a study of the tls ecosystem
play

A study of the TLS ecosystem Olivier Levillain ANSSI / Tlcom - PowerPoint PPT Presentation

Apr 02, 2023 •365 likes •1.07k views

A study of the TLS ecosystem Olivier Levillain ANSSI / Tlcom SudParis / Edite September 23th 2016 O. Levillain (ANSSITSPEdite) A study of the TLS ecosystem 2016-09-23 1 / 44 SSL/TLS in a nutshell State of the art and focus on the

  1. A study of the TLS ecosystem Olivier Levillain ANSSI / Télécom SudParis / Edite September 23th 2016 O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 1 / 44

  2. SSL/TLS in a nutshell State of the art and focus on the Record Protocol Observation and analysis of the HTTPS ecosystem Implementation aspects and focus on the parsing problem Conclusion and perspectives

  3. SSL/TLS in a nutshell

  4. SSL/TLS in a nutshell Overview of the protocol SSL/TLS: a security protocol providing Client Server C l i e n t H e l l o ◮ server (and client) authentication l o H e l e r r v ◮ data confidentiality and integrity S e e a t i c t i f e r C e o n o D e l l r H r v e S e Two phases C l i e n t K e y E x c h a n g e C h a n g e ◮ Handshake Protocol C i p h e r S p e c F i n i s h e d ◮ algorithm negotiation c p e ◮ server authentication e r S p h C i n g e h a C d ◮ key exchange s h e n i F i ◮ Record Protocol Application data ◮ application data exchanges O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 4 / 44

  5. SSL/TLS in a nutshell SSL/TLS: a basic block of Internet security Netscape IETF SSLv3 TLS 1.2 SSLv2 TLS 1.0 TLS 1.1 TLS 1.3 1995 1999 2006 2008 2016? 1994 A 20-year old protocol ◮ originally designed by Netscape to secure HTTP connections (SSL) ◮ maintained since 2001 by the IETF (TLS) ◮ now used for a broad spectrum of applications ◮ to secure almost every cleartext protocols ◮ to provide VPNs ◮ to authenticate peers in an EAP exchange O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 5 / 44

  6. SSL/TLS in a nutshell The complexity of the protocol The specifications (50+ RFCs) describe many variants ◮ 5 protocol versions ◮ 300+ ciphersuites ◮ 20+ extensions ◮ interesting features ◮ compression ◮ renegotiation ◮ session resumption (2 methods) A rich subject to study from different points of view O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 6 / 44

  7. Part I State of the art and focus on the Record Protocol

  8. State of the art and focus on the Record Protocol A history of vulnerabilities Overview Many flaws and attacks devised since 1995 ◮ it is hard to find relevant categories ◮ several issues may be considered in different categories The proposed categories are: ◮ flaws affecting the Handshake Protocol ◮ attacks against the Record Protocol ◮ certificate-related issues ◮ implementation bugs Publications describing the state of the art: [SSTIC 12, SSTIC 15] O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 8 / 44

  9. State of the art and focus on the Record Protocol A history of vulnerabilities Flaws affecting the Handshake Protocol SSLv3 TLS 1.2 SSLv2 TLS 1.0 TLS 1.1 TLS 1.3 1995 1999 2006 2008 2016? 1994 Weak crypto parameters • FREAK [BBD+15] • LogJam [ABD+15] • • First MD5 collisions [WY05] SLOTH [BL16] Specification flaws • • DROWN [ASS+16] Bleichenbacher • • • [Ble98] 3Shake [BDF+14] SSLv2 Insecure • down negotiation renegotiation KCI [HGFS15] Cross-protocol attacks • • • RSA/DHE DHE/ECDHE FREAK confusion confusion [BBD+15] [WS96] [MVVP12] O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 9 / 44

  10. State of the art and focus on the Record Protocol A history of vulnerabilities Attacks against the Record Protocol SSLv3 TLS 1.2 SSLv2 TLS 1.0 TLS 1.1 TLS 1.3 1995 1999 2006 2008 2016? 1994 CBC mode • • Rogaway BEAST • POODLE [Rog95] [DR11] [MDK14] • • Vaudenay Lucky 13 [Vau02] [AP13] Weak algorithms • Sweet32 • • • First RC4 biases TLS Plaintext Recovery with RC4 [ABP+13,IOWM13,GPdM15] Compression • CRIME [RD12] • TIME [BS13] • BREACH [PHG13] O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 10 / 44

  11. State of the art and focus on the Record Protocol Focus on the Record Protocol Description of the Record Protocol | P | < 2 14 Plaintext P Compression (optional) Compressed C | C | < | P | + 1024 MAC MAC C MAC C MAC Padding AEAD step Encryption (XOR) C MAC Pad Encryption (CBC mode) MAC’ed then MAC’ed then Padded Authenticated and Encrypted record then Encrypted record Encrypted record Stream cipher mode CBC mode AEAD mode O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 11 / 44

  12. State of the art and focus on the Record Protocol Focus on the Record Protocol Proofs of concept against the Record Protocol Considered attacks ◮ BEAST, exploiting CBC using implicit IV ◮ Lucky 13, a CBC padding oracle ◮ POODLE, an SSLv3-specific CBC padding oracle ◮ plaintext recovery using RC4 statistical biases ◮ CRIME and TIME, compression side-channel (client-side) ◮ TIME and BREACH, compression side-channel (server-side) O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 12 / 44

  13. State of the art and focus on the Record Protocol Focus on the Record Protocol Proofs of concept against the Record Protocol Considered attacks ◮ BEAST, exploiting CBC using implicit IV ◮ Lucky 13, a CBC padding oracle ◮ POODLE, an SSLv3-specific CBC padding oracle ◮ plaintext recovery using RC4 statistical biases ◮ CRIME and TIME, compression side-channel (client-side) ◮ TIME and BREACH, compression side-channel (server-side) All the attacks were illustrated by a PoC targeting HTTPS ◮ powerful (but realistic) attacker ◮ typical targets are authentication cookies O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 12 / 44

  14. State of the art and focus on the Record Protocol Focus on the Record Protocol BEAST: CBC using implicit IV Hypotheses: ◮ the connection uses CBC with implicit IV (TLS < 1.1) ◮ the attacker is able to observe encrypted packets ◮ the plaintext is partially controlled, adaptively ◮ multiple connections containing the secret can be triggered Proposed countermeasures: ◮ use TLS 1.1 ◮ use AEAD suites (requires TLS ≥ 1.2) ◮ use RC4 ◮ split the records O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 13 / 44

  15. State of the art and focus on the Record Protocol Focus on the Record Protocol RC4 statistical biases Hypotheses: ◮ the connection uses RC4 ◮ the attacker is able to observe encrypted packets ◮ multiple connections containing the secret can be triggered Proposed countermeasures: ◮ use AEAD suites (requires TLS ≥ 1.2) ◮ use CBC mode ◮ use another streamcipher ◮ randomise the secret location O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 14 / 44

  16. State of the art and focus on the Record Protocol Focus on the Record Protocol Record Protocol: the long-term solution | P | < 2 14 Plaintext P Compression (optional) Compressed C | C | < | P | + 1024 MAC MAC C MAC C MAC Padding AEAD step Encryption (XOR) C MAC Pad Encryption (CBC mode) MAC’ed then MAC’ed then Padded Authenticated and Encrypted record then Encrypted record Encrypted record RC4 Stream cipher mode CBC mode AEAD mode O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 15 / 44

  17. State of the art and focus on the Record Protocol Focus on the Record Protocol Record Protocol: the long-term solution | P | < 2 14 Plaintext P Compression (disabled) Compressed C | C | < | P | + 1024 MAC MAC C MAC C MAC Padding AEAD step Encryption (XOR) C MAC Pad Encryption (CBC mode) MAC’ed then MAC’ed then Padded Authenticated and Encrypted record then Encrypted record Encrypted record RC4 Stream cipher mode CBC mode AEAD mode O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 15 / 44

  18. State of the art and focus on the Record Protocol Focus on the Record Protocol Record Protocol: when TLS 1.2/AEAD is not an option In the absence of the long-term solution (e.g. for compatibility reasons) ◮ specific short-term fixes exist for most attacks ◮ we propose to avoid the repetition as a defense-in-depth mechanism The masking principle (borrowed from the side-channel community): ◮ instead of sending a secret s ◮ draw a random string m of the same length as s ◮ send ( m , s ⊕ m ) ◮ the intended value remains the same ◮ but the representation is different each time Publication describing MCookies and similar countermeasures: [ASIA-CCS 15] O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 16 / 44

  19. State of the art and focus on the Record Protocol Focus on the Record Protocol Application to HTTP cookies: MCookies Web application Client Server setcookie(’sid’, Set-Cookie: sid=C564A5F3EB ’C564A5F3EB’) Cookie: sid=C564A5F3EB sid=’C564A5F3EB’ Cookie: sid=C564A5F3EB sid=’C564A5F3EB’ O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 17 / 44

  20. State of the art and focus on the Record Protocol Focus on the Record Protocol Application to HTTP cookies: MCookies Web application Client Server setcookie(’sid’, Set-Cookie: sid=5437624523:9153C7B6C8 ’C564A5F3EB’) Cookie: sid=5437624523:9153C7B6C8 sid=’C564A5F3EB’ Set-Cookie: sid=CB06AE36CC:0E620BC527 Cookie: sid=CB06AE36CC:0E620BC527 sid=’C564A5F3EB’ Set-Cookie: sid=974113A1CE:5225B65225 O. Levillain (ANSSI–TSP–Edite) A study of the TLS ecosystem 2016-09-23 17 / 44

Recommend

Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS

Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS

New Zealand Pilot Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS What are the ecosystem services that our Auckland water Clients impact on and depended on ? What risks and opportunities arise to

256 views • 9 slides
Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of ecosystem g y y approach to fisheries and the adaptive management of the Shiretoko World Natural Heritage Site g

950 views • 37 slides
Ecosystem Services in the Greater Houston Region A case study analysis and recommendations for

Ecosystem Services in the Greater Houston Region A case study analysis and recommendations for

Ecosystem Services in the Greater Houston Region A case study analysis and recommendations for policy initiatives Ecosystem S ervices Ecosystems provide services through their natural processes that we all benefit from daily: Fresh water

312 views • 20 slides
The TELUS IoT Partner Ecosystem &amp; You Stephen Eyre, Director IoT Partner Ecosystem The next

The TELUS IoT Partner Ecosystem &amp; You Stephen Eyre, Director IoT Partner Ecosystem The next

The TELUS IoT Partner Ecosystem &amp; You Stephen Eyre, Director IoT Partner Ecosystem The next twenty years Click to edit Master title style Source: IDC Canada TELUS IoT Study, April 2014 Think about the years 1994-2014. Got it? The Internet

59 views • 4 slides
Understanding the Role of Cultural Networks within a Creative Ecosystem: A Canadian Case-Study

Understanding the Role of Cultural Networks within a Creative Ecosystem: A Canadian Case-Study

Understanding the Role of Cultural Networks within a Creative Ecosystem: A Canadian Case-Study Mary Blackstone, Sam Hage, and Ian McWilliams Presented at: 23 rd Annual ENCATC Conference, 2015 Lecce, Italy Saskatchewan Partnership for Arts

346 views • 9 slides
Land use changes and impacts on people, biodiversity and ecosystem services: Case study of the

Land use changes and impacts on people, biodiversity and ecosystem services: Case study of the

Land use changes and impacts on people, biodiversity and ecosystem services: Case study of the Nawa region in Cote dIvoire West Africa land use workshop Abuja, 24-25 th November 2016 Outline 2 Situation with forests and woodlands in West

616 views • 20 slides
The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust?

The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust?

The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust? - Robust features of Go - Fragile features of Go - Giving up - Well, actually: Erlang - A new hope About me Francesc Campoy (@francesc /

822 views • 57 slides
STUDY ON THE POTENCY OF BLUE CARBON ECOSYSTEM IN SOUTHERN COAST OF NORTH SULAWESI FOR CLIMATE

STUDY ON THE POTENCY OF BLUE CARBON ECOSYSTEM IN SOUTHERN COAST OF NORTH SULAWESI FOR CLIMATE

13/09/2013 By. Terry L. Kepel, Agustin Rustam, Restu Nur Afi Ati, August Daulat, M. Astrid. K, Peter M dan Andreas A. Hutahaean STUDY ON THE POTENCY OF BLUE CARBON ECOSYSTEM IN SOUTHERN COAST OF NORTH SULAWESI FOR CLIMATE CHANGE MITIGATION

542 views • 13 slides
Status of the Study Interagency Study Team Modeling Group Meeting April 20, 2010 Study Purpose

Status of the Study Interagency Study Team Modeling Group Meeting April 20, 2010 Study Purpose

Minnesota River Basin Integrated Watershed, Water Quality and Ecosystem Restoration Study Status of the Study Interagency Study Team Modeling Group Meeting April 20, 2010 Study Purpose To bring local, state and federal entities together

366 views • 17 slides
Study of the Merger of Ecosystem Enhancement Program &amp; Clean Water Management Trust Fund

Study of the Merger of Ecosystem Enhancement Program &amp; Clean Water Management Trust Fund

North Carolina General Assembly Study of the Merger of Ecosystem Enhancement Program &amp; Clean Water Management Trust Fund Final Briefing June 2007 Highlights Merger of EEP and CWMTF not recommended; instead aggressively pursue

857 views • 42 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Forest ecosystem restoration achieved by large area plantation in South Korea Korea National

Forest ecosystem restoration achieved by large area plantation in South Korea Korea National

Case Study in Ecosystem Restoration Forest ecosystem restoration achieved by large area plantation in South Korea Korea National Arboretum Cho, Yong Chan Contents Contents Large scale ecosystem restoration in Korea Large scale ecosystem

253 views • 21 slides
Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and

Ecosystem Services Assessment Multifunctionality Valuation of Ecosystem services Methods and basis for Suitable for ecosystem services decisions: Monetary terms that we have good knowledge of and is (WTP-studies, cost-benefit

617 views • 4 slides
A Global Study of the Mobile Tracking Ecosystem (NDSS18) Abbas Razaghpanah, Rishab Nithyanand,

A Global Study of the Mobile Tracking Ecosystem (NDSS18) Abbas Razaghpanah, Rishab Nithyanand,

A Global Study of the Mobile Tracking Ecosystem (NDSS18) Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, Phillipa Gill Presenter: Xueqing Liu 1 Mobile Tracking 2 Mobile

751 views • 38 slides
Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services

Biodiversity and ecosystem function Managing landscapes for multiple ecosystem services Christopher Philipson Twitter @PhilipsonChris Biodiversity and ecosystem function: the grassland experiments Cedar Creek in North America

578 views • 25 slides
Ecosystem Natural Capital Accounting (3) Presentation of the Mauritius pilot study 2013 on

Ecosystem Natural Capital Accounting (3) Presentation of the Mauritius pilot study 2013 on

SUB-REGIONAL CAPACITY BUILDING WORKSHOP ON SUSTAINABLE FINANCE AND RESOURCE MOBILIZATION FOR BIODIVERSITY FOR CARICOM MEMBER STATES ST. JOHNS, ANTIGUA AND BARBUDA 18 - 21 MAY 2015 Ecosystem Natural Capital Accounting (3) Presentation of the

508 views • 17 slides
Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL CAPITAL ACCOUNTS: A QUICK START PACKAGE

SUB-REGIONAL CAPACITY BUILDING WORKSHOP ON SUSTAINABLE FINANCE AND RESOURCE MOBILIZATION FOR BIODIVERSITY FOR CARICOM MEMBER STATES ST. JOHNS, ANTIGUA AND BARBUDA 18 - 21 MAY 2015 Ecosystem Natural Capital Accounting (2) ECOSYSTEM NATURAL

438 views • 31 slides
Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services?

Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services?

Capturing Coral Reef and Related Ecosystem Services What are ecosystem goods and services? Provisioning Regulating Cultural Support Benefits that people get from nature Why value ecosystem services? A. National wealth accounts

213 views • 17 slides
The Increasing Importance of Ecosystem Services Pavan Sukhdev Study Leader TEEB CEO GIST

The Increasing Importance of Ecosystem Services Pavan Sukhdev Study Leader TEEB CEO GIST

www.corp2020.com @Corp2020 Swedbank, Stockholm 26 th September 2013 The Increasing Importance of Ecosystem Services Pavan Sukhdev Study Leader TEEB CEO GIST Advisory www.corp2020.com @Corp2020 Courtesy : Yann-Arthus Bertrand,

411 views • 24 slides
Genetic principles for improving restoration success Thematic study on ecosystem restoration

Genetic principles for improving restoration success Thematic study on ecosystem restoration

Genetic principles for improving restoration success Thematic study on ecosystem restoration for FAO Riina Jalonen 29 April 2014 Why are genetic considerations important for restoration success? Genetic diversity is the foundation for:

412 views • 18 slides
Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark

Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark

System of Environmental-Economic Accounting Session 3: Ecosystem service classification and links to ecosystem functions and conditions Mark Eigenraam UNSD Forum of Experts in SEEA Experimental Ecosystem Accounting United Nations

508 views • 22 slides
Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type

Tab Q, No. 4(a) https://www.st.nmfs.noaa.gov/ecosystems/ebfm/ebfm-myths Several Ecosystem Type Initiatives Ecosystem Status Report Ecosystem Regional Roadmap National Ecosystem Policy January 2018 S taff outlined other

310 views • 12 slides
Cheakamus Community Forest Ecosystem Based Management Case Study BC Land Summit, May 2009 The

Cheakamus Community Forest Ecosystem Based Management Case Study BC Land Summit, May 2009 The

Cheakamus Community Forest Ecosystem Based Management Case Study BC Land Summit, May 2009 The Opportunity BC Ministry of Forests Community Forest Program Joint Partnership: Lilwat Nation, Squamish Nation &amp; Resort Municipality

470 views • 27 slides
TOWARDS EXCELLENCE IN INNOVATION ECOSYSTEM SF2 : EXCELLENCE IN INNOVATION ECOSYSTEM UNIMAS

TOWARDS EXCELLENCE IN INNOVATION ECOSYSTEM SF2 : EXCELLENCE IN INNOVATION ECOSYSTEM UNIMAS

TOWARDS EXCELLENCE IN INNOVATION ECOSYSTEM SF2 : EXCELLENCE IN INNOVATION ECOSYSTEM UNIMAS STRATEGY MAP 2016 2020 To become an exemplary university of internationally acknowledged stature and a scholarly institution of choice for both

1.29k views • 39 slides

More recommend