SlideShare una empresa de Scribd logo

How does TLS work?

Hyeonsu Lee
Hyeonsu Lee

Slides for Chocolatier Meetup Chocolatier Meetup: https://github.com/chocolate-factory/chocolatier-meetup)

Tecnología
1 de 19
Descargar para leer sin conexión
How does TLS work? Chocolatier Meetup: 5th Meeting Hyeonsu Lee (@incleaf)
Table of Contents • What is TLS/SSL? • How does TLS handshake work? • How does TLS certificate work? • Real-world Examples
What is TLS/SSL?
What is TLS/SSL? • TLS (Transport Layer Security) • SSL (Secure Sockets Layer) is the same one, but deprecated by IETF (Internet Engineering Task Force) • HTTPS is NOT TLS. HTTPS is using TLS with HTTP. TLS can be used for many protocols including SMTP, FTP.
How does TLS handshake work?
How does TLS handshake work? Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
• A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. Client verifies the server’s Certificate. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client verifies the server’s Certificate. Note: Pre-master key is a random string. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. Client verifies the server’s Certificate. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinished: Create hash of messages using the master secret key. 5 ServerFinished: Create hash of messages using the master secret key. Client verifies the server’s Certificate. Note: This is where ‘Message Authentication’ of Cipher Suite comes in. Finished Message will contain the Handshake Messages sent from both the Server and Client. It’s to verify both client and server have the Same Handshake messages and MAC key. How does TLS handshake work?
• A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinish: Create hash of messages using the master secret key. 5 ServerFinish: Create hash of messages using the master secret key. The master secret key will be used as symmetric key to encrypt the data. Client verifies the server’s Certificate. How does TLS handshake work?
How does TLS certificate work?
• TLS Certificate is simply a text file • We can make it our own certificate that says “We are Google” • A Browser will trust us: • If It’s on a list of certificates the browser trusts. • If it’s able to prove that it’s trusted by one of the certificates that the browser trusts. This is where ‘Digital Signature’ comes in. How does TLS certificate work?
• Digital Signature • TLS Certificates have an associated public/private key pair. • A certificate can be “signed” by another authority. • All root CA certificates are “self-signed”. • This puts an enormous burden on all browser and OS publishers to trust only clean root CAs. How does TLS certificate work?
Real-world Examples
• Man In The Middle Attacks (MITM) • IP Spoofing, ARP Spoofing, DNS Spoofing • Blocking HTTPS by the government of South Korea • No, it was DNS blocking Real-world Examples
Q&A

Recomendados

SSL
SSLSSL
SSLBadrul Alam bulon
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

Recomendados

SSL
SSLSSL
SSLBadrul Alam bulon
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKIwolverinetyagi
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacksn|u - The Open Security Community
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
SSL
SSLSSL
SSLtheekuchi
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 

Más contenido relacionado

La actualidad más candente

SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKIwolverinetyagi
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 

La actualidad más candente (20)

SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKI
 
SSL intro
SSL introSSL intro
SSL intro
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacks
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
SSL Layer
SSL LayerSSL Layer
SSL Layer
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
SSL
SSLSSL
SSL
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
SSL overview
SSL overviewSSL overview
SSL overview
 

Similar a How does TLS work?

Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__sslMainak Goswami
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonDavid Johansson
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 

Similar a How does TLS work? (20)

fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
ssl
sslssl
ssl
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdf
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
The last picks
The last picksThe last picks
The last picks
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
SIP over TLS
SIP over TLSSIP over TLS
SIP over TLS
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__ssl
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 

Último

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

How does TLS work?

  • 1. How does TLS work? Chocolatier Meetup: 5th Meeting Hyeonsu Lee (@incleaf)
  • 2. Table of Contents • What is TLS/SSL? • How does TLS handshake work? • How does TLS certificate work? • Real-world Examples
  • 4. What is TLS/SSL? • TLS (Transport Layer Security) • SSL (Secure Sockets Layer) is the same one, but deprecated by IETF (Internet Engineering Task Force) • HTTPS is NOT TLS. HTTPS is using TLS with HTTP. TLS can be used for many protocols including SMTP, FTP.
  • 5. How does TLS handshake work?
  • 6. How does TLS handshake work? Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
  • 7. • A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
  • 8. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. Client verifies the server’s Certificate. How does TLS handshake work?
  • 9. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client verifies the server’s Certificate. Note: Pre-master key is a random string. How does TLS handshake work?
  • 10. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. Client verifies the server’s Certificate. How does TLS handshake work?
  • 11. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinished: Create hash of messages using the master secret key. 5 ServerFinished: Create hash of messages using the master secret key. Client verifies the server’s Certificate. Note: This is where ‘Message Authentication’ of Cipher Suite comes in. Finished Message will contain the Handshake Messages sent from both the Server and Client. It’s to verify both client and server have the Same Handshake messages and MAC key. How does TLS handshake work?
  • 12. • A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
  • 13. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinish: Create hash of messages using the master secret key. 5 ServerFinish: Create hash of messages using the master secret key. The master secret key will be used as symmetric key to encrypt the data. Client verifies the server’s Certificate. How does TLS handshake work?
  • 14. How does TLS certificate work?
  • 15. • TLS Certificate is simply a text file • We can make it our own certificate that says “We are Google” • A Browser will trust us: • If It’s on a list of certificates the browser trusts. • If it’s able to prove that it’s trusted by one of the certificates that the browser trusts. This is where ‘Digital Signature’ comes in. How does TLS certificate work?
  • 16. • Digital Signature • TLS Certificates have an associated public/private key pair. • A certificate can be “signed” by another authority. • All root CA certificates are “self-signed”. • This puts an enormous burden on all browser and OS publishers to trust only clean root CAs. How does TLS certificate work?
  • 18. • Man In The Middle Attacks (MITM) • IP Spoofing, ARP Spoofing, DNS Spoofing • Blocking HTTPS by the government of South Korea • No, it was DNS blocking Real-world Examples
  • 19. Q&A