Upload
rodger-simmons
View
224
Download
1
Embed Size (px)
Citation preview
Overview
Encryption Methods AES (Advanced Encryption Standard) SSL (Secure Socket Layer) TLS (Transport Layer Security) TLS Advantage Over SSL Security Example Attacks Countermeasure
Asymmetric
Each user has two keysPrivatePublic
Public key stored in public databaseMessages encrypted with public key can
only be decrypted with private key.Encrypted with private -> decrypted with
public
Symmetric
No private/public Only means of decryption is if you have
the right key
Security issue in exchanging the key
Hashing Unique fixed length string of characters from
selected text
One way processCannot recreate document from hash
If anything changes in text, hash would change
Can be used to determine integrity of file
Suppose hash of a document was:
9c5292056062f70a2f14330cf4d30c7f
If anything at all changes in document a new hash is formed
91857f37a636882c78de9961e791c81a
Making it easy to tell if the message has been altered in any way
AES (Advanced Encryption Standard) Cryptographic algorithm used to protect
electronic data Block cipher that can encrypt and
decrypt information Capable of using keys of 128, 192, and
256 bits Encrypts data into blocks of 128 bits
Pseudo code
http://www.garykessler.net/library/crypto.html#fig17
in[] and out[]16-byte arrays with the plaintext and cipher text,
respectively. (According to the specification, both of these arrays are actually 4*Nb bytes in length but Nb=4 in AES.)
w[] array containing the key material and is 4*(Nr+1)
words in length. (Again, according to the specification, the multiplier is actually Nb.)
state[] a 2-dimensional array containing bytes in 4 rows
and 4 columns. (According to the specification, this arrays is 4 rows by Nb columns.)
SubBytes takes the value of a word within a State and
substitutes it with another value by a predefined S-box ShiftRows
circularly shifts each row in the State by some number of predefined bytes
MixColumnstakes the value of a 4-word column within the State
and changes the four values using a predefined mathematical function
AddRoundKeyXORs a key that is the same length as the block, using
an Expanded Key derived from the original Cipher Key
Walkthrough
This walkthrough is of Rijndael encryptionRijndael allows for both key and block sizes to
be chosen independently from the set of { 128, 160, 192, 224, 256 } bits. (And the key size does not in fact have to match the block size).
However, the block size must always be 128 bits in AES, and the key size may be either 128, 192, or 256 bits.
http://www.formaestudio.com/rijndaelinspector/
AES Flaw
2009 weakness identified Interesting in mathematical P.O.V.
Not really relevant in application Finding the key of AES is four times
easier than previously believed Steps to find = 8 followed by 37 zeroes
1 trillion machines each test 1 billion keys per second Would take more than 2 billion years to
recover AES-128 key Andrey Bogdanov (K.U.Leuven), Dmitry Khovratovich (Microsoft
Research), Christian Rechberger (ENS Paris)
SSL (Secure Socket Layer)
3 basic propertiesConnection is privatePeer’s identity can be authenticated using
asymmetric cryptographyConnection is reliable
○ message check using keyed Message Authentication Code (MAC)
Two layers: can include length description and content
Lowest Layer = SSL Record Protocol
Second Layer = Handshake Protocol
TLS (Transport Layer Security)
Two layersTLS Record ProtocolTLS Handshake Protocol
Encapsulates higher level protocols
TLS Record Protocol
Two basic properties
The connection is private○ Symmetric Data encryption
The connection is reliable○ Keyed MAC included in each message
TLS Handshake Protocol
Three basic properties Peer’s identity can be authenticated using
asymmetric or public key cryptography
The negotiation of a shared secret is secure
The negotiation is reliable
Advantage over SSL
Application protocol independentHigher level protocols can layer on top of it
transparently○ Decisions on how to initiate TLS handshaking
and how to interpret authentication certificates are left up to the designers of the higher level protocols
Browser sends message via SSL to bank server
Bank responds by sending a certificateIncludes banks public key
Browser authenticates certificate and generate random session keyUses this key to encrypt the data
Bank’s server receives session key and decryptsKey was sent encrypted by bank’s public keyBank uses private key to decrypt
Session key that now both bank and client know is used for rest of communication
Banks Didn’t Use SSL?As of 2006 a number of big banks were not requiring the use of SSL authentication
Bank of America Wachovia US Bank Chase American Express Etc.
SSL login form listed as optional
Outside the US at this time HSBC was the only known bank not to use SSL authentication
○ British multinational banking and financial services company
Specific MITM Attack
Victim visits site that uses TLS 1.0 and receives a cookie, this cookie injects the client-side BEAST (Browser Exploit Against SSL/TLS)
Attacker can now use a network sniffer to look for active TLS connectionsGrabs and decrypts the HTTPS cookie
○ Allows attacker to hijack victim’s session with that site.
Solution
DifficultAttacks confidentiality VS authenticity like
most attacks
Requires major change in the protocol itself
There are some fixes, but they cause compatibility issue with some existing SSL applications
Man-in-the-browser
Malware already infecting user computerKicks in after user has logged onto siteHijack money and siphon it into criminal
accounts
Solution
Use a trusted browser
Can be stored on a flash drive
Since stored in own secure environment it is not susceptible to malware in the same way as a traditional browser
Countermeasure
Historically piecemeal approach
Generally recommends several defenses that support each other
Often creates gaps within the layer architecture leaving some elements exposed to threats
Some banks implement a secure USB token“provides secure online banking session even if
computer is riddled with malware”
Read-only portable USB device○ When plugged in encrypts the customers
keystrokes○ Launches virtualized OS○ Launches secure browser○ Launches a secure network between client and
bank server
This is an attempt to create a virtual machine that is walled off from the rest of the PC
Protection from clients system
Makes sense that banks would want to protect their customers, as they are often the weakest link and biggest threat vector
Conclusion
Be careful and aware
Pay attention and confirm site is legitimate
Security is evolving , but so are the attacks
References [1] HIPAA Collaborative of Wisconsin. (2010). The Basics of Encryption. Retrieved on March 22, 2012, from http://www.hipaacow.org/docs/encryption%20whitepaper%207.7.10.doc [2] NIST. (2001). Retrieved on March 22, 2012, from FIPS Publications website: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [3] Katholieke Universiteit Leuven (2011, August 17). First flaws in the Advanced Encryption Standard used for internet banking identified. ScienceDaily.
Retrieved on March 22, 2012, from http://www.sciencedaily.com /releases/2011/08/110817075424.htm [4] Dierks, T., & Rescorla, E. (2008, August). The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved on March 22, 2012, from http://tools.ietf.org/html/rfc5246 [5] Freier, A., & Karlton, P. (2011, August). The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved on March 22, 2012, from http://tools.ietf.org/html/rfc6101 [6] Onyszko, T. (2002, July 19). WindowsSecurity.com. Retrieved on March 23, 2012, from http://www.windowsecurity.com/articles/secure_socket_layer.html [7] Online banking security and technical frequently asked questions. (2012). Retrieved on March 23, 2012, from
http://www.bankofamerica.com/onlinebanking/index.cfm?adlink=&context=en&locale=&statecheck=WI&template=faq_security&cm_mmc=&cm_sp= [8] Ou, G. (2006, April 27). Many banks failing to use ssl authentication. Retrieved on March 23, 2012, from http://www.zdnet.com/blog/ou/many-banks-failing-to-use-ssl-authentication/201 [9] OWASP. (2009, April 23). The open web application security project. Retrieved on March 23, 2012, from https://www.owasp.org/index.php/Man-in-the-middle_attack [10] Fisher, D. (2011, September 19). threatpost. Retrieved on March 23, 2012, from
http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091911
[11] Bethlehem, D. (2012, February 12). Strong authentication by itself is not enough to prevent man-in-the-browser attacks. Retrieved on March 24, 2012, from http://data-protection.safenet-inc.com/2012/02/strong-
[12] Ramirez, D. (2007). Case study: Itu-t recommendation x.805 applied to an enterprise environment— banking. Bell Labs Technical Journal, 12(3), 55-64. [13] (2011). Securing the weakest link. Bank Technology News,24(6), 1 & 35.