Understanding HTTPS and TLS

Transcript

1. Understanding HTTPS and TLS Zack Tollman @tollmanz

2. None

3. “Pervasive monitoring is a technical attack that should be mitigated

   in the design of IETF protocols, where possible.” — IETF https://tools.ietf.org/html/rfc7258

4. “Today we are announcing our intent to phase out non-secure

   HTTP” — Richard Barnes, Firefox Security Lead https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

5. HTTP/2 is TLS only in Chrome, Firefox, Opera, IE/Edge, and

   Safari https://wiki.mozilla.org/Networking/http2

6. Now Later Less HTTPS More HTTPS

7. HTTPS knowledge is now essential

8. We are bad at HTTPS

9. 58% of sites are not secure https://www.trustworthyinternet.org/ssl-pulse/

10. “misconfiguration errors are undermining the potential security” — Kranch &

    Bonneau (2015) http://www.internetsociety.org/sites/default/files/01_4_0.pdf

11. “industry-wide configuration problem with the deployment of DHE key exchange”

    — Huang, Adhikarla, Boneh, & Jackson (2014) http://www.w2spconf.com/2014/papers/TLS.pdf

12. Why?

13. Unless you are a cryptographer, this stuff is hard

14. Copying and pasting is easy

15. Knowing what you are doing is hard

16. TLS Basics

17. Transport Layer Security

18. SSL v2 SSL v3 TLS v1 TLS v1.1 TLS v1.2

    1995 1996 1999 2006 2008

19. TCP Transport Layer Security HTTP

20. Provides authentication, encryption, integrity, and key exchange

21. Authentication

22. Is the server the intended server?

23. Integrity

24. Is the message received the message sent?

25. Encryption

26. Converts plaintext to ciphertext

27. j b e q c e r f f

28. j b e q c e r f f w

    o r d p r e s s

29. A B C D E F N O P Q

    R S +13

30. Letter + 13 = Cipher Letter

31. Substitution Cipher Caesar Cipher

32. Key is 13

33. Key owners can encrypt and decrypt

34. Key Exchange

35. How do we establish an encryption key for 2 unknown

    parties over an insecure connection?

36. By Alessandro Nassiri - Museo della Scienza e della Tecnologia

    "Leonardo da Vinci", CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=47910919

37. Diffie-Hellman-Merkle key exchange

38. p = 23 g = 5 https://github.com/tollmanz/diffie-hellman-key-exchange-demo Demo

39. If anything goes wrong, make a joke about bad wifi

40. Compromise of any of these, compromises the whole system

41. Cipher Suites

42. Combination of algorithms for authentication, integrity, encryption, and key exchange

43. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /path/to/public.crt; ssl_certificate_key /path/to/private.key; ssl_ciphers ECDHE-RSA-AES128-GCM-

    SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384…; ssl_prefer_server_ciphers on; https://github.com/igrigorik/istlsfastyet.com/blob/master/nginx/includes/ssl.conf

44. ECDHE-RSA-AES128-GCM-SHA256

45. ECDHE-RSA-AES128-GCM-SHA256 Key Exchange

46. ECDHE-RSA-AES128-GCM-SHA256 Certificate signing algorithm (Authentication)

47. ECDHE-RSA-AES128-GCM-SHA256 Cipher (Encryption)

48. ECDHE-RSA-AES128-GCM-SHA256 Message authentication code (Integrity)

49. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA

50. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA

51. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH +AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA- AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA- AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA- AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-

    SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256- SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128- SHA256:AES256-SHA256:AES128-SHA:AES256- SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES- CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3- SHA
52. None
53. None

54. What?

55. Use Mozilla’s guide https://wiki.mozilla.org/Security/Server_Side_TLS

56. The Code Book Simon Singh High Performance Browser Networking (TLS

    Chapter) Ilya Grigorik Bulletproof SSL and TLS Ivan Ristic SSL and TLS: Designing and Building Secure Systems Eric Rescorla

57. https://speakerdeck.com/ tollmanz/understanding- https-and-tls @tollmanz