TLS provides confidentiality, identity, and integrity for internet communication. It is used for HTTPS web pages and applications on computers and phones. TLS is based on SSL and uses asymmetric encryption where the server sends a public key to set up the secure connection. The client then challenges the server, which responds using its private key to prove its identity. Certificates bind a public key to an identity and are signed by a Certification Authority. They contain information like the key, owner identity, and validity period.

1. TLS in five minutes
#MeraKrypto
@oej * oej@edvina.net
v 1.1 2014-05-06

2. #MoreCrypto
Identity
Security basics.
Confidentiality
Authorization
Integrity
Non-repudiation

3. #MoreCrypto
TLS is an important tool
TLS
Transport
Layer
Security
TLS provides confidentiality, identity
and integrity to Internet communication.
TLS is used in HTTPS:// web pages, but can also be
used from applications on a computer as well as a cell
phone.
TLS is based on SSL, that was a provider-specific
technology. TLS is maintained by the IETF and is still
being improved.

4. TLS basics in a minute
• TLS use a keypair to set up a secure connection
• Assymetric encryption
• The server sends the public key at connection
• The client challenges the server
• The server responds to the challenge using the
server private key
• Now the client knows that the server has the
private key that matches the public key
private

5. TLS Usage
• TLS is used for
• authentication of servers and
clients
• initiating encryption of a session
• digital signatures on messages to
ensure integrity and provide
authentication
Authentication
Who are you? Prove it!
Encryption
Providing confidentiality
Integrity
Making sure that the
receiver get what the
sender sent

6. Adding a certificate to the
mix
• A certificate is nothing more complicated than a
passport or an ID card
• It contains the public key and some administrative
data
• And is signed (electronically) by someone you
might trust ... or not.
• This is part of the complex structure called PKI,
which you might want or just disregard
• A PKI is not needed to get encryption for the
signalling path!
• You can however use a PKI to only set up
connections that you trust

7. The X.509v3 certificate
• An X.509 certificate is the standardised way to
bind a public key to an identity
• The certificate is issued by a
Certification Authority (CA)
• The most important component of the PKI?
• An X.509 certificate is an
electronic document with a specific layout
!
• Standard: documented in IETF PKIX RFC:s
Version
Serial number
Issuer identity
Validity period
User identity
Public key
Extension fields

8. X509.v3
contents
• Version number
• Certificate serial number
Used for validation
• Identity of the issuer
• Validity period
• Identity of the public key owner
• Public key
• Extension fields
• A digital signature, created by the issuer
Internet
Explorer
Certificate
Manager

9. SIP certificates
• SubjectAltName contains a list of identities that
are valid for this certificate
• draft-ietf-certs outlines a SIP event package to
distribute and manage certificates
• This is based on the Authentication Service in SIP
identity (RFC 4474)
• The domain cert is used to sign the NOTIFY
payload

10. x.509 cert for SIP
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:08:00:79:00:15:00:43
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=SipitTest Certificate Authority
Validity
Not Before: Sep 16 17:17:00 2009 GMT
Not After : Sep 15 17:17:00 2012 GMT
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc:
a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d:
30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43:
64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05:
20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed:
2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df:
65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18:
b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54:
54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60:
30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6:
cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2:
86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4:
a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78:
66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed:
a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b:
24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40:
5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2:
2d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30
Signature Algorithm: sha1WithRSAEncryption
1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96:
f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c:
74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a:
15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74:
56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a:
fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4:
46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee:
eb:7e
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
X509v3 Subject Alternative Name:
DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net

11. Process for a server
Generate
Keys
Pack public key
in CSR
Send CSR
to CA
CA validate
process
CA issues
Certificate
Install cert
in server with
private key

12. Client connection
Open TCP
connection
Server sends
certificate
Client
challenge server
Server answers
challenge
Client validates
certificate
Server can issue
cert request
Client and server
produce session key
Symmetric encryption
starts

13. Protocol specifics
• Given a protocol request - how do we match the
request address to a certificate
• SIP Uri, E-mail address, HTTPS uri

14. User specifics
• Which CAs do we trust?
• How do we check validity of certificate, even if
we trust the CA?
• Do we have time for validation?

15. New solutions
• Anchoring the certificate in DNS
• Validating the certificate in DNS
• No certificate - bare keys
• Oppurtunistic Security with TLS