SSL/TLS for Mortals (JavaOne 2017)

SSL/TLS FOR MORTALS
@mthmuldersmaartenm@infosupport.com

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at com.infosupport.maartenm.Demo.main(Demo.java:13)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 19 more

WHY BOTHER?
Using SSL/TLS correctly is o en hard to achieve
...and understand!
Crucial for secure connection between systems
Globally deployed (intra-)cloud applications

data unit layers
Data
Data
Data
Segments
Packets
Frames
Bits
Application
Network Process to Application
Presentation
Data Representation
and Encryption
Session
Interhost Communication
Transport
EndtoEnd Connections
and Reliability
Network
Path Determination and
Logical Addressing (IP)
Data Link
Physical Addressing
(MAC and LLC)
Physical
Media, Signal and
Binary Transmission
Host LayersMedia Layers

SSL 1.0
never released
SSL 2.0
1995 - POODLE (2011)
SSL 3.0
1996 - POODLE (2014)
TLS 1.0
1999 - BEAST (2011)
TLS 1.1
2006
TLS 1.2
2008
TLS 1.3
dra

HOW TO PREVENT
THIS?
1. public/private key encryption
2. signed certificates
3. certificate authorities

Math time!
p = 11, q = 17 // two prime numbers
modulus = 187 // p * q
e = 3 // random number between 1 and modulus
// find d, so that (d * e) - 1 % (p - 1) * (q - 1) is zero
320 % 160 = 0
(321 - 1) % (10 * 16) = 0
(107 * 3) = 321 → d = 107
Note that d varies with e:
e = 7
1280 % 160 = 0
(1281 - 1) % (10 * 16) = 0
(183 * 7) = 1281 → d = 183

Now, what if and are unknown?p q
p = 13 // prime number
q = 23 // prime number
modulus = 299 // p * q
e = 5 // random number between 1 and modulus
1584 % 264 == 0
(1585 - 1) % (12 * 22) = 0
(317 * 5) = 1585 → d = 317
Turns out this is pretty hard!

For big enough and , finding those factors will cost an
eternity!
p q
So we can distribute ( p * q ) and even e!

d = 107
LET'S ENCRYPT THE LETTER 'G'
G → 7
7e → 73 → 343
343 % 187 → 156
LET'S DECRYPT THE MESSAGE '156'
156107 → 4.6 * 10234
156107 % 187 → 7
7 → G

Negotiating a secure
connection
Client Server
1 ClientHello →
2 ← ServerHello
3 ← Certificate
4 ← ServerKeyExchange
5 ← ServerHelloDone
6 ClientKeyExchange →
7 ChangeCipherSpec →
8 Finished →
9 ← ChangeCipherSpec
10 ← Finished

DEMO TIME!
No-one is eavesdropping!

Certificate contents
Serial Number
Subject
Validity
Usage
Public Key
Fingerprint Algorithm
Fingerprint

But wait... anyone could create a certificate!
So we also need
Signature Algorithm
Signature
Issuer
... and a way to sign stuﬀ

A is a mathematical relationship between a
message , a private key and a public key .
signature
x sk pk

It consists of two functions:
1. signing function
2. verifying function
t = f (sk, x)
[accept, reject] = g(pk, t, x)

So, given x and t and knowing pk,
we can tell if x is indeed signed by sk.

An entity that issues digital certificates, certifying the
ownership of a public key by the subject of the certificate.

"I can trust you, because I trust John, and John trusts Alice,
and Alice trusts you"
I
John
?
Alice
Who knows who "John" is?
Many "John"'s in todays browsers and operating systems!

Top-notch security procedures, including "key ceremonies"
And yet...

FAIRYTALE TIME!
Once upon a time, a Dutch certificate
authority named DigiNotar was living
happily and carefree in the town of
Beverwijk.
But on a bad day, evil hurt it...
Real hard.

An attacker compromised a webserver of
DigiNotar due to a vulnerability that is
present within the DotNetNuke so ware.
DotNetNuke version 4.8.2.0 is installed on
host winsrv119. This version is aﬀected by a
file upload vulnerability.

Due to the weak security of Windows
passwords it must be assumed that the
attacker was able to compromise the
passwords [...] of the accounts found on the
system. On the system, [...] the domain
administrator account [...] is present.

The attacker was able to traverse the
infrastructure and obtain access to at least
two CA's that were used to generate
certificates.

Google blacklists 247 certificates in Chromium
Microso removes the DigiNotar root certificate from all
supported Windows-releases *
Mozilla revokes trust in the DigiNotar root certificate in all
supported versions
Apple issued Security Update 2011-005

Update Certificate Revocation Lists (except these are
self-signed)

DEMO TIME!
Trust (for what it's worth)

TOOLS
curl -v -k <address>
openssl s_client -showcerts -servername
<address> -connect <address>:443

Denotes where a can be found: a file that contains
.
is the password to that file.
JVM SETTINGS (1)
-Djavax.net.ssl.trustStore=<file>
truststore
trusted certs
-Djavax.net.ssl.trustStorePassword=...

Denotes where a can be found: a file that contains
.
is the password to that file.
JVM SETTINGS (2)
-Djavax.net.ssl.keyStore=<file>
keystore
private keys
-Djavax.net.ssl.keyStorePassword=...

Include debug logging for TLS handshake and connections.
JVM SETTINGS (3)
-Djavax.net.debug=all

SO LONG
AND THANKS FOR ALL THE FISH
IMAGE ATTRIBUTIONS
Beverwijk by @ .Gerard Hogervorst Wikimedia Commons

SSL/TLS for Mortals (JavaOne 2017)

More Related Content

What's hot (20)

Similar to SSL/TLS for Mortals (JavaOne 2017) (20)

More from Maarten Mulders (20)

Recently uploaded (20)

SSL/TLS for Mortals (JavaOne 2017)