify traffic as it is Plain Text now

16. 302 Redirect Configure
https
Redirect

17. 302 Redirect

18. 302 Redirect

19. SSL Strip (Secure HTTPS)
HTTPS makes data encrypted to both parties

20. SSL Strip (Active Attack)
SSL Strip attack by Man In The Middle (MITM)
2

21. SSL Strip Attack (Testbed)

22. SSL Strip Attack (Testbed)

23. SSL Strip Attack (Testbed)

24. SSL Strip Attack (Testbed)

25. Strict HTTPS
• HSTS = HTTPS Strict Transport Policy
• HSTS header added by Server over HTTPS connection
• Browser remembers for certain amount of age
• Browsers first visit is still insecure
• Browser has a preload list of HSTS supported websites

26. HSTS Configure

27. HSTS Example (yahoo.com)

28. HSTS Example (yahoo.com)

29. HSTS Example (yahoo.com)

30. HSTS Browser Preload

31. HSTS Browser Preload

32. RECOMENDATIONS

33. Recommendations
• Off course TLS 1.2 is
• Use HSTS and apply browsers for HSTS preaload list entry
• To mitigate BEAST attacks use TLS 1.2 and GCM cipher suites
• SHA-3 is only accepted algorithm by NIST for Certificate issuing
• Prefer forward secrecy and should not negotiate RSA key transport
• Key Length: DH ( more than 2048 bits); Eliptic curves (more than 192
bits)

34. RECOMMENDATIONS (Cipher suites)
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

35. There is an old saying attributed to the US National Security Agency
(NSA):
"Attacks always get better; they
never get worse”
[RFC 7457] Summarizing Known Attacks on Transport Layer
Security (TLS) and Datagram TLS (DTLS),
<https://tools.ietf.org/html/rfc7457>

36. New version of TLS 1.3 is in draft
Upcoming TLS 1.3

37. Upcoming TLS 1.3
TLS 1.2 Handshake

38. Upcoming TLS 1.3
TLS 1.3 Handshake

39. Security Administrator

40. Security Breaker

41. Attacks makes the cyber world
more secure
More we learn about attacks
the more we can know how to
make secure

42. Acknowledgements
• Thanks to Prof. Heiko Knospe for tips, advices and for the more than
enough LAB equipments
• Also thanks to the PYTHEM tool developer who supported me
through E-Mail communication
• To make the web page I have used Apache server, My SQL Database
and php language.
nazmul@engineer.com