Secure Socket Layer

Naveen Kumar
M.E., ECE (Regular)

Outline
 Web Security
 Introduction to SSL/TLS
 Secure Socket Layer (SSL)
 Where, What and How about SSL

 Architecture
 The Four Protocols

 Simple Handshake process

 Transport Layer Security (TLS)
 TLS Overview
 Public Key Certificates

 Implementation & Applications of SSL/TLS
 Summary
 References

December 1, 2012 NITTTR, Chandigarh 2

“Use your mentality, Wake up to reality”
---From the song, “I've got you under my skin”
by Cole Porter


Reality!!!


Web security
 Web is now widely used by businesses, government firms
and individuals.
 but Internet & Web space are vulnerable.
 have a variety of threats related to
 Integrity : Someone might alter content

 Confidentiality : Anyone can see content

 Denial of service

 Authentication : Not clear who you are talking with
 need added security mechanisms


Introduction (contd.)
 Secure Sockets Layer (SSL)
Developed by Netscape Corporation

Versions 1, 2, and 3 (released in 1996)

 Transport Layer Security (TLS)
Successor of SSL

IETF standards track protocol, based on SSL 3.0

 Last updated in RFC 5246 (2008)


Introduction (contd.)
 Transport Layer Security (TLS) and its
predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols that provide security for
communications over networks such as the
Internet.
 TLS and SSL encrypt the segments of network
connections at the Transport Layer end-to-end.


SECURE
SOCKET LAYER
(SSL)


Where SSL fits?
HTTP SMTP POP3 HTTPS SSMTP SPOP3

80 25 110 443 465 995

Port
Secure Socket Layer
No.

Transport

Network

Data Link


What security is provided?
 By providing:
Endpoint Authentication

Unilateral or Bilateral

Communication Confidentiality
 For preventing:
 Eavesdropping

Tampering

Message Forgery


How security is provided?


Uses public key scheme
 Each client-server pair uses
2 public keys
○ one for client (browser)
 created when browser is installed on client machine
○ one for server (http server)
 created when server is installed on server hardware
2 private keys
○ one for client browser
○ one for server (http server)


Cipher Suite
 Common Cipher Suite algorithms:
 Encryption algorithm

○ RC4,Triple DES,AES, IDEA, DES, Camellia

 Message authentication code (MAC) algorithm

○ Authentication by RSA, DSA, ECDSA

○ Hashing by MD5, SHA

 Key exchange algorithm

○ RSA, Diffie-Hellman, ECDH, SRP, PSK

 Pseudorandom function (PRF)


SSL Architecture


SSL Architecture (Contd.)
 SSL session
 an association between client & server

 created by the Handshake Protocol

 define a set of cryptographic parameters

 may be shared by multiple SSL connections

 SSL connection
 a transient, peer-to-peer, communications link

 associated with 1 SSL session


The Four Upper Layer Protocols
 Application Encryption Protocol
Encrypt/Decrypt application data
 Change Cipher Spec Protocol
Alert to a change in communication variables
 Alert Protocol
Messages important to SSL connections
 Handshaking Protocol
Establish communication variables


SSL Record Protocol
Services provided are :
 Confidentiality
 using symmetric encryption with a shared secret key defined by
Handshake Protocol
 IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

 message is compressed before encryption

 Message integrity
 using a MAC (Message Authentication Code) created using a
shared secret key and a short message


SSL Record Protocol (Contd.)


SSL Change Cipher Spec Protocol
 one of 3 SSL specific protocols which use the
SSL Record protocol
 a single message
 Purpose of message
Cause copy of pending state to current state.

Updates cipher suite to be used on the current

connection .


SSL Alert Protocol
 conveys SSL-related alerts to peer entity
 Consists of two bytes
 1st byte : warning or fatal
 2nd byte: code for specific alerts

 specific alert types
 unexpected message, bad record mac, decompression failure,

handshake failure, illegal parameter
 close notify, no certificate, bad certificate, unsupported certificate,

certificate revoked, certificate expired, certificate unknown

 compressed & encrypted like all SSL data


SSL Handshake Protocol (1/10)
 The most complex part of SSL.
 allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
 comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish


Simple Handshake process (2/10)

 The client(Alice) and server(Bob) must agree on various

parameters to establish the connection
 Alice request a secure connections and presents a list of Cipher Suites

 Bob picks the strongest supported Cipher Suite

 Bob sends back his digital certificate

○ Including the certificate authority and his public key

 By encrypting using the server’s public key, Alice send a random

number to Bob securely
 Alice and Bob generate key material from the random number

 Secure connection established


SSL Handshake Protocol (10/10)


TLS (Transport Layer Security)
 IETF standard RFC 2246 similar to SSLv3
 with minor differences
in record format version number
uses HMAC for MAC
a pseudo-random function expands secrets
has additional alert codes
some changes in supported ciphers
changes in certificate negotiations
changes in use of padding


Changes from SSL 3.0 to TLS
 Fortezza removed
 Additional Alerts added
 Modification to hash calculations
 Protocol version 3.1 in ClientHello,
ServerHello

32
December 1, 2012 NITTTR, Chandigarh

What is TLS?
 Protocol layer
 Requires reliable transport layer (e.g. TCP)
 Supports any application protocols

HTTP Telnet FTP LDAP
TLS
TCP
IP

33

TLS: Privacy
 Encrypt message so it cannot be read
 Use conventional cryptography with shared
key
DES, 3DES
RC2, RC4
IDEA
A B
Message $%&#!@ Message

34

TLS:Key Exchange
 Need secure method to exchange secret key
 Use public key encryption for this
“key pair” is used - either one can encrypt and
then the other can decrypt
slower than conventional cryptography
share one key, keep the other private
 Choices are RSA or Diffie-Hellman

35

TLS: Integrity
 Compute fixed-length Message
Authentication Code (MAC)
Includes hash of message
Includes a shared secret
Include sequence number
 Transmit MAC with message

36

Integrity (Contd.)
 Receiver creates new MAC
should match transmitted MAC
 TLS allows MD5, SHA-1
A B
Message Message’ MAC

MAC MAC’ =?

37

TLS: Authentication
 Verify identities of participants
 Client authentication is optional
 Certificate is used to associate identity with
public key and other attributes

A B
Certificate

Certificate

38

TLS: Architecture
 TLS defines Record Protocol to transfer
application and TLS information
 A session is established using a Handshake
Protocol

Handshake Change Alert
Protocol Cipher Spec Protocol

TLS Record Protocol

39

TLS: Record Protocol

40

TLS: Handshake
 Negotiate Cipher-Suite Algorithms
Symmetric cipher to use
Key exchange method
Message digest function
 Establish and share master secret
 Optionally authenticate server and/or client

41

Handshake Phases
 Hello messages
 Certificate and Key Exchange messages
 Change Cipher Spec and Finished messages

42

TLS: Hello
 Client “Hello” - initiates session
Propose protocol version
Propose cipher suite
Server chooses protocol and suite
 Client may request use of cached session
Server chooses whether to honor request

43

TLS: Key Exchange
 Server sends certificate containing public key
(RSA) or Diffie-Hellman parameters
 Client sends encrypted “pre-master” secret to
server using Client Key Exchange message
 Master secret calculated
Use random values passed in Client and Server Hello

messages

44

Public Key Certificates
 X.509 Certificate associates public key with
identity
 Certification Authority (CA) creates certificate
Adheres to policies and verifies identity

Signs certificate

 User of Certificate must ensure it is valid

45

Validating a Certificate

 Must recognize accepted CA in certificate
chain
One CA may issue certificate for another CA

 Must verify that certificate has not been
revoked
CA publishes Certificate Revocation List (CRL)

46

X.509 Certificate Issues
 Certificate Administration is complex
Hierarchy of Certification Authorities
Mechanisms for requesting, issuing, revoking
certificates
 X.500 names are complicated
 Description formats are cumbersome
(ASN.1)

47

TLS: HTTP Application
 HTTP is most common TLS application
https://
 Requires TLS-capable web server
 Requires TLS-capable web browser
Netscape Navigator
Internet Explorer
Cryptozilla
○ Netscape Mozilla sources with SSLeay

48

TLS “Alternatives”
 S-HTTP: secure HTTP protocol, shttp://
 IPSec: secure IP
 SET: Secure Electronic Transaction
Protocol and infrastructure for bank card
payments
 SASL: Simple Authentication and Security
Layer (RFC 2222)

49

Implementation of SSL/TLS
 SSL and TLS have been widely implemented
 Open source software projects

○ OpenSSL, NSS, or GnuTLS

 Microsoft Windows

○ Part of its Secure Channel

 Browsers

○ Apple Safari

○ Mozilla Firefox (2+)

○ Internet Explorer, etc.


Application of SSL/TLS
 On top of the Transport Layer protocols
Primarily with TCP

Datagram Transport Layer Security(DTLS) for UDP

 Encapsulating the application protocols
HTTP (HTTPS)

for securing WWW traffic

FTP (FTPS), SMTP, NNTP, etc.


Summary
 SSL/TLS addresses the need for security in
Internet communications
Privacy - conventional encryption

Integrity - Message Authentication Codes

Authentication - X.509 certificates

 SSL in use today with web browsers and
servers

52

References
 William Stallings, 5th Edition, “Transport-Level
Security”, Chapter 16, Pages : 509-543
 www.cse.buffalo.edu/DBGROUP/nachi/ecopre
s/fengmei.ppt
 http://www.slideshare.net/leethree/ssl-intro


Secure Socket Layer

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a Secure Socket Layer

Similar a Secure Socket Layer (20)

Más de Naveen Kumar

Más de Naveen Kumar (20)

Último

Último (20)

Secure Socket Layer

Notas del editor