2. 2
Transport Layer Security Protocols
• Secure Socket Layer (SSL)
– Originally designed to by Netscape to secure HTTP
– Version 2 is being replaced by version 3
– Subsequently became Internet Standard known as TLS
– Use TCP to provide a reliable end-to-end service
– Application independent
• Can be used for any application protocol: telnet, ftp..
• Transport Layer Security (TLS)
– SSL 3.0 is very similar to TLS (RFC 2246)
3. 3
Location of SSL
• SSL is build on top of
TCP
• Provides a TCP like
interface
• In theory can be used by
all type of applications in
a transparent manner
4. 4
SSL Architecture
• Rely on TCP for a reliable communication
• Two Layers
– SSL Record Protocol provides basic security services
– Handshake, change cipher spec, Alert..
6. 6
SSL Session and Connection
• Each SSL session can be used for multiple
connections
• SSL Session
– An association between the client and the server
– Are used to avoid negotiation of new security
parameters for each connection
• SSL Connection
– A connection is a transport that provides a suitable
type of service
– Each connection is associated with one session
7. 7
SSL Session
• A SSL session consists of
– Session ID
– X.509 public-key certificate of peer (could be null)
– Compression Algorithm
– Cipher Spec:
• Encryption Algorithm, Message Digest Algorithm, etc
– Master Secret: 48 Byte secret shared between the client
and the server
11. 11
SSL Record Protocol
• 2 services:
– Confidentiality
• Using symmetric encryption with a shared secret key defined by
Handshake protocol
– Message integrity
• Using a MAC with a shared secret key
• Layered protocol:
– Fragmentation application data into blocks
– Compression
– MAC
– Encryption
– Transmit over TCP
14. 14
SSL Change Cipher Spec Protocol
• one of 3 SSL specific protocols which use the
SSL Record protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use
15. 15
SSL Alert Protocol
• conveys SSL-related alerts to peer entity
• severity
• warning or fatal
• specific alert
• unexpected message, bad record mac, decompression
failure, handshake failure, illegal parameter
• close notify, no certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired,
certificate unknown
• compressed & encrypted like all SSL data
16. 16
Master Secret Creation
• The master secret is a one-time 48-byte value
– A Pre-master key is exchanged first
• RSA or Diffie-Hellman
– Master secret is computed from the pre-master
secret, client random and server random
17. 17
Generation of Cryptographic Parameters
• Session Key: Generated from the master
secret, client random, and server random
– Client write MAC secret
– Server write MAC secret
– Client Write Key
– Server Write Key
– Client Write IV
– Server Write IV
20. 20
How the Web Works - HTTP
• Hypertext transfer protocol (http).
• Clients request “documents” (or scripts)
through URL.
• Server response with “documents”.
• Stateless protocol, requests are
independent.
21. 21
How the Web Works: Other Elements
• Hyper-text markup language (html).
• Other application specific document.
– e.g., MIME, graphics, video/audio, postscript, Java
applets, etc.
• Browsers.
– Display html documents and embedded graphics.
– Run Java program.
– Start helper applications.
– ...
23. 23
Web Security
• Authentication:
– Basic (username, password)
• Can be used along with cookie
– Digest
• Access control via addresses
• Multi-layered:
– S-http (secure http), just for http
• Proposed by CommerceNet, pretty much dead
– SSL (TLS), generic for TCP
• https: http over SSL
– IPSec
24. 24
HTTP Authentication - Basic
• Client doesn’t know which method
• Client attempts access (GET, PUT, …)
normally
• Server returns
– “401 unauthorized”
– Realm: protection space
• Client tries again with (user:password)
– Passwords in the clear
– Repeated for each access
25. 25
From Basic Authentication to Forms and
Cookies
• Not all sites use basic authentication
• Many instead ask the user to type
username/password into a HTML form
• Server looks up the user and sends back a cookie
• The browser (client) resends the cookie on
subsequent requests
26. 26
HTTP Access Control - Digest
• Server sends www-authenticate parameters:
– Realm
– Domain
– Nonce, new for each 401 response
• e.g.. H(client-IP:timestamp:server-secret)
– Algorithm
• e.g., MD5