securing internet communication tls dnssec
play

Securing Internet Communication: TLS & DNSSEC CS 161: Computer - PowerPoint PPT Presentation

Feb 20, 2024 •579 likes •1.51k views

Securing Internet Communication: TLS & DNSSEC CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic,

  1. Securing Internet Communication: TLS & DNSSEC CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca Portnoff, Nate Wang https://inst.eecs.berkeley.edu/~cs161 / April 11, 2017

  2. TLS Protocol Diagram: Q’s? Amazon Amazon Browser Browser Server Server Here ' s my cert SYN a t a d f o B K K C 3 - A 2 N ~ Y S PS { P S } K Amazon A C K MAC( dialog ,I B ) PS Hello. My rnd # = R B . I support (TLS+RSA+AES128+SHA256) or (SSL+DH+3DES+MD5) or … ) I , g o l a i S d ( C A M {M 1 , MAC(M 1 ,I B )} CB . Let ' s use TLS+RSA+AES128+SHA256 My rnd # = R S Here ' s my cert } ) I , CS M ( C S a A t M 2 a , d M f { o B 2 K 3 - 2 ~

  3. SSL / TLS Limitations • Properly used, SSL / TLS provides powerful end-to- end protections • So why not use it for everything ?? • Issues: – Cost of public-key crypto • Takes non-trivial CPU processing (but today a minor issue) • Note: symmetric key crypto on modern hardware is non-issue – Hassle of buying/maintaining certs (fairly minor) – DoS amplification • Client can force server to undertake public key operations • But: requires established TCP connection, and given that, there are often other juicy targets like back-end databases – Integrating with other sites that don’t use HTTPS – Latency : extra round trips ⇒ pages take longer to load

  4. SSL / TLS Limitations, con’t • Problems that SSL / TLS does not take care of ? • TCP-level denial of service (or any other DoS) – SYN flooding – RST injection • (but does protect against data injection!) • SQL injection / XSS / server-side coding/logic flaws • Browser coding/logic flaws • User flaws – Weak passwords – Phishing • Vulnerabilities introduced by HTTP compatibility …

  6. GET / HTTP/1.1 Host: www.amazon.com Cookie: ... HTTP/1.1 301 Moved Permanently Location: https://www.amazon.com/

  8. GET / HTTP/1.1 Host: www.amazon.com Cookie: ... HTTP/1.1 301 Moved Permanently Location: https://www.amazon.com/

  9. This is sent unprotected , using HTTP rather than HTTPS. A MITM a5acker can connect to Amazon using HTTPS, but relay the content to user using HTTP, altering whatever they wish. A5acker rewrites any embedded https : URLs to HTTP (“ sslstrip a5ack”). GET / HTTP/1.1 Host: www.amazon.com Cookie: ... HTTP/1.1 301 Moved Permanently Location: https://www.amazon.com/

  10. HTTP Strict Transport Security • To defend against sslstrip attacks, a web server can return (during HTTPS conn.) directive such as: Strict-Transport-Security: max-age=31536000 includeSubDomains • Directs browser to: – Only connect to that site using HTTPS (expires in 1yr) – Promote any HTTP links in pages to HTTPS – Don’t allow connections w/ cert errors to proceed • Similar to TOFU, requires safe initial connection – Otherwise, MITM attacker could strip out the header • Many browsers today use a predefined list of HSTS sites – see https://hstspreload.org/

  11. SSL / TLS Limitations, con’t • Problems that SSL / TLS does not take care of ? • TCP-level denial of service – SYN flooding – RST injection • (but does protect against data injection!) • SQL injection / XSS / server-side coding/logic flaws • Browser coding/logic flaws • User flaws – Weak passwords – Phishing • Vulnerabilities introduced by HTTP compatibility … • Issues of trust …

  12. TLS/SSL Trust Issues • “ Commercial certificate authorities protect you from anyone from whom they are unwilling to take money ” – Matt Blaze, circa 2001 • So how many CAs do we have to worry about, anyway?

  14. TLS/SSL Trust Issues • “ Commercial certificate authorities protect you from anyone from whom they are unwilling to take money ” – Matt Blaze, circa 2001 • So how many CAs do we have to worry about, anyway? • Of course, it’s not just their greed that matters …

  18. This appears to be a fully valid cert using normal browser validation rules. Only detected by Chrome due to its recent introduction of cert “ pinning ” - requiring that certs for certain domains must be signed by specific CAs rather than any generally trusted CA.

  20. TLS/SSL Trust Issues • “ Commercial certificate authorities protect you from anyone from whom they are unwilling to take money ” – Matt Blaze, circa 2001 • So how many CAs do we have to worry about, anyway? • Of course, it’s not just their greed that matters … • … and it’s not just their diligence & security that matters … – “ A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don’t even do that much. ” - Matt Blaze, circa 2010

  22. Note: the cert is “ forged ” in the sense that it doesn’t really belong to Gmail, PayPal, or whomever. But it does not appear forged because it includes a legitimate signature from a trusted CA. (Cert pinning will prevent this interception.)

  25. TLS/SSL Trust Issues • “ Commercial certificate authorities protect you from anyone from whom they are unwilling to take money ” – Matt Blaze, circa 2001 • So how many CAs do we have to worry about, anyway? • Of course, it's not just their greed that matters … • … and it's not just their diligence & security that matters … – “ A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. ” - Matt Blaze, circa 2010 • You also have to trust the developers of libraries … – Both for clients when validating certs …

  27. This is the code that verifies that the Diffie-Hellman parameters sent by the server have a valid signature per the public key in the server’s cert

  28. This part computes the hash over the D-H parameters to then compare against the signature

  29. Do you spot the bug?

  30. This code always executes !

  31. When it does, err = 0, so the function returns success …

  32. When it does, err = 0, so the function returns success … without actually checking the signature!

  33. No demonstration that server possesses private key ⟹ trivial MITM

  34. TLS/SSL Trust Issues • “ Commercial certificate authorities protect you from anyone from whom they are unwilling to take money ” – Matt Blaze, circa 2001 • So how many CAs do we have to worry about, anyway? • Of course, it's not just their greed that matters … • … and it's not just their diligence & security that matters … – “ A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much. ” - Matt Blaze, circa 2010 • You also have to trust the developers of libraries … – Both for clients when validating certs … – and servers when generating certs

  35. So only 32,768 possible private keys could be generated – and attackers could just enumerate them

  36. Survey found bug affected ~1.5% of HTTPS web server certs

  37. 5 Minute Break Questions Before We Proceed?

  38. Securing DNS Lookups • How can we ensure when clients look up names with DNS, they can trust answers they receive? • Idea #1: do DNS lookups over TLS – (assuming either we run DNS over TCP, or we use “ Datagram TLS ” )

  39. Securing DNS using SSL / TLS? root DNS server ( ' . ' ) Host at xyz.poly.edu wants IP address for 2 gaia.cs.umass.edu 3 TLD DNS server ( ' .edu ' ) 4 local DNS server 5 (resolver) 128.238.1.68 Idea: connections 6 7 {1,8}, {2,3}, {4,5} 1 8 authoritative DNS server and {6,7} all run ( ' umass.edu ' , ' cs.umass.edu ' ) over SSL / TLS dns.cs.umass.edu requesting host xyz.poly.edu gaia.cs.umass.edu

  40. Securing DNS Lookups • How can we ensure when clients look up names with DNS, they can trust answers they receive? • Idea #1: do DNS lookups over TLS – (assuming either we run DNS over TCP, or we use “ Datagram TLS ” ) – Issues? • Performance: DNS is very lightweight. TLS is not. • Caching: crucial for DNS scaling. But then how do we keep authentication assurances? – Object security vs. Channel security

  41. Securing DNS Lookups • How can we ensure when clients look up names with DNS, they can trust answers they receive? • Idea #1: do DNS lookups over TLS – (assuming either we run DNS over TCP, or we use “ Datagram TLS ” ) – Issues? • Performance: DNS is very lightweight. TLS is not. • Caching: crucial for DNS scaling. But then how do we keep authentication assurances? – Object security vs. Channel security • Idea #2: make DNS results like certs – I.e., a verifiable signature that guarantees who generated a piece of data; signing happens off-line

Recommend

Securing the Internet's Identifier Systems DNSSec and other short stories John Crain ICANN

Securing the Internet's Identifier Systems DNSSec and other short stories John Crain ICANN

Securing the Internet's Identifier Systems DNSSec and other short stories John Crain ICANN john.crain@icann.org 1 Criticality of the Domain Name System Most transactions on the Internet start with a user known name and use the DNS to

514 views • 18 slides
Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof. Raluca Ada Popa Feb 27, 2018 Some slides credit David Wagner Announcements Midterm grades released Regrades: Read the follow-ups on the

1.75k views • 156 slides
Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 31, 2011 Todays Lecture Applying crypto technology in

695 views • 51 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted

Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted

Securing Internet Communication: TLS CS 161: Computer Security Prof. Haojin Materials adopted from Prof. David Wagner 2018 Todays Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

623 views • 49 slides
Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Securing Internet Communication: TLS CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar,

873 views • 56 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet

Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet

Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Securing Internet Communication: TLS CS 161: Computer Security Prof. Raluca Ada Popa Feb 22, 2018 Some slides credit David Wagner Todays Lecture Applying crypto

869 views • 53 slides
Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina

Deploying New DNSSEC Algorithms ICANN 53 DNSSEC Workshop June 24, 2015 Buenos Aires, Argentina Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used in DNSSEC

490 views • 18 slides
Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech,

Challenges To Deploying New DNSSEC Algorithms ICANN 55 DNSSEC Workshop March 8, 2016 Marrakech, Morocco Dan York, Internet Society www.internetsociety.org/deploy360 DNSSEC Algorithms Used to generate keys for signing DNSKEY Used

417 views • 15 slides
Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany

Securing DNSSEC Keys via Threshold ECDSA From Generic MPC Kris Shrishak TU Darmstadt, Germany November 6, 2020 NIST Workshop on Multi-Party Threshold Schemes 2020 Based on work published at ESORICS20 with Anders Dalskov, Marcel Keller,

775 views • 63 slides
Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction

Deployment of DNSSEC at .ee ICANN 49: DNSSEC Workshop Timo Vhmar | 26.03.2014 | Introduction About Estonian Internet Foundation DNSSEC what, why, when Techie stuff Actual work Current situation | 26.03.2014 | Estonian

240 views • 9 slides
DNSSEC in the Reverse Tree @LACNIC Carlos Martinez - @carlosm3011 Why

DNSSEC in the Reverse Tree @LACNIC Carlos Martinez - @carlosm3011 Why

DNSSEC in the Reverse Tree @LACNIC Carlos Martinez - @carlosm3011 Why DNSSEC ? Securing the DNS system is both necessary and, right now, doable Root signed since 2010 No

473 views • 10 slides
ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP addresses. Human beings do not memorize IP

779 views • 23 slides
Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network connecting computers all over the world Data is sent in packets between machines Communication between computers is routed using the Internet

464 views • 7 slides
IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at the internet layer. Handles addressing and routing TCP: at the transport layer. Setting up channels (between ports), with traffic control, error-

292 views • 17 slides
DNSSEC Workshop Dan York, Internet Society | ICANN 55 | March 2016 Remote Participation Slides

DNSSEC Workshop Dan York, Internet Society | ICANN 55 | March 2016 Remote Participation Slides

DNSSEC Workshop Dan York, Internet Society | ICANN 55 | March 2016 Remote Participation Slides and audio streams at: https://meetings.icann.org/en/marrakech 55/schedule/wed-dnssec Live video stream via YouTube at:

578 views • 29 slides
IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet layer: addressing and routing Transport layer: Setting up channels (between ports), with traffic control, error-correction etc. TCP/IP for

676 views • 16 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Rolling Rolling the the Root Root Geoff Huston APNIC Use Use of of DNSSEC DNSSEC in in

Rolling Rolling the the Root Root Geoff Huston APNIC Use Use of of DNSSEC DNSSEC in in

Rolling Rolling the the Root Root Geoff Huston APNIC Use Use of of DNSSEC DNSSEC in in Todays Todays Internet Internet Why Why is is this this relevant? relevant? Because Because the root zone managers are preparing

788 views • 43 slides
.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

.SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the

. SE-DNSSEC . SEs DNSSEC service Staffan.Hagnell@iis.se .SE-DNSSEC Commercial launch of .SE-DNSSEC Feb 16, 2007 Signing Soft launch of service the .SE zone Sep 2005 2006 Start of project 2001 .SEs challenge To make DNSSEC

584 views • 24 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at the internet layer. Handles addressing and routing TCP: at the transport layer. Setting up channels (between

418 views • 21 slides
DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop

ICANN 50 DNSSEC in .at (and beyond) Panel discussion DNSSEC activities in Europe DNSSEC workshop Jun 25 2014 Alexander Mayrhofer London, UK alexander.mayrhofer@nic.at ICANN 50 DNSSEC Services n ccTLD: .at l DNSSEC in production

109 views • 10 slides
Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the

Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the

Accountable Internet Protocol Andersen et. al Presented by: Virajith Jalaparti Securing the Internet S-BGP, so-BGP, PG-BGP, StopIt, Listen & Whisper Fundamental Problem No Accountability Use CRYPTO!!! source spoofing

441 views • 12 slides

More recommend