SSL Research with Bro Johanna Amann International Computer Science - PowerPoint PPT Presentation

SSL Research with Bro Johanna Amann International Computer Science Institute johanna@icir.org http://www.icir.org/johanna

SSL Client Server Client hello Server hello Certificate (Server Key Exchg) Client Key Exchange Change Cipher Spec Finished Change Cipher Spec Finished Encrypted application data

SSL Client Server client_hello Client hello (extensions) server_hello Server hello (extensions) Certificate x509_* events (Server Key Exchg) ssl_handshake_message Client Key Exchange ssl_handshake_message Change Cipher Spec ssl_change_cipher_spec Finished ssl_encrypted_data Change Cipher Spec ssl_change_cipher_spec Finished ssl_encrypted_data Encrypted application data ssl_encrypted_data

Bro History Academic Host Context Time Machine Publications Summary Stats Enterprise Traffic HILTI DPI Concurrency Tor SSL PLC Modeling OCSP Speed TRW 
 Android Root Certs Certificate Ecosystem State Mgmt. Heart bleed TLS Electronic Comm. Bro Cluster 
 Independ. State Spicy Shunt NetControl Parallel Prototype Input Framework VAST Anonymizer 
 Active Mapping BinPAC Context Signat. Backdoors Stepping DPD SSL Trust USENIX Paper Stones Autotuning 2nd Path SSL Errors 2016 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2015 2014 v2.4 Broker, Plugins, v2.2 DTLS/KRB File Analysis v2.0 Vern writes Summary Stats v0.7a90 v1.5 User Experience v0.2 v0.8aX/0.9aX 
 v2.5, 1st line of v0.6 Profiling BroControl 1st CHANGES SSL/SMB SMB, NetControl, code RegExps v1.1/v1.2 State Mgmt entry STABLE releases VNC, StartTLS Login analysis when Stmt BroLite v2.1 Resource tuning v2.3 IPv6 Bro SDCI Broccoli Performance Input Framew. DPD SNMP, Radius, SSL++ v1.4 v0.4 
 v0.7a175/0.8aX v1.0 LBNL starts using Bro DHCP/BitTorrent HTTP analysis Signatures Bro Center BinPAC operationally HTTP entities Scan detector SMTP IRC/RPC analyzers NetFlow IP fragments 
 IPv6 support 64-bit support Bro Lite Deprecated Linux support User manual Sane version numbers v1.3 v0.7a48 0.8a37 Ctor expressions Communication Consistent CHANGES GeoIP Persistence Conn Compressor Namespaces Log Rotation

Bro SSL - v1.5.3 ssl_certificate_seen ssl_certificate ssl_conn_attempt ssl_conn_alert ssl_conn_server_reply ssl_conn_weak ssl_conn_established ssl_session_insertion ssl_conn_reused process_X509_extensions ssl_X509_error

Bro SSL - v1.5.3 Client Server ? Client hello Server hello Certificate ssl_certificate_seen ssl_certificate (Server Key Exchg) ssl_conn_attempt ssl_conn_alert Client Key Exchange ssl_conn_server_reply ssl_conn_weak Change Cipher Spec ssl_conn_established ssl_session_insertion Finished ssl_conn_reused process_X509_extensions Change Cipher Spec ssl_X509_error Finished Encrypted application data

Bro SSL - v2.0 client_hello server_hello ssl_session_ticket_handshake ssl_established x509_certificate ssl_extension ssl_alert

Bro SSL - v2.1 client_hello server_hello ssl_session_ticket_handshake ssl_established x509_certificate ssl_extension ssl_alert

Bro SSL - v2.1 Several bug fixes client_hello server_hello Parsing TLS server extensions works ssl_session_ticket_handshake More information in log file ssl_established x509_certificate ssl_extension ssl_alert

Bro SSL - v2.2 client_hello server_hello ssl_session_ticket_handshake ssl_established x509_certificate ssl_extension ssl_alert

Bro SSL - v2.2 Several bug fixes client_hello server_hello Client/server random available ssl_session_ticket_handshake ssl_established Support TLS 1.2 x509_certificate ssl_extension ssl_alert

Bro SSL - v2.3 client_hello server_hello ssl_session_ticket_handshake ssl_established x509_certificate ssl_extension ssl_alert

Bro SSL - v2.3 client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve

Bro SSL events - v2.4 client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve

Bro SSL events - v2.4 First DTLS support client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension TLS record layer fragmentation ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve

SSL Protocol Basics • Record based protocol • Records do not have to map to TCP packets • Record header is never encrypted, only payload is 
 (after the handshake is done) Type Version Length Payload Record Header

SSL Protocol Basics • Record based protocol Common record types: • Records do not have to map to TCP packets • Change Cipher Spec • Record header is never encrypted, only payload is 
 • Alert (after the handshake is done) • Handshake Type Version Length Payload • Application Data Record Header

SSL Protocol Basics • Record based protocol • Records do not have to map to TCP packets • Record header is never encrypted, only payload is 
 (after the handshake is done) Type Version Length Payload Record Header

Fragmentation Version: Length: Type: server_hello 1.2 66 Handshake

Fragmentation Version: Length: Version: Length: Type: Type: server_hello certificate 1.2 66 1.2 3804 Handshake Handshake

Fragmentation Version: Length: Version: Length: Version: Length: Type: Type: server_… ..hell.. o certificate 1.2 40 1.2 20 1.2 3810 Handshake Handshake

Bro SSL events - v2.5 client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve

Bro SSL events - v2.5 client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm

Bro SSL events - v2.5 Completely working DTLS support client_hello ssl_stapled_ocsp ssl_change_cipher_spec server_hello ssl_encrypted_data x509_extension More StartTLS ssl_session_ticket_handshake ssl_dh_server_params x509_ext_basic_constraints ssl_established ssl_change_cipher_spec x509_ext_subject_alternative_name x509_certificate ssl_handshake_message ssl_extension_elliptic_curves ssl_extension ssl_encrypted_data ssl_extension_application_layer_protocol_negotiation ssl_alert ssl_extension_ex_point_formats ssl_extension_server_name ssl_server_curve ssl_extension_signature_algorithm

ICSI Notary Outgoing SSL Sessions Internal Internet Network Bro Network Monitor Data Provider Collector Storage & Evaluation

Notary - Collected features Available ciphers Timestamp Version Analyzer Error Packet loss Hash(client session ID) Client & Server TLS extensions Selected cipher Hash(client IP , server IP) Content length Server certificates Hash(server session ID) Connection history Server IP Ticket lifetime hint Duration Server Name Indication Client EC curve Client EC point formats DH parameter size Number Client Certs Send & received bytes Client & Server ALPN TLS Alerts

Notary - Certificates

http://notary.icsi.berkeley.edu