Shark Fest 18 Europe TLS and DLP Behind
Shark. Fest ’ 18 Europe TLS and DLP Behind the green lock Ross Bagurdes Technology Network Engineer/Pluralsight Author Bagurdes@outlook. com #sf 18 eu • • Imperial Riding School Renaissance Vienna • • Oct 29 29 -- Nov 22
www. pluralsight. com
Goals • • • Encrypting Data Diffie Hellman Elliptical Curve Key Exchange Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Web Browser Encryption TLS 1. 2 and 1. 3 #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Web Browser Encryption Negotiate Encryption Session Encryption Protocols #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA Diffie Hellman ECDHE 3 DES AES Cha 20 #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
SSL/TLS Versions TLS v 1. 2 TLS v 1. 3 #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Encryption Basics #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server + #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Encrypting Communication HTTPs Client HTTPs Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Data Encryption #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Data Encryption • AES (128 or 256 bits) • Chacha 20 #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange Data Encryption #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption TLS v 1. 3 TLS v 1. 2 Key Exchange #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption TLS v 1. 3 TLS v 1. 2 RSA Diffie Hellman Key Exchange Elliptical Curve Diffie Hellman #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption TLS v 1. 3 TLS v 1. 2 RSA Diffie Hellman Key Exchange Elliptical Curve Diffie Hellman #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Elliptical Curve Diffie-Hellman Ephemeral #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Elliptical Curve #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Elliptical Curve Types x 25519 secp 256 r 1 secp 284 r 1 fecp 521 r 1 ffdhe 2048 ffdhe 3073 #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Elliptical Curve #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange HTTPs Client HTTPs Server Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key HTTPs Client HTTPs Server Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd + HTTPs Client HTTPs Server Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Private Key HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + HTTPs Client 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd Public Key #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key HTTPs Client 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key HTTPs Client 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + + 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS 1. 2 DHECE Key Exchange Private Key + + 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd HTTPs Client HTTPs Server 047 d 1 bb 98 aa 0 d 6 b 4 a 5 a 5 cc 4 dba 83 df 2 c 35 ac 2 b 7 a 63 e 973 edae 0 f 14 d 680 d 196 b 94249 4490803 fe 36426 baff e 67 fa 6048 b 2 e 989 c 4 8461 f 50449 a 83 e 563 a 0 d 84 bdbfd #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange Data Encryption #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange Data Encryption Handshake Integrity #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange Data Encryption Handshake Integrity #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
TLS Encryption Key Exchange Data Encryption Server Authenticity Handshake Integrity #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Server Intermediate Root #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Server Intermediate Root #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Server Intermediate Root #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Root Server Intermediate #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Root Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Root Intermediate Server Validation #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Certificate Authority Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates But aren’t certificates used to encrypt? #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates But aren’t certificates used to encrypt? Key Exchange Only RSA Diffie Hellman (p and g values) #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates Used for Server Authenticity Independent from Certificate #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention aka MITM or SSL intercept #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention Client Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance Client Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client Server Client Observes End to End #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client Server Unencrypted Client/Server Data #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client TLS Session Trusted Certificate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client ? Trusted Certificate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client ? Trusted Certificate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client Server Root Intermediate Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance Intermediate TLS Session Client Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance Intermediate TLS Session Client Server #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance Intermediate TLS Session Client Server Client Observes End to End Encryption #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Data Loss Prevention DLP Appliance TLS Session Client Server Unencrypted Client/Server Data #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Certificates #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
More Information https: //sharkfestasia. wireshark. org/sf 18 asia SSL/TLS Decryption: Uncovering the Secrets Peter Wu https: //www. pluralsight. com/ Wireshark Troubleshooting: Analyzing and Decrypting TLS Traffic Ross Bagurdes #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
Summary • • • Encrypting Data Diffie Hellman Elliptical Curve Key Exchange Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo #sf 18 eu • Imperial Riding School Renaissance Vienna • Oct 29 - Nov 2
- Slides: 81