Week 7 Lab
Transport Layer Security (TLS)
IMPORTANT NOTES:
Study lecture materials at least 1 hour and prepare Lab Task 3.1 prior to the lab session. Prepared questions will be discussed in the lab session.
Copyright By PowCoder代写 加微信 powcoder
1 Overview
The learning objective of this lab is for students to get familiar with TLS protocol.
2 Lab Environment
In this lab, we will use wireshark preinstalled in the cloud VM to analyse three captured packets files. Click “Applications–>Internet–>Wireshark” from the desktop to start the Wireshark. Alternatively, click any captured file in folder /srv/fit2093files/fit2093lab/ such as Example1.pcap to open Wireshark. You may also choose to download and install the Wireshark on your own devices. More information can be found from https://www.wireshark.org/
3 Lab Tasks
3.1 TLS, HTTP, HTTPS
For this task you need to use Wireshark in order to look at three different examples of recorded network traffic. All three examples show parts of the communication between a client and a webserver.
1. Start Wireshark and open /srv/fit2093files/fit2093lab/Example1.pcap.
(a) Can you identify the domain name of the server? (b) Which protocols are used on application layer?
FIT2093 Week 7 Lab (c) Can you get information on the location of destination and source?
The wireshark file just shows an extract with HTTP messages. Students should look at the different layers and see what kind of information they can get.
The address is http://www.bendigobank.com.au. This page just uses HTTP. No authenticity, no encryption. Location for Bendigo bank and Monash University can be found.
2. Open /srv/fit2093files/fit2093lab/Example2.pcap in Wireshark.
(a) Can you identify the domain name of the server? It might be somewhere within the packet.
The server is the same, but this time with HTTPS: https://www.bendigobank.com.au/. This can be seen under Client Hello message → Secure Socket Layer → TLSv1 Record Layer: Handshake Protocol: Client Hello → Handshake Protocol: Client Hello → Extension: server_name
(b) Which protocols are used on application layer?
Based on the TCP port used, 443, the traffic is HTTPS.
(c) Identify which version of the security protocol is used. Is this considered to be a secure version?
It uses TLSv1.0. If you look into the packets, you only find encrypted content. However, students should try to get some information on TLS 1.0 on the Internet and they will find that it is outdated and should no longer be used.
(d) Find the Client Hello packet sent from client. What cryptographic functions are supported by the client?
The supported Cipher Suite by the client.
(e) Find the Server Hello packet sent from server in response. What Cipher Suite the server agrees to use?
The server agrees to
FIT2093 Week 7 Lab
(f) What is the purpose of the Change Cipher Spec?
The Change Cipher Spec message triggers the TLS protocol to start using the negotiated
cryptographic algorithms. Both sides must send this message for TLS to start protecting the traffic. The client sends its Change Cipher Spec message in packet 5.
3. Open /srv/fit2093files/fit2093lab/Example3.pcap in Wireshark.
(a) Can you identify the domain name of the server?
This time it is another server, but also using HTTP: http://commbank.com.au.
(b) What is different to the other two examples?
However, you will first see an error and then see that the get request was diverted to HTTPS. Thus, the traffic automatically switches from HTTP to HTTPS (the server forcefully redirect the traffic from HTTP to HTTPS).
(c) Which protocols are used? Are these considered to be secure?
It uses TLS version 1.2, which is state of the art and considered to be secure. (Recently TLS v1.3 was released but it is not widely adapted yet)
(d) Compare the supported client Cipher Suite in Client Hello in Example3.pcap with the supported Cipher Suite in Client Hello in Example3.pcap in Example2.pcap. What is different?
The supported Cipher Suite by the client.
FIT2093 Week 7 Lab
This client supports 11 Cipher Suite compared to 17 in previous example. The noticeable differences are the lack of support for CHACHA20 symmetric cipher and SHA384 hash function.
(e) What Cipher Suite the server agrees to use? The server agrees to use:
FIT2093 Week 7 Lab
(f) Using the RFC document for TLSv1.2 (RFC5246) explain what cryptographic algorithms are used in the agreed Cipher Suite.
The Cipher Suite is discussed in A. 5 section of the document (Appendix 5). https://tools.ietf.org/html/rfc5246#appendix-A.5 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with value c02f.
The Eliptic Curve algorithms for TLS is defined in RFC4492. The algorithm ECDHE_RSA is discussed in section 2.4:
https://tools.ietf.org/html/rfc4492#section-2.4
This key exchange algorithm is the same as ECDHE_ECDSA except that the server’s certificate MUST contain an RSA public key authorized for signing, and that the signature in the ServerKeyExchange message must be computed with the corresponding RSA private key. The server certificate MUST be signed with RSA.
The section 3 of RFC5289 contains the code for Eliptic Curve cipher suites that support AES in GCM mode.
https://tools.ietf.org/html/rfc5289#section-3
RFC 4492 describes elliptic curve cipher suites for Transport Layer Security (TLS). However, all those cipher suites use HMAC-SHA-1 as their Message Authentication Code (MAC) algorithm. This document describes sixteen new cipher suites for TLS that specify stronger MAC algorithms. Eight use Hashed Message Authentication Code (HMAC) with SHA-256 or SHA-384, and eight use AES in Galois Counter Mode (GCM).
FIT2093 Week 7 Lab 3.2 Certificates for HTTPS/TLS
1. Use a web browser on your own device (not in the VM) to open a webpage that supports TLS. For example https://commbank.com.au/ Click on the lock shown on the left from the address bar.
(a) Who is the issuer of the certificate and how long is it valid?
(b) What is used for key exchange and which cipher suite is used during transport?
Entrust, Inc. has issued the certificate. Expires on May 26, 2022. TLS 1.2 Key Exchange: ECDHE_RSA This is Elliptic Curve Diffie-Hellman, signed with RSA. Cipher Suite: AES_256_GCM This is 256 bit AES used in Galois/Counter Mode.
2. Can you find the list of all certification authorities that are installed in your web browser? Can you find some revoked certificates? (Hint: Look in settings under advanced settings)
Just search “Certificate” in the search box of the web browser settings and open the dialog of certificates. You may find a few revoked certificates (in newer versions of Chrome or Firefox those certificates may already get removed). If someone is interested in the story behind this, google for UTN-USERFirst-Hardware.
3. This article shows a few of the main issues with certificates:
https://arstechnica.com/information- technology/2017/03/google- takes- symantec- to- the- woodshed- for- mis- issuing- 30000- https- certs/
(a) Read the article.
(b) What are the different entities (companies, software, etc.) that need to be trusted to actually trust a certificate?
(c) Draw a diagram showing the process of certificate issuing and checking in the browser. It should contain entities (companies, devices, software) used for producing the different certificates and checking it. Assume that the server’s certificate is directly signed with the issuer’s root certificate.
Entities are the issuer of the certificate (the owner of the root certificate), software/hardware needed to produce the root certificate and the server’s certificate, the company deciding which root certificates to bundle with the browser, the browser for checking, the server storing the secret key, the owner of the server, the client’s PC.
3.3 Additional Task: Packet Capturing
Use Wireshark and try to capture the HTTPS haneshake messages on your own devices.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com