CS 231: Computer Security

Watching TLS

Keep notes on your work somewhere, and share your notes among your work partners. I'm likely to have you revisit this topic in a takehome exam later in the term.

1. Get ready

• Fire up Kali and wireshark
• Open a browser to RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2.
• Take a brief look at section 7.3 of RFC 5246 (top of page 35) to see the messages you'll be looking for with wireshark.
• Open another tab in your browser. You're going to use it, and better to open it now so it doesn't generate noise once you start wireshark sniffing.

2. Capture an HTTPS session

• Start wireshark capturing with filter "tcp port 443" or "tcp port https"
• In your open browser tab, go to an https site. I'll use https://github.com/ as an example.
• Look for TCP handshakes and TLS ClientHello messages, and figure out which local ports are associated with the one or more connections to github.com port 443. This will enable you to keep straight the multiple handshakes. There may only be one connection or there may be many--that's up to the browser.
• Once the page is loaded, stop wireshark's capture session.

3. Study the packets

• First, just scan through the TLS-tagged packets in the wireshark display and compare them with the handshake protocol overview on page 35 of RFC 5246. Are you seeing all the expected transmissions? Are any of the optional transmissions missing? Which ones?
• Does github.com send your browser a certificate? Does your browser send github.com a certificate? Do the answers to those two questions make sense?
• The handshake is going to result in Alice (your browser) and Bob (github.com's server at port 443) both knowing a shared secret, which is called the "premaster secret" in the TLS specification. What algorithm/protocol does this sound like from what we've studied so far this term? What algorithm do they actually use? (That second question takes a little effort to track down. See if you can examine the handshake transmissions to find out which "cipher suite" Alice and Bob agreed on, and then do some googling to find out what that says about their choice of shared-secret-exchange.)
• Once they have a premaster secret, Alice and Bob can both compute a "master secret" using the procedure described in section 8.1. Then they use the master secret to compute a collection of keys (weirdly, this is described earlier in the spec, at section 6.3).
  • What items do Alice and Bob need to compute the master secret?
  • Can you find the exchange of those items in the wireshark display?
  • What keys do they need to compute before encrypted communication can commence?
  • What information do they need to compute those keys, and where do they obtain that info?
• When does the data start getting encrypted going from Alice to Bob? When does it start getting encrypted going from Bob to Alice? Does this match the diagram at the top of page 35?
• How does the TLS handshake compare to the protocol I described in your cryptographic scenarios assignment?
• Think about how Eve (eavesdropping) or Mal (person-in-the-middle) would experience this TLS handshake. Are they thwarted? Where in the handshake are they either discovered or prevented from doing what they're trying to do?