some SSL recommendations - finally
authorAaron Kaplan <aaron@lo-res.org>
Sun, 3 Nov 2013 18:46:56 +0000 (19:46 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Sun, 3 Nov 2013 18:46:56 +0000 (19:46 +0100)
src/Makefile
src/applied-crypto-hardening.tex
src/further_research.tex
src/motivation.markdown [new file with mode: 0644]
src/motivation.tex
src/overview_common_crypto_systems.tex
src/practical_settings.tex
src/reviewers.tex [new file with mode: 0644]
src/table_tls.xlsx [new file with mode: 0644]
src/tools.tex

index 515a5f6..4f9b1da 100644 (file)
@@ -1,10 +1,10 @@
 all:
        latex applied-crypto-hardening
        # no bibtex citations atm
 all:
        latex applied-crypto-hardening
        # no bibtex citations atm
-       #bibtex applied-crypto-hardening
+       bibtex applied-crypto-hardening
        #latex applied-crypto-hardening
        #latex applied-crypto-hardening
-       #latex applied-crypto-hardening
-       dvipdfm -z 9 applied-crypto-hardening
+       latex applied-crypto-hardening
+       #dvipdfm -z 9 applied-crypto-hardening
        dvipdf applied-crypto-hardening.dvi
 
 clean:
        dvipdf applied-crypto-hardening.dvi
 
 clean:
index f1f3a25..3cd29a8 100644 (file)
@@ -9,6 +9,15 @@
 %\usepackage[latin1]{inputenc}  % Sonderzeichen, Umlaute  
 \usepackage[utf8x]{inputenc}  % Sonderzeichen, Umlaute  
 \usepackage{hyperref}
 %\usepackage[latin1]{inputenc}  % Sonderzeichen, Umlaute  
 \usepackage[utf8x]{inputenc}  % Sonderzeichen, Umlaute  
 \usepackage{hyperref}
+\usepackage{placeins}
+
+\usepackage[usenames,dvipsnames,svgnames,table]{xcolor}
+
+\definecolor{green}{RGB}{32,113,10}
+\definecolor{orange}{RGB}{251,111,16}
+\definecolor{red}{RGB}{247,56,0}
+\definecolor{blue}{RGB}{0,28,128}
+
 
 \pagenumbering{arabic}
 \pagestyle{plain}
 
 \pagenumbering{arabic}
 \pagestyle{plain}
@@ -48,6 +57,7 @@ Karlsruhe Institute of Technology
 \input{PKIs}
 \input{tools}
 \input{further_research}
 \input{PKIs}
 \input{tools}
 \input{further_research}
+\input{reviewers}
 
 \bibliography{applied-crypto-hardening}
 
 
 \bibliography{applied-crypto-hardening}
 
index fca96a0..b221f44 100644 (file)
@@ -1,3 +1,3 @@
-\section{Further research and unanswered questions}
+%\section{Further research and unanswered questions}
 
 
 
 
diff --git a/src/motivation.markdown b/src/motivation.markdown
new file mode 100644 (file)
index 0000000..0f4b49b
--- /dev/null
@@ -0,0 +1,14 @@
+Motivation
+==========
+
+Cryptography (the word stems from the greek word "kryptos" (hidden, secret)) is an ancient art dealing with hiding messages. Amongst the oldest known cryptography examples are textst in the Kamasutra detailing how to encode love letters. If we jump forward to the computer age, we will find that the development of computers was always strongly intertwined with the developments of cryptoraphy and cryptanalysis (the art of breaking codes).  
+
+The introduction of assymetric encryption in the 70s allowed us to  as a society to secure a significant part of our online communication. However, there are two problems with this:
+
+1. most people don't use cryptography nevertheless. It is considered "hard" and [MerkelPhone]cumbersome.
+2. getting the settings right is a non trivial task. 
+
+This guide aims at helping *system administrators* to find the right settings for the most common cryptosystems. System administrators are in a unique position to "do something good" for many  people (their users). 
+
+
+[MerkelPhone]: derstandard.at/1381370254041/Bundeskanzler-Fayman-sind-Krypto-Handys-zu-kompliziert     "Bundeskanzler Faymann sind Krypto-Handys zu kompliziert"
index 4bbad48..f8ebfb9 100644 (file)
@@ -1 +1 @@
-\section{Motivation}
+%\section{Motivation}
index d36aee9..aa28b52 100644 (file)
@@ -1,2 +1,24 @@
-\section{A brief overview of common crypto systems}
+\section{A brief overview of common crypto software}
+
+Broadly speaking, modern crypto software can placed into one of the two categories:
+
+\begin{itemize}
+\item assymetric cryptography 
+\item symmetric cryptography
+\end{itemize}
+
+The most common crypto software implementations support both modes of cryptography. 
+
+\subsection{Typical cryptography libraries, frameworks and tools}
+
+\begin{itemize}
+\item OpenSSL
+\item GnuTLS
+\item PGP
+\item SSH
+\end{itemize}
+
+
+
+
 
 
index 6e877f1..ef63104 100644 (file)
 
 
 \subsection{SSL}
 
 
 \subsection{SSL}
+
+At the time of this writing, SSL is defined in RFCs:   
+
+\begin{itemize}
+\item RFC2246 - TLS1.0         
+\item RFC3268 - AES            
+\item RFC4132 - Camelia                
+\item RFC4162 - SEED           
+\item RFC4279 - PSK            
+\item RFC4346 - TLS 1.1                
+\item RFC4492 - ECC            
+\item RFC4785 - PSK\_NULL              
+\item RFC5246 - TLS 1.2                
+\item RFC5288 - AES\_GCM               
+\item RFC5289 - AES\_GCM\_SHA2\_ECC            
+\item RFC5430 - Suite B                
+\item RFC5487 - GCM\_PSK               
+\item RFC5489 - ECDHE\_PSK             
+\item RFC5932 - Camelia                
+\item RFC6101 - SSL 3.0                
+\item RFC6209 - ARIA           
+\item RFC6367 - Camelia                
+\item RFC6655 - AES\_CCM               
+\item RFC7027 - Brainpool Curves               
+\end{itemize}
+
+\subsubsection{Overview of SSL Server settings}
+
+Most Server software (Webservers, Mail servers, etc.) can be configured to prefer certain cipher suites over others. 
+We followed the recommendations by Ivan Ristic's \cite{RisticSSLTLSDeploymentBestPractices}SSL/TLS Deployment Best Practices document (section 2.2 "Use Secure Protocols") and arrived at a list of recommended cipher suites for SSL enabled servers.
+
+The results of following his adivce is a categorisation of cipher suites.
+
+\begin{center}
+\begin{tabular}{| l | l | l | l | l|}
+\hline
+& Version   & Key\_Exchange  & Cipher    & MAC       \\ \hline
+\cellcolor{green}prefer  & TLS 1.2   & DHE\_DSS   & AES\_256\_GCM   & SHA384        \\ \hline
+    &   & DHE\_RSA   & AES\_256\_CCM   & SHA256        \\ \hline
+    &   & ECDHE\_ECDSA   & AES\_256\_CBC   &       \\ \hline
+    &   & ECDHE\_RSA &   &       \\ \hline
+    &   &   &   &       \\ \hline
+\cellcolor{orange}consider    & TLS 1.1   & DH\_DSS    & AES\_128\_GCM   & SHA       \\ \hline
+    & TLS 1.0   & DH\_RSA    & AES\_128\_CCM   &       \\ \hline
+    &   & ECDH\_ECDSA    & AES\_128\_CBC   &       \\ \hline
+    &   & ECDH\_RSA  & CAMELLIA\_256\_CBC  &       \\ \hline
+    &   & RSA   & CAMELLIA\_128\_CBC  &       \\ \hline
+    &   &   &   &       \\ \hline
+\cellcolor{red}avoid   
+& SSL 3.0   & NULL  & NULL  & NULL      \\ \hline
+    &   & DH\_anon   & RC4\_128   & MD5       \\ \hline
+    &   & ECDH\_anon & 3DES\_EDE\_CBC  &       \\ \hline
+    &   &   & DES\_CBC   &       \\ \hline
+    &   &   &   &       \\ \hline
+\cellcolor{blue}{\color{white}special }
+&   & PSK   & CAMELLIA\_256\_GCM  &       \\ \hline
+    &   & DHE\_PSK   & CAMELLIA\_128\_GCM  &       \\ \hline
+    &   & RSA\_PSK   & ARIA\_256\_GCM  &       \\ \hline
+    &   & ECDHE\_PSK & ARIA\_256\_CBC  &       \\ \hline
+    &   &   & ARIA\_128\_GCM  &       \\ \hline
+    &   &   & ARIA\_128\_CBC  &       \\ \hline
+    &   &   & SEED  &       \\ \hline
+\end{tabular}
+\end{center}
+
+
+Note that the entries marked as "special" are cipher suites which are not common to all clients (webbrowsers etc).
+
+
+\subsubsection{Clients}
+Next we tested the cipher suites above on the following clients:
+
+\begin{itemize}
+\item Chrome 30.0.1599.101 Mac OS X 10.9
+\item Safari 7.0 Mac OS X 10.9
+\item Firefox 25.0 Mac OS X 10.9
+\item Internet Explorer 10 Windows 7
+\item Apple iOS 7.0.3
+\end{itemize}
+
+
+The result of testing the cipher suites with these clients gives us the following result and a preference order. 
+Should a client not be able to use a specific cipher suite, it will fall back to the next possible entry as given by the ordering.
+
+\begin{table}
+    \begin{tabular}{|l|l|l|l|l|}
+    \hline
+    Pref & Cipher Suite                                   & ID         & Browser                     \\ \hline
+    1    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 & Safari                      \\ \hline
+    2    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 & Safari                      \\ \hline
+    3    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B & Safari, Chrome              \\ \hline
+    4    & TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A & Safari, Chrome, Firefox, IE \\ \hline
+    5    & TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 & Safari, Chrome, Firefox, IE \\ \hline
+    6    & TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 & Safari, Chrome, Firefox     \\ \hline
+    7    & TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 & Firefox, IE                 \\ \hline
+    8    & TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 & Firefox                     \\ \hline
+    9    & TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 & Firefox                     \\ \hline
+    \end{tabular}
+\end{table}
+
+\FloatBarrier
+
+The same data again, specifying the OpenSSL name:
+
+\begin{table}[h]
+    \begin{tabular}{|l|l|l|}
+    \hline
+    Cipher Suite                                   & ID            & OpenSSL Name                  \\ \hline
+    TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 &     0xC024 &     ECDHE-ECDSA-AES256-SHA384 \\ \hline
+    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384   &     0xC028 &     ECDHE-RSA-AES256-SHA384   \\ \hline
+    TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA256     &     0x006B &     DHE-RSA-AES256-SHA256     \\ \hline
+    TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA    &     0xC00A &     ECDHE-ECDSA-AES256-SHA    \\ \hline
+    TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA      &     0xC014 &     ECDHE-RSA-AES256-SHA      \\ \hline
+    TLS\_DHE\_RSA\_WITH\_AES\_256\_CBC\_SHA        &     0x0039 &     DHE-RSA-AES256-SHA        \\ \hline
+    TLS\_DHE\_DSS\_WITH\_AES\_256\_CBC\_SHA        &     0x0038 &     DHE-DSS-AES256-SHA        \\ \hline
+    TLS\_DHE\_RSA\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0088 &     DHE-RSA-CAMELLIA256-SHA   \\ \hline
+    TLS\_DHE\_DSS\_WITH\_CAMELLIA\_256\_CBC\_SHA   &     0x0087 &     DHE-DSS-CAMELLIA256-SHA   \\ \hline
+    \end{tabular}
+\end{table}
+
+
+Based on this ordering, we can now define the corresponding settings for servers. We will start with the most common web servers
+
 \subsubsection{apache}
 \subsubsection{apache}
+
 \subsubsection{nginx}
 \subsubsection{nginx}
-\subsubsection{Overview of different SSL libraries: gnutls vs. openssl vs. others}
+
+
 \subsubsection{openssl.conf settings}
 \subsubsection{openssl.conf settings}
+
+%\subsubsection{Differences in SSL libraries: gnutls vs. openssl vs. others}
+
 \subsubsection{IMAPS}
 \subsubsection{SMTP: opportunistic TLS}
 % do we need to documment starttls in detail?
 \subsubsection{IMAPS}
 \subsubsection{SMTP: opportunistic TLS}
 % do we need to documment starttls in detail?
-\subsubsection{starttls?}
+%\subsubsection{starttls?}
 
 \subsection{SSH}
 
 
 \subsection{SSH}
 
diff --git a/src/reviewers.tex b/src/reviewers.tex
new file mode 100644 (file)
index 0000000..9522c4c
--- /dev/null
@@ -0,0 +1,5 @@
+\section{Reviewers}
+
+We would like to express our thanks to the following reviewers:
+
+XXX
diff --git a/src/table_tls.xlsx b/src/table_tls.xlsx
new file mode 100644 (file)
index 0000000..eee3b73
Binary files /dev/null and b/src/table_tls.xlsx differ
index b6b64fd..148b3bf 100644 (file)
@@ -4,16 +4,19 @@ This section lists tools for checking the security settings.
 
 \subsection{SSL}
 
 
 \subsection{SSL}
 
-ssllabs.com
-
-
-\url{https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf}              %% this breaks my pdf converter hmm
+ssllabs.com offers a great way to check your webserver for misconfigurations. See \url{https://www.ssllabs.com/ssltest/}.
+Furthermore, ssllabs.com has a good best practices tutorial, which focuses on avoiding the most common mistakes in SSL.
+See: \url{https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf}
+%% this breaks my pdf converter hmm
 
 
+\url{http://tls.secg.org} is a tool for testing interoperability of HTTPS implementations for ECC cipher suites.
 
 \subsection{RNGs}
 
 
 \subsection{RNGs}
 
-ent
+\begin{itemize}
+\item \href{http://www.fourmilab.ch/random/}{ENT} is a pseudo random number generator sequence tester.  
+\item \href{http://www.issihosts.com/haveged/}{HaveEGD} is a tool which increases the Entropy of the Linux random number generator devices. It is based on the HAVEGE algorithm.
+\end{itemize}
 
 
-%havegd