SlideShare a Scribd company logo

CNIT 141: 13. TLS

Sam Bowne
Sam Bowne

A college class at CCSF More info: https://samsclass.info/141/141_F20.shtml

Education
1 of 53
Download to read offline
CNIT 141 Cryptography for Computer Networks 13. TLS Updated 11-19-20
New Projects and Topics
Topics • Target Applications and Requirements • The TLS Protocol Suite • TLS 1.3 Improvements Over TLS 1.2 • The Strengths of TLS Security • How Things Can Go Wrong
TLS • Protects communications at layer 4 • Can carry any type of content • Email, Web traffic, mobile apps, ... • Machine-to-machine comms for IoT
TLS Vulnerabilities • TLS grew too big and bloated • Many attacks • Heartbleed • BEAST • CRIME • POODLE
TLS 1.3 • Overhaul of protocol • Removed unnecessary features • Replaced old algorithms • Simpler, faster, and more secure
Target Applications and Requirements
Secure Channel • TLS ensures that data is confidential, authenticated, and unmodified • Prevents MiTM attacks • By authenticating servers with trusted Certificate Authorities
Four Requirements • Efficient • Minimizing CPU load compared to unencrypted comms • Interoperable • Work on any hardware or OS • Extensible • Support additional features & algorithms • Versatile • Not bound to any specific application
The TLS Protocol Suite
Transport Layer • TLS is not in the transport layer • It's above layer 4, adding security to it • Can run over TCP or UDP • UDP version is called DTLS • Datagram Transport Layer Security
History • SSL: began in 1995, from Netscape • SSL 2.0 and SSL 3.0 had security flaws • Should no longer be used • TLS • TLS 1.0 (1999): least secure • TLS 1.1 (2006): better but contains weak algorithms
TLS 1.2 • From 2008 • Better than previous versions • Complex and hard to configure • Supports AES-CBC, vulnerable to padding oracle attacks • Inherited dozens of features and design choices from earlier versions • TLS 1.3 is a major overhaul and improvement
TLS in a Nutshell • Record protocol • Data encapsulation • Handshake protocol • Key agreement
TLS Handshake • From Cloudflare (link Ch 13a)
Hello • ClientHello • Lists ciphers available • ServerHello • Selects a cipher to use
ClientHello
ServerHello
Certificates and Certificate Authorities (CA) • Server uses a certificate to authenticate itself • Verified by a CA • CA's public keys hard-coded into browsers • Trusted third party
Certificate
Certificate Chain
Record Protocol
Zero Padding • Adds zeroes to plaintext for short messages • Mitigates traffic analysis • Deducing contents from message size
TLS 1.3 Cryptographic Algorithms • Three types of algorithms are used • Authenticated encryption • Key derivation function • Hash function that derives secret keys from a shared secret • A Diffie-Hellman operation
Authenticated Ciphers • TLS 1.3 supports only three algorithms • AES-GCM • AES-CCM • Slightly less efficient than AES-GCM • ChaCha20 stream cipher • Combined with Poly1305 MAC • Secret key can be 128 or 256 bits • Unsafe 64-bit or 80-bit keys not allowed
Key Derivation Function (KDF) • HKDF, based on HMAC • Uses SHA-256 or SHA-384
Diffie-Hellman Two Options • Elliptic Curve • With the three NIST curves, or • Curve25519, or Curve448 • Group of integers modulo a prime number • Traditional Diffie-Hellman • 2048 - 8192 bits • Security of 2048-bit group is weak link • Less than 100 bits
TLS 1.3 Improvements Over TLS 1.2
Removed Weak Algorithms • MD5, SHA-1 • RC4, AES-CBC • MAC-then-Encrypt alorithms • Like HMAC-SHA-1 • Replaces with authenticated ciphers • More efficient and secure
Removed Insecure Feature • Optional data compression • Enabled the CRIME attack • Length of the compressed message leaked information about contents
New Features • That make TLS 1.3 more secure • Downgrade protection • Single round-trip handshake • Session resumption
Downgrade Attack • MiTM attacker modifies ClientHello I want TLS 1.3 Sending ServerHello for TLS 1.1 Send her TLS 1.1 instead
Downgrade Protection • To prevent this, 8 bytes in the ServerHello denote the TLS version • They are cryptographically signed so the MiTM can't change them • The client can check them to see what TLS version is being provided
Single Round-Trip Handshake • In TLS 1.2 • Client sends some data, waits for response • Client sends more data, waits for response • TLS 1.3 combines it all into one round-trip • Saves time
Session Resumption • Leverages the pre-shared key exchanged in a previous session • To bootstrap a new session • Two benefits • Client can start encrypting immediately • No need for certificates
The Strengths of TLS Security
Authentication • TLS 1.3 handshake authenticates the server with a certificate and CA • Client is not authenticated, but can authenticate after the TLS handshake with: • Username & password in a TLS record • Secure cookie over TLS • A client certificate (rarely used)
Forward Secrecy • TLS 1.3 provides forward secrecy in both a data leak and a breach • If an attacker can steal a client's RAM • Exposes keys and secrets for the current session • And any old sessions still stored in RAM • Solution: use Secure Strings
• Provided by Microsoft • Since 2005 in .NET 2.0 • Link Ch 13b
How Things Can Go Wrong
Compromised CA • Happened in 2011 to DigiNotar • CA's private key compromised • Attacker created fake certificates for Google services
Compromised Client • Attacker who controls client can • Capture session keys • Read decrypted data • Or install a rogue CA certificate
Bugs in Implementation • Heartbleed • Leaked secrets from HTTPS servers in 2014
Improving TLS • SSL Labs TLS test • Lets you test any site's certificate • Or a browser's TLS configuration • Let's Encrypt • Free TLS certificates for everyone
CNIT 141: 13. TLS
CNIT 141: 13. TLS
CNIT 141: 13. TLS
CNIT 141: 13. TLS

Recommended

CNIT 129S Ch 7: Attacking Session Management
CNIT 129S Ch 7: Attacking Session ManagementCNIT 129S Ch 7: Attacking Session Management
CNIT 129S Ch 7: Attacking Session ManagementSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
CNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingCNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingSam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 

Recommended

CNIT 129S Ch 7: Attacking Session Management
CNIT 129S Ch 7: Attacking Session ManagementCNIT 129S Ch 7: Attacking Session Management
CNIT 129S Ch 7: Attacking Session ManagementSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman CNIT 141 11. Diffie-Hellman
CNIT 141 11. Diffie-Hellman Sam Bowne
 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
CNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingCNIT 141: 7. Keyed Hashing
CNIT 141: 7. Keyed HashingSam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Ch 7: Attacking Session Management
Ch 7: Attacking Session ManagementCh 7: Attacking Session Management
Ch 7: Attacking Session ManagementSam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacksn|u - The Open Security Community
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network EvidenceCNIT 152: 9 Network Evidence
CNIT 152: 9 Network EvidenceSam Bowne
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
 
Ip sec
Ip secIp sec
Ip secshifanabasheer
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsSam Bowne
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
CNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceCNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceSam Bowne
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 

More Related Content

What's hot

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Ch 7: Attacking Session Management
Ch 7: Attacking Session ManagementCh 7: Attacking Session Management
Ch 7: Attacking Session ManagementSam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network EvidenceCNIT 152: 9 Network Evidence
CNIT 152: 9 Network EvidenceSam Bowne
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsSam Bowne
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsSam Bowne
 
CNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceCNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceSam Bowne
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanSam Bowne
 

What's hot (20)

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
Cryptography101
Cryptography101Cryptography101
Cryptography101
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
Ch 7: Attacking Session Management
Ch 7: Attacking Session ManagementCh 7: Attacking Session Management
Ch 7: Attacking Session Management
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacks
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network EvidenceCNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
 
Ip sec
Ip secIp sec
Ip sec
 
Key management
Key managementKey management
Key management
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End Components
 
CNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android ApplicationsCNIT 128 9. Writing Secure Android Applications
CNIT 128 9. Writing Secure Android Applications
 
CNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise ServiceCNIT 152 10 Enterprise Service
CNIT 152 10 Enterprise Service
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 

Similar to CNIT 141: 13. TLS

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptxAmnaNadeem27
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
transportlayersecuritytls-150801104256-lva1-app6892.pdf
transportlayersecuritytls-150801104256-lva1-app6892.pdftransportlayersecuritytls-150801104256-lva1-app6892.pdf
transportlayersecuritytls-150801104256-lva1-app6892.pdfpjeraids
 

Similar to CNIT 141: 13. TLS (20)

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Parallel and distributed computing .pptx
Parallel and distributed computing .pptxParallel and distributed computing .pptx
Parallel and distributed computing .pptx
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Unit08
Unit08Unit08
Unit08
 
Transportsec
TransportsecTransportsec
Transportsec
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
transportlayersecuritytls-150801104256-lva1-app6892.pdf
transportlayersecuritytls-150801104256-lva1-app6892.pdftransportlayersecuritytls-150801104256-lva1-app6892.pdf
transportlayersecuritytls-150801104256-lva1-app6892.pdf
 

More from Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 

Recently uploaded (20)

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 

CNIT 141: 13. TLS

  • 1. CNIT 141 Cryptography for Computer Networks 13. TLS Updated 11-19-20
  • 3. Topics • Target Applications and Requirements • The TLS Protocol Suite • TLS 1.3 Improvements Over TLS 1.2 • The Strengths of TLS Security • How Things Can Go Wrong
  • 4. TLS • Protects communications at layer 4 • Can carry any type of content • Email, Web traffic, mobile apps, ... • Machine-to-machine comms for IoT
  • 5. TLS Vulnerabilities • TLS grew too big and bloated • Many attacks • Heartbleed • BEAST • CRIME • POODLE
  • 6. TLS 1.3 • Overhaul of protocol • Removed unnecessary features • Replaced old algorithms • Simpler, faster, and more secure
  • 8. Secure Channel • TLS ensures that data is confidential, authenticated, and unmodified • Prevents MiTM attacks • By authenticating servers with trusted Certificate Authorities
  • 9. Four Requirements • Efficient • Minimizing CPU load compared to unencrypted comms • Interoperable • Work on any hardware or OS • Extensible • Support additional features & algorithms • Versatile • Not bound to any specific application
  • 11. Transport Layer • TLS is not in the transport layer • It's above layer 4, adding security to it • Can run over TCP or UDP • UDP version is called DTLS • Datagram Transport Layer Security
  • 12. History • SSL: began in 1995, from Netscape • SSL 2.0 and SSL 3.0 had security flaws • Should no longer be used • TLS • TLS 1.0 (1999): least secure • TLS 1.1 (2006): better but contains weak algorithms
  • 13. TLS 1.2 • From 2008 • Better than previous versions • Complex and hard to configure • Supports AES-CBC, vulnerable to padding oracle attacks • Inherited dozens of features and design choices from earlier versions • TLS 1.3 is a major overhaul and improvement
  • 14. TLS in a Nutshell • Record protocol • Data encapsulation • Handshake protocol • Key agreement
  • 15. TLS Handshake • From Cloudflare (link Ch 13a)
  • 16. Hello • ClientHello • Lists ciphers available • ServerHello • Selects a cipher to use
  • 19.
  • 20. Certificates and Certificate Authorities (CA) • Server uses a certificate to authenticate itself • Verified by a CA • CA's public keys hard-coded into browsers • Trusted third party
  • 24. Zero Padding • Adds zeroes to plaintext for short messages • Mitigates traffic analysis • Deducing contents from message size
  • 25. TLS 1.3 Cryptographic Algorithms • Three types of algorithms are used • Authenticated encryption • Key derivation function • Hash function that derives secret keys from a shared secret • A Diffie-Hellman operation
  • 26. Authenticated Ciphers • TLS 1.3 supports only three algorithms • AES-GCM • AES-CCM • Slightly less efficient than AES-GCM • ChaCha20 stream cipher • Combined with Poly1305 MAC • Secret key can be 128 or 256 bits • Unsafe 64-bit or 80-bit keys not allowed
  • 27. Key Derivation Function (KDF) • HKDF, based on HMAC • Uses SHA-256 or SHA-384
  • 28. Diffie-Hellman Two Options • Elliptic Curve • With the three NIST curves, or • Curve25519, or Curve448 • Group of integers modulo a prime number • Traditional Diffie-Hellman • 2048 - 8192 bits • Security of 2048-bit group is weak link • Less than 100 bits
  • 30. Removed Weak Algorithms • MD5, SHA-1 • RC4, AES-CBC • MAC-then-Encrypt alorithms • Like HMAC-SHA-1 • Replaces with authenticated ciphers • More efficient and secure
  • 31. Removed Insecure Feature • Optional data compression • Enabled the CRIME attack • Length of the compressed message leaked information about contents
  • 32. New Features • That make TLS 1.3 more secure • Downgrade protection • Single round-trip handshake • Session resumption
  • 33. Downgrade Attack • MiTM attacker modifies ClientHello I want TLS 1.3 Sending ServerHello for TLS 1.1 Send her TLS 1.1 instead
  • 34. Downgrade Protection • To prevent this, 8 bytes in the ServerHello denote the TLS version • They are cryptographically signed so the MiTM can't change them • The client can check them to see what TLS version is being provided
  • 35. Single Round-Trip Handshake • In TLS 1.2 • Client sends some data, waits for response • Client sends more data, waits for response • TLS 1.3 combines it all into one round-trip • Saves time
  • 36. Session Resumption • Leverages the pre-shared key exchanged in a previous session • To bootstrap a new session • Two benefits • Client can start encrypting immediately • No need for certificates
  • 37.
  • 38. The Strengths of TLS Security
  • 39. Authentication • TLS 1.3 handshake authenticates the server with a certificate and CA • Client is not authenticated, but can authenticate after the TLS handshake with: • Username & password in a TLS record • Secure cookie over TLS • A client certificate (rarely used)
  • 40. Forward Secrecy • TLS 1.3 provides forward secrecy in both a data leak and a breach • If an attacker can steal a client's RAM • Exposes keys and secrets for the current session • And any old sessions still stored in RAM • Solution: use Secure Strings
  • 41. • Provided by Microsoft • Since 2005 in .NET 2.0 • Link Ch 13b
  • 42. How Things Can Go Wrong
  • 43. Compromised CA • Happened in 2011 to DigiNotar • CA's private key compromised • Attacker created fake certificates for Google services
  • 44.
  • 45.
  • 46.
  • 47. Compromised Client • Attacker who controls client can • Capture session keys • Read decrypted data • Or install a rogue CA certificate
  • 48. Bugs in Implementation • Heartbleed • Leaked secrets from HTTPS servers in 2014
  • 49. Improving TLS • SSL Labs TLS test • Lets you test any site's certificate • Or a browser's TLS configuration • Let's Encrypt • Free TLS certificates for everyone