Scribd Logo
Upload

Welcome to Scribd!

  • SSL Protocol Analysis

    Uploaded by

    Raviraj Deshmukh
    2 views8 pages

    Original Title

    3. SSL Protocol Analysis

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views8 pages

    SSL Protocol Analysis

    Uploaded by

    Raviraj Deshmukh

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Course - Network Security (SSZG513)

    Topic - Wireshark Worksheet on SSL/TLS


    Author and Instructor - Vineet Garg

    Objective: The objective of this worksheet is to analyze the SSL protocol by capturing the
    packets using Wireshark tool while visiting any SSL secured website (banking, e-commerce
    etc.). Audience is expected to be familiar with the basic usage of Wireshark and the
    theoretical concepts of SSL. The standardized version of SSL is TLS which is tracked through
    IETF RFC-5246. Most SSL secured website use TLS.

    Platform: The content shown below is taken from Wireshark 1.12.6 running on Windows-
    8.1 operating system. This is expected to be similar or with minimum differences across
    different operating systems and Wireshark software releases.

    Recommendation: To get the full hands-on experience, it is highly recommended that


    audience practically run a similar session accessing any SSL/TLS secured website and analyze
    it through Wireshark using this worksheet as a supporting aid. Passive review of this
    worksheet will provide only fractional benefits.

    Observations Steps:
    (1) Identify a secure server which uses TLS for secure transactions. It appears with a green
    padlock in the URL window of the browser. Some of the websites may appear with a grey
    padlock. There is not much practical difference except these websites do not use extended
    validation certificates. For this worksheet, a website which comes up with a green padlock is
    recommended.

    (2) For this worksheet, hsbc.co.in website of HSBC bank is selected. It comes up with a green
    padlock when personal internet banking log on is pressed from its main page.

    Green
    Padlock

    (3) Identify the IP address of the website running commands like ping or tracert from
    command prompt (windows run -> cmd). The IP address for HSBC personal banking logon is
    203.112.92.107 as retrieved below. This IP address will be used to identify the TLS server in
    the Wireshark captured packets.

    TLS Server
    IP Address

    (4) Identify the IP address of your PC/laptop from where you are accessing this web server
    using ipconfig command from command prompt (or, ifconfig from the Linux terminal). The
    IP address of this experimental laptop is 192.168.1.2 as retrieved below. This IP address will
    be used to identify the TLS client in the Wireshark captured packets.

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 1 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    TLS Client
    IP Address

    (5) Your client IP address may change depending on from where you are accessing the
    Internet from time to time (location - office or home, Internet Service Provider - Airtel, Tata
    or Reliance etc.). The server IP address may also keep changing with time. It is not in your
    control.

    (6) Start packet capturing using Wireshark (review Wireshark Starter worksheet as a pre-
    requisite). Access the personal log-on of hsbc.co.in through your browser. When green
    padlock appears, stop capturing the packets on Wireshark. Now for the analysis purpose the
    task of the browser is completed. The analysis will take place using Wireshark tool only.

    Important Note:

    I. You may stop capturing the packets little later also, but it will only increase the count of
    total captured packets. The TLS protocol runs and completes is job as soon as green
    padlock appears (can you find out the time from Wireshark?) After that, it is only
    encrypted and authenticated data which goes over the TLS. We are not interested in
    that. We want to only analyse the TLS protocol messages.

    II. It is advisable to close all other TCP/IP sessions (e.g. e-mail, multiple browser windows
    etc) on your PC/laptop Internet interface when you are capturing the above TLS packets.
    It will unnecessary capture a lot of IP packets.

    (7) Apply ssl&&((ip.src == 192.168.1.2 && ip.dst ==203.112.92.107) || (ip.dst ==


    192.168.1.2 && ip.src ==203.112.92.107)) filter on the Wireshark window. The packet
    capture will look somewhat like as shown below:

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 2 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    Filter

    (8) The filter is set like as shown below in somewhat like C/C++ syntax. Why?

    ssl && ((ip.src == 192.168.1.2 && ip.dst ==203.112.92.107) || (ip.dst == 192.168.1.2 &&
    ip.src ==203.112.92.107))

    This selects that source and destination should be either TLS client or server and protocols
    should be ssl. Wireshark keyword for TLS is SSL. Running this filter show only relevant
    packets on the display screen.

    (9) Filters can also be saved from Wireshark Edit -> Preferences -> Filter Expressions for
    recurrent future usage. For more details go through the Building Filter Expressions
    Wireshark user guide pages.

    (10) Now let us start analyzing the TLS protocol from the captured packets. The first
    message from TLS client to TLS server (source to destination) is Client Hello as shown below
    from the packet list view:

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 3 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    (11) When selecting this packet the packet detail display shows the following:

    (12) Review the TLS Record Protocol packet structure from the lecture slides. It looks like
    below:

    Content Type Major Version Minor Version Length


    (8 bits) (8 bits) (8 bits) (16 bits)

    Now from the captured Client Hello packet, map the above TLS Record Protocol fields:

    Content Type = 22 (that indicates that it is Handshake Protocol being carried over record
    protocol)
    Major and Minor Version = 0x0301 (Value for TLS 1.0)
    Length = 198 bytes

    These values can be seen in packet bytes view in the lowest part of the display. Each byte is
    in hexadecimal. E.g. bringing the cursor over the version field, it highlights the two bytes of
    the version in the packet bytes display below.

    (13) Expand the packet of Client Hello message, pressing the + button on the left side of it.

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 4 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    (14) The following headers will be shown in the packet details:

    (15) Review from the lectures slide the structure of Handshake protocol. It looks like as
    shown below:

    Now from the expanded view, map the above Handshake Protocol fields:

    Type = 1 (that indicates that it is Client Hello message)


    Length = 194
    Content = that contains the following Client Hello fields. (keep pressing the + button for
    individual fields to see the details)

    I. Version = 0x0303 that represents TLS 1.2


    II. Random = Notice the GMT Unix time stamp + 28 bytes of a random number. Note
    that server or client may not choose day/time of the day you are accessing the web
    server. It could be any random day/time.

    III. Session ID Length = 0, since the length is 0, there is no session id field.


    IV. Cipher Suites Length = 26
    V. Cipher Suites = A list of 13 cipher suites will be shown below. Each takes 2 bytes that
    is why the length was 26.
    VI. Compression Method Length = 1
    VII. Compression Method = Null (0) (this occupies 1 byte)

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 5 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    (16) There may be few extension fields following Compression Method as recommended by
    RFC-5246. We are not going to explore them in this worksheet.

    (17) Now let us review the Server Hello packet details as shown below and make the
    following observation:

    I. Server is assigning a session id to this session (client sent 0).


    II. Sever selected the second cipher suite from the client's list. May be it cannot support
    the first one from the client cipher suite list of 13 suites as shown above.

    The second
    Session ID cipher suite
    assigned selected from
    the client list.

    (18) After this phase-1 of handshake protocol, in phase-2, server sends Certificate message.
    Fields of the Certificate message are shown below:

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 6 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    Now from the expanded view, map the above Handshake Protocol fields:

    Type = 11 (that indicates that it is Certificate message)


    Length = 4863
    Content = Server's certificates chain. Top most is with id hsbc.co.in and bottom most is
    VeriSign. We will study the digital certificates and its structure during the later part of the
    course.

    (19) You may also notice that in phase-2, there are no more messages from the server. In
    many cases, server does not request client's certificate.

    (20) Now handshake protocol enters into the phase-3 and phase-4. The following messages
    are sent from the client to the server:

    Now from the above expanded view, observer the following messages and their fields:

    I. Client Key Exchange:

    Type = 16 (that indicates that it is Client Key Exchange message)


    BITS Pilani Work Integrated Learning Programme (WILP)
    Page 7 of 8, Rev-1.0
    Course - Network Security (SSZG513)
    Topic - Wireshark Worksheet on SSL/TLS
    Author and Instructor - Vineet Garg

    Length = 258
    RSA Encrypted Pre Master Secret (because server selected RSA based Cipher Suite)

    II. Change Cipher Spec:

    Type = 20 (that indicates that it is Change Cipher Spec message)


    Length = 1
    Juts the 1 byte indication

    III. Encrypted Handshake Message: Can you guess what it is? It is the first encrypted
    message from the client that is finished. The content part of it will be a digest that
    includes all the messages (except finished) sent by the client in handshake protocol
    as shown below:

    (21) Now the Change Cipher Spec and encrypted finished messages come from the server
    end and it completes all the four phases of SSL/TLS handshake protocol.

    (22) Following above, all encrypted application data will be exchanged across client and
    server. If there are any alert messages, they will be also encrypted and shown as "Encrypted
    Alert" in the info filed of Wireshark.

    Exercise: Explore time formats of Wireshark and identify how long it took to complete the
    TLS handshake protocol to perform its job.

    BITS Pilani Work Integrated Learning Programme (WILP)


    Page 8 of 8, Rev-1.0

    You might also like