Scribd Logo
Upload

Welcome to Scribd!

  • Module TLS.2 The TLS/SSL Protocol TLS MITM Attack

    Uploaded by

    Gilian kipkosgei
    17 views14 pages

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    17 views14 pages

    Module TLS.2 The TLS/SSL Protocol TLS MITM Attack

    Uploaded by

    Gilian kipkosgei

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 14

    CS 4363: Cryptography

    CS 6373: Applied Cryptography

    Module TLS.2

    The TLS/SSL Protocol


    TLS MITM Attack

    Ravi Sandhu

    J. M. Hayes, "The problem with


    multiple roots in Web browsers-
    certificate masquerading," Proc.
    WET ICE '98.

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    1
    X.509v1 Certificate

    VERSION
    SERIAL NUMBER
    SIGNATURE ALGORITHM
    ISSUER (Certificate Authority)
    VALIDITY
    SUBJECT
    SUBJECT PUBLIC KEY INFO
    SIGNATURE

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    2
    X.509v1 Certificate

    1
    1234567891011121314
    RSA+SHA-3, 2048
    C=US, S=TX, O=UTSA, OU=CS
    1/1/22-12/31/22
    C=US, S=TX, O=UTSA, OU=CS, CN=Ravi Sandhu
    RSA, 2048, xxxxxxxxxxxxxxxxxxxxxxxxx
    SIGNATURE

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    3
    SET (Secure Electronic Transactions)
    CA Hierarchy

    Root

    Brand Brand Brand

    Geo-Political

    Bank Acquirer

    Customer Merchant

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    4
    Multiple Trusted Roots
    ≈ 25 Years on the Web

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    5
    1 Way TLS

    Client
    (Browser) Server
    https

    RSA encryption
    certificate

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    6
    https Indicator

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    7
    1 Way TLS Naïve MITM

    Client
    (Browser) MITM Server
    http https

    RSA encryption
    certificate

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    8
    1 Way TLS Diligent MITM

    Client
    (Browser) MITM Server
    https https

    RSA encryption
    certificate

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    9
    1 Way TLS Diligent MITM

    Client
    (Browser) MITM Server
    https https

    fake server RSA encryption


    RSA encryption certificate
    certificate

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    10
    Server-Side Masquerading

    Bob www.host.com
    Web browser Web server
    1 way TLS

    Ultratrust
    Security
    Services

    www.host.com

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    11
    Server-Side Masquerading

    Bob www.host.com
    Web browser Web server

    1-way TLS 1-way TLS Ultratrust


    Security
    Services

    BIMM Mallory’s www.host.com


    Corporation Web server

    www.host.com

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    12
    Server-Side Masquerading

    Bob www.host.com
    Web browser Web server

    1-way TLS 1-way TLS Ultratrust


    Security
    Services

    BIMM
    Corporation
    Mallory’s www.host.com
    Web server
    Ultratrust
    Security
    Services

    www.host.com

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    13
    2 Way TLS Thwarts MITM

    Client
    (Browser) MITM Server
    https https

    fake server RSA encryption


    RSA encryption certificate
    certificate

    RSA signature fake client


    certificate RSA signature
    certificate

    © Ravi Sandhu
    World-Leading Research with Real-World Impact!
    14

    You might also like