Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Download as PPTX, PDF1 like1,091 views
The document discusses API security, focusing on SSL/TLS vulnerabilities and best practices for securing APIs against known threats, including heartbleed and poodle attacks. It covers key concepts such as authentication, confidentiality, handshake processes, cipher suites, and tools for discovering vulnerabilities. Additionally, it emphasizes the importance of adopting current best practices and staying informed about the evolving landscape of cryptographic security.
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
- 1. akana Securing your APIs against vulnerabilities in SSL 1
- 2. akana β’ Ashish Vaid β’ Director of Technology at Akana β’ Follow us at @funnyenough & @AkanaInc β’ #TLSWithAkana β’ Slides & Webinar at: http://resource.akana.com 2
- 3. akana Agenda β’ API Security β’ Overview β’ Certificates β’ Handshake β’ Cipher Suites β’ Tools - Discovering vulnerabilities β’ Best Practices Recap 3
- 4. akana APIs 4
- 5. akana API Security β’ OAuth 2.0 β’ OpenID Connect β’ SAML Web SSO β’ Attribute-based Access Control β’ Data Privacy 5
- 6. akana Known Vulnerabilities ⒠Heartbleed ⒠POODLE ⒠BEAST ⒠CRIME ⒠FREAK ⒠Renegotiation attacks ⒠Lucky 13 ⒠BERserk ⒠RC4 attacks ⒠more⦠6
- 7. akana SSL/TLS Overview β’ SSL v1 - mid-1990s by Netscape β’ TLS v1 = SSL 3.1 by IETF - built on SSL β’ Primary use β’ Authentication β’ Confidentiality 7
- 8. akana Authentication β’ Process by which you verify that someone is who they claim they are β’ Client authenticates the Server credentials β’ API Endpoint Server proves its identity to clients by sharing a Certificate β’ Domain Name β’ Public Key (portion of the Public-Private Key Pair) β’ Authentication relies on Signature Verification 8
- 9. akana Keys in Certificates β’ RSA β’ Public Key - Product of 2 primes + a number β’ Private Key - a related number β’ It is all about key-size and time & resources - RSA larger keys β’ Larger keys = Slower Operation β’ ECC - Elliptic Curve Cryptography β’ Public Key - is an equation for an elliptic curve + a point on the curve β’ Private Key - is a number β’ ECDSA (Elliptic Curve Digital Signature Algorithm) β’ Bitcoin, Apple iMessage, etc. β’ Prefer ECC over RSA β’ RSA - use keys > 2048 bits 9
- 10. akana Confidentiality β’ Symmetric keys based encryption β’ Session Key - single use symmetric key; secret key β’ Cipher - is an algorithm for performing encryption and decryption β’ Confidentiality of a session is determined by the choice and size of the Cipher! 10
- 11. akana Handshake 11 Client Server hello, versions, client random & supported ciphers hello, server random & public key certificate encrypted premaster secret using the server public key calculate session key using session key - encrypt payload
- 12. akana Handshake β’ RSA - asymmetric keys β’ Single Operation - RSA β’ Faster β’ Diffie-Hellman - public key exchange β’ Two Operations: DH/DHE/ECHDE + RSA/DSA/ECDSA β’ Perfect Forward Secrecy - DHE/ECDHE β’ Two Operations with ECC can be as fast as Single Operation RSA 12
- 13. akana Ciphers β’ Block Ciphers (Fixed Size) β’ AES - Advanced Encryption Standard β’ 3DES - Triple Data Encryption Standard β’ Operation Modes β’ GCM - Galois/Counter Mode β’ CBC - Cipher Block Chaining β’ Stream Cipher (Continuous Stream of Symbols) β’ RC4 - Rivest Cipher 4 β’ Block Ciphers in Stream mode
- 14. akana Cipher Suites β’ Key establishment β’ Authentication - Signature Algorithm β’ Confidentiality - Cipher - Encryption/Decryption β’ Integrity - Digest
- 15. akana Cipher Suite - Example β’ AES128-SHA β’ Key Establishment: RSA β’ Authentication: RSA β’ Confidentiality: AES128 bit w/ CBC β’ Integrity: SHA-1 15
- 16. akana Cipher Suite - Example β’ AES256-GCM-SHA384 β’ Key Establishment: RSA β’ Authentication: RSA β’ Confidentiality: AES 256 bits w/ GCM β’ Integrity: SHA-2 384 bits
- 17. akana Cipher Suite - Example β’ ECDHE-ECDSA-AES256-GCM-SHA384 β’ Key Establishment: ECDHE (Elliptic Curve DH Ephemeral) β’ Authentication: ECDSA (Elliptic Curve DSA) β’ Confidentiality: AES 256-bit w/ GCM β’ Integrity: SHA-2 384 bit
- 18. akana Downgrades β’ For interoperability with legacy servers TLS client will intentionally reconnect with a downgraded protocol β’ Downgrades are undesirable - may indicate an downgrade attack β’ SCSV - Signaling Cipher Suite Value can be employed to prevent unintended protocol downgrades (MITM attacks/POODLE) β’ TLS_FALLBACK_SCSV is a fake* Cipher Suite client sends during ClientHello β’ Enable support TLS_FALLBACK_SCSV 18
- 19. akana Tools/Resources β’ Qualys SSL Lab (www.ssllabs.com) β’ SSLScan (brew install sslscan) β’ OWASP (www.owasp.org) β’ CipherList (www.cipherli.st) β’ Wikipedia (http://en.wikipedia.org/wiki/Transport_Layer_Security) 19
- 20. akana 20
- 21. akana 21
- 22. akana SSLScanTesting SSL server api.stripe.com on port 443 Supported Server Cipher(s): Rejected N/A SSLv2 168 bits DES-CBC3-MD5 Rejected N/A SSLv2 56 bits DES-CBC-MD5 Rejected N/A SSLv2 40 bits EXP-RC2-CBC-MD5 Rejected N/A SSLv2 128 bits RC2-CBC-MD5 Rejected N/A SSLv2 40 bits EXP-RC4-MD5 Rejected N/A SSLv2 128 bits RC4-MD5 Rejected N/A SSLv3 128 bits ADH-SEED-SHA Rejected N/A SSLv3 128 bits DHE-RSA-SEED-SHA Rejected N/A SSLv3 128 bits DHE-DSS-SEED-SHA Rejected N/A SSLv3 128 bits SEED-SHA Rejected N/A SSLv3 256 bits ADH-AES256-SHA Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Rejected N/A SSLv3 256 bits DHE-DSS-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Rejected N/A SSLv3 128 bits ADH-AES128-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Rejected N/A SSLv3 128 bits DHE-DSS-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Rejected N/A SSLv3 168 bits ADH-DES-CBC3-SHA Rejected N/A SSLv3 56 bits ADH-DES-CBC-SHA Rejected N/A SSLv3 40 bits EXP-ADH-DES-CBC-SHA Rejected N/A SSLv3 128 bits ADH-RC4-MD5 Rejected N/A SSLv3 40 bits EXP-ADH-RC4-MD5 Rejected N/A SSLv3 168 bits EDH-RSA-DES-CBC3-SHA Rejected N/A SSLv3 56 bits EDH-RSA-DES-CBC-SHA Rejected N/A SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA Rejected N/A SSLv3 168 bits EDH-DSS-DES-CBC3-SHA Rejected N/A SSLv3 56 bits EDH-DSS-DES-CBC-SHA Rejected N/A SSLv3 40 bits EXP-EDH-DSS-DES-CBC-SHA Accepted SSLv3 168 bits DES-CBC3-SHA Rejected N/A SSLv3 56 bits DES-CBC-SHA Rejected N/A SSLv3 40 bits EXP-DES-CBC-SHA Rejected N/A SSLv3 40 bits EXP-RC2-CBC-MD5 Accepted SSLv3 128 bits RC4-SHA Rejected N/A SSLv3 128 bits RC4-MD5 Rejected N/A SSLv3 40 bits EXP-RC4-MD5 Rejected N/A SSLv3 0 bits NULL-SHA Rejected N/A SSLv3 0 bits NULL-MD5 Rejected N/A TLSv1 128 bits ADH-SEED-SHA Rejected N/A TLSv1 128 bits DHE-RSA-SEED-SHA Rejected N/A TLSv1 128 bits DHE-DSS-SEED-SHA Rejected N/A TLSv1 128 bits SEED-SHA Rejected N/A TLSv1 256 bits ADH-AES256-SHA Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Rejected N/A TLSv1 256 bits DHE-DSS-AES256-SHA Accepted TLSv1 256 bits AES256-SHA Rejected N/A TLSv1 128 bits ADH-AES128-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Rejected N/A TLSv1 128 bits DHE-DSS-AES128-SHA Accepted TLSv1 128 bits AES128-SHA Rejected N/A TLSv1 168 bits ADH-DES-CBC3-SHA Rejected N/A TLSv1 56 bits ADH-DES-CBC-SHA Rejected N/A TLSv1 40 bits EXP-ADH-DES-CBC-SHA Rejected N/A TLSv1 128 bits ADH-RC4-MD5 Rejected N/A TLSv1 40 bits EXP-ADH-RC4-MD5 Rejected N/A TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Rejected N/A TLSv1 56 bits EDH-RSA-DES-CBC-SHA Rejected N/A TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA Rejected N/A TLSv1 168 bits EDH-DSS-DES-CBC3-SHA Rejected N/A TLSv1 56 bits EDH-DSS-DES-CBC-SHA Rejected N/A TLSv1 40 bits EXP-EDH-DSS-DES-CBC-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Rejected N/A TLSv1 56 bits DES-CBC-SHA Rejected N/A TLSv1 40 bits EXP-DES-CBC-SHA Rejected N/A TLSv1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1 128 bits RC4-SHA Rejected N/A TLSv1 128 bits RC4-MD5 Rejected N/A TLSv1 40 bits EXP-RC4-MD5 Rejected N/A TLSv1 0 bits NULL-SHA Rejected N/A TLSv1 0 bits NULL-MD5 Prefered Server Cipher(s): SSLv3 128 bits DHE-RSA-AES128-SHA TLSv1 128 bits DHE-RSA-AES128-SHA 22
- 23. akana Best Practices Recap β’ Protocols β’ Prefer use of TLS 1.2 over TLS 1.1 and TLS 1.0 β’ Disable SSL 1.0, 2.0, 3.0 β’ Prefer ECC over RSA Public-Private Key Pair in Certificates β’ Prefer > 2048 bits when using RSA Public-Private Key Pair in Certificates β’ Prefer Perfect Forward Secrecy β’ Use DHE or ECDHE β’ Prefer GCM over CBC Cipher Suites β’ Disable RC4, NULL, eNULL & aNULL β’ Disable EXPort-Level Ciphers* β’ Prefer SHA2 over SHA1 for Digest β’ Disable MD5 β’ Enable TLS_FALLBACK_SCSV 23
- 24. akana Summary β’ Cryptography is hard to implement correctly β’ Todayβs Best Practices will be tomorrowβs NO-NO β’ How do you keep up-to-date on latest vulnerabilities? β’ And recommendations? β’ Most of our customers rely on us up-to-date & tested policies 24
- 25. akana β’ Follow us at @AkanaInc β’ Additional Conversation: #TLSWithAkana β’ White-papers & Webinars: http://resource.akana.com
Editor's Notes
- #2: Welcome to the webinar series brought you by Akana. Today we are going to discuss how to secure your APIs against the recent vulnerabilities in SSL & TLS.