cse 127 introduction to security
play

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan - PowerPoint PPT Presentation

May 24, 2023 •513 likes •1.29k views

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from Nadia Heninger, Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS

  1. CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from Nadia Heninger, Dan Boneh, Stefan Savage

  2. Reminder: Network Attacker Threat Model Network Attacker: • Controls infrastructure: Routers, DNS • Eavesdrops, injects, drops, or modifies packets Examples: • Wifi at internet cafe • Internet access at hotels Goal: Establish a secure channel to a host that ensures • Confidentiality and Integrity of messages • Authentication of the remote host

  3. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data c = AES k e ( m ) , t = MAC k m ( c )

  4. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data • To negotiate shared symmetric keys: Diffie-Hellman key exchange. Key Derivation Function (KDF) maps shared secret to symmetric key. g a g b c = AES k e ( m ) , t = MAC k m ( c ) k e , k m = KDF( g ab ) k e , k m = KDF( g ab )

  5. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data • To negotiate shared symmetric keys: Diffie-Hellman key exchange. Key Derivation Function (KDF) maps shared secret to symmetric key. • To ensure authenticity of endpoints: Digital Signatures g a g b RSApub B , Sign B ( g a , g b ) c = AES k e ( m ) , t = MAC k m ( c ) k e , k m = KDF( g ab ) k e , k m = KDF( g ab )

  6. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data • To negotiate shared symmetric keys: Diffie-Hellman key exchange. Key Derivation Function (KDF) maps shared secret to symmetric key. • To ensure authenticity of endpoints: Digital Signatures g a g b RSApub B , Sign B ( g a , g b ) c = AES k e ( m ) , t = MAC k m ( c ) k e , k m = KDF( g ab ) k e , k m = KDF( g ab ) How does Alice know to trust Bob’s public signing key?

  7. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Meet in person to exchange keys. • Not practical at scale over the internet

  8. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Fingerprint verification • Verify a cryptographic hash of a public key through a separate channel, or “trust on first use” (TOFU). • This is used by SSH for host keys. nadiah$ ssh portal.cs.princeton.edu @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for portal.cs.princeton.edu has changed, and the key for the corresponding IP address 128.112.155.171 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:9yBBea9Z0ER6asvvtNf6fRXVra6LOQ3OVZLtYKVpNc8. Please contact your system administrator.

  9. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Fingerprint verification • Verify a cryptographic hash of a public key through a separate channel, or “trust on first use” (TOFU). • This is used by SSH for host keys. • This is also used by encrypted messaging apps like Signal

  10. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Hard code public keys in software • “Certificate pinning” used by browsers

  11. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Certificate Authorities

  12. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Certificate Authorities • A CA is a kind of commercial/non-profit trusted intermediary. • Certificate Authorities verify public keys and sign them.

  13. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Certificate Authorities • A CA is a kind of commercial/non-profit trusted intermediary. • Certificate Authorities verify public keys and sign them. • If you trust the CA, you transitively trust the keys it signs. • This is used for TLS, software signing keys.

  14. Public Key Infrastructure: Establishing Trust in Keys Ways to establish trust in keys: • Web of Trust • In a WoT, you establish trust in intermediaries of your choice. • You then transitively trust the keys they sign. • This is used by PGP. nadiah$ gpg --edit-key rivest@csail.mit.edu gpg> trust pub 1024D/567B4BAD created: 2010-12-19 expires: never usage: SC trust: unknown validity: unknown sub 1024g/EFE31B86 created: 2010-12-19 expires: never usage: E [ unknown] (1). Ronald L Rivest <rivest@csail.mit.edu> Please decide how far you trust this user to correctly verify other users’ keys (by looking at passports, checking fingerprints from different sources, etc.) 1 = I don’t know or won’t say 2 = I do NOT trust 3 = I trust marginally 4 = I trust fully 5 = I trust ultimately m = back to the main menu Your decision?

  15. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data • To negotiate shared symmetric keys: DH key exchange • To ensure authenticity of endpoints: Digital Signatures g a g b RSApub B , Sign B ( g a , g b ) c = AES k e ( m ) , t = MAC k m ( c ) k e , k m = KDF( g ab ) k e , k m = KDF( g ab )

  16. Constructing a secure encrypted channel • To ensure confidentiality and integrity: Encrypt and MAC data • To negotiate shared symmetric keys: DH key exchange • To ensure authenticity of endpoints: Digital Signatures • To ensure an adversary can’t reuse a signature later, add some random unique values (“nonces”) random r a , g a random r b , g b RSApub B , Sign B ( g a , g b , r a , r b ) c = AES k e ( m ) , t = MAC k m ( c ) k e , k m = KDF( g ab ) k e , k m = KDF( g ab ) This is not exactly what TLS looks like, but it’s similar.

  17. TLS: Transport Layer Security • TLS provides an encrypted channel for application data. • Used for HTTPS: HTTP inside of a TLS session • Used to be called SSL (Secure Sockets Layer) in the 90s. SSL 1.0 Terribly insecure; never released.

  18. TLS: Transport Layer Security • TLS provides an encrypted channel for application data. • Used for HTTPS: HTTP inside of a TLS session • Used to be called SSL (Secure Sockets Layer) in the 90s. SSL 1.0 Terribly insecure; never released. SSL 2.0 Released 1995; terribly insecure. SSL 3.0 Released 1996; insecure since 2014. TLS 1.0 Released 1999; deprecated and will be removed from major browsers in 2020. TLS 1.1 Released 2006; deprecated and will be removed from major browsers in 2020.

  19. TLS: Transport Layer Security • TLS provides an encrypted channel for application data. • Used for HTTPS: HTTP inside of a TLS session • Used to be called SSL (Secure Sockets Layer) in the 90s. SSL 1.0 Terribly insecure; never released. SSL 2.0 Released 1995; terribly insecure. SSL 3.0 Released 1996; insecure since 2014. TLS 1.0 Released 1999; deprecated and will be removed from major browsers in 2020. TLS 1.1 Released 2006; deprecated and will be removed from major browsers in 2020. TLS 1.2 Released 2008. Ok. TLS 1.3 Standardized in August 2018 and is being rolled out now; major change from TLS 1.2.

  20. TLS 1.2 with Diffie-Hellman Key Exchange Step 1: The client (browser) tells the server what kind of cryptography it supports. client hello: client random [list of cipher suites] Cipher suites: list of options like: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 This says to use • elliptic curve Diffie-Hellman for key exchange • RSA digital signatures • 128-bit AES for symmetric encryption • GCM (Galois Counter Mode) AES mode of operation • SHA-256 for hash function

  21. TLS 1.2 with Diffie-Hellman Key Exchange Step 1: The client (browser) tells the server what kind of cryptography it supports. client hello: client random [list of cipher suites] Cipher suites: list of options like: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Server cipher suite configuration can be confusing and difficult for sysadmins. Many insecure options like TLS_DHE_RSA_WITH_DES_CBC_SHA or TLS_NULL_WITH_NULL_NULL Subtle protocol errors around cipher suite negotiation.

  22. TLS 1.2 with Diffie-Hellman Key Exchange Step 2: The server tells the client which kind of cryptography it wishes to use. client hello: client random [list of cipher suites] server hello: server random, [cipher suite]

  23. TLS 1.2 with Diffie-Hellman Key Exchange Step 3: The server sends over its certificate which contains the server’s public key and signatures from a certificate authority. client hello: client random [list of cipher suites] server hello: server random, [cipher suite] certificate = public RSA key + CA signatures

  24. Certificates and Certificate Authorities in TLS Website public keys are encoded into certificates. Certificates signed by CAs. Browsers come with set of trusted CAs. To verify a certificate, browsers verify chain of digital certificates back to trusted root CA. Certificates typically valid for 3 months to multiple years.

  25. Sample certificate

  27. Who are we trusting?

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy &amp; Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science &amp; Engineering Web

522 views • 5 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

219 views • 5 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

419 views • 4 slides

More recommend