Extrakce dešifrovaného provozu z SSL spojení / Extraction of Decrypted Data from SSL Connection

Pastuszek, Jakub

January 2019

Cílem této práce je vyvinout aplikaci schopnou dešifrovat zabezpečená spojení a přeposlat dešifrovaná data na jinou stanici v síti pro další analýzu.  Daná aplikace vybízí k nelegálním účelům, avšak zamýšleným použitím výsledného produktu jsou legální odposlechy. Pro tuto práci byla z množiny nástrojů vybrána aplikace SSLsplit díky jejím vlastnostem a výkonnosti. Toto rozhodnutí bylo na základě srovnávacích testů a porovnání vlastností. Pomocí vlastního certifikátu SSLsplit podepisuje certifikáty cílových serverů, které jsou vytvářené za běhu. Spuštěná aplikace běží v režimu transparentní proxy přímo na centrálním prvku dané sítě (routeru). SSLsplit provádí man-in-the-middle útok mezi klientem a serverem bez toho, aby to některá ze stran zaznamenala. Dále umožnuje dešifrovaný obsah odeslat na předem daný uzel v síti pro jeho další zpracování. Pro možnost snažší konfigurace SSLsplitu byla implementována integrace do netc rozhraní. Aplikace byla otestována za účelem zjištění jejich výkonnostních limitů. Výkonnostní testy výsledného řešení ukazují značný pokles počtu transakcí za sekundu (TPS) při použití SSLsplit v porovnání s pouhým přeposíláním provozu. Funkce zrcadlení významně neovlivňuje počet TPS ani neomezuje samotný SSLsplit. Výsledky ukazují, že SSLsplit je schopen reálného provozu s určitým omezením.

Phishing on Open WLANs: Threat and Preventive Measure

Khanna, Isha

10 January 2010

Phishing is an internet security issue whose shape is still changing and size is still increasing. This thesis shows the possibility of a phishing attack on open, private Wireless LANs. Private WLANs which use a login page to authenticate users in hotels, airports and academic campuses are all vulnerable to this attack. Virginia Tech's WLAN is used as an example to show that the attack is possible. The attack combines two very well known attacks: one is to deceptively guide a user into logging into a fake website, which shows similar log-in page to the page of the website the user intends to go to, and the second attack is to show users a valid certificate, which does not show a warning. The rogue server takes the user to a log-in page which is similar to Virginia Tech's log-in page and shows him a valid security certificate. We present a solution to the proposed problem. Software is implemented that runs on Windows Vista. The software warns the user if there are servers with more than one type of security certificates, claiming to be from the same network. We contrast our method to already existing methods, and show in what respects our solution is better. The biggest advantage of this method is that it involves no change on the server side. It is not necessary for the users to have any prior knowledge of the network, which is very helpful when the users access WLAN at airports and hotels. Also, when using this method, the user does not need to connect to any network, and is still able to get a warning. It however, requires the user to be able to differentiate between the real and fake networks after the user has been warned. / Master of Science

Phishing

Rogue AP

SSL

Certificate

Investigating Security Options for StudentDevelop.com and the Testing of SSL

Nunga, Jude, Okeke, Godwin

January 2012

Security issues have become a key problem with most e-commerce platforms these days and information sent over the internet needs to be protected. When operating an e-commerce platform such as studentdevelop.com financial transactions are involved. Data communication is very vital to e-commerce and needs to be processed securely. This thesis shall investigate Secure Socket Layer (SSL) as a possible solution to provide added security such as data integrity and confidentiality on the StudentDevelop.com web portal. This thesis shall also compare other known security suites available for use which could suit the StudentDevelop.com web platform. A vivid comparison shall be carried out to evaluate SSL and Pretty Good Privacy (PGP) with the aim of testing the preferred choice to provide encryption and data confidentiality on the StudentDevelop.com platform. Protocols like SSL make up the next layers of mechanisms that support applications with electronic payment schemes. Cryptography being an essential security technology involving the encryption algorithm and digital signatures can provide the basic building blocks. SSL shall be tested on the StudentDevelop.com platform by installing a self-signed certificate, including a test of a digital certificate obtained from a certificate authority. In SSL, the web browser is the client and the web-site server is the server. As a result to authenticate consumers on e-commerce platform such as studentdevelop.com, SSL increased the security for web transactions by using public-key encryption and digital certificate to achieve authentication. Encryption algorithm and digital signatures provided the basic building blocks, while SSL protocol made up the next layer of mechanisms that in return support the application layer. In the fourth coming sub chapters, we will look in to the problem description of this thesis and the investigation of security solutions for studentdevelop.com.

SSL

Authentication

Encryption

Communication

Web 2.0

Data

Attack on WiFi-based Location Services and SSL using Proxy Servers

Feng, Jun Liang

02 January 2014

Wireless LANs are very common in any household or business today. It allows access to their home or business network and the Internet without using wires. Their wireless nature allows mobility and convenience for the user and that opens up a lot of new possibilities in mobile devices such as smartphones and tablets. One application that makes use of wireless LANs is positioning, which can be used in areas where Global Positioning Systems may have trouble functioning or not at all. However, a drawback of using wireless communication is that it is susceptible to eavesdropping and jamming. Once the wireless signal is jammed, an attacker can set up fake access points on different channels or frequencies to impersonate a legitimate access point. In this thesis, this attack is performed specifically to trick WiFi-based location services. The attack is shown to work on Skyhook, Google, Apple and Microsoft location services, four of the major location service providers, and on dual-band hardware. Some countermeasures to such an attack are also presented. The web is an important part of many people???s lives nowadays. People expect that their privacy and confidentiality is preserved when they use the web. Previously, web traffic uses HTTP which meant traffic is all unencrypted and can be intercepted and read by attackers. This is clearly a security problem so many websites now default to using a more secure protocol, namely HTTPS which uses HTTP with SSL, and forces the user to HTTPS if they connect to the no SSL protocol. SSL works by exchanging keys between the client and server and the actual data is protected using the key and the cipher suite that is negotiated between the two. However, if a network uses a proxy server, it works slightly different. The SSL connection is broken up into two separate ones and that creates the potential for man-in-the-middle attacks that allow an attacker to intercept the data being transmitted. This thesis analyzes several scenarios in which an adversary can conduct such a man-in-the-middle attack, and potential detection and mitigation methods.

wifi

location service

ssl

proxy server

attack

Campus Network Design and Man-In-The-Middle Attack

Nazari, Mahmood, Zhou, Kun

January 2014

Security is at the front line of most networks, and most companies apply an exclusive security policy enclosing many of the Open Systems Interconnection (OSI) layers, from application layer all the way down to Internet Protocol (IP) security. On the other hand, an area that is often not protected with high level of security is the second layer of OSI model and this can compromise the entire network to a diversity of attacks.This report presents an experimental performance analysis within the real environment. It focuses on understanding and preventing the Man-In-The-Middle (MITM) also known as Address Resolution Protocol (ARP) Poisoning on the Cisco Catalyst 3560 series switches with Cisco IOS Software. The Linux Command Line (CLI) tools and Ettercap tool were used to launch the Layer 2 attacks that you might come up against. Mitigation methods to stop this attack are evaluated and concluded. Finally we will answer if Secure Socket Layer (SSL) is enough to protect the users’ data against MITM in the network.A HP laptop and two DELL PCs were utilized for these tests and acted as the attacker, the Server and the victim. Victim PC runs Windows 7, attacker’s Laptop and server run Linux.Finally, three different case studies were analyzed and compared with each other and different solutions that might help to solve or detect the issue of MITM attack are concluded.

SSL

Man-In-The-Middle

MITM

ARP Poisoning

Virtual Private Networks: : A feasibility study of secure communications between remote locations.

Wikström, Alexander, Thomson, Mark, Mageramova, Lolita

January 2014

Virtual Private Networks (VPNs) are an integral part of protecting company communications from unauthorized viewing, replication or manipulation. In order for employees to remotely conduct business in an effective and secure manner from a branch location or while traveling, Virtual Private Networks can be viewed as an absolute necessity.   Starting with a certain set of network communication requirements, our project's hypothesis was that the most suitable VPN implementation for Cheap Flats (a fictitious company we created) would be an IPSec client VPN. Included in the report are basic definitions, implementations and tests for three different types of VPNs that were used to confirm this hypothesis: 1) Site-to-site: Tunnel mode connection between VPN gateways. The process of encrypting and transferring data between networks is transparent to end-users. [1] 2) IPSec client: Network Layer VPN for both network-to-network and remote-access deployments. End-users will need to run either Cisco or Open Source VPN software on their PCs. 3) Clientless SSL: “Remote-access VPN technology that provides Presentation Layer encryption services for Applications through local redirection on the client.” [2] VPN communications are established using a browser rather than specific software installed on the end-user’s device.   The test results from the above VPN implementations have been published and comparisons were made between the different types of VPNs regarding the time taken to apply network device/end-user configurations, expenses incurred in procuring additional equipment/software to implement the VPN (if any), impact on end-users, scalability and lastly, the overall functionality of the VPN solution as it relates to the day-to-day business operations.   Following the testing phase, a discussion of the merits and drawbacks of each of the VPN implementations was drafted. After which, a final recommendation was presented regarding the VPN solution that best fit the needs of the hypothetical company described in the paper.

VPN

IPsec

SSL

Computer Engineering

Datorteknik

Svenska kommuners nätverkstjänsters säkerhetsrelation i förhållande till nordiska kommuner samt befolkningsfaktorer / Swedish municipalities networking service security in relation to Nordic municipalities as well as population factors

Olsson, Marcus

January 2016

Då internetanvändningen i Sverige ökar konstant, ökar också antalet internettjänster. Många människor är dessutom ständigt uppkopplade via mobiltelefoner, datorer eller annan teknik. Vi spenderar allt större del av våra liv på internet där bankbetalningar, nyhetshämtning och socialt nätverkande sker. Kommuner är myndigheter som idag är en del av denna ständigt uppkopplade miljö. Det finns förväntningar på kommuner att tillgång till information och andra tjänster alltid är tillgängligt. SSL är ett protokoll som ser till att kontakt mellan en användare och exempelvis en hemsida sker utan att någon kan avlyssna trafik samt en garanti att rätt tjänst nåtts fram vid försök att nå denna. Tyvärr räcker det inte för en kommun att bara applicera detta protokoll på sina tjänster utan ibland måste denna tjänst uppdateras eller uppgraderas då nya versioner släpps eller nya hot upptäcks. Denna studie analyserar nivån på de svenska kommunernas SSL säkerhet. Då implementationen av SSL varierar så svarar studien på om det går att se ett samband mellan SSL-implementering och populationsfaktorer samt jämför de svenska kommunerna med två andra nordiska länder som valts utefter administrativ uppbyggnad. Studiens resultat visar att Svenska kommuners säkerhetsnivå är lägre än önskvärt och att arbetet med SSL är långt bakom de norska.

SSL

Computer and Information Sciences

Data- och informationsvetenskap

Bezpečená komunikace mezi data loggerem a databazovým serverem / Secure communication between data logger and database server

Ferek, Matúš

January 2011

This work is aimed to analyze security risks of data transfer in Internet network and to design couple of possible solutions for securing communication between data logger and server for data processing. As a result, solution of securing this data communication by SSL layer was designed.

Rekonstrukce webmailového provozu / Webmail Traffic Reconstruction

Slivka, Miroslav

January 2015

Webmail applications are very popular these days. Besides typical usage, thanks to ciphered communication, they can be used for malicious activity like confidential data loss. This thesis discusses webmail events detection based on common webmail signatures in captured network traffic. Also there will be discussed SSL/TLS interception and decryption for further data analysis. The modules in this thesis are designed and implemented for Netfox.Framework forensics analysis tool. The Netfox project is developed at FIT BUT under security research project SEC6NET.

Online bill payment system

Konreddy, Venkata Sri Vatsav Reddy

January 1900

Master of Science / Department of Computing and Information Sciences / Daniel A. Andresen / Keeping track of paper bills is always difficult and there is always a chance of missing bill payment dates. Online Bill Payment application is an interactive, effective and secure website designed for customers to manage all their bills. The main objective of this application is to help customers to receive, view and pay all the bills from one personalized, secure website there by eliminating the need of paper bills. Once customers register in the website, they can add various company accounts. The information is verified with the company and the accounts are added. After the customers add the company accounts they can receive notifications about new bills, payments and payment reminders. All the information dealing with sensitive data is passed through a Secure Socket Layer for the sake of security. This website follows MVC architecture. Struts is used to develop the application. Well established and well proven design patterns like Business Delegate, Data Access Object, and Transfer Object are used to simplify the maintenance of the application. For the communication between the website and companies, web services are used. Apache Axis2 serves as the web services container and Apache Rampart is used to secure the information flow between the web services. Tiles, JSP, HTML, CSS and JavaScript are used to provide a rich user interface. A part from these, Java Mail is used to send emails and concepts like one way hashing, certificates, key store’s, and encryption are implemented for the sake of security. The overall system is tested using unit testing, manual testing and performance testing techniques. Automated test cases are written whenever possible to ensure correctness of the functions. Manual testing further ensures that the application is working as expected. The system is subjected to different loads and the corresponding behavior is observed at different loads. The unit and manual testing revealed that the functionality of each module in the system is behaving as expected for both valid and invalid inputs. Performance testing revealed that the website works fine even when the server is subjected to huge loads.

J2EE

Struts

Design pattern

SSL

Computer Science (0984)