14 Replies - 2269 Views - Last Post: 27 December 2011 - 08:41 AM

#1 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

[SSL] SSL is unsafe

Posted 27 December 2011 - 03:35 AM

Hello everyone,

I'm now busy with SSL for a while, and so I got thinking about its safety.
Because SSL works with asynchronous encryption, both parties generate two keys, a public and a private.

For now I assume someone (from now I gonna call it a hacker) is capturing the sent packages on the line.
(SSL is made for stopping this)

I got a theory why the SSL connection isn't safe:
For those who don't want to read the whole story, I made an animation (rotating GIF): http://i39.tinypic.com/dov5i1.gif

The theory:
SSL is made to stop hackers sniffing a connection between two parties. So nobody should have to be able to snif a SSL connection.
Now we assume there are a client and a server, talking over a SSL connection. There is a hacker capturing everything.
At the moment the connection starts, all three parties (client, server and hacker) are generating a public and private key.
The server sends his public key, still unencrypted, to the client. The hacker who stands between them, can capture this key.
Now the hacker knows the server's public key, and he sends HIS key to the client, from which the client thinks it's the server's key.
This is also happening from the client side, the client sends his key, the hacker captures it, and sends his key to the server.
Now the hacker knows the server's public key and the client's public key.
And the two parties think their connection is safe and established.
When the server sends the message, encrypted, over the line, where the hacker captures this message, and decrypts it with his own private key.
Then the hacker encrypts the message with the client's public key and sends it to the client.
So the client thinks it comes from the server, because it's encrypted in his own key.
This is also possible in the other direction, from client to server.
So the hacker can capture all messages, and the client and server are thinking they are talking over a "secure" connection.

I hope you understand my theory (animation or text).
I should like to hear your opinion, if you agree with this, or if you don't, and why.

Thanks in advance,
Sinned

Is This A Good Question/Topic? 0
  • +

Replies To: [SSL] SSL is unsafe

#2 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5247
  • View blog
  • Posts: 27,070
  • Joined: 10-May 07

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 03:39 AM

Look up Arp Cache poisoning. That's why the client should dump the cache & re-resolve the server, thus verifying that their source is legitimate. If it isn't, the obviously drop the communication & re-establish the set of keys.

& what's any of this got to do with C/C++?
Was This Post Helpful? 0
  • +
  • -

#3 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:06 AM

How could one of both verify the source? If the malicious user wrote his program well enough, it could copy everything from the original source (Mac address, host name).
Technical seen it are just bits send over a line, it's all able to get faked.
(I didn't say it was easy to get between, it's just possible.)

Quote

& what's any of this got to do with C/C++?

I don't know, but I also didn't know where to post it else.
Also because I was using SSL for a while with C/C++ (and C/C++ is pretty native code) I posted it here.
Was This Post Helpful? 0
  • +
  • -

#4 Karel-Lodewijk  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 449
  • View blog
  • Posts: 849
  • Joined: 17-March 11

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:07 AM

If setup this way asynchronous encryption would be unsafe, lucky for us that is not how SSL uses asynchronous encryption.

First of all, the client does not send it's public key in an insecure way as you state. It uses the server's public key to encrypt his own public key. So the 'man in the middle' does not know the client's public key (because he can not decrypt it) and sub-sequentially cannot send anything to the client that the client will trust as coming over a secure connection with the server for which he has the public key. For security reasons, the client generates a new random key pair for every session although this is not strictly necessary for this security scheme to work.

So you can communicate securely with the server for which you have the public key, so remains the question how do I get the public key for the right server ?:

  • Either the client has the public allready key through a secure channel, no keys need to be exchanged insecurely. (e.g.: ssh with pre-shared keys).
  • Or the server sends the public key, but it can be verified to have come from the source it claims to come from through a (web/chain) of trust. (e.g.: https)
  • Or there are huge letters the first time you connect to a new server to ask you if you trust this server. (e.g.: ssh with password)


Read my reply http://www.dreaminco...slsocketserver/ again for the specifics.

Anyway The first one depends squarely on the security of the 'secure channel'. The second one is compromised if any part of the chain of trust is compromised. But the mechanisms do allow for this 'trust' (certificates) to be revoked if it is compromised. With the third one it is the responsibility of the user to make certain it's safe.

This post has been edited by Karel-Lodewijk: 27 December 2011 - 04:20 AM

Was This Post Helpful? 3
  • +
  • -

#5 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6058
  • View blog
  • Posts: 23,496
  • Joined: 23-August 08

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:09 AM

More reading, from an actual authority.
Was This Post Helpful? 3
  • +
  • -

#6 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:25 AM

Karel-Lodewijk:
Such as you say, I should think it works also unsafe, there is just one step gone.
Now it is:
The server sends his public key, not encrypted, to the client.
The hacker captures this and send his to the client.
The client sends his public key, encrypted with the hackers key, back.
The hacker captures it, decrypts it with his private key, and encrypt it with the server's key, and send it back.

And because the server sends his certificate, the hacker can capture this, and send it through.
So the hacker isn't seen, because the client trust the server, but he don't know what's between them.
Was This Post Helpful? 0
  • +
  • -

#7 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5247
  • View blog
  • Posts: 27,070
  • Joined: 10-May 07

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:27 AM

View PostSinned, on 27 December 2011 - 06:25 AM, said:

Now it is:
The server sends his public key, not encrypted, to the client.
The hacker captures this and send his to the client.

The client made the request. The hacker would need to be bound to the ephemeral port. The server isn't sending the key, it's responding to the client whom requested the key.

& again, all the client needs to do is verify the dns resolution. Fake the mac all you like, but as long as the client can verify the source on port 53, the client can dump the traffic & open a new outbound port to request to the server.
Was This Post Helpful? 0
  • +
  • -

#8 Karel-Lodewijk  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 449
  • View blog
  • Posts: 849
  • Joined: 17-March 11

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 04:36 AM

View PostJackOfAllTrades, on 27 December 2011 - 11:09 AM, said:

More reading, from an actual authority.


Well I read the abstract and the paper deals with trusted certificate authorities (CA) giving out fake certificates. And it states:

Quote

Although we do not have direct evidence that this form of active surveillance is taking place in the wild


Basically any CA caught up in such practices would lose their trusted status. I'm not saying CAs are never compromised but I don't believe it is done by governments on a regular and structured basis as the abstract seems to imply.

Anyway it's beside the point, Sinned is talking about a totally different 'conceived' flaw.

View PostSinned, on 27 December 2011 - 11:25 AM, said:

Karel-Lodewijk:
Such as you say, I should think it works also unsafe, there is just one step gone.
Now it is:
The server sends his public key, not encrypted, to the client.
The hacker captures this and send his to the client.
The client sends his public key, encrypted with the hackers key, back.
The hacker captures it, decrypts it with his private key, and encrypt it with the server's key, and send it back.

And because the server sends his certificate, the hacker can capture this, and send it through.
So the hacker isn't seen, because the client trust the server, but he don't know what's between them.


What you explain is the client using the wrong public key.

Now read the second part of my post that explains how this problem is dealt with.

This post has been edited by Karel-Lodewijk: 27 December 2011 - 04:44 AM

Was This Post Helpful? 0
  • +
  • -

#9 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 05:11 AM

View PostKarel-Lodewijk, on 27 December 2011 - 04:07 AM, said:

So you can communicate securely with the server for which you have the public key, so remains the question how do I get the public key for the right server ?:

  • Either the client has the public allready key through a secure channel, no keys need to be exchanged insecurely. (e.g.: ssh with pre-shared keys).
  • Or the server sends the public key, but it can be verified to have come from the source it claims to come from through a (web/chain) of trust. (e.g.: https)
  • Or there are huge letters the first time you connect to a new server to ask you if you trust this server. (e.g.: ssh with password)


A client has always to retrieve the servers key, if the server has a fixed key, which is not needed to send, the attacker also have this key, because it's public.
If the server has a changing key, or the server just send it, this is never sent encrypted.
1. How could this get through the secure channel? Is sent public. (And there is no encryption set yet)
2. For this the client could trust the server, because the server is the server. But the client don't know anything about the hacker between them. So there is (for the client) nothing else to trust than the server. For him only the server exists.
3. Same as 2, the client trusts the server, and doesn't know anything about the hacker.

The hacker is between them, no one can spot him.
Supposing the client sends (encrypted with the hackers key) the byte 14, the hacker captures this, the hacker can decrypt this an encrypt it right for the server. The hacker can now send it back, with all traces to the client as source. (Now it's not sent over a high layer socket protocol, but just on the very basics, so all sources from someone can get changed. (IP, host, MAC, everything)

This is also the case on the certificate. The certificate itself is right, because it comes from the real server.
And all routes lead to the server. So nothing leads to the hacker.
Was This Post Helpful? 0
  • +
  • -

#10 stackoverflow  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 164
  • View blog
  • Posts: 545
  • Joined: 06-July 11

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 05:35 AM

Err, it just sounds like you are describing a "pre-play" attack. A man in the middle attack won't work-- there are many things in place to prevent them. However a pre-play attack is plausible.
Was This Post Helpful? 0
  • +
  • -

#11 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 05:42 AM

View Poststackoverflow, on 27 December 2011 - 05:35 AM, said:

Err, it just sounds like you are describing a "pre-play" attack. A man in the middle attack won't work-- there are many things in place to prevent them. However a pre-play attack is plausible.


SSL is made to prevent this. Because normal connections got eavesdropped before, they started working on something to prevent this.

But I think SSL is also not very secure.

I know a man-in-the-middle-attack isn't easy to do, but if someone really wants to capture a connection it's possible, even on a SSL connection.

This is why I don't trust a SSL connection (But I do believe it's more secure than a normal TCP connection)
Was This Post Helpful? 0
  • +
  • -

#12 Karel-Lodewijk  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 449
  • View blog
  • Posts: 849
  • Joined: 17-March 11

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 06:32 AM

View PostSinned, on 27 December 2011 - 12:11 PM, said:

A client has always to retrieve the servers key, if the server has a fixed key, which is not needed to send, the attacker also have this key, because it's public.
If the server has a changing key, or the server just send it, this is never sent encrypted.


Well this is where the asynchronous part kicks in. A piece of data encrypted with the public key can not be decrypted with that same public key (in any reasonable amount of time), only with the private key. This looks contradictory perhaps but this is the power of the public/private key encryption system.

Quote

Supposing the client sends (encrypted with the hackers key) the byte 14, the hacker captures this, the hacker can decrypt this an encrypt it right for the server. The hacker can now send it back, with all traces to the client as source. (Now it's not sent over a high layer socket protocol, but just on the very basics, so all sources from someone can get changed. (IP, host, MAC, everything)


Indeed, this is the big flaw. The client must be certain he has the public key of the real server. If someone is able to pass a fake public key to the client, the security is compromised.

Quote

1. How could this get through the secure channel? Is sent public. (And there is no encryption set yet)
2. For this the client could trust the server, because the server is the server. But the client don't know anything about the hacker between them. So there is (for the client) nothing else to trust than the server. For him only the server exists.
3. Same as 2, the client trusts the server, and doesn't know anything about the hacker.


  • Often it is shipped with the software. Of course you could argue, but what if the software download/distribution medium isn't secure and you would be right. But at least you expose yourself to the security risk just once. When you have the valid public key it will allow you to keep establishing secure connections with that server unless of course the server and/or it's public key are compromised, but this is no longer a 'man in the middle' attack.
  • A message (public key) with a digital signature(signed certificate) by a CA, means 2 things, 1) The message is signed with the private key of the CA. 2) The message has not been tampered with since the CA signed it. I tried to explain the mechanism already here http://www.dreaminco...lsocketserver/.
  • Same as the first one really. Yes the first time you connect it is not secure and vulnerable to a 'man in the middle attack'. But you expose yourself to the risk only once. The next time you connect to the same server your computer assume the public key will be the same and it is still secure. If it is not you get even huger letters telling you so and my ssh client makes me remove some lines from a file before I'm allowed to continue. If you however ignore all that, then you might be in trouble, no security is safe from the stupidity of man.


Summarized, the moment a client has a valid public key everything is nice and secure. If a hacker is able to slip in his own public key, then it all comes tumbling down. Certificate authorities or the free alternative PGP, help by tying a public key to it's owner.

This post has been edited by Karel-Lodewijk: 27 December 2011 - 06:46 AM

Was This Post Helpful? 3
  • +
  • -

#13 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 06:59 AM

Yes, for this the only problem lies in sending the first public key.
So if this key is built in the client software it will be okay.

And at least it's still possible, by disassembling the code, to change the key.
Then there are ways to certificate the program, for making it trustful.

And yes I know (from one of my previous posts):

View PostBench, on 28 August 2011 - 03:56 AM, said:

There are some security professionals who would even say that the only way to completely secure a computer is to switch it off, unplug all of its cables, drop it into a sealed 6ft cube of concrete and bury it underground in an undisclosed location, and even then they wouldn't be absolutely sure that its 100% guaranteed to be secure.


But now I know shipping the public server key inside the client software is the best way.
And I think I'm going use this (when my server is ready).

SSL is the most secure way to ship data, so I have to deal with it. :P

Thank you all for your help,
Sinned
Was This Post Helpful? 0
  • +
  • -

#14 blackcompe  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1152
  • View blog
  • Posts: 2,530
  • Joined: 05-May 05

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 07:53 AM

SSL is still in use, so I highly doubt it's as unsafe as you claim.

In theory, the server's public key is basically made available to whoever wants it, so you should assume a sniffer has access. If the sniffer sends its public key, the client could simply check the CA to verify it. In short, if you pass me a certificate that I didn't request, I'm not trusting the connection.

If the sniffer sends me Paypal's certificate, great, I verify that the key is actually theirs and I use their public key to encrypt my data. The sniffer can't decrypt it since it doesn't have the private key. On the other hand, if the sniffer sends me its own certificate, I can easily tell it's not from Paypal. You can't dupe me (the client). That's why we have certificate authorities.

Also, its pretty easy to tell that a certificate didn't originate from the server using a message digest, where the encrypted content is hashed and encrypted again with the server's private key. At the client end, if the server's public key decrypts the hash and it matches the hashed encrypted message that was sent, it could have only originated from the server.

This post has been edited by blackcompe: 27 December 2011 - 07:54 AM

Was This Post Helpful? 2
  • +
  • -

#15 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6058
  • View blog
  • Posts: 23,496
  • Joined: 23-August 08

Re: [SSL] SSL is unsafe

Posted 27 December 2011 - 08:41 AM

Really? A link to perhaps the most trusted public authority on cryptography garners a -1?

Wow...tough crowd!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1