we have all the pieces
play

We have all the pieces! Symmetric Encryption (privacy!) MACs - PowerPoint PPT Presentation

May 15, 2023 •448 likes •872 views

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

  1. CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. We have all the pieces! • Symmetric Encryption (privacy!) • MACs (integrity!) • Asymmetric Crypto (bootstrapping!) • Certificate Authorities (authenticity!) 11/4/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De facto standard for Internet security – “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications” • Deployed in every Web browser; also VoIP, payment systems, distributed systems, etc. 11/4/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. SSL/TLS • TLS is typically used on top of a TCP connection TLS • Can be used over other transport protocols 11/4/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. TLS Basics • TLS consists of two protocols – Familiar pattern for key exchange protocols • Handshake protocol – Use public-key cryptography to establish a shared secret key between the client and the server • Record protocol – Use the secret symmetric key established in the handshake protocol to protect communication between the client and the server 11/4/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Basic Handshake Protocol ClientHello Client announces (in plaintext): • Protocol version it is running • Cryptographic algorithms it supports • Fresh, random number S C 11/4/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. Basic Handshake Protocol C, version c , suites c , N c ServerHello Server responds (in plaintext) with: S • Highest protocol version supported by C both the client and the server • Strongest cryptographic suite selected from those offered by the client • Fresh, random number 11/4/16 CSE 484 / CSE M 584 - Fall 2016 7

  8. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , ServerKeyExchange S C Server sends its public-key certificate containing either its RSA, or his Diffie-Hellman public key (depending on chosen crypto suite) 11/4/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , certificate, “ ServerHelloDone ” S ClientKeyExchange C The client generates secret key material and sends it to the server encrypted with the server’s public key (if using RSA) 11/4/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Basic Handshake Protocol C, version c , suites c , N c version s , suite s , N s , certificate, “ ServerHelloDone ” S {Secret c } PKs if using RSA C C and S share secret key material (secret c ) at this point switch to keys derived switch to keys derived from secret c , N c , N s from secret c , N c , N s Finished Finished Record of all sent and received handshake messages 11/4/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. “Core” SSL 3.0 Handshake (Not TLS) C, version c =3.0, suites c , N c version s =3.0, suite s , N s , certificate, “ ServerHelloDone ” S {Secret c } PKs if using RSA C C and S share secret key material (secret c ) at this point switch to keys derived switch to keys derived from secret c , N c , N s from secret c , N c , N s Finished Finished 11/4/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. Version Rollback Attack C, version c = 2.0 , suites c , N c Version s = 2.0 , suite s , N s , Server is fooled into thinking he is communicating with a client who certificate, supports only SSL 2.0 “ ServerHelloDone ” S {Secret c } PKs if using RSA C C and S end up communicating using SSL 2.0 (weaker earlier version of the protocol that does not include “ Finished ” messages) 11/4/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. “Chosen-Protocol” Attacks • Why do people release new versions of security protocols? Because the old version got broken! • New version must be backward-compatible – Not everybody upgrades right away • Attacker can fool someone into using the old, broken version and exploit known vulnerability – Similar: fool victim into using weak crypto algorithms • Defense is hard: must authenticate version in early designs • Many protocols have had “version rollback” attacks – SSL, SSH, GSM (cell phones) 11/4/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. Version Check in SSL 3.0 C, version c =3.0, suites c , N c version s =3.0, suite s , N s , certificate for PK s , “ ServerHelloDone ” “ Embed ” version number into secret S C Check that received version is equal to the version in ClientHello {version c , secret c } PKs C and S share secret key material secret c at this point switch to key derived switch to key derived from secret c , N c , N s from secret c , N c , N s 11/4/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. Web Security! Big Picture: Browser and Network request website Browser reply OS Network Hardware The browser renders or executes arbitrary HTML, CSS, and Javascript send by hosts on the Internet. 11/4/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. Where Does the Attacker Live? request website Browser Network reply attacker Web attacker OS Network Malware attacker Hardware 11/4/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. All of These Should Be Safe • Safe to visit an evil website • Safe to visit two pages at the same time • Safe delegation 11/4/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. Building Blocks of the Web (and Web Security) • HTTP(S) • Cookies 11/4/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. HTTP: HyperText Transfer Protocol • Application layer protocol used by browsers and web servers • Stateless request/response protocol – Each request is independent of previous requests – Statelessness has a significant impact on design and implementation of applications 11/4/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. HTTP Request Method File HTTP version Headers GET /default.asp HTTP/1.0 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Connection: Keep-Alive If-Modified-Since: Sunday, 17-Apr-96 04:32:58 GMT Blank line Data – none for GET 11/4/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. HTTP Response HTTP version Status code Reason phrase Headers HTTP/1.0 200 OK Date: Sun, 21 Apr 1996 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Data Content-Type: text/html Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML> 11/4/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. HTTP Verbs • HTTP declares a number of “verbs” that clients can use to request or provide information – GET asks for a resource – POST sends information – HEAD gets metadata (headers) for a resource – Also: PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH 11/4/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. HTTP Resources • URL stands for Uniform Resource Locator • Specifies the location of a resource on a network – what server is it on, where is it on that server? • Resources could include HTML pages, images, data, etc. 11/4/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. HTTP Verbs • HTTP declares a number of “verbs” that clients can use to request or provide information – GET asks for a resource – POST sends information – HEAD gets metadata (headers) for a resource – Also: PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH 11/4/16 CSE 484 / CSE M 584 - Fall 2016 24

  25. HTTP Verbs • HTTP declares a number of “verbs” that clients can use to request or provide information – GET asks for a resource (Give me this image) – POST sends information – HEAD gets metadata (headers) for a resource – Also: PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH 11/4/16 CSE 484 / CSE M 584 - Fall 2016 25

  26. HTTP Verbs • HTTP declares a number of “verbs” that clients can use to request or provide information – GET asks for a resource (Give me this image) – POST sends information (I want to log in) – HEAD gets metadata (headers) for a resource – Also: PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH 11/4/16 CSE 484 / CSE M 584 - Fall 2016 26

  27. HTTP: HyperText Transfer Protocol • Application layer protocol used by browsers and web servers • Stateless request/response protocol – Each request is independent of previous requests – Statelessness has a significant impact on design and implementation of applications 11/4/16 CSE 484 / CSE M 584 - Fall 2016 27

  28. Cookies – Statefulness for HTTP A cookie is a file created by a website to store information in the browser POST login.cgi username and pwd Browser Server HTTP Header: Set-cookie: userID=Alice; GET restricted.html Browser Cookie: userID=Alice Server HTTP is a stateless protocol; cookies add state 11/4/16 CSE 484 / CSE M 584 - Fall 2016 28

  29. Cookie Format • Cookies are just KEY=VALUE pairs, e.g., – language=ENGLISH – userID=Alice – sessionID= 8113d906-62e8-49e1-80e1-65805cb51cab – adID= 9c740c60-8d88-4da6-bb83-041e95c1efac 11/4/16 CSE 484 / CSE M 584 - Fall 2016 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Look for pieces with the most character. When you draw you popcorn This will NOT do

Look for pieces with the most character. When you draw you popcorn This will NOT do

Look for pieces with the most character. When you draw you popcorn This will NOT do it!..its all two values. Study the lights and darks! Just a review of WHAT TO DO. SELECT AT LEAST TWO PIECES OF POPCORN THAT ARE INTERESTING..

342 views • 17 slides
Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD

Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD

Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD (for ICD-Pieces Team) Friday, September 23, 2016 ICD -Pieces: Pragmatic Clinical Trial in Patients with CKD, Diabetes and Hypertension ICD-

524 views • 40 slides
bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend

bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend

SPONSORED PROJECT bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend bookmarking Business Procedures Manual http://www.uky.edu/ufs/business procedures manual University Financial Services

451 views • 9 slides
Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime

Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime

Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime can Provide Higher Performance, Smaller Size, Lower Power 8 15 pieces 4 20 pieces 3 13 pieces 20 40 pieces $6 $200 value $2 $50

844 views • 28 slides
Picking up the pieces A guide to Post Incident Review @kleeut Picking up the pieces A guide to

Picking up the pieces A guide to Post Incident Review @kleeut Picking up the pieces A guide to

Picking up the pieces A guide to Post Incident Review @kleeut Picking up the pieces A guide to Post Incident Review @kleeut Klee Thomas Clean code enthusiast Code Crafuer Lover of stupid shirts Organiser of Newcastle Coders Group Senior

767 views • 51 slides
Lecture 15 - Bits &amp; Pieces Welcome! , = (, )

Lecture 15 - Bits &amp; Pieces Welcome! , = (, )

INFOMAGR Advanced Graphics Jacco Bikker - November 2019 - February 2020 Lecture 15 - Bits &amp; Pieces Welcome! , = (, ) , + , , ,

787 views • 51 slides
Lecture 16 - Bits &amp; Pieces Welcome! , = (, )

Lecture 16 - Bits &amp; Pieces Welcome! , = (, )

INFOMAGR Advanced Graphics Jacco Bikker - November 2018 - February 2019 Lecture 16 - Bits &amp; Pieces Welcome! , = (, ) , + , , ,

801 views • 42 slides
NIH Collaboratory Grand Rounds Improving Chronic Disease Management with Pieces: Overview of PCCI

NIH Collaboratory Grand Rounds Improving Chronic Disease Management with Pieces: Overview of PCCI

NIH Collaboratory Grand Rounds Improving Chronic Disease Management with Pieces: Overview of PCCI and Pieces Ruben Amarasingham, MD, MBA Associate Professor, UT Southwestern Medical Center CTSA Director of Biomedical Informatics CEO,

652 views • 30 slides
ADVISING-PIECES TO CONSIDER M A R K J . F I S C H L E R , J D WHY IM HERE Social

ADVISING-PIECES TO CONSIDER M A R K J . F I S C H L E R , J D WHY IM HERE Social

ADVISING-PIECES TO CONSIDER M A R K J . F I S C H L E R , J D WHY IM HERE Social Justice-Gap widening We need folks at a World Centric Stage of seeing the world to handle our challenges of today. Education is the vehicle

151 views • 14 slides
WHEN IT ALL FALLS TO PIECES THE FUTURE OF WORK IN THE 21 ST CENTURY Lynda J. Roth LJR Consulting

WHEN IT ALL FALLS TO PIECES THE FUTURE OF WORK IN THE 21 ST CENTURY Lynda J. Roth LJR Consulting

WHEN IT ALL FALLS TO PIECES THE FUTURE OF WORK IN THE 21 ST CENTURY Lynda J. Roth LJR Consulting Services 818-216-7264 Lynda@ljrcs.com 1 When It All Falls To Pieces 21 st Century Workplace INTRODUCTION Impact of COVID-19 Put

475 views • 12 slides
Sa Same men l leggen w we d de p puzzel (Together were putting the pieces together) A A

Sa Same men l leggen w we d de p puzzel (Together were putting the pieces together) A A

Sa Same men l leggen w we d de p puzzel (Together were putting the pieces together) A A ps psychoeducational to tool to to fa facilitate an and su suppor ort t co communica cation ar around 22q 22q11 in 11 in th the fa

203 views • 16 slides
Non-Attacking Chess Pieces: The Dance of Bishops Thomas Zaslavsky Binghamton University (State

Non-Attacking Chess Pieces: The Dance of Bishops Thomas Zaslavsky Binghamton University (State

Non-Attacking Chess Pieces: The Dance of Bishops Thomas Zaslavsky Binghamton University (State University of New York) Joint with Seth Chaiken and Christopher R.H. Hanusa Outline 1. Chess Problems: Non-Attacking Pieces 2. Largely Czech

608 views • 17 slides
Structures and Meta-structures in John Cages Number Pieces: A Statistical Approach Alexandre

Structures and Meta-structures in John Cages Number Pieces: A Statistical Approach Alexandre

Structures and Meta-structures in John Cages Number Pieces: A Statistical Approach Alexandre POPOFF Mamux seminar - IRCAM - October 4th, 2013 OUTLINE The Number Pieces and the system of time-brackets A statistical approach

635 views • 36 slides
Java Everywhere Pieces of 8 Wifi: EclipseCon Code:

Java Everywhere Pieces of 8 Wifi: EclipseCon Code:

Java Everywhere Pieces of 8 Wifi: EclipseCon Code: eclipse2014 Georges Saab, @gsaab VP Java Pla/orm Group, Oracle Stuart Marks, @stuartmarks Principal

660 views • 17 slides
Presence of Mic ro p la s tic s in Te a to wn s Wa te r Bo d ie s By: Asya Surphlis

Presence of Mic ro p la s tic s in Te a to wn s Wa te r Bo d ie s By: Asya Surphlis

Presence of Mic ro p la s tic s in Te a to wn s Wa te r Bo d ie s By: Asya Surphlis Dobbs Ferry High School, 11th Grade Introduction Microplastics -small plastic pieces less than five millimeters long small plastic pieces less

165 views • 14 slides
Getting Inside A Story Literary Elements: the pieces of a story Analysis: exploring how the

Getting Inside A Story Literary Elements: the pieces of a story Analysis: exploring how the

Literary Elements Class Presentation.notebook Exploring Stories through Literary Elements An Introduction Getting Inside A Story Literary Elements: the pieces of a story Analysis: exploring how the pieces influence the whole Literary

153 views • 14 slides
2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule

2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule

2) Secure HyperText Transfer Protocol Emmanuel Benoist Fall Term 2020/2021 Berner Fachhochschule | Haute ecole sp ecialis ee bernoise | Berne University of Applied Sciences 1 Table of Contents HyperText Transfer Protocol - HTTP

985 views • 41 slides
Several Scenarios at IHEP Zou Jiaheng On behalf of Scheduling Group at IHEP HTCondor Week 2019

Several Scenarios at IHEP Zou Jiaheng On behalf of Scheduling Group at IHEP HTCondor Week 2019

HTCondor Solutions for Several Scenarios at IHEP Zou Jiaheng On behalf of Scheduling Group at IHEP HTCondor Week 2019 Outline Brief Introduction HTCondor Solutions at IHEP Resource management Job management Abnormality

550 views • 18 slides
W EB T ELEPHONY S ERVICES BASED ON F REESWITCH AND P LIVO MOOC on M4D 2013 P ART I I NTRODUCTION

W EB T ELEPHONY S ERVICES BASED ON F REESWITCH AND P LIVO MOOC on M4D 2013 P ART I I NTRODUCTION

W EB T ELEPHONY S ERVICES BASED ON F REESWITCH AND P LIVO MOOC on M4D 2013 P ART I I NTRODUCTION TO W EB T ELEPHONY S ERVICES MOOC on M4D 2013 P ART II A RCHITECTURE MOOC on M4D 2013 P ART III S ETTING U P THE W EB T ELEPHONY S ERVER MOOC on M4D

579 views • 19 slides
Xrootd/dCache Implementation Martin Radicke File transfer methods in 1.7.0 wide-area transfer

Xrootd/dCache Implementation Martin Radicke File transfer methods in 1.7.0 wide-area transfer

dCache Workshop DESY 18.- 19.01.2007 Hamburg Xrootd/dCache Implementation Martin Radicke File transfer methods in 1.7.0 wide-area transfer (stream-based) GridFTP (GSI authentification) HTTP local-area transfer (random access) dCap (dCache

428 views • 10 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l08,

680 views • 35 slides
Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server

Mary Ellen Zurko (aka Mez) mez@alum.mit.edu 1 2 Security the way Tim intended Server says: WWW-Authenticate: Basic realm=&quot; insert realm User prompted for their password Client says: Authorization: Basic

1.49k views • 70 slides
Introduction to the Security Area (the one area to rule them all) Alexey Melnikov &amp; Sean

Introduction to the Security Area (the one area to rule them all) Alexey Melnikov &amp; Sean

Introduction to the Security Area (the one area to rule them all) Alexey Melnikov &amp; Sean Turner 2014-11-09 Purpose Provide a high level overview of the Security Area: Why you want security services and what they are What are

563 views • 33 slides
W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific

W l Welcome! ! The webinar will begin at The webinar will begin at 2:00 Eastern/11:00 Pacific Audio Tips Todays audio is streaming to your computers speakers or headphones. Too loud or soft? Adjust volume level in the Audio broadcast

821 views • 42 slides

More recommend