SSL Renegotiation Attacks

While analyzing encrypted HTTPS traffic, it's essential to understand HTTPS protocol indicators that may reveal SSL/TLS-based attacks. HTTPS relies on encryption protocols, specifically:

• Transport Layer Security (TLS)

• Secure Sockets Layer (SSL)

HTTPS Connection Process

1. Handshake: Server and client establish a connection, agreeing on encryption algorithms and exchanging certificates.

2. Encryption: Following the handshake, the connection is encrypted with the selected algorithm.

3. Data Exchange: Encrypted data (web pages, images, etc.) is exchanged between client and server.

4. Decryption: Both sides decrypt data using their private and public keys.

SSL Renegotiation Attack

SSL renegotiation attacks attempt to negotiate lower encryption standards or exploit server resources, causing potential vulnerabilities. Another example of HTTPS encryption attacks includes the Heartbleed Vulnerability (CVE-2014-0160).

TLS and SSL Handshake Process

To secure a connection, a TLS or SSL handshake is required, involving:

1. Client Hello: Client sends supported TLS/SSL versions, cipher suites, and random data.

2. Server Hello: Server responds with its chosen version, cipher suite, and a nonce.

3. Certificate Exchange: Server sends its certificate containing the public key.

4. Key Exchange: Client generates a premaster secret, encrypts it with the server’s public key, and sends it to the server.

5. Session Key Derivation: Both parties derive session keys using exchanged nonces and the premaster secret.

6. Finished Messages: Both parties exchange finished messages, confirming successful handshake.

7. Secure Data Exchange: The encrypted communication begins.

TLS Handshake Algorithmic Breakdown

Handshake Step	Relevant Calculations
Client Hello	ClientHello = { ClientVersion, ClientRandom, Ciphersuites, CompressionMethods }
Server Hello	ServerHello = { ServerVersion, ServerRandom, Ciphersuite, CompressionMethod }
Certificate Exchange	ServerCertificate = { ServerPublicCertificate }
Key Exchange	ClientDHPublicKey = DH_KeyGeneration(ClientDHPrivateKey) ServerDHPublicKey = DH_KeyGeneration(ServerDHPrivateKey)
Premaster Secret	PremasterSecret = DH_KeyAgreement(ServerDHPublicKey, ClientDHPrivateKey)
Session Key Derivation	MasterSecret = PRF(PremasterSecret, "master secret", ClientNonce + ServerNonce)
Extraction of Session Keys	ClientWriteMACKey, ServerWriteMACKey, ClientWriteKey, ServerWriteKey, ClientWriteIV, ServerWriteIV
Finished Messages	FinishedMessage = PRF(MasterSecret, "finished", Hash(ClientHello + ServerHello))

Detecting SSL Renegotiation Attacks

1. Filter for Handshake Messages: In Wireshark, use the following filter to view only handshake messages:

   ssl.record.content_type == 22

2. Indicators of SSL Renegotiation Attacks:

   • Multiple Client Hellos: Repeated Client Hello messages from a single client in a short timeframe signal an attack, as the attacker repeatedly triggers renegotiation to downgrade the cipher suite.

   • Out of Order Handshake Messages: Observing Client Hello messages after the handshake completion can indicate manipulation or attack.

Reasons for SSL Renegotiation Attacks

• Denial of Service: Excessive renegotiation consumes server resources, potentially making it unresponsive.

• Cipher Suite Exploitation: Attackers may attempt renegotiation to exploit weak encryption configurations.

• Cryptanalysis: Renegotiation can facilitate cryptanalysis by helping attackers analyze SSL/TLS patterns, possibly exposing vulnerabilities.