Secure Socket Layer


Published on

SSL and TLS are security layers used below application layer of TCP/IP model. Structure and working of these layers are explained in the presentation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Stallings Fig 17-2.
  • SSL Record Protocol defines these two services for SSL connections.
  • Stallings Fig 17-6.
  • Hash includes Finished and CertificateVerify messages following client cert types removed: rsa_ephemeral_dh dss_ephemeral_dh fortezza_dms SSL 2 -> SSL 3.0 major changes
  • Reliable transport layer delivers data without duplicates or missing data, and in order. Not really transparent to applications Application must understand desired security level and if TLS cannot provide that must not assume a secure connection Application must communicate security parameters to TLS Application may introduce security issues e.g. HTTP 1.0 connection close with empty Content-Length
  • Most block ciphers (64 bit blocks) except for RC4 stream cipher CBC cipher block chaining use IV (initialization vector) XOR previous encrypted block with block then encrypt …
  • Secret is used so that someone cannot replace both message and MAC, putting a new matching MAC in place of the original
  • Operational and pending states
  • Currently no compression defined but could be client boundaries are not preserved 2^14 bytes or less in protocol unit md5, sha-1, none MAC des, 3des, des40, rc2, rc4, idea none encryption
  • Encryption mac key exchange Des/3des/des40 md5, sha1, none rsa, dh rc2 rc4 idea none
  • Server “ Hello Request ”- ask client to restart hello includes some random data for creating the master secret
  • Client generates 48-byte secret random # , encrypts using server’s public key, sends to server if diffie-hellman, p,g
  • PKCS standards from RSA for RSA certificates PKCS #10 cert requests PKCS #9 cert attributes PKCS #7 cert chain format application/x-pkcs7-mime used to load CA chain into browser
  • Mention different kinds of certificates identity encryption etc
  • S-HTTP inter-operates with http signature authentication encryption public key key exchange, & externally arranged Secure * Secure-HTTP/1.4 : Request URI Secure-HTTP/1.4 200 OK response header lines convey information e.g. Certificate-Info: has cert, Encryption-Identity: x500 name ------------ IPSec RFC 1825-1829 required for IPv6, optional for IPv4 transport mode - protect contents of IP packet tunnel mode - protect entire IP packet encryption, MAC SASL Means to add authentication to connection-based protocol Variety of mechanisms Kerberos V4, GSSAPI, “External” Allows separation of authorization identity from client identity in credentials Permits authenticated state in protocol
  • Secure Socket Layer

    1. 1. Naveen KumarM.E., ECE (Regular)
    2. 2. Outline Web Security Introduction to SSL/TLS Secure Socket Layer (SSL)  Where, What and How about SSL  Architecture  The Four Protocols  Simple Handshake process Transport Layer Security (TLS)  TLS Overview  Public Key Certificates Implementation & Applications of SSL/TLS Summary ReferencesDecember 1, 2012 NITTTR, Chandigarh 2
    3. 3. “Use your mentality, Wake up to reality”---From the song, “Ive got you under my skin”by Cole PorterDecember 1, 2012 NITTTR, Chandigarh 3
    4. 4. Reality!!!December 1, 2012 NITTTR, Chandigarh 4
    5. 5. Web security Web is now widely used by businesses, government firms and individuals. but Internet & Web space are vulnerable. have a variety of threats related to  Integrity : Someone might alter content  Confidentiality : Anyone can see content  Denial of service  Authentication : Not clear who you are talking with need added security mechanismsDecember 1, 2012 NITTTR, Chandigarh 5
    6. 6. Introduction (contd.) Secure Sockets Layer (SSL) Developed by Netscape Corporation Versions 1, 2, and 3 (released in 1996) Transport Layer Security (TLS) Successor of SSL IETF standards track protocol, based on SSL 3.0  Last updated in RFC 5246 (2008)December 1, 2012 NITTTR, Chandigarh 6
    7. 7. Introduction (contd.) Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.December 1, 2012 NITTTR, Chandigarh 7
    8. 8. SECURE SOCKET LAYER (SSL)December 1, 2012 NITTTR, Chandigarh 8
    9. 9. Where SSL fits? HTTP SMTP POP3 HTTPS SSMTP SPOP3 80 25 110 443 465 995 Port Secure Socket Layer No. Transport Network Data LinkDecember 1, 2012 NITTTR, Chandigarh 9
    10. 10. What security is provided? By providing: Endpoint Authentication Unilateral or Bilateral Communication Confidentiality For preventing:  Eavesdropping Tampering Message ForgeryDecember 1, 2012 NITTTR, Chandigarh 10
    11. 11. How security is provided?December 1, 2012 NITTTR, Chandigarh 11
    12. 12. Uses public key scheme Each client-server pair uses 2 public keys ○ one for client (browser)  created when browser is installed on client machine ○ one for server (http server)  created when server is installed on server hardware 2 private keys ○ one for client browser ○ one for server (http server)December 1, 2012 NITTTR, Chandigarh 12
    13. 13. Cipher Suite Common Cipher Suite algorithms:  Encryption algorithm ○ RC4,Triple DES,AES, IDEA, DES, Camellia  Message authentication code (MAC) algorithm ○ Authentication by RSA, DSA, ECDSA ○ Hashing by MD5, SHA  Key exchange algorithm ○ RSA, Diffie-Hellman, ECDH, SRP, PSK  Pseudorandom function (PRF)December 1, 2012 NITTTR, Chandigarh 13
    14. 14. SSL ArchitectureDecember 1, 2012 NITTTR, Chandigarh 14
    15. 15. SSL Architecture (Contd.) SSL session  an association between client & server  created by the Handshake Protocol  define a set of cryptographic parameters  may be shared by multiple SSL connections SSL connection  a transient, peer-to-peer, communications link  associated with 1 SSL sessionDecember 1, 2012 NITTTR, Chandigarh 15
    16. 16. The Four Upper Layer Protocols Application Encryption Protocol Encrypt/Decrypt application data Change Cipher Spec Protocol Alert to a change in communication variables Alert Protocol Messages important to SSL connections Handshaking Protocol Establish communication variablesDecember 1, 2012 NITTTR, Chandigarh 16
    17. 17. SSL Record ProtocolServices provided are : Confidentiality  using symmetric encryption with a shared secret key defined by Handshake Protocol  IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128  message is compressed before encryption Message integrity  using a MAC (Message Authentication Code) created using a shared secret key and a short messageDecember 1, 2012 NITTTR, Chandigarh 17
    18. 18. SSL Record Protocol (Contd.)December 1, 2012 NITTTR, Chandigarh 18
    19. 19. SSL Change Cipher Spec Protocol one of 3 SSL specific protocols which use the SSL Record protocol a single message Purpose of message Cause copy of pending state to current state. Updates cipher suite to be used on the current connection .December 1, 2012 NITTTR, Chandigarh 19
    20. 20. SSL Alert Protocol conveys SSL-related alerts to peer entity Consists of two bytes  1st byte : warning or fatal  2nd byte: code for specific alerts specific alert types  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown compressed & encrypted like all SSL dataDecember 1, 2012 NITTTR, Chandigarh 20
    21. 21. SSL Handshake Protocol (1/10) The most complex part of SSL. allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange FinishDecember 1, 2012 NITTTR, Chandigarh 21
    22. 22. Simple Handshake process (2/10) The client(Alice) and server(Bob) must agree on various parameters to establish the connection  Alice request a secure connections and presents a list of Cipher Suites  Bob picks the strongest supported Cipher Suite  Bob sends back his digital certificate ○ Including the certificate authority and his public key  By encrypting using the server’s public key, Alice send a random number to Bob securely  Alice and Bob generate key material from the random number  Secure connection establishedDecember 1, 2012 NITTTR, Chandigarh 22
    23. 23. Simple Handshake process (3/10)December 1, 2012 NITTTR, Chandigarh 23
    24. 24. Simple Handshake process (4/10)December 1, 2012 NITTTR, Chandigarh 24
    25. 25. Simple Handshake process (5/10)December 1, 2012 NITTTR, Chandigarh 25
    26. 26. Simple Handshake process (6/10)December 1, 2012 NITTTR, Chandigarh 26
    27. 27. Simple Handshake process (7/10)December 1, 2012 NITTTR, Chandigarh 27
    28. 28. Simple Handshake process (8/10)December 1, 2012 NITTTR, Chandigarh 28
    29. 29. Simple Handshake process (9/10)December 1, 2012 NITTTR, Chandigarh 29
    30. 30. SSL Handshake Protocol (10/10)December 1, 2012 NITTTR, Chandigarh 30
    31. 31. TLS (Transport Layer Security) IETF standard RFC 2246 similar to SSLv3 with minor differences in record format version number uses HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of paddingDecember 1, 2012 NITTTR, Chandigarh 31
    32. 32. Changes from SSL 3.0 to TLS  Fortezza removed  Additional Alerts added  Modification to hash calculations  Protocol version 3.1 in ClientHello, ServerHello32 December 1, 2012 NITTTR, Chandigarh
    33. 33. What is TLS?  Protocol layer  Requires reliable transport layer (e.g. TCP)  Supports any application protocols HTTP Telnet FTP LDAP TLS TCP IP33 December 1, 2012 NITTTR, Chandigarh
    34. 34. TLS: Privacy  Encrypt message so it cannot be read  Use conventional cryptography with shared key DES, 3DES RC2, RC4 IDEA A B Message $%&#!@ Message34 December 1, 2012 NITTTR, Chandigarh
    35. 35. TLS:Key Exchange  Need secure method to exchange secret key  Use public key encryption for this “key pair” is used - either one can encrypt and then the other can decrypt slower than conventional cryptography share one key, keep the other private  Choices are RSA or Diffie-Hellman35 December 1, 2012 NITTTR, Chandigarh
    36. 36. TLS: Integrity  Compute fixed-length Message Authentication Code (MAC) Includes hash of message Includes a shared secret Include sequence number  Transmit MAC with message36 December 1, 2012 NITTTR, Chandigarh
    37. 37. Integrity (Contd.)  Receiver creates new MAC should match transmitted MAC  TLS allows MD5, SHA-1 A B Message Message’ MAC MAC MAC’ =?37 December 1, 2012 NITTTR, Chandigarh
    38. 38. TLS: Authentication  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes A B Certificate Certificate38 December 1, 2012 NITTTR, Chandigarh
    39. 39. TLS: Architecture  TLS defines Record Protocol to transfer application and TLS information  A session is established using a Handshake Protocol Handshake Change Alert Protocol Cipher Spec Protocol TLS Record Protocol39 December 1, 2012 NITTTR, Chandigarh
    40. 40. TLS: Record Protocol40 December 1, 2012 NITTTR, Chandigarh
    41. 41. TLS: Handshake  Negotiate Cipher-Suite Algorithms Symmetric cipher to use Key exchange method Message digest function  Establish and share master secret  Optionally authenticate server and/or client41 December 1, 2012 NITTTR, Chandigarh
    42. 42. Handshake Phases  Hello messages  Certificate and Key Exchange messages  Change Cipher Spec and Finished messages42 December 1, 2012 NITTTR, Chandigarh
    43. 43. TLS: Hello  Client “Hello” - initiates session Propose protocol version Propose cipher suite Server chooses protocol and suite  Client may request use of cached session Server chooses whether to honor request43 December 1, 2012 NITTTR, Chandigarh
    44. 44. TLS: Key Exchange  Server sends certificate containing public key (RSA) or Diffie-Hellman parameters  Client sends encrypted “pre-master” secret to server using Client Key Exchange message  Master secret calculated Use random values passed in Client and Server Hello messages44 December 1, 2012 NITTTR, Chandigarh
    45. 45. Public Key Certificates  X.509 Certificate associates public key with identity  Certification Authority (CA) creates certificate Adheres to policies and verifies identity Signs certificate  User of Certificate must ensure it is valid45 December 1, 2012 NITTTR, Chandigarh
    46. 46. Validating a Certificate  Must recognize accepted CA in certificate chain One CA may issue certificate for another CA  Must verify that certificate has not been revoked CA publishes Certificate Revocation List (CRL)46 December 1, 2012 NITTTR, Chandigarh
    47. 47. X.509 Certificate Issues  Certificate Administration is complex Hierarchy of Certification Authorities Mechanisms for requesting, issuing, revoking certificates  X.500 names are complicated  Description formats are cumbersome (ASN.1)47 December 1, 2012 NITTTR, Chandigarh
    48. 48. TLS: HTTP Application  HTTP is most common TLS application https://  Requires TLS-capable web server  Requires TLS-capable web browser Netscape Navigator Internet Explorer Cryptozilla ○ Netscape Mozilla sources with SSLeay48 December 1, 2012 NITTTR, Chandigarh
    49. 49. TLS “Alternatives”  S-HTTP: secure HTTP protocol, shttp://  IPSec: secure IP  SET: Secure Electronic Transaction Protocol and infrastructure for bank card payments  SASL: Simple Authentication and Security Layer (RFC 2222)49 December 1, 2012 NITTTR, Chandigarh
    50. 50. Implementation of SSL/TLS SSL and TLS have been widely implemented  Open source software projects ○ OpenSSL, NSS, or GnuTLS  Microsoft Windows ○ Part of its Secure Channel  Browsers ○ Apple Safari ○ Mozilla Firefox (2+) ○ Internet Explorer, etc.December 1, 2012 NITTTR, Chandigarh 50
    51. 51. Application of SSL/TLS On top of the Transport Layer protocols Primarily with TCP Datagram Transport Layer Security(DTLS) for UDP Encapsulating the application protocols HTTP (HTTPS) for securing WWW traffic FTP (FTPS), SMTP, NNTP, etc.December 1, 2012 NITTTR, Chandigarh 51
    52. 52. Summary  SSL/TLS addresses the need for security in Internet communications Privacy - conventional encryption Integrity - Message Authentication Codes Authentication - X.509 certificates  SSL in use today with web browsers and servers52 December 1, 2012 NITTTR, Chandigarh
    53. 53. References William Stallings, 5th Edition, “Transport-Level Security”, Chapter 16, Pages : 509-543 s/fengmei.ppt 1, 2012 NITTTR, Chandigarh 53
    54. 54. December 1, 2012 NITTTR, Chandigarh 54
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.