mitm(man in the middle) ssl proxy attacks
TRANSCRIPT
MITM(Man In The Middle) SSL Proxy attacks on Web https
국민대학교 BIT 전자정부전공석사과정 Y2015202 안재열Jae Yeoul Ahn (Jay)
INDEX• 선정이유 및 목적• SSL/TLS 개요• SSL 활용• MITM 개요• SSL 중간자 공격 원리• 1) 리다이렉트• 2) 인증서 위조• 대응방안• 사례
• Selected reason and purpose
• SSL/TLS Overview
• Use way of SSL
• MITM Overview
• SSL MITM Principles
• 1) Redirect
• 2) Counterfeit Certificate
• Countermeasures
• case
선정이유 및 목적Selected reason and purpose
• Almost Korean has one or more smart device.(Smart phone) • They uses Web Services based on Internet by smart device.• Web Service is working with HTTP protocol.• Http has weak-point about security , So Https is coming up.• Https is advised by Korea Communications Commission.• But, Gartner has announced HTTPs is main target about Cyber
Attack’s 50%
• 한 사람당 한 개 이상의 스마트폰을 소유 및 사용하고 있다 . • 인터넷 기반의 웹서비스를 많이 이용한다 . • 웹서비스는 http 프로토콜을 사용한다 .• Http 는 보안에 취약해 , Https 가 등장• Https 는 우리나라 방송통신위원회에서 권장기준• 가트너가 내년 (2017 년 ) SSL 이 사이버 공격의 50% 의 주요 타겟
SSL/TLS ? • (Secure Sockets Layer) SSL was developed by Netscape in 1993
for secure communication between Web servers and browsers.• This work at the session layer , it is used to guarantee the security
of the protocol of the FTP , Telnet , Http , including the application layer .
• Since SSL 3.0 standardized, after June 1996, IETF has been stan-dardizing the TLS protocol.
• SSL (Secure Sockets Layer) 은 1993 년 웹 서버와 브라우저간의 안전한 통신을 위해 Netscape 에서 개발했다 . • 세션계층에서 적용되며 , 응용계층의 FTP, Telnet, Http 등의 프로토콜의 안전성 보장을 위해 사용된다 .• SSL 3.0 이 표준화된 이후 IETF 는 1996 년 6 월부터 TLS 프로토콜에 대한 표준화 작업을 진행하였다 .
SSL/TLS 동작위치 및 구성요소SSL / TLS operating position , and compo-
nents
동작위치operating position
구성요소components
SSL 동작 과정 ( 상태 )SSL operation of (state)
SSL 은 예비 (Pending) 상태와 현재 (Current) 상태가 있다 .예비 (Pending) 상태는 데이터 암호화를 위한 준비하는 과정 .현재 (Current) 상태는 데이터 전송을 하는 과정 .
There is two SSL‘s state. One is Pending state for preparing data encryption.Another is Current state for encrypting data and sending to sender and receiver.
SSL 예비상태SSL Pending state
• SSL 예비상태의 동작은 handshake 부터 시작• handshake 는 Full 방식과 Abbreviated 방식 두 가지가 있다 .
• Full 방식은 세션수립부터 , Abbreviated 방식은 클라이언트와 서버의 세션이 유지되어 있을 경우 사용한다 .
• SSL pending state is begin by handshake.
• There are two way of SSL Pending state as Full, Abbreviated.
• Full way is begin at first connection , Abbreviated is used on already connecting client and server by session.
SSL Hand Shake - full
SSL Hand Shake – full : 1
Client sends Server Client Hello which are information about SSL ver-sion, Cipher suite list, Client Random Number(32byte).
Cipher suite is List about that Client can support and use Symmetric Cryptographic Technique, Public key Cryptographic Technique and Hash algorithm.
클라이언트가 서버에게 Client Hello(SSL version, cipher suite list, Client Random(32byte)) 을 보낸다 .
Cipher suite list 는 클라이언트가 지원하는 공개키 , 대칭키 , 해쉬 알고리즘의 목록을 이야기한다 .
SSL v3.0 cipher suite
RSA - Public key Cryptographic Technique AES, DES - Symmetric Cryptographic Technique SHA, MD5 - Hash
TLS 1.2 cipher suite
RSA - Public key Cryptographic Technique AES, DES - Symmetric Cryptographic TechniqueSHA, MD5 - Hash
SSL Hand Shake – full : 2
Server send Client Server Hello which are information about SSL ver-sion, Cipher suite list, Client Random Number(32byte) chosen by Server.
※ In case of cross certification, Sever send client message about server wants client’s certificate.
SSL Hand Shake - full
Client create Pre-master with SeverRandom from Server and Client.After then, Client encrypt Pre-master by Server’s public key in Server’s Certification and send server it.
※ In case of cross certification, Client send own Certificate
SSL Hand Shake - full
Server decrypts a encrypted premaster-secret by server’s private key.And Client and Server create Master Secret with premaster-secret and cipher suite info.
And then, Server send Client Finished Message.
SSL Hand Shake - full
[SSL]master_secret =MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHel-lo.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHel-lo.random)) + MD5(pre_master_secret + SHA('CCC' +pre_master_secret + ClientHello.random +ServerHello.random));
[TLS]PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)
SSL state
After Sended Finish message, State chage Pending to Current.
In current state.
When Sender send receiver plain Data, Plain Data is Encrypted with Sym-metric Key which is Master-Secret By chipper suite’s Symmetric Crypto-graphic Technique chosen at pending write state.
SSL 활용Use way of SSL
I will focus and deal with Https with SSL.
MITM (Man in the Middle Attack)
Two Ways of HTTPS MITMRedirect Counterfeit Certificate
ARP(Address Resolution Protocol)
- When Host A send Host B some message, (In this situation A only Knows B’s IP address)- First Host A check Own ARP cache Table in Network Adopter(OS) to check MAC Address bound with IP address. - Second, If there in not Mac address in ARP Table, ARP send All Computer Message (ARP Request) about who is this IP address? in LAN.(Broadcast) - Third Host B which has recieved A’s Message send Host A ARP Response Message with B’s IP address and MAC address.- Finally Host A update his ARP table and send B some message or data.
My ARP Table
ARP – Update
- When Host B’s Address is updated, B send All of computer updated in-formation as New Mac address by broadcast.
- So, Attacker uses this way.
ARP – Spoofing
- Attacker uses this way.
- Attacker send A update fake info (IP : Host B / Mac : Attacker)- Attacker send B update fake info (IP : Host A / Mac : Attacker)
ARP – Spoofing
- So, Attacker can sniff and see information between A and B.
DNS (Domain Name Service)
DNS Table• When I get on the
kmu.kookmin.ac.kr, • First, Find record in my
DNS Table in PC.• IF there is not info, get it
from DNS Server. And up-date it.
• After find out IP, use ARP Table and connect the website.
DNS Attack• Attacker change and update target sites ip on ARP
Table.
• If target site is located at outside(WAN), Client have to pass through Gateway.
• Usually, almost web site is located at outside.
• So, Attacker change Gateway Mac Address in Client ARP Table. Before Stilling a Client’s authority
ScenarioWhen We get on the internet.(facebook)
URI IP
Face-book.com
123.123
llll.Com 333.
ERP-sys.kr
123.123
DNS Server
123.123
IP MAC
123.123.0.1
Aacc
123.123.0.122
Bbb
123.123
Ab:ab
…. ….
ARP TableDNS Table
Facebook.com
Destination MAC address
Source MAC address
Destination IP address
Source IP ad-dress
Login infoma-tion
GateWay IP:111.111.111.111MAC Aacc
DNS Server123.123Ab:ab
ARP Spoofing 을 이용한 Gateway 변조
게이트웨이 mac 을 해커의 mac 로 변경
ScenarioWhen We get on the internet.(facebook)
URI IP
Face-book.com
123.123
llll.com 333.
ERP-sys.kr
111.111
DNS Server
111.111
IP MAC
123.123.0.1
Hh:hh:hh
123.123.0.122
Bbb
….. Abab
…. ….
ARP TableDNS Table
Facebook.com
Destination MAC address
Source MAC address
Destination IP address
Source IP ad-dress
Login infoma-tion
GateWay IP:111.111.111.111MAC Aacc
Hacker‘sIP:111.111.0.11~12MAC hh:hh:Hh
DNS Server123.123Ab:ab
InSide
OutSide
ARP Spoofing – GatewayClient’s ARP Table
ARP Spoofing - Gateway Attacker’s Mac
ARP Spoofing - Gateway
ARP Spoofing – Gateway
Client Host Address is contaminated
Before….
Redirect
Redirect Attack induce to use Http and get on the fake login web. So, Attacker can get a User’s ID, Password.Attack will use a this account info to login target website and redirect.User can not realize this.
Counterfeit Certificate
This way is that Attacker make a fake Certificate and give client this. So, Attacker can get a User’s ID, Password. Attack will use a this account info to login target website and redirect.
Countermeasures• User1. Check HTTPS. NO HTTP.2. When you meet this, tell manger and don’t use or
get on this site.
Countermeasures• Administrators Administrators should check to see unusual part of our ARP table, DNS cache.
- Check the network traffic to detect malicious behavior .
Countermeasures
Countermeasures• Web-Programmer
• When Developing Web-Site, use HSTS.
• HSTS (Http Strict Tansport Security) has been de-fined in RFC-6797 , and was designated as a stan-dard in 2012 .
• The use of HSTS even if you enter the http address in the browser, automatically to get on a page that uses Https. (protecting from SSL-Strip attack.
Case - china• Damage caused to the local level (Local city) in China in 2014
• August , SSL certificate error connecting to your Google page in the CERNET network ,
HTTPS communication has changed from a TLSv2 TLSv1
• September 30 , Yahoo China page SSL MITM attacks
• October 2 to 6 , MS of cn.bing.com, login.live.com, outlook.com page SSL MITM attack ,
the DNS part of the area being infected
• October 20 , Yahoo China page SSL MITM attacks
• October 21 , iCloud server SSL MITM attacks
Microsoft China – live.com
Left a real SSL certificate , Right is a fake SSL certificate
Microsoft China – live.com
China - Yahoo
China - Apple
France - Google
In 2013, France Government issues Fake digital certificate.So Google blocked service. because they thinks it is incident and attack to our service.Also, Some People think that France Government tried to monitor user us-ing GoogleServiece.
But Fance Governments Say It is Just Human Error. We did not try monitor-ing.
Case - Korea
I can not find accident and Incident Korean case.
I guess, They don’t want to notify it.
So I can tell the interested case.
There is Smart Fridge in korea. This is can use Google Mail with SSL.
But English White Hacker team find out SSL week point at this fridge. and they success to still G-mail account infomatin from fridge.
case – Our Lab
case – Our Lab
case – Our Lab
case – Our LabOnly Dan zitta reported it to me.
THANKS. DO NOT ASK ME plz.