Unsafe SSL webinar
1 like1,818 views
The document discusses SSL/TLS security issues including: - Common vulnerabilities in SSL/TLS implementations like Heartbleed, POODLE, and FREAK. - Tools for analyzing SSL/TLS server configurations like Qualys SSL Labs and its new API. - Issues caused by third parties like browser-trusted certificate authorities (CAs) improperly issuing certificates or companies pre-installing software like Superfish that undermine SSL/TLS encryption.
Unsafe SSL webinar
- 1. Detecting and addressing unsafe SSL configurations Jonathan Trull, Wolfgang Kandek, Ivan Ristic! SSL Labs/Qualys March 26, 2015
- 2. CISO’s View of SSL/TLS • Key Component for Doing Business Online • Administra8ve burden as organiza8ons grow in size • Compliance and Regulatory Requirements • PCI • FedRAMP • HIPAA • Graham-‐Leach-‐Bliley Act • Reputa8on / Ensuring Trust
- 3. PCI-DSS Deep Dive • Use strong cryptography and security protocols to safeguard cardholder data during transmission over open, public networks. • PCI SSC Bulletin dated 13 February 2015 • No version of SSL meets PCI SSC’s definition of “strong cryptography.” • PCI Data Security Standard and the Payment Application Data Security Standard are being updated to reflect this change.
- 4. BitSight Third-Party Due Diligence Events • Botnet Infections • Spam Propagation • Malware Servers • Unsolicited Comm. • Potentially Exploited Diligence • SPF Domains • DKIM Records • TLS/SSL Certificates • DNSSEC Records • Data Breaches
- 5. SSL History • Secure communica8on on the Internet • E-‐commerce • Secure Sockets Layer – Netscape – 1994 • SSL v1,v2 – SSLv3 • TLS 1.2 • Typically hWps rather than hWp in your browser
- 6. SSL History
- 7. SSL History • Secure communica8on on the Internet • E-‐commerce • Secure Sockets Layer – Netscape – 1994 • SSL v1,v2 – SSLv3 • TLS 1.2 • Typically hWps rather than hWp in your browser • Other less visibly uses: VPN, Mail, FTP…
- 8. SSL • Privacy – Encryp8on • Ciphers: RC4, AES • Integrity – Hashing • Hash-‐func8ons: SHA1, SHA-‐256 • Authen8ca8on – Cer8ficates
- 10. Qualys SSL Labs Server Test
- 11. Server Rating
- 12. Server Rating
- 13. SSL Vulnerabilities • Protocol vs Implementa8on • Implementa8ons: OpenSSL, Schannel, GnuTLS, PolarSSL, LibreSSL, NSS, BSAFE, Secure Transport • BREACH, CRIME – 2012 • Heartbleed – April 2014
- 14. • HTTPS request to a website • https://hbdemo.kandek.com • Site with registration, login, sessions • Data: username, password, email • Ubuntu 12.04, Apache, OpenSSL, MySQL • Data gets written to database • But stays in memory as well SSL: Heartbleed
- 15. Heartbleed - details • Heartbeat extension is enabled: good for performance as it keeps the session alive • The Heartbeat extension has a programming flaw that allows us to receive more bytes than we sent: • Regular: sent “abc”, length 3, received “abc” • Exploit: send “abc” length 64, received “abc” plus registration data • Size upto 64 KB, not logged, can be repeated freely
- 16. SSL • HTTPS request to a website • https://hbdemo.kandek.com • Simple site with registration, login, sessions SSL
- 17. Heartbleed – What can leak • Session key cookies • PHPSESSIONID = 0xFFA34E2DE7E1 • Userdata, including passwords • Wait - Shouldn’t they be hashed? • Passwords are typically not hashed on client, but on server • Private key for certificate • Allows for decryption of all traffic, future and past
- 18. Heartbleed – Leak demo • Session key cookies • PHPSESSIONID = 0xFFA34E2DE7E1 • Userdata, including passwords • Wait - Shouldn’t they be hashed? • Passwords are typically not hashed on client, but on server • Private key for certificate • Allows for decryption of all traffic, future and past
- 19. SSL • HTTPS request to a website • https://ubudc.kandek.com • Simple site with registration, login • Data: Username, password, email • Ubuntu 12.04, Apache, OpenSSL, MySQL • Data gets written to database • But stays in memory as well
- 20. SSL Vulnerabilities • Protocol vs Implementa8on • Implementa8ons: OpenSSL, Schannel, GnuTLS, PolarSSL, LibreSSL, NSS, BSAFE, Secure Transport • BREACH, CRIME – 2012 • Heartbleed – April 2014 • POODLE – October 2014 • FREAK – February 2015 • OpenSSL – DoS in March 2015
- 21. SSL - Making the Grade
- 22. SSL - Making the Grade
- 23. SSL - Making the Grade • Instruc8ons for Apache, Tomcat, IIS and nginx
- 24. SSL - Making the Grade
- 25. SSL - Making the Grade
- 26. Qualys SSL Labs Server Test
- 27. SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested • March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan • Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
- 28. SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested • March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan • Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
- 29. SSL Labs API
- 30. SSL Labs API • SSL Labs is a web applica8on, designed for interac8ve use • API has been o`en requested • March 2015 SSL Labs release: API • HTTP/JSON • https://api.ssllabs.com/api/v2/analyze?host=www.ssllabs.com • Docs at: hWps://github.com/ssllabs/ssllabs-‐scan • Sample Command line tool: ssllabs-‐scan • Go Implementa8on: hWps://github.com/ssllabs/ssllabs-‐scan/
- 31. SSL Statistics - Pulse
- 32. SSL Clientside
- 33. SSL Labs Roadmap • HSTS detec8on • Mixed Content detec8on • MITM aWack detec8on • IPv6 • Beyond HTTP
- 34. SSL – Other issues – Superfish • Lenovo preinstalls Superfish so`ware on consumer laptops • Superfish decrypts SSL connec8ons on the machines to be able to read the SSL content and serve ads in the SSL content stream • To do this transparently it installs a new root cer8ficate on the local machine and intercepts all SSL traffic resigning the site with its own cer8ficate • Superfish objec8ve: MITM for ad revenue, i.e modify the web content on the fly, replace and inject ads with “beWer” ads, not an “aWack”
- 35. Example – Superfish installed Lock indicates valid SSL connection Strong encryption Certificate issued by Superfish – not Verisign
- 36. Example – the real Qualys EV certificate (green)
- 38. SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
- 39. SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
- 40. SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong • Recent Google CNNIC, similar last year in France, discovered through cer8ficate pinning
- 41. SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong
- 42. SSL – Other issues – CA problems • Browsers trust a large set of CAs to correctly emit cer8ficates • Some8mes this goes wrong • Recent Google CNNIC, similar last year in France, discovered through cer8ficate pinning • Domain ownership by e-‐mail is weak
- 43. Helpful Resources SSL/TLS Deployment Best Practices - https://www.ssllabs.com/downloads/ SSL_TLS_Deployment_Best_Practices.pdf SSL Server Rating Guide – https://www.ssllabs.com/downloads/ SSL_Server_Rating_Guide.pdf SSL Labs API Guide - https://www.ssllabs.com/projects/ssllabs-apis/index.html Bulletproof SSL and TLS - Ivan Ristic https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
- 44. Thank You Jonathan Trull [email protected] Wolfgang Kandek [email protected] @wkandek Ivan Ris8c @ivanris8c hWp://www.qualys.com