Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:06 [2017/09/24 19:40] cristian.buza |
ac:laboratoare:06 [2024/11/07 01:57] (current) dimitrie.valu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== Laboratorul TODO - PKI and TLS ===== | + | ===== Lab 06 - TLS Attacks - BEAST ===== |
| - | ==== Public Key Infrastructure ==== | + | This laboratory will cover the BEAST attack against the TLS 1.0 implementation of AES-CBC. To solve the lab, open [[https://colab.research.google.com/drive/1Xja4pe2wKLDxJtztBZw4sKQJr_g7CQ1a|this Colab notebook]] and copy it into your own drive for persistence. |
| - | + | ||
| - | In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). | + | |
| - | + | ||
| - | PKI is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed. The roles of root certificate, intermediate certificate and end-entity certificate as in the chain of trust can be seen in the picture below: | + | |
| - | + | ||
| - | {{ :ac:laboratoare:chain-of-trust.png?500 |Chain of trust}} | + | |
| - | + | ||
| - | ==== Task 1: Investigate certficates for ocw.cs.pub.ro ==== | + | |
| - | + | ||
| - | Using your browser's 'View Certificate' functionality, try to find information about the certificate presented by https://ocw.cs.pub.ro. We are interested in: | + | |
| - | * issuer | + | |
| - | * validity dates | + | |
| - | * subject (CN: Common Name) | + | |
| - | * public key | + | |
| - | + | ||
| - | Export server and issuer certificates, or download them from here: {{:ac:laboratoare:certificates.tar}}. We will use ''openssl'' command line tool to investigate certificate files. | + | |
| - | <note tip> | + | |
| - | You can connect to a HTTPS website using: | + | |
| - | <code> | + | |
| - | openssl s_client -showcerts -connect ocw.cs.pub.ro:443 | + | |
| - | </code> | + | |
| - | </note> | + | |
| - | + | ||
| - | * Display whole certificate | + | |
| - | <code> | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -text | + | |
| - | $ openssl x509 -in TERENASSLCA3.crt -noout -text | + | |
| - | </code> | + | |
| - | + | ||
| - | * Display certificate attributes | + | |
| - | <code> | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -dates | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -issuer | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -subject | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -pubkey | + | |
| - | </code> | + | |
| - | + | ||
| - | * Using the certificate of the issuer, we can verify server certificate | + | |
| - | <code> | + | |
| - | $ openssl verify -CAfile TERENASSLCA3.crt ocwcspubro.crt | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== TLS ==== | + | |
| - | The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) have one or more of the following properties: | + | |
| - | * The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are based on a shared secret negotiated at the start of the session. | + | |
| - | * The identity of the communicating parties can be authenticated using public-key cryptography and digital certificates. | + | |
| - | * The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code. | + | |
| - | + | ||
| - | The TLS protocol comprises two layers: the TLS record protocol and the TLS handshake protocol. TLS handshake protocol (both RSA key exchange and Diffie-Hellman key exchange) can be seen in the pictures below: | + | |
| - | + | ||
| - | {{:ac:laboratoare:ssl-rsa-handshake.jpeg?500 }} | + | |
| - | {{ :ac:laboratoare:ssl-dh-handshake.jpeg?500}} | + | |
| - | + | ||
| - | ==== Task 2: Investigate the TLS handshake protocol ==== | + | |
| - | + | ||
| - | Using Wireshark, investigate the two traffic captures ({{:ac:laboratoare:traffic-captures.tar}}). In both cases try to find: | + | |
| - | * How many ciphersuite does the client support? | + | |
| - | * What could be the purpose of Extension: server_name? | + | |
| - | * What were the negotiated algorithms? | + | |
| - | * What information is sent in cleartext? It is critical? How would a downgrade attack be performed? | + | |
| - | + | ||
| - | <note important>The property that compromise of long-term keys does not compromise past session keys is called **Forward Secrecy**. DH key exchange has this property, while RSA key exchange does not.</note> | + | |
| - | + | ||
| - | ==== Task 3: Create your own CA ==== | + | |
| - | + | ||
| - | - Create directories for CA and for server files <code>mkdir ca-files server-files</code> | + | |
| - | - Create CA private key and certificate (''cd ca-files/'') | + | |
| - | - create CA configuration file <code> | + | |
| - | $ cat root-ca.conf | + | |
| - | [ req ] | + | |
| - | distinguished_name = req_distinguished_name | + | |
| - | prompt = no | + | |
| - | + | ||
| - | [ req_distinguished_name ] | + | |
| - | C = RO | + | |
| - | ST = Bucharest | + | |
| - | L = Bucharest | + | |
| - | O = UPB Root | + | |
| - | CN = UPB Root CA | + | |
| - | emailAddress = root@root-ca.org | + | |
| - | </code> | + | |
| - | - create CA private key and certificate <code>openssl req -config root-ca.conf -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout root-ca.key -days 365 -out root-ca.cert</code> | + | |
| - | - inspect CA certificate <code>openssl x509 -in root-ca.cert -text -noout</code> | + | |
| - | - Create server private key and certificate (''cd server-files/'') | + | |
| - | - | + | |
