Assignment on Network Security

Title of the Project: Heartbleed security issue in OpenSSL - Heartbeat in TLS.

Abstract
This article describes ‘OpenSSL Heartbleed Vulnerability’ thoroughly. It describes the
‘Heartbleed’ drawback, its causes, and its impact. The aim of this text is to extend awareness
concerning Heartbleed vulnerability in OpenSSL library, mistreatment that attackers will get
access to passwords, personal keys or any encrypted information. It also explains, however,
Heartbleed works, what code causes information run and explains the resolution with code
fix.
Encryption is that the backbone of web security. It protects user’s knowledge, passwords and
group action details from attackers. To attain secret writing over web, one in all the famed
and wide used protocols is HTTPS. HTTPS is just HTTP over SSL/TLS. For instance any on-line
payment or banking transactions over web happens through HTTPS because it is secured.
However the new vulnerability –Heartbleed has place an issue mark on this security of web
itself and has broken a trust on the open supply community.
Heartbleed is that the devastating vulnerability within the OpenSSL library that change any
attacker to steal plenty of protected info from a system that employing a broken and
vulnerable version of the OpenSSL library. This horrific attack will happens through the net
allowing a hacker to scan the memory and supposed protected knowledge like passwords,
secret keys associated usernames from an exposed system while not departure any trace and
also the state of affairs. There can be a leak from the vulnerable server to consumer and from
consumer to a vulnerable server.
Day by day because the quality within the web increasing the vulnerabilities concerning the
safety is also increasing. Therefore the information concerning these flaws needs to be unfold.
Thus this report discuss concerning the one in all the vulnerability that exists for an extended
time referred to as ‘Heartbleed’. The aim of this report is to form awareness concerning the
Heartbleed vulnerability in OpenSSL Library, using which attackers will get access to
passwords, personal keys or any encrypted knowledge. It explains however Heartbleed works,
what code causes knowledge run and explains the resolution with code fix. It also explains
perform a way to perform heartbeat attack.

Sensitivity: Internal & Restricted

Introduction to Heartbleed Vulnerability
The name 'Heartbleed' itself explains the vulnerability - 'Heart' of the Heartbleed came from
Heartbeat protocol and 'bleed' stands for information leak which implies information leak at
intervals the Heartbeat protocol implementation, specifically the OpenSSL implementation of
the protocol. OpenSSL is an open supply and widely used library for the Secure Socket Layer
(SSL) and Transport Layer Security (TLS) protocols. During this written report, square measure
going to} learn the way serious, this vulnerability is and what are the ways to assist forestall
this knowledge leak.
Encryption is the backbone of network security. It protects user's knowledge, passwords and
group action details from attackers. To attain encoding over the web, one in every of the
known and widely used protocols is HTTPS. Communications protocols are solely HTTP over
SSL/TLS. As an example, any online payment or banking transactions over the web happens
through HTTPS because it is secured. However, this new vulnerability - Heartbleed- has
placed an issue mark on this security of the web itself and has broken trust in the open
source community.
The Heartbleed Bug may be a serious vulnerability within the widespread OpenSSL crypto
logical software system library. This weakness permits stealing the data protected, beneath
traditional conditions, by the SSL/TLS cryptography accustomed secure the net. SSL/TLS
provides communication security and privacy over the net for applications like web, email,
instant electronic messaging (IM) and a few virtual non-public networks (VPNs). The
Heartbleed bug permits anyone on the net to scan the memory of the systems protected by
the vulnerable versions of the OpenSSL software system. This compromises the key keys
accustomed determine the service suppliers and to encipher the traffic, the names and
passwords of the users and also the actual content. This enables attackers to listen in on
communications, steal information directly from the services and users and to impersonate
services and users.
CVE-2014-0160 is the official regard to this bug. CVE (Common Vulnerabilities and
Exposures) is that the normal for data Security Vulnerability Names maintained by MITRE.
Due to co-incident discovery a reproduction CVE, CVE-2014 0346 that was appointed to
North American nation should not be used, since others severally went public with the CVE-
2014-0160 symbol. Bugs in single code or library come back and go and are mounted by
new versions. However, this bug has left an oversized quantity of personal keys and
alternative exposed to the net. Considering the long exposure, easy exploitation and attacks
feat no trace this exposure ought to be taken seriously.

Sensitivity: Internal & Restricted

This bug was severally discovered by a team of security engineers (Riku, Antti, and Matti) at
Codenomicon and Louis Eugene Felix Neel Mehta of Google Security, United Nations
agency initial reportable it to the OpenSSL team. Codenomicon team found Heartbleed
bug whereas rising the Safeguard feature in Codenomicon's Defensics security testing tools
and reportable this bug to the NCSC-FI for vulnerability coordination and coverage to the
OpenSSL team.

How the Heartbleed works:

The heartbeat extension protocol consists of two message types: Heartbeat Request message
and Heartbeat Response message and therefore the extension protocol depends on that TLS
protocol is being employed to explain below:
1. Once employing a reliable transport protocol: One aspect of the peer affiliation sends
a Heartbeat Request message to the opposite aspect. The other side of
the affiliation ought to at once send a Heartbeat Response message. This makes one
successful Heartbeat and so, keeping the affiliation alive – this is often referred to
as ‘keep-alive’ functionality. If no response is received among a given timeout, the
TLS affiliation is terminated.

2. Unreliable transport protocol:

One facet of the peer association sends a Heartbeat Request message to the
opposite facet. The other side of the association ought to straight off send a
Heartbeat Response message. Another Heartbeat Request message is transmitted if
no response is received at a specific timeout. If the expected response is not
received for that variety of retransmissions, the DTLS connection is terminated.
When a receiver receives a Heartbeat Request message, the receiver ought to challenge a
particular copy of the received message within the Heartbeat Response message. The
sender verifies that the Heartbeat Response message is the same as what was originally
sent. If it's similar, the affiliation is unbroken alive. If the response doesn't contain a similar
message, the Heartbeat Request message is retransmitted for a nominative variety of
retransmissions.

Heartbleed security issues in OpenSSL - Heartbeat in TLS:

Open SSL is an implementation of TLS protocol and most widely deployed
implementation. The weakness behind the bug allows any user on the internet to read the
memory of the system based on the vulneblityIn beta release of 1.01 and 1.02 there is a high
programming mistake that can lead to an attacker losing the confidential data and system is
running these vulnerable version of SSL over particular vulnerable version of Open SSL can be
attacked quite easily.
There is an OpenSSL library known as TSL heartbeat extension. This extension helps to avoid
re-establishing the session and allow for the mechanism which SSL session could be

Sensitivity: Internal & Restricted

capitalized for longer by exploring this extension. Any user on the internet can pose small
memory from a system which can contain user critical information such as username,
passwords, credit card information, and any kind of confidential thing passing through that
system.
TLS is a protocol common view to safeguard transaction on the web which is called as
Successor. For ex. https - means the web page you are viewing is been transmitted to you in
encrypted form. i.e. our date has safeguarded any password we type in or any confidential
provided to the website will be encrypted and safe from somebody trying to do eavesdrop.
An extension to the TSL is known as Heartbeat. Heartbeat extension allows you to do keep
TLS session up and running even though, no real data has gone through it in a while by simply
sending a message to know as heartbeat Request.
Heartbeat is also essential useful if you want to find out whether the peer with your
communication. If you send the heartbeat that peers basically keep the session alive and also
you can find out if the computer request is still there because the computer responds back to
the request and virtual saw the response you can ensure that the computer can bear the
session.
One computer through another sends the Heartbeat Request and the request contains some
data that data includes payload and size of the payload. The computer that responds to the
computer will actually contain in it response payload information and padding. Heartbeat
Request also contains data and size where the tracker can crack the miscellaneous data.

The OpenSSL project:

OpenSSL library provides the implementation of scientific discipline protocols like SSL and TLS.
It is an open supply package written in C programing language. The event is totally volunteer
driven and also the library is unengaged to use for industrial and non-commercial functions
under Associate in Nursing Apache-style license.

Heartbeat Implementation in OpenSSL:

The OpenSSL team enforced the heartbeat extension in Dec 2011. This section in brief
explains the code for heartbeat implementation for each Heartbeat Request message and
Heartbeat Response message. It additionally explains the bug within the code and its fix very
well. The OpenSSL ASCII text file is downloaded from the teams electronic computer Ate
https://www.openssl.org/source/ or ftp://ftp.openssl.org/source/ . The bug exists in
OpenSSL from version one.0.1 to 1.0.1f.

The SSL, TLS, DTLS Protocols:

Sensitivity: Internal & Restricted

Security over the net may be achieved in many ways. Network layer security is one among
them. Security over TCP/IP may be improved by victimization the Secure Socket Layer (SSL)
or its innings protocol Transport Layer Security (TLS). These two protocols square measure
normally mentioned along as SSL/TLS.
HTTP may be an unsettled application-level protocol to format and transmit knowledge
between net servers and net browsers. With the rise within the threats and frauds over the
net, there is invariably a necessity for the safer transmission of knowledge. Hypertext transfer
protocols is employed to boost the protection of communication over a network by providing
a layer of SSL/TLS the between HTTP and protocol layer.
DTLS (Datagram Transport Layer Security) could be a communication protocol that
implements TLS over unreliable transport protocol i.e. Datagram Congestion management
Protocol (DCCP) or User Datagram Protocol (UDP).

Fig. Common internet protocol layers

Heartbeat Request Message:

The OpenSSL implementation of the Heartbeat Request message has a Message Type of 1
byte to identify that this message is a ‘TLS Heartbeat Request’ message, 2 bytes for the
payload length, a 2-byte sequence number in the payload to identify to specified number of
messages sent before a timeout, and 16 bytes for actual payload and any padding. The
Heartbeat Request message is created and sent to the receiver. The timer for timeout starts
and the specified number of retransmission is updated. There is no problem in the OpenSSL
Heartbeat Request implementation.

Heartbeat Response Message:

Heartbeat Response sends a copy of the received Heartbeat Request payload data, which
verifies that the secured connection between the peers is still alive. The Heartbeat Response
implementation first checks to determine if the received message type is ‘TLS Heartbeat
Request’ message and extracts the request payload length. It then allocates memory for the

Sensitivity: Internal & Restricted

Heartbeat Response message. The Heartbeat Response message has a 1 byte of message type
to indicate it is the ‘TLS Heartbeat Response’ message and 2 bytes to indicate the payload
length. It copies the payload from the Heartbeat Request message to the Heartbeat Response
message and sends the response message back to the requestor. Requestor receives the
Heartbeat Response message and validates it with the original message sent. Thus, OpenSSL
Heartbeat Request and response implementation ensures that the secured connection
between the peers is still alive or not.

Data Leakage leading to Heartbleed

There is a bug within the higher than the implementation of the Heartbeat reply to the
received Heartbeat request message. The matter here is that the OpenSSL heartbeat
response code doesn't check to form positive that the payload length field within the
heartbeat request message matches the particular length of the payload. If the heartbeat
request payload length field is ready to a worth larger than the particular payload, the
response C code can copy the payload from the heartbeat message and no matter is in
memory on the far side the tip of the payload. A heartbeat request the payload length may
be set to a most worth of 65535 bytes. Thus, the bug within the OpenSSL heartbeat response
code may copy the maximum amount as 65535 bytes from the machine's memory and send
it to the requestor

Fixing the Error in the Code

1. First, it checks to see if the length of the payload is zero or not. It merely discards the
message if the payload length is zero.
2. The second task performed by the bug fix makes certain that the heartbeat payload
length field worth matches the particular length of the request payload information.
If not, it discards the message.

The Real World Impact of Heartbleed

By exploiting the Heartbleed vulnerability, associate degree wrongdoer will send a
Heartbeat request message and retrieve up to sixty-four KB of memory from the victim's
server. The contents of the retrieved memory depend upon what is in memory within the
server at the time, however, might probably contain usernames, passwords, session IDs or
secret non-public keys or alternative sensitive info. The subsequent figure illustrates
however associate degree wrongdoer will exploit this vulnerability. This attack are often
made multiple times while not exploit any trace of it.

Sensitivity: Internal & Restricted

 Fig. Exploiting the Heartbleed vulnerability

It is very little early to estimate the impact of this vulnerability, however, nobody will deny
that this situation is a crucial one for web users, probably golf shot their personal, secret
and encrypted information in danger. Bruce Schneier, in his weblog, has classified the
Heartbleed bug as “Catastrophic” and has given it a rating of eleven on the size of one to
ten.

Sensitivity: Internal & Restricted

Affected Devices:
To add a lot of thereon, Heartbleed has not solely affected the ‘web’ however conjointly the
embedded devices. Several home routers and operational systems incorporate OpenSSL.
Wikipedia has collected report of affected devices. A number of these devices are:
1. Android smart phones running version 4.1.1 (Jelly Bean) of Android.
2. Cisco routers.
3. Juniper routers.
4. Western Digital My Cloud product family firmware

Affected Operating System:

The website http://heartbleed.com maintains an inventory of affected operational systems, a
number of that include:
1. Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
2. Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
3. CentOS 6.5, OpenSSL 1.0.1e-15
4. Fedora 18, OpenSSL 1.0.1e-4
5. OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
6. FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
7. NetBSD 5.0.2 (OpenSSL 1.0.1e)
8. OpenSUSE 12.2 (OpenSSL 1.0.1c)

Status Of different version

1. OpenSSL one.0.1 through one.0.1f (inclusive) are vulnerable.
2. OpenSSL one.0.1g isn't Vulnerable.
3. OpenSSL one.0.0 branch isn't Vulnerable.
4. OpenSSL zero.9.8 branch isn't Vulnerable.

Sensitivity: Internal & Restricted

The Implementation
A very specific characteristic of this attack is that the offender will repeat the attack
any variety of times until to get some vulnerable info from the memory of vulnerable system.
Preparing the test Environment
To demonstrate the Heartbleed attack, it needs two systems running each in an exceedingly
Separate Workstation namely: Associate in Nursing assaulter system (Kali Linux) and a
vulnerable system (Ubuntu twelve.04 LTS). The kali UNIX system is offered for downloading
from http://www.kali.org/ and it is suggested to use the newest doable version. The Ubuntu
twelve.04 LTS is offered to transfer from http://www.ubuntu.com/download/desktop.
Moreover, it is needed to piece Associate in nursing apache service with SSL Support on the
Ubuntu to explode the Heartbleed flaw.
Confirm if your kali system is fully updated:
root@kali:~# apt-get update
root@kali:~# apt-get upgrade
On Ubuntu system, you should confirm the Ubuntu version of your target system,

Fig. Confirming Ubuntu version from terminal.

Now, we have to configure the Apache with SSL support on Ubuntu:

root@ubuntu1:~# a2enmod ssl
root@ubuntu1:~# service apache2 restart
root@ubuntu1:~# mkdir /etc/apache/ssl/

After death penalty the higher than commands, a self-signed certificate needs to be
created exploitation the below command:

Sensitivity: Internal & Restricted

Now, The apache server should be designed to use the higher than certificate by modifying
the required username and server name in keeping with the user perspective within the file
/etc/apache2/sites-available/default-ssl/ as per needed by the user:

Activating the viral host is done by running:

root@ubuntu1:~# a2ensite default-ssl
root@ubuntu1:~# service apache2 restart

Now we'd like to verify whether or not the Apache SSL configuration in operating, so go to
http://192.168.154.137:

Fig. Running the server.

Sensitivity: Internal & Restricted

 Fig. Server ports for Services.

Client Configuration and Connection

On the shopper, The Heartbeat bug may be explored mistreatment the amazing Metasploit.
It's suggested change the Metasploit framework if you're undecided it’s already updated.
Then on Kali UNIX the subsequent task to be done:
root@kali:~# msfupdate
root@kali:~# msfconsole
Now, modification the kernel prolix to use MSF by corporal punishment the command:
root@kali:~# msf
Next step is to settle on the auxiliary scanner “openssl_heartbleed”, it's a default
library offered in UNIX system, Kali system to ascertain really however the Heartbeat
protocol works and to notice If there's a outpouring of knowledge within the protocol:
msf > use auxiliary/scanner/ssl/openssl_heartbleed
Now, we have a tendency to square measure able to see the on the market choices from the
scanner by executing:
msf auxiliary(openssl_heartbleed) > show options

Sensitivity: Internal & Restricted

 Fig. Verbose displaying all the options available for services.
As we will see the sole parameter we'd like to outline is RHOSTS, as a result
of all alternative attributes have a default price. SSL service are going to be running in port
443, therefore it's attainable to outline choices at any purpose in time.
We can proceed to the attack:
msf auxiliary(openssl_heartbleed) > set RHOSTS 192.168.154.137

RHOSTS is to mention that consumer has to connect with the on top

of server science address. These setting are going to be taken by the administrator just in
case of LAN. (E.g. Nitk router can assign one default science to clients).
We can cross verify it whether or not the science address of server allotted or
not victimization the on top of choice command.
Everything is about currently we will able to} run the heartbeat request command
by merely victimization the run command once the results are analysed properly, we
will see the info outflow from heartbeat response:

Sensitivity: Internal & Restricted

 Fig. Data leakage from the response.

The elaborated observation of the higher than results reveals the small print of my very own
Email account, all the passwords, non-public keys that I actually have used whereas human
activity. With the assistance of personal keys (Top-level keys to be secured by OpenSSL
mistreatment SSL/TLS), we will read all the net pages really accessed and every one the
opposite shoppers I actually have connected to. My profile is going to be shared among
alternative users.

Fig. My own profile details leaked among connected clients.

Heartbleed Precautions and preventions

All Heartbleed-vulnerable systems ought to instantly upgrade to OpenSSL one.0.1g.
If you're unsure whether or not AN application you would like to access is Heartbleed
vulnerable or not - attempt anybody of the Heartbleed detector tools from section
"Heartbleed detector tools." No action needed if your
application isn't vulnerable. However if the applying is vulnerable, watch for it to be patched
with OpenSSL one.0.1g. Once the patch is applied, all the users of such applications ought
to follow the applications unleash documents from the service suppliers. Typically, steps to
follow once the patch is applied are:
• Ever-changing your parole.
• generating personal keys once more.
• Certificate revocation and replacement.

Sensitivity: Internal & Restricted

An important step is to restart the services that square measure victimisation OpenSSL (like
HTTPS, SMTP etc).
Before accessing any SSL/TLS application like HTTPS, check to envision if the appliance is
vulnerable. don't access or login to any affected sites. Guarantee all such vendors or
enterprises associated with your business have applied this security patch. Keep your eyes
open on such news of security vulnerabilities.
The Heartbleed bug has jolted the net community on its dependency on the
open supply software system. Even if OpenSSL may be an extremely popular library, it
absolutely was not properly scrutinized. One reason may well be attributable to a scarcity of
resources and funds. The organizations and developers victimization open supply software
system ought to contribute back to those open supply communities in terms of donations,
reviewing the code, testing, and planning. Amazon, Facebook, Google have recently step
up to gift funds to enhance ASCII text file security systems.

Sensitivity: Internal & Restricted