Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:06 [2018/09/26 21:50] tiberiu.iorgulescu |
ac:laboratoare:06 [2024/11/07 01:57] (current) dimitrie.valu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | <hidden> | + | ===== Lab 06 - TLS Attacks - BEAST ===== |
| - | ===== Lab 06 - PKI and TLS ===== | + | |
| - | ==== Public Key Infrastructure ==== | + | This laboratory will cover the BEAST attack against the TLS 1.0 implementation of AES-CBC. To solve the lab, open [[https://colab.research.google.com/drive/1Xja4pe2wKLDxJtztBZw4sKQJr_g7CQ1a|this Colab notebook]] and copy it into your own drive for persistence. |
| - | + | ||
| - | In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). | + | |
| - | + | ||
| - | PKI is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed. The roles of root certificate, intermediate certificate and end-entity certificate as in the chain of trust can be seen in the picture below: | + | |
| - | + | ||
| - | {{ :ac:laboratoare:chain-of-trust.png?500 |Chain of trust}} | + | |
| - | + | ||
| - | ==== Task 1: Investigate certficates for ocw.cs.pub.ro ==== | + | |
| - | + | ||
| - | Using your browser's 'View Certificate' functionality, try to find information about the certificate presented by https://ocw.cs.pub.ro. We are interested in: | + | |
| - | * issuer | + | |
| - | * validity dates | + | |
| - | * subject (CN: Common Name) | + | |
| - | * public key | + | |
| - | + | ||
| - | Export server and issuer certificates, or download them from here: {{:ac:laboratoare:certificates.tar}}. We will use ''openssl'' command line tool to investigate certificate files. | + | |
| - | <note tip> | + | |
| - | You can connect to a HTTPS website using: | + | |
| - | <code> | + | |
| - | openssl s_client -showcerts -connect ocw.cs.pub.ro:443 | + | |
| - | </code> | + | |
| - | </note> | + | |
| - | + | ||
| - | * Display whole certificate | + | |
| - | <code> | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -text | + | |
| - | $ openssl x509 -in TERENASSLCA3.crt -noout -text | + | |
| - | </code> | + | |
| - | + | ||
| - | * Display certificate attributes | + | |
| - | <code> | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -dates | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -issuer | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -subject | + | |
| - | $ openssl x509 -in ocwcspubro.crt -noout -pubkey | + | |
| - | </code> | + | |
| - | + | ||
| - | * Using the certificate of the issuer, we can verify server certificate | + | |
| - | <code> | + | |
| - | $ openssl verify -CAfile TERENASSLCA3.crt ocwcspubro.crt | + | |
| - | </code> | + | |
| - | + | ||
| - | ==== TLS ==== | + | |
| - | The Transport Layer Security protocol aims primarily to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) have one or more of the following properties: | + | |
| - | * The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are based on a shared secret negotiated at the start of the session. | + | |
| - | * The identity of the communicating parties can be authenticated using public-key cryptography and digital certificates. | + | |
| - | * The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code. | + | |
| - | + | ||
| - | The TLS protocol comprises two layers: the TLS record protocol and the TLS handshake protocol. TLS handshake protocol (both RSA key exchange and Diffie-Hellman key exchange) can be seen in the pictures below: | + | |
| - | + | ||
| - | {{:ac:laboratoare:ssl-rsa-handshake.jpeg?500 }} | + | |
| - | {{ :ac:laboratoare:ssl-dh-handshake.jpeg?500}} | + | |
| - | + | ||
| - | ==== Task 2: Investigate the TLS handshake protocol ==== | + | |
| - | + | ||
| - | Using Wireshark, investigate the two traffic captures ({{:ac:laboratoare:traffic-captures.tar}}). In both cases try to find: | + | |
| - | * How many ciphersuite does the client support? | + | |
| - | * What could be the purpose of Extension: server_name? | + | |
| - | * What were the negotiated algorithms? | + | |
| - | * What information is sent in cleartext? It is critical? How would a downgrade attack be performed? | + | |
| - | + | ||
| - | <note important>The property that compromise of long-term keys does not compromise past session keys is called **Forward Secrecy**. DH key exchange has this property, while RSA key exchange does not.</note> | + | |
| - | + | ||
| - | ==== Task 3: Create your own CA ==== | + | |
| - | + | ||
| - | - Create directories for CA and for server files <code>mkdir ca-files server-files</code> | + | |
| - | - Create CA private key and certificate (''cd ca-files/'') | + | |
| - | - create CA configuration file <code> | + | |
| - | $ cat root-ca.conf | + | |
| - | [ req ] | + | |
| - | distinguished_name = req_distinguished_name | + | |
| - | prompt = no | + | |
| - | + | ||
| - | [ req_distinguished_name ] | + | |
| - | C = RO | + | |
| - | ST = Bucharest | + | |
| - | L = Bucharest | + | |
| - | O = UPB Root | + | |
| - | CN = UPB Root CA | + | |
| - | emailAddress = root@root-ca.org | + | |
| - | </code> | + | |
| - | - create CA private key and certificate <code>openssl req -config root-ca.conf -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout root-ca.key -days 365 -out root-ca.cert</code> | + | |
| - | - inspect CA certificate <code>openssl x509 -in root-ca.cert -text -noout</code> | + | |
| - | - Create server private key and Certificate Signing Request (''cd server-files/'') | + | |
| - | - generate server private key <code>openssl genrsa -out server.key 2048</code> | + | |
| - | - create a Certificate Signing Request config file <code>$ cat server-csr.conf | + | |
| - | [ req ] | + | |
| - | distinguished_name = req_distinguished_name | + | |
| - | prompt = no | + | |
| - | + | ||
| - | [ req_distinguished_name ] | + | |
| - | C = RO | + | |
| - | ST = Bucharest | + | |
| - | L = Bucharest | + | |
| - | O = Applied Cryptography Course | + | |
| - | CN = applied-cryptography.org | + | |
| - | emailAddress = office@applied-cryptography.org</code> | + | |
| - | - create a Certificate Signing Request <code>openssl req -config server-csr.conf -new -sha256 -key server.key -out server.csr</code> | + | |
| - | - inspect the CSR <code>openssl req -in server.csr -noout -text</code> | + | |
| - | - Submit CSR to be signed by the CA and obtain the server certificate | + | |
| - | - move CSR to CA folder <code>mv server.csr && cd ../ca-files/</code> | + | |
| - | - sign the CSR and obtain the server certificate <code> | + | |
| - | echo "01" > root-ca.srl | + | |
| - | openssl x509 -in server.csr -out server.cert -req -CA root-ca.cert -CAkey root-ca.key -days 365 -CAserial root-ca.srl | + | |
| - | </code> | + | |
| - | - inspect and verify server certificate <code> | + | |
| - | openssl x509 -in server.cert -text -noout | + | |
| - | openssl verify -CAfile root-ca.cert server.cert | + | |
| - | </code> | + | |
| - | - move certificate to server files folder <code>mv server.cert ../server-files/</code> | + | |
| - | - Install Apache and activate SSL module | + | |
| - | - install Apache server<code> | + | |
| - | sudo apt-get update | + | |
| - | sudo apt-get install apache2 | + | |
| - | </code> | + | |
| - | - activate Apache SSL module <code>sudo a2enmod ssl</code> | + | |
| - | - enable the default HTTPS site <code>sudo a2ensite default-ssl</code> | + | |
| - | - point applied-cryptography.org to 127.0.0.1 <code>echo "127.0.0.1 applied-cryptography.org" | sudo tee -a /etc/hosts</code> | + | |
| - | - restart server and inspect HTTPS website (https://applied-cryptography.org, notice the error occured) <code>sudo service apache2 restart</code> | + | |
| - | - Configure Apache to use our certificate | + | |
| - | - copy certificate and private key <code> | + | |
| - | sudo cp server.key /etc/ssl/private/ | + | |
| - | sudo cp server.cert /etc/ssl/certs/ | + | |
| - | </code> | + | |
| - | - install our certificate and private key on the server <code> | + | |
| - | sudo vim /etc/apache2/sites-available/default-ssl.conf | + | |
| - | # update SSLCertificate paths | + | |
| - | </code> | + | |
| - | - restart the server <code>sudo service apache2 restart</code> | + | |
| - | - visit https://applied-cryptography.org, notice the error occured | + | |
| - | - install CA certificate in Firefox <code>navigate to Menu > Preferences > Advanced > Certificates > View Certificates | + | |
| - | click Import and choose root-ca.cert | + | |
| - | </code> | + | |
| - | - revisit https://applied-cryptography.org (you probably need to launch an incognito window) | + | |
| - | + | ||
| - | <note warning>Keeping ''root-ca.key'' private is **very important**. Describe what an attacker with access to private key can do. What about ''server.key''?</note> | + | |
| - | </hidden> | + | |
