some thoughts on ssl tls from a nearly 6 year phd student
play

Some thoughts on SSL/TLS from a (nearly) 6-year PhD student Olivier - PowerPoint PPT Presentation

Nov 22, 2022 •263 likes •1.09k views

Some thoughts on SSL/TLS from a (nearly) 6-year PhD student Olivier Levillain ANSSI 2015-11-23 O. Levillain (ANSSI) SSL/TLS 2015-11-23 1 / 40 Who am I? Olivier Levillain ( @pictyeye ) M2 internship in cryptography: study of a hash

  1. Some thoughts on SSL/TLS from a (nearly) 6-year PhD student Olivier Levillain ANSSI 2015-11-23 O. Levillain (ANSSI) SSL/TLS 2015-11-23 1 / 40

  2. Who am I? Olivier Levillain ( @pictyeye ) ◮ M2 internship in cryptography: study of a hash function ◮ member of the systems lab at ANSSI (2007-2012) ◮ head of the network lab at ANSSI (2012-2015) ◮ head of the training center (CFSSI) (2015-) Research ◮ part of the low-level x86 security work (SMM/ACPI) ◮ PhD student working on SSL/TLS since 2011 ◮ Participation to languages studies since 2007 ◮ some work on binary parsers Teaching ◮ cryptography: hash function and cryptanalysis ◮ systems module for the CFSSI ◮ courses on SSL/TLS, and more recently on secure development O. Levillain (ANSSI) SSL/TLS 2015-11-23 2 / 40

  3. ANSSI ANSSI (French Network and Information Security Agency) has InfoSec (and no Intelligence) missions: ◮ detect and early react to cyber attacks ◮ prevent threats by supporting the development of trusted products and services ◮ provide reliable advice and support ◮ communicate on information security threats and the related means of protection These missions concern: ◮ governmental entities ◮ companies ◮ the general public O. Levillain (ANSSI) SSL/TLS 2015-11-23 3 / 40

  4. TLS: a quick tour Two decades of SSL/TLS vulnerabilities Authentication and key exchange Symmetric crypto vulnerabilites Implementation bugs Implementation bugs Classical errors Higher-level errors The real burden of obsolete cryptography State machine bugs Conclusion

  5. TLS: a quick tour SSL/TLS: an essential building block of Internet ◮ https:// invented by Netscape in 1995 ◮ the beginning of the e-commerce ◮ Massive usage of SSL/TLS today ◮ HTTPS, well beyond e-commerce websites ◮ A way to secure other protocols (SMTP, IMAP, LDAP...) ◮ SSL VPN ◮ EAP TLS O. Levillain (ANSSI) SSL/TLS 2015-11-23 5 / 40

  6. TLS: a quick tour SSL/TLS: an essential building block of Internet ◮ https:// invented by Netscape in 1995 ◮ the beginning of the e-commerce ◮ Massive usage of SSL/TLS today ◮ HTTPS, well beyond e-commerce websites ◮ A way to secure other protocols (SMTP, IMAP, LDAP...) ◮ SSL VPN ◮ EAP TLS ◮ SSL ( Secure Sockets Layer ) or TLS ( Transport Layer Security ) ? ◮ SSLv2 (1995) and v3 (1996) designed by Netscape ◮ TLS 1.0 (2001) a.k.a. SSLv3.1, handled by IETF ◮ New revisions since: 1.1 (2006), 1.2 (2008) and 1.3 (2016?) O. Levillain (ANSSI) SSL/TLS 2015-11-23 5 / 40

  7. TLS: a quick tour Fonctionnement du protocole Client Server O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  8. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  9. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o l o e l r H v e e r S e a t i c i f r t C e n e D o l o e l r H v e e r S O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  10. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o l o e l r H v e e r S e a t i c i f r t C e n e D o l o e l r H v e e r S C l i e n t K e y E x c h a n g e O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  11. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o l o e l r H v e e r S e a t i c i f r t C e n e D o l o e l r H v e e r S C l i e n t K e y E x c h a n g e C h a n g e C i p h e r S p e c F i n i s h e d O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  12. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o l o e l r H v e e r S e a t i c i f r t C e n e D o l o e l r H v e e r S C l i e n t K e y E x c h a n g e C h a n g e C i p h e r S p e c F i n i s h e d e c p r S h e i p e C n g h a C d h e i s i n F O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  13. TLS: a quick tour Fonctionnement du protocole Client Server C l i e n t H e l l o l o e l r H v e e r S e a t i c i f r t C e n e D o l o e l r H v e e r S C l i e n t K e y E x c h a n g e C h a n g e C i p h e r S p e c F i n i s h e d e c p r S h e i p e C n g h a C d h e i s i n F Application data O. Levillain (ANSSI) SSL/TLS 2015-11-23 6 / 40

  14. TLS: a quick tour Some figures about SSL/TLS ◮ More than 50 RFC ◮ 5 protocol versions for the moment ◮ More than 300 ciphersuites ◮ More than 20 extensions ◮ Some interesting features ◮ compression ◮ renegotiation ◮ session resumption (2 methods) ◮ A dozen well known implementations ◮ How many home-made implementations ? O. Levillain (ANSSI) SSL/TLS 2015-11-23 7 / 40

  15. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  16. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  17. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  18. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  19. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  20. TLS: a quick tour Home-made SSL/TLS stacks (1/3) What can a TLS server answer to a client proposing the following ciphersuites: AES128-SHA and ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) The explanation is a little sad: ◮ a ciphersuite is a 16-bit integer ◮ until (relatively) recently, all ciphersuites were of the form 00 XX ◮ so why bother with the most significant byte? O. Levillain (ANSSI) SSL/TLS 2015-11-23 8 / 40

  21. TLS: a quick tour Home-made SSL/TLS stacks (2/3) ◮ In 2010, Google proposed some extensions, False Start and Snap Start ◮ After several months, the Internet seemed intolerant to Snap Start ◮ The proposal was withdrawn in 2012 O. Levillain (ANSSI) SSL/TLS 2015-11-23 9 / 40

  22. TLS: a quick tour Home-made SSL/TLS stacks (2/3) ◮ In 2010, Google proposed some extensions, False Start and Snap Start ◮ After several months, the Internet seemed intolerant to Snap Start ◮ The proposal was withdrawn in 2012 ◮ One year later, the same problem reappears in another context ◮ On the WG mailing list ( tls@ietf.org ), someone speaks up and explains the issue: the ClientHello is too big... O. Levillain (ANSSI) SSL/TLS 2015-11-23 9 / 40

  23. TLS: a quick tour Home-made SSL/TLS stacks (3/3) Here is the beginning of a 258-byte long ClientHello 16 03 01 01 02 TLS Type Version Length HS TLS 1.0 258 SSLv2 Length Pad. Type 5635 ... CH A TLS ClientHello with a size between 256 and 511 can be seen as an SSLv2 ClientHello ! O. Levillain (ANSSI) SSL/TLS 2015-11-23 10 / 40

  24. TLS: a quick tour Home-made SSL/TLS stacks (3/3) Here is the beginning of a 258-byte long ClientHello 16 03 01 01 02 TLS Type Version Length HS TLS 1.0 258 SSLv2 Length Pad. Type 5635 ... CH A TLS ClientHello with a size between 256 and 511 can be seen as an SSLv2 ClientHello ! In the end, all is well ◮ Google’s new proposal: an extension to pad ClientHello ... O. Levillain (ANSSI) SSL/TLS 2015-11-23 10 / 40

  25. TLS: a quick tour Two decades of SSL/TLS vulnerabilities Authentication and key exchange Symmetric crypto vulnerabilites Implementation bugs Implementation bugs Classical errors Higher-level errors The real burden of obsolete cryptography State machine bugs Conclusion

  26. Two decades of SSL/TLS vulnerabilities A brief history of SSL/TLS vulnerabilities O. Levillain (ANSSI) SSL/TLS 2015-11-23 12 / 40

  27. Two decades of SSL/TLS vulnerabilities A brief history of SSL/TLS vulnerabilities ◮ 1995: down-negotiation in SSLv2 ◮ 2009: renegotiation attack O. Levillain (ANSSI) SSL/TLS 2015-11-23 12 / 40

  28. Two decades of SSL/TLS vulnerabilities A brief history of SSL/TLS vulnerabilities ◮ 1995: down-negotiation in SSLv2 ◮ 2009: renegotiation attack ◮ 2014: Triple Handshake (attack mixing renegotiation and session resumption) O. Levillain (ANSSI) SSL/TLS 2015-11-23 12 / 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Opening Thoughts These two chapters are going to span 20 years Comprised of two 7-year

Opening Thoughts These two chapters are going to span 20 years Comprised of two 7-year

The Birthing of a Nation and the Shaping of Its Leader GENESIS 29:1-30:43 Opening Thoughts These two chapters are going to span 20 years Comprised of two 7-year marriage contracts and a 6-year serve and release agreement

692 views • 22 slides
SUCCESS STRATEGIES IN INRW USING CONNECT EMILY PEEBLES YOUR THOUGHTS AND NEEDS On your

SUCCESS STRATEGIES IN INRW USING CONNECT EMILY PEEBLES YOUR THOUGHTS AND NEEDS On your

INCORPORATING STUDENT SUCCESS STRATEGIES IN INRW USING CONNECT EMILY PEEBLES YOUR THOUGHTS AND NEEDS On your notecard, make a list of student success issues that your students tend to have each semester. Examples asking questions

678 views • 14 slides
ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no

ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no

RESTORATION OF ALL THINGS Lindy Strong THOUGHTS ARE ENERGY Thoughts are Energy Thought energy has no boundary. Your thoughts are not confined to a certain location. We would like to think that our private thoughts are in fact

1.33k views • 92 slides
UAA FIRST YEAR EXPERIENCE 15 Interviews 7 First-Year 7 First-Year 8 Second-Year 8 Second-Year

UAA FIRST YEAR EXPERIENCE 15 Interviews 7 First-Year 7 First-Year 8 Second-Year 8 Second-Year

UAA FIRST YEAR EXPERIENCE 15 Interviews 7 First-Year 7 First-Year 8 Second-Year 8 Second-Year 10 attended New Student Orientation. 7 took GUID150 Creating 14 said with confidence that Success in College. they will continue at UAA. 7

258 views • 15 slides
Welcome back to the new academic year Student Experience The new Student Centre opened in

Welcome back to the new academic year Student Experience The new Student Centre opened in

LONDONS GLOBAL UNIVERSITY Provosts View : Welcome back to the new academic year Student Experience The new Student Centre opened in February Our students made nearly 1,500 nominations for the Student Choice Awards

115 views • 10 slides
Your thoughts on your school! Pupil Survey Results Spring 2018 Year 5 and 6 Perform at 10

Your thoughts on your school! Pupil Survey Results Spring 2018 Year 5 and 6 Perform at 10

Your thoughts on your school! Pupil Survey Results Spring 2018 Year 5 and 6 Perform at 10 Downing Street-2017 1 The Questionnaire- What questions were you (pupils) asked to respond to? 1. I feel safe at school 2. I learn exciting and new

419 views • 10 slides
Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares

Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares

Isaiah 55:8-9 8. For My thoughts are not your thoughts, neither are your ways My ways, declares the LORD. 9. For as the heavens are higher than the earth, so are My ways higher than your ways and My thoughts than your thoughts. Trusting God

444 views • 18 slides
Parents of a First- Year Student Sean Hendricks Director of Academic Transition and Support

Parents of a First- Year Student Sean Hendricks Director of Academic Transition and Support

First-Time Parents of a First- Year Student Sean Hendricks Director of Academic Transition and Support Programs 1 What the Research Tells Us about First-Year Students New student goals for first year in order of priority: Make friends and

365 views • 17 slides
Some Thoughts on HFIP Bob Gall Thanks! For putting up with me for the last six years , For

Some Thoughts on HFIP Bob Gall Thanks! For putting up with me for the last six years , For

Some Thoughts on HFIP Bob Gall Thanks! For putting up with me for the last six years , For helping to create a Hurricane Project that I believe has been very successful I will be mostly retiring at the end of the year Vijay will be

529 views • 27 slides
5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for

5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for

5 Thoughts on Staying Sharp and Relevant Some thoughts and ideas on learning and thinking for todays IT pros Scott Lowe, VCDX 39 vExpert, Author, Blogger, Geek http://blog.scottlowe.org / Twitter: @scott_lowe Before we start Get

279 views • 15 slides
Your First Year at NC State Lets chat about New Student Checklist New Student &

Your First Year at NC State Lets chat about New Student Checklist New Student &

Your First Year at NC State Lets chat about New Student Checklist New Student & Family Orientation Summer Start Pre-Semester & Fall Semester Programs How to Connect with NSP and #NCState22 Timeline Overview New

430 views • 14 slides
Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees

Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees

Random thoughts Some random thoughts and Encourage use of formal methods: Guarantees -> liability -> insurance -> proof some potentially relevant Develop software ecosystem with few, composable, secure elements wrapping

578 views • 3 slides
2017-2018 End of Year Celebration for Prayer & Thoughts: Nancy Brieger Restoration Covenant

2017-2018 End of Year Celebration for Prayer & Thoughts: Nancy Brieger Restoration Covenant

2017-2018 End of Year Celebration for Prayer & Thoughts: Nancy Brieger Restoration Covenant Church Old Town Elementary Literacy Partner Coordinator and Literacy Partner, Coach, Pastor Liaison Education Connection Overview: Amy Hagen, LMSW

244 views • 20 slides
The Importance of Implementing First Year Student Mentoring Programs for Minorities 36 th Annual

The Importance of Implementing First Year Student Mentoring Programs for Minorities 36 th Annual

The Importance of Implementing First Year Student Mentoring Programs for Minorities 36 th Annual Conference on the First Year Experience Challenges that lead to student departure Personal (undisciplined and unmotivated) Social (alienation,

149 views • 4 slides
Campus-Wide Collaboration for Campus-Wide Collaboration for First Year Student Success First

Campus-Wide Collaboration for Campus-Wide Collaboration for First Year Student Success First

Campus-Wide Collaboration for Campus-Wide Collaboration for First Year Student Success First Year Student Success Provide an overview of first year initiatives at Bowling Green State University Offer examples of collaborative efforts

378 views • 15 slides
Welcom e to Year Three! Year 3 Induction Overview Support and Key Contacts Student

Welcom e to Year Three! Year 3 Induction Overview Support and Key Contacts Student

Welcom e to Year Three! Year 3 Induction Overview Support and Key Contacts Student Representation Health and Safety Curriculum and Assessment Empirical Project in Detail Coursework Submission, Marking, and

591 views • 46 slides
Technology to Bridge the Integration Gap Christopher Benitez, MD Clayton Chau, MD, PhD Ricardo

Technology to Bridge the Integration Gap Christopher Benitez, MD Clayton Chau, MD, PhD Ricardo

eConsult Update: Utilizing Technology to Bridge the Integration Gap Christopher Benitez, MD Clayton Chau, MD, PhD Ricardo Mendoza, MD Gary Tsai, MD, Disclosure Drs. Benitez, Chau, Mendoza and Tsai have no relevant financial relationships

591 views • 40 slides
1 Bibliographic utility history at UW Law Library CRITERIA USED FOR EVALUATING BIBLIOGRAPHIC

1 Bibliographic utility history at UW Law Library CRITERIA USED FOR EVALUATING BIBLIOGRAPHIC

Workflow Workflow diagram #1 diagram #1 Selection of new vendor Tenth Annual Innovative Users Group Meeting April 27 - 30, 2002 Houston, Texas Title: System Migration Challenges: INN-Reach, RLIN and OCLC Establish migration timeline

828 views • 3 slides
Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology

Reproducible Tools and Workflows Thomas J. Leeper Senior Visiting Fellow in Methodology Methodology Department London School of Economics and Political Science 1720 February 2020 Tools well see this week R, RStudio

2.03k views • 174 slides
Applied Statistical Analysis EDUC 6050 Week 1 Finding clarity using data Welcome 1. What is

Applied Statistical Analysis EDUC 6050 Week 1 Finding clarity using data Welcome 1. What is

Applied Statistical Analysis EDUC 6050 Week 1 Finding clarity using data Welcome 1. What is quantitative research? 2. How does data inform our world? 3. How are data analyzed? 2 Data, Data, Data, Data, Data, ... Tesla Autopilot 3 Data,

330 views • 21 slides
Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files ! Physical Linked Sequential Files ! COBOL rasitjutrakul Sequential Files " Logically the records are stored consecutively Physical sequential file

335 views • 22 slides
ASIC Development @ GSI Holger Flemming Experiment Electronic / ASIC-Design 1 1 The GSI ASIC

ASIC Development @ GSI Holger Flemming Experiment Electronic / ASIC-Design 1 1 The GSI ASIC

ASIC Development @ GSI Holger Flemming Experiment Electronic / ASIC-Design 1 1 The GSI ASIC Design Group Since 2002 part of experiment electronics department 5 Team members 4 designer 1 technician CAD tools (via

449 views • 12 slides
The NJOY Processing Code A.C. (SKIP) KAHLER LOS ALAMOS NATIONAL LABORATORY (RETIRED) KAHLER

The NJOY Processing Code A.C. (SKIP) KAHLER LOS ALAMOS NATIONAL LABORATORY (RETIRED) KAHLER

The NJOY Processing Code A.C. (SKIP) KAHLER LOS ALAMOS NATIONAL LABORATORY (RETIRED) KAHLER NUCLEAR DATA SERVICES, LLC ICTP/IAEA WORKSHOP ON THE EVALUATION OF NUCLEAR DATA FOR APPLICATIONS TRIESTE, ITALY OCTOBER 2 13, 2017 Outline

714 views • 53 slides
Reformulations in Mathematical Programming Leo Liberti LIX, Ecole Polytechnique, France CTW

Reformulations in Mathematical Programming Leo Liberti LIX, Ecole Polytechnique, France CTW

Reformulations in Mathematical Programming Leo Liberti LIX, Ecole Polytechnique, France CTW 2008 p. 1 Summary of Talk Motivation Definitions and results Symmetry-breaking narrowing example Applications and perspectives CTW

389 views • 24 slides

More recommend