I am seeking your questions on SSL!

Started by kayfox, March 18, 2012, 03:51:54 PM

Previous topic - Next topic

kayfox

So, I have been an engineer at a company that makes devices commonly referred to as Load Balancers.  One of the things that I have been trying to do is compose some words that describe how certain things work in SSL, like the PKI, x509, RSA, ciphers, etc.  In other words, Im a masochist and have been taking the most stupid of stupid cases, trying to find the magic words to get people to understand it.

So basically, I turn to the furries in this forum for help.  I want to hear, and answer, your questions about SSL, no matter how "stupid" (is there really a question so stupid not to be worth asking?), silly or serious.  These can include "how does x work" type questions, questions about pecularities, how to do things, how things break, vulnerabilities, and shit you've heard hackers* can do.

I will come by often or so to try an answer as many of them as possible, I aim for 100%.

At whatever point I consider this concluded, I will compile all that I have gathered into a Journal on my FA, as well as elsewhere.

Thanks!  Have at it!

* Full disclosure: I'm a hacker.

What is SSL?
The Secure Sockets Layer, later superceeded by Transport Layer Security[1] is application agnostic (it is not inherently dependant on the application being secured) method for securing network communications.  Although not directly involved in the underlying application, it is often tied to the application in some ways, some applications, like Simple Mail Transfer Protocol[2] and Lightweight Directory Access Protocol[3] support both a transparent mode (secure connection is made first, then the traffic passes through that connection like normal) or "going secure" (the protocol starts first, then it uses a command, like STARTTLS, to start encryption).  SSL uses a combination of public key cryptography, digital certificates, and block or streaming cryptography to secure your connections.  The most common use of SSL/TLS is in the HTTP-Secure[4] implementation, which consists of tunneling HTTP over a SSL/TLS secured path.

1. http://en.wikipedia.org/wiki/Transport_Layer_Security
2. http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
3. http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
4. http://en.wikipedia.org/wiki/Https

So, it uses Public Key Crytography, how does that work?

Public Key Cryptograhy[5] is a common term for cryptography that depends on having two keys that are mathmatically related, a public key that can be shared freely, and a private key that is kept secret.  The two most common public key systems in use are RSA[6] and Diffie-Hellman[7], but some others do exist.  Because the public key can be shared freely, it does not have to be secured like traditional keying material and can be transmitted in the open.

The public key is aptly named, often people who use software like PGP[8] and GPG[9] to excrypt their communications post their public keys on keyservers[10], that serve as a central repository of these public keys.  These public keys are also used in certificates that authenticate things like websites and software. 

The math behind the RSA public key system is somewhat beyond the scope of this explaination, but just to summarize, it involves very large prime numbers and well defined mathmatical relationships.  Because it is based on large prime numbers, it is difficult to factor a private key from the public key.  Currently most attacks depend on flaws in the RSA algorithm or its implementation, and not on factoring[11].

Diffie-Hellman differs in that it deals with something called exponentiation in a finite field, and is generally unsuitable for use in Public Key Infrastructure systems.  See the Diffie-Hellman article linked below for more information.

5. http://en.wikipedia.org/wiki/Public_key
6. http://en.wikipedia.org/wiki/RSA_(algorithm)
7. http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange
8. http://en.wikipedia.org/wiki/Pretty_Good_Privacy
9. http://en.wikipedia.org/wiki/GNU_Privacy_Guard
10. http://en.wikipedia.org/wiki/Key_server_(cryptographic)
11. http://en.wikipedia.org/wiki/RSA_problem

What is this Public Key Infrastructure you talk about?  What are Certificates?

A Public Key Infrastructure[12] is a system of hardware, software, people, policies and procedures put in place to create, store, manage, distribute, use and revoke Digital Certificates[13].  The most common system in use is X.509, it is used in SSL/TLS to authenticate secure webservers.  Commonly certificates contain some information about the entity being authenticated, such as their company name, location, who requested the certificate, as well as a list of contraints, like what is being authenticated, and finally the public key of the entity being authenticated, and a digital signature.

Before I explain how these work, I will need to explain a few concepts, mainly cryptographic hashes and how a digital signature works.

A crytographic hash[14] is a function that takes arbitrary data of any size and produces a sum of a fixed size.  Most well tuned functions of this type produce wildly different sums for data that is even only one bit off.  These functions are commonly used for verifying software downloads, digital signatures and authentication of data.  Two of the most common are Message Digest 5[15] and the Secure Hashing Algorithm[16], although many others exist.

A digital signature is often implemented as hasing the data to be signed with one of these hash functions, then encrypting it with the signers private key.  This can be then decrypted with the public key of the signer and compared with the recipents own hashing of the data that is signed.  If the two match, the signature is considered verified.

A digital ceritificate ties all of this together.  In the common implementation of them, you have root certificate authorities with self-signed certificates, in that, their certificates are signed by the same private key as generated with the public key in them.  These certificate authorities then sign intermediate certificate authority certificates and individual certificates.  The signature is, like explained above, made by hashing the contents of the certificate and then encrypting it with the private key of the signer.  Since the certificate contains information on who signed it, and is signed by the issuer, a clear relationship can be established.

The desire to sign intermediate CA certificates stems from CA's wanting to secure their main certificate against attack, the private keys to these are often kept offline in a vault somewhere.  They only operate with the intermediate certificates and thusly the root certificate is not exposed to being compromised in a security breach.  Using these intermediates also allow root certificate authorities to allow other entities to be inermediates and issue certificates trusted by browsers.

Your browser and operating system ship with a store of root certificate authority certificates, these are most commonly the established players in the market, as well as some entities that are trusted for various reasons, such as national goverments, etc.   In addition to these, sometimes other applications or IT departments in corporations add certificates.  For example, at RainFurrest 2011 we had a certificate authority that signed the various certificates used in the registration system and allowed us secure the registration system on our local network.  Larger companies like Microsoft and Boeing have many tiers of certificate authorities used for signing different things and different divisions and departments.

12. http://en.wikipedia.org/wiki/Public_key_infrastructure
13. http://en.wikipedia.org/wiki/Digital_certificates
14. http://en.wikipedia.org/wiki/Cryptographic_hash_function
15. http://en.wikipedia.org/wiki/MD5
16. http://en.wikipedia.org/wiki/Secure_Hash_Algorithm

What is this Trust thing?

So, several times above I have mentioned something called Trust.  Its just like the word, but in this case Im refering to a specific structure of trust in use by web browsers, commonly derived from a standard called X.509[17], which also specifies certificate formats and syntax.  In the common implementation of Trust used in web browsers, you have a series of root certificate authorities which create trees of trust, with every leaf below them trusted.  In some cases this can become problematic, recently a certificate authority called DigiNotar[18] was compromised and their private signing keys stolen.  If you have an up to date version of FireFox you can see the fallout from this by going to Options -> Advanced -> Encryption -> View Certificates -> Servers, notice DigiNotar is there, and the Server field is an asterisk (*).  More investigation leads you to click Edit Trust... and you find out this entire list is of certificates that are specifically not trusted. 

This top down trust everything model has lead there to be nearly 650 entities[19] that can sign any certificate for any site.  This can be a problem, as we have just seen with DigiNotar, where its up to the browser makers to update their software with a list of bad certificates every time something like this happens.  And then its up to the browser users to upgrade every time new software comes out, to keep up to date on these issues.  Not an easy task.

Keep reading for more on Trust.

17. http://en.wikipedia.org/wiki/X.509
18. http://en.wikipedia.org/wiki/DigiNotar
19. https://www.eff.org/files/colour_map_of_CAs.pdf


Why do I need Trust, why can't I just trust all certificates?

Its a simple question to answer with a mind exercise.  Think about this: In I think 3 commands[20] I can have a certificate for www.google.com, if you trust all certificates, how can you tell mine is different from the real certificates for www.google.com, especially if I fill out all the particulars the same as Google does? 

Once you have throught about this you will find that if anyone can make a certificate, it becomes hard to tell who is the legitimate www.google.com and who is just a clever replica.  So this is why we have these Certificate Authorities[21].  Most certificate authorities verify the identity of the entity requesting the certificate, making sure they own the domain their requesting the certificate for, and in some cases investigationg further (Extended Validation[22]). m The cost of the certificate is perportional to the reputation of the CA issuing it, how much they are vetting in the vertificate and how much investigation they did.  Simple domain validated certificates can be had for $20, sometimes they are free with your domain name.  Wildcard certificates, ones that can be used for any subdomain of your domain name, are more expensive, sometimes costing up to $150.  Extended Validation certificates, which most browsers denote by displaying green in the address bar, or something like that, can cost upwards of hundreds to thousands of dollars depending on how much the CA is assuring and what grade they are.

20. openssl genrsa -out kays_www.google.com.key 2048
openssl req -new -key kays_www.google.com.key -out kays_www.google.com.csr
openssl x509 -req -days 365 -in kays_www.google.com.csr -signkey kays_www.google.com.key -out kays_www.google.com.crt

21. http://en.wikipedia.org/wiki/Certificate_authority
22. http://en.wikipedia.org/wiki/Extended_Validation_Certificate

What protections are there in SSL against bad certificates or bad certificate authorities?

SSL makes use of certificate revocation lists[23] and the Open Certificate Status Protocol[24] to maintain positive revocation of bad certificates.  Certificate revokation lists are signed lists of the serial numbers of revoked certificates.  Certificates can be revoked for many reasons, sometimes they are replaced, sometimes the keys are misplaced, sometimes servers are compromised.  The Online Certificate Status Protocol is a client server protocol for checking the current, realtime status of a certificate, intended as a replacement for CRLs.

Both of these have their limitations, the CRLs need to be updated, in some cases this is a laborous process, requiring the CRL to be fetched and software reloaded.  There have been attacks against OCSP, like DDoSing the server or masqurading as the OCSP server and issuing error codes.

23. http://en.wikipedia.org/wiki/Certificate_Revocation_List
24. http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

Contributed questions:

Which web servers support HTTPS?

Most webservers support SSL, for a complete list see:
http://en.wikipedia.org/wiki/Comparison_of_web_server_software#Features

What is the relationship between HTTPS and SSL?

HTTPS is HTTP over SSL/TLS.  How this works is the SSL portion sets up a secure connection first, then normal HTTP communication happens over that.  There is so very little in HTTP that deals with SSL, that this can happen transparently to the HTTP layer.  Some of the tricks in accelerating websites take advantage of this, with a common load balancer (application delivery controller) feature being SSL offloading, where the load balancer does all the work for SSL and the connection from it to the webserver is cleartext.

What do I need (as an admin and as a web developer) to enable HTTPS?

You need a certificate, usually signed by a Certificate Authority and access to configure the certificate and key on your SSL capable webserver.

Do I need admin-level access to a server's configuration files to enable HTTPS?

Sometimes, a common implementation of Apache SSL has the keys stored with owner root and only readable as root, this is the most secure way to set it up because this means the key is only able to be read by Apache while its being started, and then once its started up and running under its own username, it can read the key.  Most hosting providers use different methods for storing keys, so it shouldint be too hard.

If I need something special to enable HTTPS/SSL, do I have to pay for it? If so, who and why?

You need a certificate, and you usually have to pay if you want it to be trusted by anyone's browser.  You get a certificate from a certificate authority, it costs money because its business.

Just how secure is SSL?

This is the shortest question contributed so far, and its also the hardest to answer.  If youve read this far, you can see some potential issues in SSL, and belive me there are many issues, which I will touch on later.  Generally speaking, most reputable institutions spend a significant amount of time securing their SSL setups.  So your bank most likely is one of the most secure sites you will visit.

I have a long list of questions and answers to help flesh out just how secure it is, and just how broken it can get, but to put it in a sentence: Secure enough for the common person, but teetering on the edge.

Also, how long would it take to decrypt or crack a data stream encoded with SSL?

With RSA 2048 bit keys and 128 bit AES, it could potentially take years to brute force.  Most attacks take the form of targeting weaknesses in the protocols used or their implementations.  Some of these attacks are relitively quick, with BEAST coming in at a couple of seconds per byte decoded.  Many attacks look for things like cookies being sent in cleartext.

Is SSL able to help protect sensitive data a token-ring network, with novel 5.5 servers in an IP based topography?

I dont know, I know in NetWare 6.5 NCP supported encryption, infact encryption was required in many places (I remeber this because of all the backing up of keys and stuff that happened, especially when transitioning the NDS tree to eDirectory).  Token Ring is somewhat irrelevant here, other than being somewhat outdated.  Its been 5 years since I have touched anything NetWare, aside from miving the manuals and CDs around while moving.

More to come:

Q. If the trust model of SSL is so broken, what can we do to fix it?
Q. What is the BEAST attack (CVE-2011-3389), what can be done to prevent it?
Q. You have said "security is about tradeoffs" can you explain what you mean?

More attacks:
Null Prefix Attack: http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf
OCSP Attack: http://www.thoughtcrime.org/papers/ocsp-attack.pdf

Carl Foxmarten

DeviantArt | FurAffinity | LiveJournal | Project Blog
"Those who do not understand the wheel are constantly reinventing it." ~Myself

kayfox


Carl Foxmarten

Okay, here are a bunch of questions off the top of my head.
Not sure what category they fall into...

  • Which web servers support HTTPS?
  • What is the relationship between HTTPS and SSL?
  • What do I need (as an admin and as a web developer) to enable HTTPS?
  • Do I need admin-level access to a server's configuration files to enable HTTPS?
  • If I need something special to enable HTTPS/SSL, do I have to pay for it? If so, who and why?
  • Just how secure is SSL? Also, how long would it take to decrypt or crack a data stream encoded with SSL?
DeviantArt | FurAffinity | LiveJournal | Project Blog
"Those who do not understand the wheel are constantly reinventing it." ~Myself

mediar

Is SSL able to help protect sensitive data a token-ring network, with novel 5.5 servers in an IP based topography?
There are 10 types of people in the world, those who understand binary and those that don't.

Arooo!

kayfox

I have updated the main topic, please let me know if I made any mistakes.  Also, I still want your questions!