secure socket layer health assessment
play

Secure Socket Layer Health Assessment Mick Pouw, Eric van den Haak - PowerPoint PPT Presentation

Mar 09, 2024 •304 likes •497 views

Introduction Research Conclusion Demo Questions Secure Socket Layer Health Assessment Mick Pouw, Eric van den Haak February 5, 2014 Introduction Research Conclusion Demo Questions Introduction 1 Background Research Questions

  1. Introduction Research Conclusion Demo Questions Secure Socket Layer Health Assessment Mick Pouw, Eric van den Haak February 5, 2014

  2. Introduction Research Conclusion Demo Questions Introduction 1 Background Research Questions Research 2 Implementing SSL, the right way Common mistakes Classifying mistakes Implementation Conclusion 3 Future work Demo 4

  3. Introduction Research Conclusion Demo Questions Background Background Tilburg University Lots of SSL/TLS services No quick SSL service checking (Manually) Existing tools lack possibility of integrating in existing monitoring software or lack in rating What about a new tool?

  4. Introduction Research Conclusion Demo Questions Research Questions How can we determine SSL “health” of a server side implementation? How can we determine a “bad” SSL implementation? What mistakes are commonly made by server administrators regarding implementing SSL? How can we classify these mistakes? How can we develop a tool that automates checking the SSL “health” of a server side implementation?

  5. Introduction Research Conclusion Demo Questions Implementing SSL, the right way Implementing SSL, the right way Certificates Protocols Server settings

  6. Introduction Research Conclusion Demo Questions Implementing SSL, the right way Certificates Subject Validity (Chain of) Trust Hash algorithm Debian weak key Revocation

  7. Introduction Research Conclusion Demo Questions Implementing SSL, the right way Protocols SSLv2 must be disabled SSLv3 should be disabled, backwards compatibility TLSv1.0 should be enabled TLSv1.1 should be enabled TLSv1.2 should be enabled

  8. Introduction Research Conclusion Demo Questions Implementing SSL, the right way Server Settings Compression (Crime) RC4 (Randomness) MD5 (Collision) Strong key size (Brute force) Perfect forward Secrecy (Future decryption)

  9. Introduction Research Conclusion Demo Questions Common mistakes Common mistakes Test Percentage passed Signature hash algorithm 100% Certificate (chain) trusted 100% Certificate is valid 100% No Debian weak keys 100% Subject name matches 91% Compression disabled 100% Cipher suites do not contain MD5 57% Perfect forward secrecy available 46% Cipher suites do not contain RC4 17% Key length at least 128bits 89% SSLv2 disabled 94% SSLv3 disabled 3% TLSv1.0 enabled 97% TLSv1.1 enabled 63% TLSv1.2 enabled 63%

  10. Introduction Research Conclusion Demo Questions Classifying mistakes Determining a test Weight (0 < = weight < = 100) Required (Show-stopper) Example test Name Example Proposition Requirement in order to pass the test Weight 50 Required No

  11. Introduction Research Conclusion Demo Questions Classifying mistakes Formulas { requiredtests } ⊂ { passedtests } (1) The set of all required tests has to be a subset of all passed tests. N � p i i =1 100 ∗ (2) M � t j j =1 Where p is a set of all weights of the passed tests and t is a set of all weights of all performed tests.

  12. Introduction Research Conclusion Demo Questions Classifying mistakes Classification Description Weight Required Signature hash algorithm 80 No Certificate (chain) trusted 0 Yes Certificate is valid 0 Yes No Debian weak keys 100 No Subject name matches 0 Yes Compression disabled 50 No Cipher suites do not contain MD5 50 No Perfect forward secrecy available 50 No Cipher suites do not contain RC4 80 No Key length at least 128bits 80 No SSLv2 disabled 100 No SSLv3 disabled 30 No TLSv1.0 enabled 75 No TLSv1.1 enabled 100 No TLSv1.2 enabled 100 No

  13. Introduction Research Conclusion Demo Questions Implementation Proof of Concept Python Used software SSLyze OpenSSL Curl Modular framework Tests Output

  14. Introduction Research Conclusion Demo Questions Implementation Running the tool! Entire Tilburg University IPv4 space SURFnet IDP page hosts Score SURFconext UvT < 40% 5 27 40-50% 8 1 50-60% 82 64 60-70% 9 6 70-80 % 13 1 > 80 % 20 32

  15. Introduction Research Conclusion Demo Questions Conclusions Found a new way of determining SSL “Health” Developed a proof of concept that assess SSL services

  16. Introduction Research Conclusion Demo Questions Future work Future work Start TLS Server Name Indication (SNI) for HTTPS Improve framework’s dependencies

  17. Introduction Research Conclusion Demo Questions Demo

  18. Introduction Research Conclusion Demo Questions Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common

SSL and TLS SSL Secure Socket Layer TLS Transport Layer Security The common standards for securing network applications in Internet E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

2.93k views • 13 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security (TLS)

604 views • 42 slides
Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network

547 views • 16 slides
Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file

Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file

Socket Programming CS457, FA 11 What is a socket? Basically, a socket is just a file descriptor that your application can use to read and write data from. Stream and Datagram sockets provide an interface to the transport layer of the

419 views • 14 slides
What is a socket? Socket Programming Socket: An interface between an application process and

What is a socket? Socket Programming Socket: An interface between an application process and

What is a socket? Socket Programming Socket: An interface between an application process and transport layer The application process can send/receive messages to/from another application process (local or remote)via a socket Kameswari

331 views • 6 slides
Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final

Outline ! Socket basics ! TCP sockets ! Socket details ! Socket options Computer Networks ! Final notes Sockets Socket Basics Ports ! An end-point for a IP network connection ! Numbers (vary in BSD, Solaris): what the application layer

318 views • 5 slides
ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides
Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2.

Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2.

Socket Service Types The following socket types are defined: 1. SOCK_STREAM : stream socket 2. SOCK_DGRAM : datagram socket 3. SOCK_RAW : raw-protocol interface 4. SOCK_RDM : reliably-delivered message 5. SOCK_SEQPACKET : sequenced packet stream

307 views • 27 slides
Application layer: Roadmap Principles of network applications Web and HTTP FTP

Application layer: Roadmap Principles of network applications Web and HTTP FTP

Application Layer Application layer: Roadmap Principles of network applications Web and HTTP FTP Electronic Mail SMTP, POP3, IMAP DNS P2P applications Socket programming with UDP Socket programming with TCP 79

463 views • 27 slides
Chapter 2: Application layer 2.1 Principles of network 2.6 P2P applications applications

Chapter 2: Application layer 2.1 Principles of network 2.6 P2P applications applications

Chapter 2: Application layer 2.1 Principles of network 2.6 P2P applications applications 2.7 Socket app architectures programming with app requirements TCP 2.2 Web and HTTP 2.8 Socket 2.4 Electronic Mail

464 views • 20 slides
Chapter 2: Application layer Chapter 2 Application Layer 2.1 Principles of 2.6 P2P

Chapter 2: Application layer Chapter 2 Application Layer 2.1 Principles of 2.6 P2P

Chapter 2: Application layer Chapter 2 Application Layer 2.1 Principles of 2.6 P2P applications network applications 2.7 Socket programming 2.2 Web and HTTP with TCP 2.3 FTP 2.8 Socket programming with UDP with UDP

733 views • 29 slides
Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons SSH Secure shell (remote login) IPSec IP Security suite, originally for use with IPv6 SSL/TLS Secure Sockets Layer / Transport Layer

322 views • 18 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 Lecture 12 Transport Layer Security/ Secure Socket Layer (TLS/SSL)

615 views • 23 slides
Flavors Library for Fast Parallel Lookup Using Custom Radix Trees Presentation ID 23269 Albert

Flavors Library for Fast Parallel Lookup Using Custom Radix Trees Presentation ID 23269 Albert

Flavors Library for Fast Parallel Lookup Using Custom Radix Trees Presentation ID 23269 Albert Wolant Warsaw University of Technology GTC Europe 11 October 2017 1 Acknowledgements Krzysztof Kaczmarski, Ph.D - my Ph.D thesis advisor

1.31k views • 93 slides
PROCUREMENT SERIES: PART I JABSOM Administrators Meeting (JAM) Thursday, August 2, 2018, 9:30

PROCUREMENT SERIES: PART I JABSOM Administrators Meeting (JAM) Thursday, August 2, 2018, 9:30

PROCUREMENT SERIES: PART I JABSOM Administrators Meeting (JAM) Thursday, August 2, 2018, 9:30 am MEB 315 Auditorium PROCUREMENT SERIES: PART I What is Procurement? Micro-Purchases Source Selection Methods Showcase: SPO Price

429 views • 20 slides
Belmont Park Redevelopment Project Update Summary of Public Comments on General Project Plan and

Belmont Park Redevelopment Project Update Summary of Public Comments on General Project Plan and

Belmont Park Redevelopment Project Update Summary of Public Comments on General Project Plan and Draft Environmental Impact Statement 7/8/2019 7/11/2019 Key Project Components (from DEIS and Dec GPP) Key Components from the DEIS 18,000

431 views • 11 slides
New York 10 April 2018 2 Forward looking statements All statements in this presentation that are

New York 10 April 2018 2 Forward looking statements All statements in this presentation that are

2018 Investor Day New York 10 April 2018 2 Forward looking statements All statements in this presentation that are not statements of historical fact are forward -looking statements within the meaning of the U.S. Private Securities

911 views • 69 slides
AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer

AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer

AFRINIC (r)DNSSEC Infrastructure ...and how we (silently) migrated a signer Amreesh Phokeer amreesh@afrinic.net R&amp;D ICANN-59 (28 June 2017) 1 African RIR RIR for the African and Indian Ocean region Community-driven through policy

610 views • 18 slides
Rijndael for AES Vincent Rijmen Joan Daemen COSIC Proton World Security Intrinsic

Rijndael for AES Vincent Rijmen Joan Daemen COSIC Proton World Security Intrinsic

Rijndael for AES Vincent Rijmen Joan Daemen COSIC Proton World Security Intrinsic security: no algorithm has been broken Implementation attacks (e.g., DPA): Table-lookup and XOR operations only Rijndael lends itself to secure

515 views • 3 slides
Second Presentation to Task Force: Key Findings from System Analysis September 19, 2017 CSG

Second Presentation to Task Force: Key Findings from System Analysis September 19, 2017 CSG

Second Presentation to Task Force: Key Findings from System Analysis September 19, 2017 CSG Justice Center Presenters Nina Salomon, Project Manager, Juvenile Justice Nancy Arrigona, Research Manager Rebecca Cohen, PhD, Research Manager Shanelle

819 views • 68 slides
MACALESTER COLLEGE DEWITT WALLACE LIBRARY SPACE SURVEY &amp; FEEDBACK FALL 2019 HGA MACALESTER

MACALESTER COLLEGE DEWITT WALLACE LIBRARY SPACE SURVEY &amp; FEEDBACK FALL 2019 HGA MACALESTER

MACALESTER COLLEGE DEWITT WALLACE LIBRARY SPACE SURVEY &amp; FEEDBACK FALL 2019 HGA MACALESTER COLLEGE DEWITT WALLACE LIBRARY PROGRAMMING &amp; PLANNING LIBRARY SPACE PLANNING GROUP o Karine Moe , Provost and Dean of Faculty o Angi Faiks ,

761 views • 52 slides

More recommend