Nayanamana Samarasinghe and Mohammad Mannan

Concordia University, Montreal, Canada

____________________________________________Nayanamana Samarasinghe__Apr 5, 2017__2

_____________________________________TLS Ecosystems in Networked Devices vs. Web Servers

Background

▪ Rapid growth of Internet-connected devices (IoT)➢ Forecast:

25-50 billion devices (Cisco, Ericson, Gartner) by 2020

26 devices/person

Economic impact: $2-$5 trillion

➢ They will increase opportunities for an attacker

▪ Rise in TLS adoption to improve communication security

Devices in focus

Motivation

▪ Several measurement studies done on TLS vulnerabilities of websites

➢TLS ecosystem of the web is improving

▪But what about devices?

Our goals

▪ Study TLS vulnerabilities in devices➢ Parameters used in secure communication

(SSL/TLS) of devices

▪ TLS parameters in Alexa 1M sites used for comparison

Some options for large scale collection of TLS certificates

▪ EFF SSL Observatory

▪ Rapid 7

▪ ZMap

▪ Shodan

How to identify device types?

▪ Manual inspection

▪ Automatically, using meta-data (e.g. Censys, Shodan)

▪ TLS search engine for devices & networks➢ Based on ZMap (network scanner)

➢ Supports phased out cipher suites of popular browsers

Our analysis is based on Censys

zgrab ztag database

TLS banner grabber

Allows annotating raw scan

data with additional metadata.

Methodology

1. Extract certificates and TLS parameters

2. Based on annotations, categorize devices into logical groupings

3. Compute statistics for weak and strong TLS security parameters

4. Compare between devices and Alexa 1M sites

Grouping of devices based on annotations in Censys

We’ve categorized device types as:

Infrastructure routers, Modem, Camera, NAS, Home

router, Network, Printer, SCADA, CPS and Media

Example:

Category Device types

SCADA SCADA controller, router, gateway, server, front-end

Analysis & Results (1)

Comparisons of WEAK cryptographic primitives

Signature algorithms

Infra.router

Modem Camera NAS Homerouter

Network Printer Scada CPS Media Deviceavg.

Alexa1M

MD5WithRSA SHA1WithRSA

Hashing algorithms

Infra.router

Alexa1M

MD5 SHA1

Infra.router

Alexa 1M

3DES_EDE_CBC RC4_128

Analysis & Results (3)Comparisons of WEAK cryptographic primitives

Encryption algorithms

Key lengths

Infra.router

Alexa1M

RSA 512 RSA 768 RSA 1024

SSL/TLS Protocol versions

Infra.router

Alexa1M

SSLv3 TLSv1.0 TLSv1.1

Analysis & Results (6)Comparisons of STRONG cryptographic primitives

Hashing Algorithms Encryption AlgorithmsKey lengths

Signature Algorithms SSL/TLS protocol versions

✓ ECDSA mostly supported in the

✓ Relative to Infrastructure

routers, other device categories

use stronger AES ciphers,

TLS1.2 & SHA256 hashing

algorithm.

✓ 4096 keys are mostly used in

webapps

TLSv1.2

RSA 2048 RSA 4096

AES_128_CBC

AES_256_CBC

AES_128_GCM

TLSv1.2

SHA256WithRSASHA512WithRSAECDSAWithSHA256

Top manufacturers of vulnerable devices

Common defence by manufacturers is that though security patches are released, no action by users

(As of October 2016)

Manufacturer MD5 RC4 SSLv3 < RSA1024 Device types

Cisco 347 98,904 65,413 12,713 Network, infra. router

Hewlett Packard 1 5,214 1 12 Network, printer, scada, home router

AVM 78 5,062 33 2 Modem

Hikvision 664 1,085 214 75 Camera

QNAP 383 889 286 51 NAS

Limitations (our work is not comprehensive!)

1. Possible limitations in Censys logic/misconfiguration

2. Censys annotations still evolving

3. Unreachable devices in ZMap

4. Device exploitations depend on how they are used

5. Devices in IPv6 not accounted

Concluding remarks

1. TLS deployment in devices is weaker than the web

2. Raise awareness

3. How to improve? forced auto-update?

Thank youn_samara@ciise.concordia.ca

Nayanamana Samarasinghe and Mohammad Mannan

Documents

Abdul Mannan

Mannan oligosaccharide dietary improves health status of

SILKBANKr · Branch Network 26 . ... Tariq Iqbal Khan, FCA Arshad Ghafur Mohammad Ahmed Mannan Human Resource Committee ... Noble Computer Services (Pvt.)

NOTIFICATION - hfc-bd.com · 10 17003 Anwar Hossain Abu Taher 6023 DFFFCDC 0 ... 42 8269 Mohammad Shidur Rahman Late Mohammad Mannan Ali 6076 ... 44 15085 Mohammad Osi Uddin Mohammad

Merit list · ishtiak mannan fti aritra nanoi arijit sen sharma md mominul islam riyad md. asif ... m. a. aziz bin hossain mohammad osman goni mohammed seyam uddin

Samarasinghe Et Al-2012-British Journal of Haematology

Mannan Shahid Forgings (Pvt)Ltd

Democracy and Democratization in Developing Countries (Samarasinghe)

Mannar Mannan Pallavi

Engr. Abdul Mannan Zafar - Seismic Consolidation

Modeling in the Time Domain Introduction - … · Chapter 3 Modeling in the Time Domain Prepared by: Dr. Mohammad Abdul Mannan Page 1 of 27 Modeling in the Time Domain Introduction

Mannan-Binding Lectin Suppresses Peptidoglycan-Induced ...Research Article Mannan-Binding Lectin Suppresses Peptidoglycan-Induced TLR2 Activation and Inflammatory Responses Fanping

Dr Abeer Abuzied Atta Al Mannan 2013

EFFECT OF Lactobacillus acidophilus AND MANNAN

Pemikiran Abdul Mannan Tentang Ekonomi Islam

Mannan-hydrolysis by hemicellulases: enzyme-polysaccharide ... · Mannan-hydrolysis by hemicellulases Enzyme-polysaccharide interaction of a modular β-mannanase Per Hägglund Department

Mannan 6b anthropometricand nutritional status indicators

1 Mohammad Abdul Mannan Mohammad Abdul Mannan Managing Director & CEO Islami Bank Bangladesh Limited

Simulation of Formation, Intensity, Structure and Track of ... · 8/8/2015 · 72 Mohammad Sirajul Haque, Md. Abdul Mannan Chowdhury, Dewan Abdul Quadir, Shyeda Shamima Sultana and

TELAAH KRITIS PEMIKIRAN ABDUL MANNAN TENTANG RIBA …