Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Electronic Transaction (SET)
Recommended Reading and WEB Sites
Web Security Considerations
WWW is Client server application over Internet and TCP/IP intranets
Web is vulnerable to attacks on web servers over the Internet
The WEB is visible outlet for corporates
Web servers are easy to configure and manage.
Complex software hide many security flaws.
Subverted servers will provide access to intranet systems
Users are not aware of the risks.
Security facilities in the TCP/IP protocol stack
SSL and TLS
SSL was originated by Netscape
TLS working group was formed within IETF
First version of TLS can be viewed as an SSLv3.1
Make use of TCP
Provide reliable end to end secure communication
Two layers of protocols
change cipher spec
A logical client/server link
A peer-to-peer connection with two network nodes.
Every connection associated with one session.
An association between a client and a server
Defines a set of parameters such as algorithms used, session number etc.
An SSL session is created by the Handshake Protocol
that allows parameters to be shared among the connections made between the server and the client
Sessions are used to avoid negotiation of new parameters for each connection.
A single session is shared among multiple SSL connections between the client and the server.
In theory, it may also be possible that multiple sessions are shared by a single connection, but this feature is not used in practice.
The concepts of a SSL session and connection involve several parameters that are used for SSL-enabled communication between the client and the server. During the negotiations of the handshake protocol, the encryption methods are established and a series of parameters of the Session State are subsequently used within the session.
SSL session state
A session state is defined by the following parameters:
session identifier: this is an identifier generated by the server to identify a session with a chosen client,
Peer certificate: X.509 certificate of the peer,
compression method: a method used to compress data prior to encryption,
CipherSpec: specifies the bulk data encryption algorithm (for example DES) and the hash algorithm (for example MD5) used during the session,
Master secret: 48-byte data being a secret shared between the client and server
“ is resumable”: this is a flag indicating whether the session can be used to initiate new connections.
SSL connection state
The SSL connection state is defined by the following parameters:
Server and client random: random data generated by both the client and server for each connection,
Server write MAC secret: the secret key used for data written by the server,
Client write MAC secret: the secret used for data written by the client,
Server write key: the bulk cipher key for data encrypted by the server and decrypted by the client,
Client write key: the bulk cipher key for data encrypted by the client and decrypted by the server,
Initialisation vectors: for CBC mode of block cipher
Sequence number: sequence numbers maintained separately by the server for messages transmitted and received during the data session.
Encryption of payloads using shared secret key obtained from handshake protocol
MAC using shared secret key obtained from handshake protocol
SSL Record Protocol Operation
SSL Record Format
Change cipher spec protocol
Payload of record protocol
Consist of single message
Single byte value = 1
Purpose of message
Cause copy of pending state to current state
Updates cipher suite to be used on the current connection
Conveys SSL alerts to peer
Payload of record
Consists of two bytes
1 st byte : warning or fatal
2 nd byte: code for specific alerts
SSL Record Protocol Payload
The most complex part of SSL.
Allows the server and client to authenticate each other.
Negotiate encryption, MAC algorithm and cryptographic keys.