HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

64
HTTPS in 2015 Eric Lawrence @ericlaw

Transcript of HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Page 1: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTPS in 2015

Eric Lawrence@ericlaw

Page 2: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Quick Introductions

Eric Lawrence @ericlaw

Page 3: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Why?

• Bad guys• Government snoops• Non-neutral networks (Gogo, corporate)

• “Value adding providers”

Rewards • Increased user trust• Better search ranking• More reliable egress (HTTP2; WebSocket)

Page 4: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

The Stack

• Your Client Browser• HTTP• SSL/TLS• TCP• IP

Page 5: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTPS Provides…

• Authentication• Confidentiality• Integrity

Page 6: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

How?

• Public Key Infrastructure for certificate chains• Public Key Cryptography for key exchanges• Symmetric Cryptography for data transfers

Page 7: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Certificates

Page 8: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Hash Algorithms• MD5 busted• SHA1 heading that way• SHA256 entering mainstream in 2015

Page 9: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Validating the Certificate

• Validate certificate signature• Validate it is within validity period• Validate it chains to trusted root• Validate Subject CN or SubjectAltName

contains hostname of the target…– Wildcards

• Check to see if it was revoked

Page 10: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Extended Validation SSL

BankoftheVVest.com phishing siteDomain validation and the race to the bottom

Page 11: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Ciphers, Hashes, and MACs oh my…

Page 12: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Initial Handshake

Page 13: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 14: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

SNI Extension

• Break the IPEndpoint->Server mapping• Important to allow HTTPS virtual hosting• Not available on WinXP or Android < v2.3

Page 15: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 16: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Forward Secrecy

• If you can record ALL of the traffic…• And you’re using RSA…• And you can ever steal or crack the private key (at

any point in the future…

Achieving Forward SecrecyDo not use the RSA key exchange, which does not provide forward secrecy. Instead, look for the string ECDHE or DHE in the cipher suite name. RSA can be used for key exchange and authentication; there is nothing wrong with the latter.

Page 17: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Popular Ciphers• Triple-DES• RC4• AES• ChaCha (new)

Page 18: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Revocation• CRL (Certificate Revocation List)• OCSP (Online Certificate Status Protocol)• Deployed blocklists

Page 19: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Certificate Pinning• Built-into browser• Distributed with security software

like Microsoft EMET• New HTTP Public Key Pinning

header https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21

Public-Key-Pins: pin-sha256="GHI..."; pin-sha256="JKL..."; max-age=… report-uri=…; includeSubDomains

Page 20: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Certificate Transparencyhttp://www.certificate-transparency.org/

Google Chrome intends to require Certificate Transparency (CT) for all EV certificates issued after 2014. A SCT “Signed Certificate Timestamp” is added to the certificate.

Page 21: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Performance

Page 22: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

https://www.youtube.com/watch?v=0EB7zh_7UE4

Page 23: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 24: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Session Resumptionhttp://calendar.perfplanet.com/2014/speeding-up-https-with-session-resumption/

Page 25: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

ECC Public Keys

ECC certificates offer stronger security and smaller certificates - e.g. a 256-bit ECC key is equivalent to a 3072-bit RSA key.

http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

Page 26: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Run Latest Versions

Page 27: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

I’m in!

Page 28: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 29: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 30: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Enabling HTTPS for your site will be as easy as installing a small piece of certificate management software on the server:

https://example.com is immediately live.

The Let’s Encrypt management software will:• Automatically prove to the Let’s Encrypt CA that you control the website• Obtain a browser-trusted certificate and set it up on your web server• Keep track of when your certificate is going to expire, and automatically renew it• Help you revoke the certificate if that ever becomes necessary.

No validation emails, no complicated configuration editing, no expired certificates breaking your website. And of course, because Let’s Encrypt provides certificates for free, no need to arrange payment.

Page 31: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

WebDev Errors

• Critical Mistake #1: Non-HTTPS Login pages (even if submitting to a HTTPS page).

Page 32: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

WebDev Errors

• Critical Mistake #2: Mixing HTTP Content into a HTTPS page

Page 33: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HSTS

Page 34: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HSTS

http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx

• Insecure references are upgraded• Certificate errors are fatal

Use the HTTPS response header: Strict-Transport-Security: max-age=63072000; includeSubDomainsOr get on the browsers’ pre-load list (avoid bootstrapping problem)

Page 35: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Fiddler Visualization

If there’s an exclamation point in the column, you’ve done something wrong!

Page 36: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Migration Guide

https://t.co/0ORIlnp64YChris Palmer @fugueish

• Use STS• Use Secure attribute on cookies• Protocol-relative URLs• Run the Qualys SSLLabs Server test

Page 37: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

SSLLabs

Page 38: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTPS all the Things!

Page 39: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Best Practice

• Secure everything. It’s very hard to predict future attack scenarios.

• Yes, really.

Page 40: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTP Content indicator

Page 41: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTP Content indicator

Page 42: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Not Just Browsers…

Page 43: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Hacks

Page 44: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 45: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 46: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 47: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

HTTPS Traffic Analysis

• Source IP• Destination IP• Server Name (via SNI)• Higher-level protocol (via ALPN)• Client Certificates (if sent before encryption)

Page 48: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 49: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Implementation Issues

• Truncation• Compression• Clickthrough UI

Page 50: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Implementation Issues

• Truncation• Compression• Clickthrough UI

Page 51: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Implementation Issues

• Truncation• Compression• Clickthrough UI

Page 52: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

MITM/MITB Attacks

Page 53: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

MITM/MITB Attacks

Page 54: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Extended Validation Won’t Help

Page 55: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 56: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.
Page 57: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Heartbleed

http://xkcd.com/1354/

Page 58: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Sometimes, you do attack the crypto

Page 59: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Crypto Deep Dive later this morning…

Page 60: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Book: Bulletproof SSL and TLS

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/

Coupon Code for 25% off

CODEMASH

Valid January 1st to 31st

Free Chapter: https://www.feistyduck.com/books/openssl-cookbook/

Page 61: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Thanks for coming!

Questions?

Find me on Twitter: @ericlawEmail me: [email protected]

Go forth and secure all the things!

Page 63: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.

Combatting breach?

Page 64: HTTPS in 2015 Eric Lawrence @ericlaw. Quick Introductions Eric Lawrence @ericlaw.