|
|
@@ -90,12 +90,26 @@ Slitheen uses a tagging procedure very similar to that of Telex~\cite{wustrow201
|
|
|
\caption{Modifications to TLSv1.2 handshake}
|
|
|
\end{figure}
|
|
|
|
|
|
-To implement these changes, we have made slight modifications to the OpenSSL source code
|
|
|
+To implement these changes, we have made slight modifications to the OpenSSL source code:
|
|
|
|
|
|
\texttt{git clone -b slitheen git://git-crysp.uwaterloo.ca/openssl}.
|
|
|
|
|
|
These modifications consist mostly of optional callbacks are were made by modifying as little source code as possible, to ease code maintenance.
|
|
|
|
|
|
+\subsubsection{Tag generation}
|
|
|
+
|
|
|
+The tag is generated by computing a 21-byte ECDH private key $s$ for the client (along with the corresponding 21-byte public key, $g^s$. We used the curve NIST-P224 to generate public keys that fit in 21 bytes of the ClientHello random nonce. The client's public key is concatenated with a 7-byte value, $H_1(g^{rs} || \chi)$ where $g^{rs}$ is computed by raising the relay station's public key $g^r$ to the client's private key $s$. The context string $\chi$ is just the 4-byte server IP address (in network byte order). The hash function, $H_1$, is the first 7 bytes of SHA256 output, while $H_2$ is the last 16 bytes. The shared secret key between the client and the relay station is computed as $k_{sh} = H_2(g^{rs}||\chi)$.
|
|
|
+
|
|
|
+\subsubsection{DH parameter generation}
|
|
|
+
|
|
|
+To derive the TLS client key exchange parameters, the client computes their secret key as the output of $PRF_{k_{sh}}(\texttt{``SLITHEEN\_KEYGEN''})$ (Note: the Telex paper refers to his set as using $k_{sh}$ to seed a secure PRG).
|
|
|
+
|
|
|
+The PRF function here is as defined in the TLSv1.2 RFC\footnote{https://tools.ietf.org/html/rfc5246}, where the hash function used is determined by the selected ciphersuite.
|
|
|
+
|
|
|
+\subsubsection{Modified Finished MAC}
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
\subsection{Data Replacement}
|
|
|
|
|
|
Data from the client is modified in both the upstream and downstream direction. Upstream from the client, the client's Slitheen ID along with data to the covert site is included in an additional X-Slitheen header to be extracted and replaced with an X-Ignore header and garbage by the relay station.
|
