#morecrypto 1.8 - with introduction to tls
DESCRIPTION
We need to protect our Internet communication - from basic web surfing to IP telephony, E-mail and Internet of things. This presentation gives some background and introduces one of the core security protocols - TLS, Transport Layer Security. This presentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. Update: See http://www.slideshare.net/oej/morecrypto-with-tis-version-20TRANSCRIPT
#MoreCrypto
A small step to make it harder to listen to IP based activity.
V1.8 TLS - [email protected] - slideshare.net/oejⒸ Olle E. Johansson, Stockholm, Sweden 2014.
This work is licensed under
2014-02-09
The problem
We have built an information network that is too easy to monitor. We simply
trusted everyone too much in a naive way.
Sadly, we can’t dothat any more.
#MoreCrypto
The Internet mirrors society
When the Internet was small, there was a select groupof people using it. They felt is was a safe place.
#MoreCrypto
As the Internet grew and reflects more of society,we forgot to harden it. It’s time now.
#MoreCrypto
The engineers are working
The IETF recently decided to focus a lot of energy to add more confidentiality and security in general to the technology
we use every day.
The IETF is the organisation that defined most of the standards we use today to
communicate.
What’s the problem?
#MoreCrypto
Changing the Internetis too hard.
We are not using the security tools we have in the
way they are meant to be used today. In some cases, like e-mail and
IP telephony, most of us do not use any security tools at all.
#MoreCrypto
How do we change?
The users must require change. Otherwise,very few things happen. It is up to you and me.
#MoreCrypto
What needs to be done?
A lot of changes needs to be done in how we build services, operate them and use them.
More crypto Easy to use authentication
Enhanced privacy Stronger confidentiality
…and much more
#MoreCrypto
TLS is an important tool
TLSTransport
LayerSecurity
TLS provides confidentiality, identity and integrity to Internet communication.
TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell
phone.
TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still
being improved.
The second partcovers this!
#MoreCrypto
Start simple.Use connection encryption
wherever possible. Use HTTPS and serve
information over HTTPS
In short:#MoreCrypto
#MoreCrypto
Why?More crypto on the Internet
raise the cost of listening in to our information flows, our
conversations. It does not solve all the issues, we have a lot of work
ahead of us.
Using more TLS is not very complicated and can be used in
most applications today.
#MoreCrypto
Starting points.Enable HTTPS for Facebook, Google and other services
when you can.
Use EFF HTTPS ANYWHERE in your web browser.
If you are a sysadmin, enable TLS and follow new advice on
choice of algorithms.
#MoreCrypto
What does TLS give you?
Browser ServerConfidential path
Other people in the same network (or IT management) can see where you go (server address), but not what you do.
Example:Hotel staff can’t see what you write
or read on Facebook.
#MoreCrypto
What about VPN tunnelling?
Computer Confidential path
Example: Other people in the same network (or IT management)
can see that you are using a VPN, but not what you do.
WebServer
MailServer
VPN = Virtual private network
On the other side of the VPN server your connections become
visible again - unless you are using TLS.
VPN server
Example:Hotel staff can’t see which web
sites you are connecting to.
#MoreCrypto
The work continuesMobileapps Web IP
Telephony E-mail
CloudServices
Internet of things
The Digital home Chat
VideoServices
Require#MoreCrypto!
NEW!
OPPURTUNISTIC SECURITY
Secure network traffic, regardless of what the user says. Do whatever you can to make it harder to listen in.
Introduction to TLS
#MoreCrypto
Transport Layer Security
#MoreCrypto
Identity
Security basics.
Confidentiality
Authorization
Integrity
Non-repudiation
#MoreCrypto
TLS is an important tool
TLSTransport
LayerSecurity
TLS provides confidentiality, identity and integrity to Internet communication.
TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell
phone.
TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still
being improved.
#MoreCrypto
Encryption
Using the same key for encryption and decryption
Using the different keys for encryption and decryption
SYMMETRIC ASYMMETRIC
Simple for the CPU, supports streaming data
More computations,easier for data blocks
Using a private and a public key
• TLS use a keypair to set up a secure connection
• Assymetric encryption
• The server sends the public key at connection
• The client challenges the server
• The server responds to the challenge using the server private key
• Now the client knows that the server has the private key that matches the public key
private
TLS Usage• TLS is used for
• authentication of servers and clients
• initiating encryption of a session
• digital signatures on messages to ensure integrity and provide authentication
Authentication Who are you? Prove it!
Encryption Providing confidentiality
Integrity Making sure that the receiver get what the
sender sent
Adding a certificate to the mix
• A certificate is nothing more complicated than a passport or an ID card
• It contains the public key and some administrative data
• And is signed (electronically) by someone you might trust ... or not.
• This is part of the complex structure called PKI, which you might want or just disregard
• A PKI is not needed to get encryption for the signalling path!
• You can however use a PKI to only set up connections that you trust
The X.509v3 certificate• An X.509 certificate is the standardised way to
bind a public key to an identity • The certificate is issued by a
Certification Authority (CA)
• The most important component of the PKI?
• An X.509 certificate is an electronic document with a specific layout
!
• Standard: documented in IETF PKIX RFC:s
Version
Serial number
Issuer identity
Validity period
User identity
Public key
Extension fields
X509.v3contents
• Version number
• Certificate serial numberUsed for validation
• Identity of the issuer • Validity period • Identity of the public key owner • Public key • Extension fields • A digital signature, created by the issuer
InternetExplorer
CertificateManager
Example: SIP certificates• SubjectAltName contains a list of
identities that are valid for this certificate
• RFC 5922 outlines a SIP event package to distribute and manage certificates
• This is based on the Authentication Service in SIP identity (RFC 4474)
• The domain cert is used to sign the NOTIFY payload
TLS is more than the world wide web!
x.509 cert for SIPCertificate: Data: Version: 3 (0x2) Serial Number: 01:08:00:79:00:15:00:43 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=Sipit Test Certificate Authority Validity Not Before: Sep 16 17:17:00 2009 GMT Not After : Sep 15 17:17:00 2012 GMT Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc: a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d: 30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43: 64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05: 20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed: 2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df: 65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18: b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54: 54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60: 30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6: cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2: 86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4: a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78: 66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed: a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b: 24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40: 5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2: 2d:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30 Signature Algorithm: sha1WithRSAEncryption 1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96: f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c: 74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a: 15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74: 56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a: fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4: 46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee: eb:7e
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
Notice the URI in the certificate!
Process for a serverGenerate
KeysPack public key
in CSR
Send CSRto CA
CA validateprocess
CA issues Certificate
Install certin server withprivate key
Client connectionOpen TCPconnection
Server sendscertificate
Clientchallenge server
Server answerschallenge
Client validatescertificate
Server can issue cert request
Client and server produce session key
Symmetric encryption starts
Issues
Certificate can validate correctly with the CA store, but still be the
wrong certificate.
Certificate private key can be copied and certificate
revocated.
DNS was spoofed, so we reached the wrong service
Something new and even more scary than Heartbleed.
Protocol specifics
• Given a protocol request - how do we match the request address to a certificate
• SIP Uri, E-mail address, HTTPS uri
#MoreCrypto
TLS and SSLSSL v1.0 - 2.0
Created by Netscape Communications
Deemed insecure.
SSL v3.0 Last version. No support for
extensions and not for modern crypto algorithms. Deemed
insecure.
TLS 1.x Open standard defined by the IETF. Keeps being updated.
It’s time to try to stop using SSL.
Man in the middle
• How do we prevent and discover TLS proxys?
• Quite commonly used
Client ServerMITM
#MoreCrypto
Certificate FingerprintingCertificates have a fingerprint, a checksum of the cert and key.
Embed last, current and next certificate fingerprint in the code
Verify that you are talking with the expected server.
TLS verification may work with a bad server cert too.
Client ServerMITM
Client Server
#MoreCrypto
Trust on first useSave certificate fingerprint on
first connection
If another certificate shows up, warn the user
Don’t block, the first connection could be bad
Certificates gets updatesso save expiry time and
accept new.
Client ServerMITM
Client Server
#MoreCrypto
DANE - using DNSsecSave cert in DNS, signed by
DNSsec
If another certificate shows up, do not continue. Disconnect.
Certificates that expired or was revoked has no NS records
Client ServerMITM
Client Server
Client DNSDNS query
TLS connection
User specifics
• Which CAs do we trust?
• How do we check validity of certificate, even if we trust the CA?
• Do we have time for validation?
New solutions
• Anchoring the certificate in DNS
• Validating the certificate in DNS
• No certificate - bare keys
• Oppurtunistic Security with TLS
DNSsec
Advice:
• Use encrypted communication by default
• Authenticated sessions are better than non-authenticated
• If you really need confidentiality, check ciphers and checksum algorithms
#MoreCrypto
Heartbleed
• Programming error in OpenSSL
• OpenSSL is used in too many places
• Opened up for private key distribution and a lot of other in-memory data.
Security is a process
• There will be other issues with TLS libraries, protocols and implementations
• Having these is better than having no security, integrity, privacy or confidentiality
#MoreCrypto
To-do listSECURITY:
Always build secure platforms. Encrypt all communication.1.IPv6:
Integrate IPv6 in every single project.2.DNSsec:
Sign your DNS data. DNS is the foundation for all of Internet.3.
The way forward:
#MoreCrypto
#MoreCrypto
More informationhttp://www.internetsociety.org/deploy360/tls/
https://bettercrypto.org
http://tools.ietf.org/html/rfc7258 - Internet is under attack.
Join us!
• IETF peerpass mailing list, UTA working group and more.
• Hashtag #MoreCrypto
• http://internetsociety.org
Feedback?• Feedback and suggestions for improvements to this presentation is
more than welcome! Send to [email protected]!
• Feel free to use this presentation yourself - Notice the Creative commons license on this presentation!
• Please tell me if you use it! It’s always fun to know.
#MoreCrypto
Author: [email protected] - slideshare.net/oejⒸ Olle E. Johansson, Stockholm, Sweden 2014.
This work is licensed under
Olle E. Johansson