Скачать презентацию SSL TLS and PKI getting going with secure sockets Скачать презентацию SSL TLS and PKI getting going with secure sockets

2004954b0520b965a1440b65afa11abd.ppt

  • Количество слайдов: 68

SSL/TLS and PKI getting going with secure sockets Rick Troth rogue programmer <rmt@casita. net> SSL/TLS and PKI getting going with secure sockets Rick Troth rogue programmer http: //www. casita. net/ VM Workshop, 2017 June The Ohio State University

Disclaimer The content of this presentation is informational only. The reader or attendee is Disclaimer The content of this presentation is informational only. The reader or attendee is responsible for his/her own use of the concepts and examples presented herein. In other words: Your mileage may vary. “It Depends. ” Results not typical. Actual mileage will probably be less. Use only as directed. Do not fold, spindle, or mutilate. Not to be taken on an empty stomach. Refrigerate after opening. 2

SSL/TLS and PKI Mostly about Open. SSL and web z/VM has native tools (GSSKYMAN) SSL/TLS and PKI Mostly about Open. SSL and web z/VM has native tools (GSSKYMAN) MS Windows has native trust store Everybody talks PEM and most talk DER Will discuss PEM, DER, and other formats Will talk about Certificate Authorities Will compare SSH and other trust models 3

about: rick Unix for 30+ years Linux since 0. 99 (circa 1993) VM/SP (and about: rick Unix for 30+ years Linux since 0. 99 (circa 1993) VM/SP (and following) since 1981 Obsessed with source-based systems Previous jobs: SSL stack, z/VM, Linux Day job is data sec … it's all about trust 4

Getting Going with Secure Sockets Foundations and history of SSL and PKI Authenticating the Getting Going with Secure Sockets Foundations and history of SSL and PKI Authenticating the other party Securing the session or transaction Client Certificates (smart cards) Using Open. SSL (or maybe Libre. SSL) Choosing and Using a CA (or home-brew) Related topics: SSH, PGP/GPG 5

Common Questions Where do I put this root certificate? What's this “intermediate” cert all Common Questions Where do I put this root certificate? What's this “intermediate” cert all about? What's a client cert and why do I want one? Please explain certificate pinning. But I've never even heard of HSTS. SANs? Is that like “Lucida Sans” font? 6

Secrets Protecting Information Data in Transit Data at Rest 7 Secrets Protecting Information Data in Transit Data at Rest 7

Transport Layer Security Handshake authenticates SSL provides a “channel” Compare to SSH (in transit) Transport Layer Security Handshake authenticates SSL provides a “channel” Compare to SSH (in transit) Contrast with PGP/GPG (data at rest) 8

SSL Handshake Authenticate the server (asymmetric) Establish a secure channel (symmetric) Uses existing network SSL Handshake Authenticate the server (asymmetric) Establish a secure channel (symmetric) Uses existing network You Are Here Does not protect “data at rest”. 9

Symmetric Crypto Early ciphers Caesar Jefferson Enigma, Lorenz Passwords One-time use 10 Symmetric Crypto Early ciphers Caesar Jefferson Enigma, Lorenz Passwords One-time use 10

Asymmetric Crypto What if someone got the password? Rivest, Shamir, Adleman public key and Asymmetric Crypto What if someone got the password? Rivest, Shamir, Adleman public key and private key … asymmetric http: //en. wikipedia. org/wiki/ Public-key_cryptography Cocks, et al, GCHQ 1973 11

Encryption plus Authentication Encrypt with public key (of recipient) Decrypt with secret key Sign Encryption plus Authentication Encrypt with public key (of recipient) Decrypt with secret key Sign with secret key Verify with public key (of sender/signer) Public keys must be distributed publicly, hence Public Key Infrastructure 12

Trust Models PGP – person to person SSH – individual PKI – third party, Trust Models PGP – person to person SSH – individual PKI – third party, “cathedral” pre-loaded? institutional? manual? It's All About Trust 13

Comparing Trust Models SSL and TLS (PKI) originally for HTTPS, now many protocols third Comparing Trust Models SSL and TLS (PKI) originally for HTTPS, now many protocols third party trust X. 509 certificates (contain public keys) SSH variable trust models individually created keys PGP/GPG peer-to-peer trust inter-signed keys (longer life) 14

Public Key Infrastructure CA certificate(s) pre-loaded WS admin requests assertion CA signs WS request Public Key Infrastructure CA certificate(s) pre-loaded WS admin requests assertion CA signs WS request WS admin loads that …. . . Browser hits server, compares signature chain Browser/server agree on session keys 15

Server with Self-Signed Cert 16 Server with Self-Signed Cert 16

Certificate Authorities – Digi. Cert http: //www. digicert. com/ssl-certificate. htm 17 Certificate Authorities – Digi. Cert http: //www. digicert. com/ssl-certificate. htm 17

Certificate Authorities – CACert http: //www. cacert. org/ 18 Certificate Authorities – CACert http: //www. cacert. org/ 18

Certificate Authorities – Veri. Sign http: //www. verisign. com/ 19 Certificate Authorities – Veri. Sign http: //www. verisign. com/ 19

Certificate Authorities – Let's Encrypt https: //letsencrypt. org/ 20 Certificate Authorities – Let's Encrypt https: //letsencrypt. org/ 20

Go. Daddy. com From: Jesse Mundis To: Voltage Security News Subject: godaddy issues over Go. Daddy. com From: Jesse Mundis To: Voltage Security News Subject: godaddy issues over 8000 certs without validation “On Friday, January 6 th, 2017, Go. Daddy became aware of a bug affecting our domain validation processing system. The bug that caused the issue was fixed … 8850 certificates that were issued without proper domain validation … will be revoked by 10 PM PST on Tuesday, Jan 10 th, …” 21

Go. Daddy. com https: //www. godaddy. com/ 22 Go. Daddy. com https: //www. godaddy. com/ 22

Certificate Authorities – Start. SSL https: //www. startssl. com/ 23 Certificate Authorities – Start. SSL https: //www. startssl. com/ 23

Certificate Authorities – Start. SSL Sign-up: generate a key, (in browser) then get a Certificate Authorities – Start. SSL Sign-up: generate a key, (in browser) then get a client certificate Sign-in: request a server cert 24

Pre-Loaded Root Certs A “CA Bundle” perhaps Copy ca-bundle. crt (eg: from Apache) ● Pre-Loaded Root Certs A “CA Bundle” perhaps Copy ca-bundle. crt (eg: from Apache) ● Create by hand (PEM encoded) ●Create from example ● Sample CA bundle can be found at: http: //curl. haxx. se/ca/cacert. pem 25

Pre-Loaded Root Certs A Trust Store (directory) maybe Collection of PEM-format root certs ●Sym-linked Pre-Loaded Root Certs A Trust Store (directory) maybe Collection of PEM-format root certs ●Sym-linked by hash (for searchability) ● Remember to 'c_rehash. ' when updating 26

Open. SSL key generation Set SERVER variable, then … openssl genrsa -out $SERVER. key Open. SSL key generation Set SERVER variable, then … openssl genrsa -out $SERVER. key 4096 chmod 0600 $SERVER. key Protect that private key! 27

Open. SSL certificate request Set SUBJECT variable, then … openssl req -sha 256 -new Open. SSL certificate request Set SUBJECT variable, then … openssl req -sha 256 -new -key $SERVER. key -out $SERVER. crq -subj "$SUBJECT" (more about SUBJECTs to follow) 28

Generate a “Certificate Request” Copy-n-paste PEM format cert request. . . -----BEGIN CERTIFICATE REQUEST----MIIE Generate a “Certificate Request” Copy-n-paste PEM format cert request. . . -----BEGIN CERTIFICATE REQUEST----MIIE 3 TCCAs. UCAQAwg. Zcx. Cz. AJBg. NVBAYTAl. VTMQ 0 w. Cw. YDVQQIEw. RPa. Glv. MRMw. EQYD VQQHEwp. Hcm 92 ZSBDa. XR 5 MRIw. EAYDVQQKEwl. MYSBDYXNpd. GEx. Ez. ARBg. NVBAs. TCk. Nh. . . vkl 1 lt. MFlur. MOo 0 Ey. Yz 0 OTZGe 8 WTT 4 m. NMP 8 Mw 8 EEm. Ag 4 Pb 5 xx. Qpj 1 x. Pp. Sh. QNQ 8 p 2 MJcvp. NQQ 4/iom. Ixgg. PAf 2 q. O/OH 0 Lrq. HVZgo. SIFyz. Xo. GJxib. Ml. Sb+k. QSZ/FN 8 Lknt ug== -----END CERTIFICATE REQUEST----- . . . and send it to your CA. 29

PEM format versus DER format When you see this … -----BEGIN CERTIFICATE REQUEST----MIIE 3 PEM format versus DER format When you see this … -----BEGIN CERTIFICATE REQUEST----MIIE 3 TCCAs. UCAQAwg. Zcx. Cz. AJBg. NVBAYTAl. VTMQ 0 w. Cw. YDVQQIEw. RPa. Glv. MRMw. EQYD. . . MJcvp. NQQ 4/iom. Ixgg. PAf 2 q. O/OH 0 Lrq. HVZgo. SIFyz. Xo. GJxib. Ml. Sb+k. QSZ/FN 8 Lknt ug== -----END CERTIFICATE REQUEST----- … it's really just Base 64 encoding of DER sandwiched between visual markers. 30

PEM format versus DER format But what the heck is “DER”? “Distinguished Encoding Rules” PEM format versus DER format But what the heck is “DER”? “Distinguished Encoding Rules” of ASN. 1 encoding of X. 509 (PKI) info, and keys and signatures Use 'openssl x 509 -text' for human readable display. 31

ASN. 1 Abstract Syntax Notation One TLV == type-length-value 30 13 02 01 05 ASN. 1 Abstract Syntax Notation One TLV == type-length-value 30 13 02 01 05 16 0 e 41 6 e 79 62 6 f 64 79 20 74 68 65 72 65 3 f 30 means “sequence” containing other stuff 13 means exactly 19 bytes follow … therefore safe for concatenation OID == Object Identifier(s) 32

X. 509 Part of X. 500 Which includes DAP (directory access protocol) X. 509 X. 509 Part of X. 500 Which includes DAP (directory access protocol) X. 509 “assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. ” Defines the OIDs used in PKI certificates. 33

What is a “subject”? What is the “subject”? (from SDN) That which is signed/issued What is a “subject”? What is the “subject”? (from SDN) That which is signed/issued by an authority What/who is the “authority”? (as in CA) That which cryptographically signs the subject What is the “issuer”? (from IDN) The authority issuing a certificate 34

Open. SSL Subject Syntax Set SUBJECT variable … SUBJECT= Open. SSL Subject Syntax Set SUBJECT variable … SUBJECT="/C=US/ST=Ohio /L=Grove City/O=La Casita /OU=Casita. Net /CN=$SERVER /email. Address=root@casita. net" Winds up as ASN. 1 octets, not free-form. 35

Subject Alternate Format Set SUBJECT variable … SUBJECT= Subject Alternate Format Set SUBJECT variable … SUBJECT="C=US, ST=Ohio, L=Grove City, O=La Casita, OU=Casita. Net, CN=$SERVER, email. Address=root@casita. net" (not used by Open. SSL but some others) 36

Subject Alternate Names RFC 5280 “usage extension” to X. 509 [alt_names] DNS. 1 = Subject Alternate Names RFC 5280 “usage extension” to X. 509 [alt_names] DNS. 1 = www. casita. net DNS. 2 = www. troth. us IP. 1 = 174. 105. 80. 118 IP. 2 = 146. 185. 133. 135 IP. 3 = 198. 178. 231. 250 37

CA Bundle file a collection of “signing certificates” Copy ca-bundle. crt (eg: from Apache) CA Bundle file a collection of “signing certificates” Copy ca-bundle. crt (eg: from Apache) ● Create by hand (PEM encoded) ●Create from example ● Sample CA bundle can be found at: http: //curl. haxx. se/ca/cacert. pem 38

SSL for Apache HTTPS Config Listen 443 SSLEngine on #SSLCipher. Suite ALL: !ADH: !EXPORT SSL for Apache HTTPS Config Listen 443 SSLEngine on #SSLCipher. Suite ALL: !ADH: !EXPORT 56: RC 4+RSA: +HIGH: . . . SSLCipher. Suite ALL SSLCertificate. File /etc/ssl/certs/www. casita. net. crt SSLCertificate. Key. File /etc/ssl/private/www. casita. net. key 39

SSL for Apache HTTPS Config Server. Name www. casita. net: 443 Use. Canonical. Name SSL for Apache HTTPS Config Server. Name www. casita. net: 443 Use. Canonical. Name On # using canonical name # because certificate based connections are picky Certificates are based on FQDN, not IP address, not short form 40

Certificate Pinning HPKP == “HTTP Public Key Pinning” Automated TOFU (trust on first use) Certificate Pinning HPKP == “HTTP Public Key Pinning” Automated TOFU (trust on first use) RFC 7469 41

SSLVerify. Client" src="https://present5.com/presentation/2004954b0520b965a1440b65afa11abd/image-42.jpg" alt="Using Client Certificates More Apache Config SSLCACertificate. File /etc/ssl/ca-bundle. crt SSLVerify. Client" /> Using Client Certificates More Apache Config SSLCACertificate. File /etc/ssl/ca-bundle. crt SSLVerify. Client require SSLVerify. Depth 10 Allow. Override None Options None Order allow, deny Allow from all 42

Client Certificates 43 Client Certificates 43

Client Certificates CGI variables SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_CLIENT_M_VERSION, SSL_CLIENT_M_SERIAL, SSL_CLIENT_V_START, and SSL_CLIENT_V_END S and I Client Certificates CGI variables SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_CLIENT_M_VERSION, SSL_CLIENT_M_SERIAL, SSL_CLIENT_V_START, and SSL_CLIENT_V_END S and I are “subject” and “issuer” DN is “distinguished name” 44

Client Certificates CGI variables SSL_CLIENT_S_DN= Client Certificates CGI variables SSL_CLIENT_S_DN="/CN=rmt@casita. net /email. Address=rmt@casita. net" SSL_CLIENT_S_DN_CN="rmt@casita. net" SSL_CLIENT_S_DN_Email="rmt@casita. net" SSL_CLIENT_V_REMAIN="1032" 45

Open. SSL for in-house CA Create a key (pair) Create a self-signed certificate, call Open. SSL for in-house CA Create a key (pair) Create a self-signed certificate, call it “root” Issue another certificate using root cert (call that “intermediate” or “issuer”) Put away the root private key Issue other certificates using intermediate Distribute the root certificate widely 46

Open. SSL for in-house CA Set SERVER variable as before, then … openssl ca Open. SSL for in-house CA Set SERVER variable as before, then … openssl ca -cert issuer. crt -keyfile issuer. key -extensions server -in $SERVER. crq -out $SERVER. tmp mv $SERVER. tmp $SERVER. crt Creates a certificate from a request. 47

Open. SSL for in-house CA Use a two-level “master” and “issuer” Master is kept Open. SSL for in-house CA Use a two-level “master” and “issuer” Master is kept locked away, signs issuer Issuer performs actual issuing of certs Requests go to issuer / signed certs returned Locked away … think “air gap” ● 48

Certificates for Open. VPN Server Config port 1194 dev tap 0 dh dh 4096. Certificates for Open. VPN Server Config port 1194 dev tap 0 dh dh 4096. pem ca rootca. crt cert server. crt key server. key } Server cert is concatenated w/ intermediate 49

Certificates for Open. VPN Client Config client dev tap remote vpn 4. casita. net Certificates for Open. VPN Client Config client dev tap remote vpn 4. casita. net 1194 ca rootca. crt cert client. crt key client. key } Client cert is concatenated w/ intermediate 50

Open. SSL Alternatives Libre. SSL Matrix. SSL Gnu. TLS Mozilla NSS See Wikipedia for Open. SSL Alternatives Libre. SSL Matrix. SSL Gnu. TLS Mozilla NSS See Wikipedia for a lengthy list. 51

Libre. SSL Drop-in replacement for Open. SSL 52 Libre. SSL Drop-in replacement for Open. SSL 52

Packages using Libre. SSL package Open. SSH YES WGET CURL BIND NTP Apache HTTPD Packages using Libre. SSL package Open. SSH YES WGET CURL BIND NTP Apache HTTPD NO works with Libre. SSL? YES YES NO One of WGET or CURL did not originally work 53

HTTP 301 to HTTPS … please don't! HTTPS yes – forced re-direct no ●“don't HTTP 301 to HTTPS … please don't! HTTPS yes – forced re-direct no ●“don't break stuff” (don't break automation) ● Encountered HTTP-to-HTTPS re-direct at several sites, starting with Open. SSL. org. Turns out the re-direct is a requirement of HSTS. What then is HSTS? 54

HSTS == “HTTP Strict Transport Security” Strict-Transport-Security: max-age=31536000 RFC 6797 Philosophically counter to FPE HSTS == “HTTP Strict Transport Security” Strict-Transport-Security: max-age=31536000 RFC 6797 Philosophically counter to FPE 55

HSTS a globally encrypted world-wide web 56 HSTS a globally encrypted world-wide web 56

Entropy maximum entropy, minimum energy maximum entropy, minimum “order” Entropy ==> Randomness Strong encryption Entropy maximum entropy, minimum energy maximum entropy, minimum “order” Entropy ==> Randomness Strong encryption requires reliable randomness /dev/random /dev/urandom 57

Water Cooler Leaks Human factors remain the biggest risk Easy passwords Gullible to scams Water Cooler Leaks Human factors remain the biggest risk Easy passwords Gullible to scams Easy-click assertion Profiled for info Unsecured hardware Lost hardware 58

Summary You need SSL! Apply SSL carefully (don't break stuff) Understand the concepts If Summary You need SSL! Apply SSL carefully (don't break stuff) Understand the concepts If “security is a process” then SSL is a moving target! And practice: play with the stuff. 59

NORD Project – please help Not trying to start a distro … http: //www. NORD Project – please help Not trying to start a distro … http: //www. casita. net/nord http: //www. casita. net/chicory … just change the world.

Thank You http: //www. casita. net/vmworkshop/2017/presentations/ troth-vmworkshop-pki-2017. odp http: //www. casita. net/vmworkshop/2017/presentations/ troth-vmworkshop-pki-2017. ppt Thank You http: //www. casita. net/vmworkshop/2017/presentations/ troth-vmworkshop-pki-2017. odp http: //www. casita. net/vmworkshop/2017/presentations/ troth-vmworkshop-pki-2017. ppt

supplemental supplemental

VM SSL Key Management Set up GSKADMIN and wire it into the stack Sign VM SSL Key Management Set up GSKADMIN and wire it into the stack Sign onto GSKADMIN Use 'gskkyman' command 63

VM SSL Key Management 64 VM SSL Key Management 64

VM SSL Key Management Create a key database. . . Option 1 Filename “Database. VM SSL Key Management Create a key database. . . Option 1 Filename “Database. kdb” 3700 days = 10 years, 6 weeks Default record size Fix file access. . . openvm permit /etc/gskadm/Database. kdb rw- r-- --openvm permit /etc/gskadm/Database. sth rw- r-- --- 65

VM SSL Key Management 66 VM SSL Key Management 66

VM SSL Key Management Create a self-signed certificate. . . Option 6 Option 7, VM SSL Key Management Create a self-signed certificate. . . Option 6 Option 7, server cert with 4096 -bit RSA key Option 3, SHA-256 signature digest Enter a label, UPPER CASE Enter X. 509 stuff Apply that label to a “secured” TCP port 67

VM SSL Key Management Create new certificate request. . . Option 4 Option 3, VM SSL Key Management Create new certificate request. . . Option 4 Option 3, cert with 4096 -bit RSA key Enter filename Enter a label, UPPER CASE again Enter X. 509 stuff File is PEM encoded; send it to your CA 68