MITM(Man In The Middle) SSL Proxy attacks on Web https

국민대학교 BIT 전자정부전공석사과정 Y2015202 안재열Jae Yeoul Ahn (Jay)

INDEX• 선정이유 및 목적• SSL/TLS 개요• SSL 활용• MITM 개요• SSL 중간자 공격 원리• 1) 리다이렉트• 2) 인증서 위조• 대응방안• 사례

• Selected reason and purpose

• SSL/TLS Overview

• Use way of SSL

• MITM Overview

• SSL MITM Principles

• 1) Redirect

• 2) Counterfeit Certificate

• Countermeasures

• case

선정이유 및 목적Selected reason and purpose

• Almost Korean has one or more smart device.(Smart phone) • They uses Web Services based on Internet by smart device.• Web Service is working with HTTP protocol.• Http has weak-point about security , So Https is coming up.• Https is advised by Korea Communications Commission.• But, Gartner has announced HTTPs is main target about Cyber

Attack’s 50%

• 한 사람당 한 개 이상의 스마트폰을 소유 및 사용하고 있다 . • 인터넷 기반의 웹서비스를 많이 이용한다 . • 웹서비스는 http 프로토콜을 사용한다 .• Http 는 보안에 취약해 , Https 가 등장• Https 는 우리나라 방송통신위원회에서 권장기준• 가트너가 내년 (2017 년 ) SSL 이 사이버 공격의 50% 의 주요 타겟

SSL/TLS ? • (Secure Sockets Layer) SSL was developed by Netscape in 1993

for secure communication between Web servers and browsers.• This work at the session layer , it is used to guarantee the security

of the protocol of the FTP , Telnet , Http , including the application layer .

• Since SSL 3.0 standardized, after June 1996, IETF has been stan-dardizing the TLS protocol.

• SSL (Secure Sockets Layer) 은 1993 년 웹 서버와 브라우저간의 안전한 통신을 위해 Netscape 에서 개발했다 . • 세션계층에서 적용되며 , 응용계층의 FTP, Telnet, Http 등의 프로토콜의 안전성 보장을 위해 사용된다 .• SSL 3.0 이 표준화된 이후 IETF 는 1996 년 6 월부터 TLS 프로토콜에 대한 표준화 작업을 진행하였다 .

SSL/TLS 동작위치 및 구성요소SSL / TLS operating position , and compo-

nents

동작위치operating position

구성요소components

SSL 동작 과정 ( 상태 )SSL operation of (state)

SSL 은 예비 (Pending) 상태와 현재 (Current) 상태가 있다 .예비 (Pending) 상태는 데이터 암호화를 위한 준비하는 과정 .현재 (Current) 상태는 데이터 전송을 하는 과정 .

There is two SSL‘s state. One is Pending state for preparing data encryption.Another is Current state for encrypting data and sending to sender and receiver.

SSL 예비상태SSL Pending state

• SSL 예비상태의 동작은 handshake 부터 시작• handshake 는 Full 방식과 Abbreviated 방식 두 가지가 있다 .

• Full 방식은 세션수립부터 , Abbreviated 방식은 클라이언트와 서버의 세션이 유지되어 있을 경우 사용한다 .

• SSL pending state is begin by handshake.

• There are two way of SSL Pending state as Full, Abbreviated.

• Full way is begin at first connection , Abbreviated is used on already connecting client and server by session.

SSL Hand Shake - full

SSL Hand Shake – full : 1

Client sends Server Client Hello which are information about SSL ver-sion, Cipher suite list, Client Random Number(32byte).

Cipher suite is List about that Client can support and use Symmetric Cryptographic Technique, Public key Cryptographic Technique and Hash algorithm.

클라이언트가 서버에게 Client Hello(SSL version, cipher suite list, Client Random(32byte)) 을 보낸다 .

Cipher suite list 는 클라이언트가 지원하는 공개키 , 대칭키 , 해쉬 알고리즘의 목록을 이야기한다 .

SSL v3.0 cipher suite

RSA - Public key Cryptographic Technique AES, DES - Symmetric Cryptographic Technique SHA, MD5 - Hash

TLS 1.2 cipher suite

RSA - Public key Cryptographic Technique AES, DES - Symmetric Cryptographic TechniqueSHA, MD5 - Hash

SSL Hand Shake – full : 2

Server send Client Server Hello which are information about SSL ver-sion, Cipher suite list, Client Random Number(32byte) chosen by Server.

※ In case of cross certification, Sever send client message about server wants client’s certificate.

SSL Hand Shake - full

Client create Pre-master with SeverRandom from Server and Client.After then, Client encrypt Pre-master by Server’s public key in Server’s Certification and send server it.

※ In case of cross certification, Client send own Certificate

SSL Hand Shake - full

Server decrypts a encrypted premaster-secret by server’s private key.And Client and Server create Master Secret with premaster-secret and cipher suite info.

And then, Server send Client Finished Message.

SSL Hand Shake - full

[SSL]master_secret =MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHel-lo.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHel-lo.random)) + MD5(pre_master_secret + SHA('CCC' +pre_master_secret + ClientHello.random +ServerHello.random));

[TLS]PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)

SSL state

After Sended Finish message, State chage Pending to Current.

In current state.

When Sender send receiver plain Data, Plain Data is Encrypted with Sym-metric Key which is Master-Secret By chipper suite’s Symmetric Crypto-graphic Technique chosen at pending write state.

SSL 활용Use way of SSL

I will focus and deal with Https with SSL.

MITM (Man in the Middle Attack)

Two Ways of HTTPS MITMRedirect Counterfeit Certificate

ARP(Address Resolution Protocol)

- When Host A send Host B some message, (In this situation A only Knows B’s IP address)- First Host A check Own ARP cache Table in Network Adopter(OS) to check MAC Address bound with IP address. - Second, If there in not Mac address in ARP Table, ARP send All Computer Message (ARP Request) about who is this IP address? in LAN.(Broadcast) - Third Host B which has recieved A’s Message send Host A ARP Response Message with B’s IP address and MAC address.- Finally Host A update his ARP table and send B some message or data.

My ARP Table

ARP – Update

- When Host B’s Address is updated, B send All of computer updated in-formation as New Mac address by broadcast.

- So, Attacker uses this way.

ARP – Spoofing

- Attacker uses this way.

- Attacker send A update fake info (IP : Host B / Mac : Attacker)- Attacker send B update fake info (IP : Host A / Mac : Attacker)

ARP – Spoofing

- So, Attacker can sniff and see information between A and B.

DNS (Domain Name Service)

DNS Table• When I get on the

kmu.kookmin.ac.kr, • First, Find record in my

DNS Table in PC.• IF there is not info, get it

from DNS Server. And up-date it.

• After find out IP, use ARP Table and connect the website.

DNS Attack• Attacker change and update target sites ip on ARP

Table.

• If target site is located at outside(WAN), Client have to pass through Gateway.

• Usually, almost web site is located at outside.

• So, Attacker change Gateway Mac Address in Client ARP Table. Before Stilling a Client’s authority

ScenarioWhen We get on the internet.(facebook)

URI IP

Face-book.com

123.123

llll.Com 333.

ERP-sys.kr

123.123

DNS Server

123.123

IP MAC

123.123.0.1

Aacc

123.123.0.122

Bbb

123.123

Ab:ab

…. ….

ARP TableDNS Table

Facebook.com

Destination MAC address

Source MAC address

Destination IP address

Source IP ad-dress

Login infoma-tion

GateWay IP:111.111.111.111MAC Aacc

DNS Server123.123Ab:ab

ARP Spoofing 을 이용한 Gateway 변조

게이트웨이 mac 을 해커의 mac 로 변경

ScenarioWhen We get on the internet.(facebook)

URI IP

Face-book.com

123.123

llll.com 333.

ERP-sys.kr

111.111

DNS Server

111.111

IP MAC

123.123.0.1

Hh:hh:hh

123.123.0.122

Bbb

….. Abab

…. ….

ARP TableDNS Table

Facebook.com

Destination MAC address

Source MAC address

Destination IP address

Source IP ad-dress

Login infoma-tion

GateWay IP:111.111.111.111MAC Aacc

Hacker‘sIP:111.111.0.11~12MAC hh:hh:Hh

DNS Server123.123Ab:ab

InSide

OutSide

ARP Spoofing – GatewayClient’s ARP Table

ARP Spoofing - Gateway Attacker’s Mac

ARP Spoofing - Gateway

ARP Spoofing – Gateway

Client Host Address is contaminated

Before….

Redirect

Redirect Attack induce to use Http and get on the fake login web. So, Attacker can get a User’s ID, Password.Attack will use a this account info to login target website and redirect.User can not realize this.

Counterfeit Certificate

This way is that Attacker make a fake Certificate and give client this. So, Attacker can get a User’s ID, Password. Attack will use a this account info to login target website and redirect.

Countermeasures• User1. Check HTTPS. NO HTTP.2. When you meet this, tell manger and don’t use or

get on this site.

Countermeasures• Administrators Administrators should check to see unusual part of our ARP table, DNS cache.

- Check the network traffic to detect malicious behavior .

Countermeasures

Countermeasures• Web-Programmer

• When Developing Web-Site, use HSTS.

• HSTS (Http Strict Tansport Security) has been de-fined in RFC-6797 , and was designated as a stan-dard in 2012 .

• The use of HSTS even if you enter the http address in the browser, automatically to get on a page that uses Https. (protecting from SSL-Strip attack.

Case - china• Damage caused to the local level (Local city) in China in 2014

• August , SSL certificate error connecting to your Google page in the CERNET network ,

HTTPS communication has changed from a TLSv2 TLSv1

• September 30 , Yahoo China page SSL MITM attacks

• October 2 to 6 , MS of cn.bing.com, login.live.com, outlook.com page SSL MITM attack ,

the DNS part of the area being infected

• October 20 , Yahoo China page SSL MITM attacks

• October 21 , iCloud server SSL MITM attacks

Microsoft China – live.com

Left a real SSL certificate , Right is a fake SSL certificate

Microsoft China – live.com

China - Yahoo

China - Apple

France - Google

In 2013, France Government issues Fake digital certificate.So Google blocked service. because they thinks it is incident and attack to our service.Also, Some People think that France Government tried to monitor user us-ing GoogleServiece.

But Fance Governments Say It is Just Human Error. We did not try monitor-ing.

Case - Korea

I can not find accident and Incident Korean case.

I guess, They don’t want to notify it.

So I can tell the interested case.

There is Smart Fridge in korea. This is can use Google Mail with SSL.

But English White Hacker team find out SSL week point at this fridge. and they success to still G-mail account infomatin from fridge.

case – Our Lab

case – Our Lab

case – Our Lab

case – Our LabOnly Dan zitta reported it to me.

THANKS. DO NOT ASK ME plz.