HTTPS in 2015 - Eric Lawrence

Download Report

Transcript HTTPS in 2015 - Eric Lawrence 

HTTPS in 2015
Eric Lawrence
@ericlaw
Quick Introductions
Eric Lawrence
@ericlaw
Why?
•
•
•
•
Bad guys
Government snoops
Non-neutral networks (Gogo, corporate)
“Value adding providers”
Rewards
• Increased user trust
• Better search ranking
• More reliable egress (HTTP2; WebSocket)
The Stack
•
•
•
•
•
Your Client Browser
HTTP
SSL/TLS
TCP
IP
HTTPS Provides…
• Authentication
• Confidentiality
• Integrity
How?
• Public Key Infrastructure for certificate chains
• Public Key Cryptography for key exchanges
• Symmetric Cryptography for data transfers
Certificates
Hash Algorithms
• MD5 busted
• SHA1 heading that way
• SHA256 entering mainstream in 2015
Validating the Certificate
•
•
•
•
Validate certificate signature
Validate it is within validity period
Validate it chains to trusted root
Validate Subject CN or SubjectAltName
contains hostname of the target…
– Wildcards
• Check to see if it was revoked
Extended Validation SSL
BankoftheVVest.com phishing site
Domain validation and the race to the bottom
Ciphers, Hashes, and MACs oh my…
Initial Handshake
SNI Extension
• Break the IPEndpoint->Server mapping
• Important to allow HTTPS virtual hosting
• Not available on WinXP or Android < v2.3 
Forward Secrecy
• If you can record ALL of the traffic…
• And you’re using RSA…
• And you can ever steal or crack the private key (at
any point in the future…

Achieving Forward Secrecy
Do not use the RSA key exchange, which does not provide forward secrecy. Instead,
look for the string ECDHE or DHE in the cipher suite name. RSA can be used for key
exchange and authentication; there is nothing wrong with the latter.
Popular Ciphers
•
•
•
•
Triple-DES
RC4
AES
ChaCha (new)
Revocation
• CRL (Certificate Revocation List)
• OCSP (Online Certificate Status Protocol)
• Deployed blocklists
Certificate Pinning
• Built-into browser
• Distributed with security software
like Microsoft EMET
• New HTTP Public Key Pinning
header
https://tools.ietf.org/html/draftietf-websec-key-pinning-21
Public-Key-Pins: pinsha256="GHI..."; pinsha256="JKL..."; max-age=…
report-uri=…;
includeSubDomains
Certificate Transparency
http://www.certificate-transparency.org/
Google Chrome intends to require Certificate Transparency (CT) for all EV certificates
issued after 2014. A SCT “Signed Certificate Timestamp” is added to the certificate.
Performance
https://www.youtube.com/watch?v=0EB7zh_7UE4
Session Resumption
http://calendar.perfplanet.com/2014/speeding-up-https-with-session-resumption/
ECC Public Keys
ECC certificates offer stronger security and smaller certificates - e.g. a 256-bit ECC key is
equivalent to a 3072-bit RSA key.
http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
Run Latest Versions
I’m in!
Enabling HTTPS for your site will be as easy as installing a small piece of certificate
management software on the server:
https://example.com is immediately live.
The Let’s Encrypt management software will:
• Automatically prove to the Let’s Encrypt CA that you control the website
• Obtain a browser-trusted certificate and set it up on your web server
• Keep track of when your certificate is going to expire, and automatically renew it
• Help you revoke the certificate if that ever becomes necessary.
No validation emails, no complicated configuration editing, no expired certificates
breaking your website. And of course, because Let’s Encrypt provides certificates for free,
no need to arrange payment.
WebDev Errors
• Critical Mistake #1:
Non-HTTPS Login
pages (even if
submitting to a HTTPS
page).
WebDev Errors
• Critical Mistake #2: Mixing HTTP Content into
a HTTPS page
HSTS
HSTS
Use the HTTPS response header:
Strict-Transport-Security: max-age=63072000;
includeSubDomains
Or get on the browsers’ pre-load list (avoid bootstrapping problem)
• Insecure references are upgraded
• Certificate errors are fatal
http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-securityattacks-mitigations-deployment-https.aspx
Fiddler Visualization
If there’s an exclamation point in the column, you’ve done something wrong!
Migration Guide
https://t.co/0ORIlnp64Y
Chris Palmer @fugueish
•
•
•
•
Use STS
Use Secure attribute on cookies
Protocol-relative URLs
Run the Qualys SSLLabs Server test
SSLLabs
HTTPS all the Things!
Best Practice
• Secure everything. It’s very hard to predict
future attack scenarios.
• Yes, really.
HTTP Content indicator
HTTP Content indicator
Not Just Browsers…
Hacks
HTTPS Traffic Analysis
•
•
•
•
•
Source IP
Destination IP
Server Name (via SNI)
Higher-level protocol (via ALPN)
Client Certificates (if sent before encryption)
Implementation Issues
• Truncation
• Compression
• Clickthrough UI
Implementation Issues
• Truncation
• Compression
• Clickthrough UI
Implementation Issues
• Truncation
• Compression
• Clickthrough UI
MITM/MITB Attacks
MITM/MITB Attacks
Extended Validation Won’t Help
Heartbleed
http://xkcd.com/1354/
Sometimes, you do attack the crypto
Crypto Deep Dive later this morning…
Book: Bulletproof SSL and TLS
Coupon Code for 25% off
CODEMASH
Valid January 1st to 31st
https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
Free Chapter: https://www.feistyduck.com/books/openssl-cookbook/
Thanks for coming!
Questions?
Find me on Twitter: @ericlaw
Email me: [email protected]
Go forth and secure all the things!
See how lightsabers are built…
Combatting breach?