SlideShare a Scribd company logo

SSL/TLS 101

Download as PPTX, PDF
Chul-Woong Yang
Chul-Woong Yang

Introduction to SSL and TLS

Internet
1 of 21
SSL/TLS 101 23 December 2015 Chul-Woong Yang 양철웅 cwyang@aranetworks.com
Agenda • SSL and TLS • Protection against Eavesdroppers • Secure Key Exchange • Authentication • X.509 Certificates • Reference
SSL and TLS • SSL and TLS are the name of protocol, which implements cryptography • SSL: Secure Socket Layer • TLS: Transport Layer Security, a new name for SSL • Internet depends on HTTP, HTTPS, HTTP/2 • HTTPS and HTTP/2 depends on SSL/TLS for secure transmission • So, Internet depends on SSL/TLS
OSI Model Layer # OSI Layer Description Example protocols 7 Application Application data HTTP, SMTP, IMAP 6 Presentation Data representation, conversion, encryption SSL/TLS 5 Session Management of multiple connection - 4 Transport Reliable delivery of packets and streams TCP, UDP 3 Network Routing and delivery of datagrams between network nodes IP, IPSec 2 Data link Reliable local data connection (LAN) Ethernet 1 Physical Direct physical data connection (cables) CAT5 [BPST] p3
Protocol History • SSLv1: N/A • SSLv2: November 1994, deployed into Netscape Navigator 1.1 • Serious cryptographic weakness • SSLv3: Late 1995 • IETF TLS working group formed: May 1996 • TLSv1: January 1999, RFC2246 • Minor improvement from SSLv3 • Name changed for Microsoft • TLS extension: June 2003 • TLSv1.1: April 2006 • TLSv1.2: August 2008
Core Requirements • When Alice receives a message from Bob: • Only Alice, no eavesdropper, can decrypt the message (Confidentiality) • The received message is the exact message sent from Bob. Not tampered. (Integrity) • Truncation attack • “BOMB THE BUILDING AT 2:00 IF ENEMY DOES NOT SURRENDER” •  “BOMB THE BUILDING AT 2:00” • Tampering • “Transfer $100 to Alice” •  “Transfer $100 to Bob” • Alice is sure that the message come from Bob, no one else. (Authenticity) • Man-In-The-Middle attack
Step 1: Protect Against Eavesdroppers • Symmetric encryption (private/shared key) • Algorithms are based on bit shifting and XORing • Stream ciphers: RC4 • Block ciphers: DES, AES • DES: Breaks input into 8-byte blocks and scrambles them in using 8- byte keys (only 56 bit is used) • weak • 3DES: Use 56 * 3 = 168 bit key on 8 byte blocks • Very slow in SW implementation • AES: Defined for 128-, 192-, and 256-bit keys. • Fast in SW/HW implementation • RC4: Use 40 bits and 128 bits keys • Straightforward to crack
Step 2: Secure Key Exchange • Q)How can exchange a shared key over an insecure medium, on which eavesdroppers can see the key? • A) Public-key cryptography • Public key can decrypt messages encrypted with private key • Private key can decrypt messages encrypted with public key • Algorithms are based on BIGNUM manipulation • Most common algorithm: RSA • Ron Rivest, Adi Shamir, and Leonard Adleman
RSA • Three numbers: e, d, n • (m^e)^d % n = m • m = message • d = private key • (e, n) = public key • d cannot be computed from (e, d) – computationally infeasible • Break a message into blocks of length n or less and encrypt them • Alice sends message m encrypted with Bob’s public key (e, n) • C has sent to Bob. C = (m^e) % n • Bob reclaims m = (C^d) % n • Though Eve can eavesdrop C, she cannot decrypt C into m without d.
RSA • (m^e)^d % n = m • Public key: (e=3, n=55) then • d= 27 • n and d have to be enormous • 512 (weak), 1024, 2048 bit number • Should do numerical operation for 2048 bit number (617 decimal digits) • Very slow  practical use is only for key exchange, not for data encryption
Diffie-Hellman Key Exchange • Eve has Bob’s private key somehow (compromised key) • Alice send shared key encrypted with Bob’s public key • Eve can eavesdrop the message and retrieve the shared key. • Once Eve has the shared key of Alice and Bob, she can see all their messages afterwards • Diffie-Hellman key exchange: Perfect forward secrecy • Public numbers (g, p) and ephemeral numbers a and b. • g is usually 2 • a, b, p is large number (512, 1024, 2048 bit) • Alice chooses a and sends Y(a) = (g^a % p) • Bob chooses b and send Y(b) = (g^b % p) • Alice computes Z = Y(b)^a % p = (g ^ ab % p) • Bob computes Z = Y(a)^b % p = (g ^ ab % p) • Z is shared key
Elliptic Curve Cryptography • TLS 1.2 introduced support for Elliptic-Curve Cryptography (ECC) in 2008 • Math • Why ECC? • ECC 80 bit private key ~ RSA 512-bit private key • Public-key operation is O(n), where n is the number of bit in private key
Step 3. Authentication • Public key cryptography supported by certificates • Alice receives certificates from Bob • Alice verify certificates whether it is really from Bob and not tampered • Alice has Bob’s public key, then proceeds to key exchange
Digital Signature • RSA: (m^e)^d % n = m •  (m^d)^e % n = m • Message encrypted with Alice’s Public Key • Only Alice can read • Message encrypted with Alice’s Private Key • Bob can verify the message is coming from Alice • Identity proof: role of signature • Message with message digest encrypted with Alice’s Private key • Bob can verify the message is coming from Alice, without tampering
Message Digest • MD5 (RFC1321) • Transform 512 bit blocks to 128 bit hashes and compute the sum. • Birthday Paradox • How many people needed to have 50% chance that two of them share the same birthday? • 1.1772 * sqrt(n) • MD5 collisions • 50% chance to collide: 2.2 * 10^19 • 2005: MD5 collisions are computed in an hour using commodity hardware • Secure Hash Algorithm (SHA) • SHA-1: 160-bit • SHA-2: 224, 256, 384, 512-bit
HMAC (Hash-based Message Authentication Code) • Replay attack to retrieve original data from MD5 hash • If domain is not large, compute all set of (message, MD5) • Ex. Credit card number • Storage can be reduced using rainbow table • HMAC (RFC 2104) • Include secret in the hash: H(m,s), s can be up to 64 byte • Use SHA • SSL • Every SSL records are HMAC’ed before being encrypted to keep message authenticity
Digital Signature Algorithms (DSA) • Federal Information Processing Standard (FIPS) for digital signatures • DSA vs RSA signature • DSA is faster in signing, but much slower in verifying • DSA generates smaller signature for same strength • DSA requires 1024 bits key only to be compatible with standard • ECDSA • DSA with elliptic curve cryptography • Smaller signature
Step 4. X.509 Certificates • Alice receives a certificate from Bob • How to verify the certificate is from Bob? • SSL uses a “Trusted Intermediary” • Trusted intermediary digitally signs Bob’s public key • Alice must have access to the public key of the trusted intermediary to verify the signature of Bob’s public key • If Mallory does MITM and send to Alice her certificate, not Bob’s certificate? • Other information, like Bob’s name, is included in addition to public key • Certificate: a holder for public key and other information, which is signed by trusted intermediary (CA) • Certificate Authority: a trusted intermediary responsible for signing certificates
Certificate Revocation • When there is a problem with the certificate? • Specified cryptography is outdated •  Validity period • The private key is compromised •  Revocation • CAs are responsible for keeping a list of revoked certificates (CRL) • The client should checks it periodically • Key: serial ID • Should be unique within a CA
X.509 • International Telecommunication Union (ITU) defines and maintains SSL/TLS certificate format in a series of documents • X.509 : Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks • RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version shall be v3 }
Reference • [BPST] Bulletproof SSL and TLS, Ivan Ristic, Feisty Duck • [IST] Implementing SSL/TLS, Joshua Davies, Wiley

Recommended

SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 

Recommended

SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerAbhishek Gupta
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
SSL
SSLSSL
SSLtheekuchi
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationCleo
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL? Shehzad Imran
 
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출 NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출 정주 김
 
State of Rural Minnesota 2013-full report
State of Rural Minnesota 2013-full reportState of Rural Minnesota 2013-full report
State of Rural Minnesota 2013-full reportCenter for Rural Policy & Development
 

More Related Content

What's hot

Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationCleo
 

What's hot (20)

Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Ssl https
Ssl httpsSsl https
Ssl https
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SSL
SSLSSL
SSL
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
SSL
SSLSSL
SSL
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS Upgrade
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual Authentication
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 

Viewers also liked

NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출 NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출 정주 김
 
Introduction to plants
Introduction to plantsIntroduction to plants
Introduction to plantsjdrinks
 
Functional Testing - Carlos Vences
Functional Testing - Carlos VencesFunctional Testing - Carlos Vences
Functional Testing - Carlos VencesCarlos Vences
 
Ebook ringkasan-kitab-hadist-shahih-imam-bukhari
Ebook ringkasan-kitab-hadist-shahih-imam-bukhariEbook ringkasan-kitab-hadist-shahih-imam-bukhari
Ebook ringkasan-kitab-hadist-shahih-imam-bukhariAGK_masoem
 
DeSmart - get to know us!
DeSmart - get to know us!DeSmart - get to know us!
DeSmart - get to know us!Ewa Norweg
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yrjdrinks
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yrjdrinks
 
A blind girl
A blind girlA blind girl
A blind girlthiamchit
 
Ntl overview presentation
Ntl overview presentationNtl overview presentation
Ntl overview presentationRosalyn Alleman
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yrjdrinks
 
output meetup #7 人とのつながりを創るために大切にしていること
output meetup #7 人とのつながりを創るために大切にしていることoutput meetup #7 人とのつながりを創るために大切にしていること
output meetup #7 人とのつながりを創るために大切にしていることR Iwa
 

Viewers also liked (20)

NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출 NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
NDC 2016 김정주 - 기계학습을 활용한 게임어뷰징 검출
 
State of Rural Minnesota 2013-full report
State of Rural Minnesota 2013-full reportState of Rural Minnesota 2013-full report
State of Rural Minnesota 2013-full report
 
Biologia I
Biologia IBiologia I
Biologia I
 
Introduction to plants
Introduction to plantsIntroduction to plants
Introduction to plants
 
Functional Testing - Carlos Vences
Functional Testing - Carlos VencesFunctional Testing - Carlos Vences
Functional Testing - Carlos Vences
 
Understanding Skills Shortages and Regional Economies
Understanding Skills Shortages and Regional EconomiesUnderstanding Skills Shortages and Regional Economies
Understanding Skills Shortages and Regional Economies
 
Ebook ringkasan-kitab-hadist-shahih-imam-bukhari
Ebook ringkasan-kitab-hadist-shahih-imam-bukhariEbook ringkasan-kitab-hadist-shahih-imam-bukhari
Ebook ringkasan-kitab-hadist-shahih-imam-bukhari
 
DeSmart - get to know us!
DeSmart - get to know us!DeSmart - get to know us!
DeSmart - get to know us!
 
LEAPIN
LEAPINLEAPIN
LEAPIN
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yr
 
Steve vai
Steve vaiSteve vai
Steve vai
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yr
 
Rural Minnesota Journal: Rural Volunteers
Rural Minnesota Journal: Rural VolunteersRural Minnesota Journal: Rural Volunteers
Rural Minnesota Journal: Rural Volunteers
 
Perception and-regulation-brief
Perception and-regulation-briefPerception and-regulation-brief
Perception and-regulation-brief
 
A blind girl
A blind girlA blind girl
A blind girl
 
Emc new1
Emc new1Emc new1
Emc new1
 
Ntl overview presentation
Ntl overview presentationNtl overview presentation
Ntl overview presentation
 
Rural Minnesota Journal: Why Everyone Should Care
Rural Minnesota Journal: Why Everyone Should CareRural Minnesota Journal: Why Everyone Should Care
Rural Minnesota Journal: Why Everyone Should Care
 
Vocabulary yr
Vocabulary yrVocabulary yr
Vocabulary yr
 
output meetup #7 人とのつながりを創るために大切にしていること
output meetup #7 人とのつながりを創るために大切にしていることoutput meetup #7 人とのつながりを創るために大切にしていること
output meetup #7 人とのつながりを創るために大切にしていること
 

Similar to SSL/TLS 101

Cryptography
CryptographyCryptography
CryptographyPPT4U
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmacanuragjagetiya
 
Digital Security 101
Digital Security 101Digital Security 101
Digital Security 101Gary Jan
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communicationsdefconmoscow
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101Jim Faith
 
20 security
20 security20 security
20 securityabiy2004
 
Chapter# 3 modified.pptx
Chapter# 3 modified.pptxChapter# 3 modified.pptx
Chapter# 3 modified.pptxMaryam522887
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutannewbie2019
 

Similar to SSL/TLS 101 (20)

Part2-Apps-Security.pptx
Part2-Apps-Security.pptxPart2-Apps-Security.pptx
Part2-Apps-Security.pptx
 
Part2-Apps-Security.pptx
Part2-Apps-Security.pptxPart2-Apps-Security.pptx
Part2-Apps-Security.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
Network security
Network securityNetwork security
Network security
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
Digital Security 101
Digital Security 101Digital Security 101
Digital Security 101
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communications
 
HifnCrypto101
HifnCrypto101HifnCrypto101
HifnCrypto101
 
20 security
20 security20 security
20 security
 
Chapter# 3 modified.pptx
Chapter# 3 modified.pptxChapter# 3 modified.pptx
Chapter# 3 modified.pptx
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Part 6 : Internet applications
Part 6 : Internet applicationsPart 6 : Internet applications
Part 6 : Internet applications
 
CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
crypto2ssh
crypto2sshcrypto2ssh
crypto2ssh
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
authentication.ppt
authentication.pptauthentication.ppt
authentication.ppt
 

Recently uploaded

Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 

Recently uploaded (20)

Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 

SSL/TLS 101

  • 1. SSL/TLS 101 23 December 2015 Chul-Woong Yang 양철웅 cwyang@aranetworks.com
  • 2. Agenda • SSL and TLS • Protection against Eavesdroppers • Secure Key Exchange • Authentication • X.509 Certificates • Reference
  • 3. SSL and TLS • SSL and TLS are the name of protocol, which implements cryptography • SSL: Secure Socket Layer • TLS: Transport Layer Security, a new name for SSL • Internet depends on HTTP, HTTPS, HTTP/2 • HTTPS and HTTP/2 depends on SSL/TLS for secure transmission • So, Internet depends on SSL/TLS
  • 4. OSI Model Layer # OSI Layer Description Example protocols 7 Application Application data HTTP, SMTP, IMAP 6 Presentation Data representation, conversion, encryption SSL/TLS 5 Session Management of multiple connection - 4 Transport Reliable delivery of packets and streams TCP, UDP 3 Network Routing and delivery of datagrams between network nodes IP, IPSec 2 Data link Reliable local data connection (LAN) Ethernet 1 Physical Direct physical data connection (cables) CAT5 [BPST] p3
  • 5. Protocol History • SSLv1: N/A • SSLv2: November 1994, deployed into Netscape Navigator 1.1 • Serious cryptographic weakness • SSLv3: Late 1995 • IETF TLS working group formed: May 1996 • TLSv1: January 1999, RFC2246 • Minor improvement from SSLv3 • Name changed for Microsoft • TLS extension: June 2003 • TLSv1.1: April 2006 • TLSv1.2: August 2008
  • 6. Core Requirements • When Alice receives a message from Bob: • Only Alice, no eavesdropper, can decrypt the message (Confidentiality) • The received message is the exact message sent from Bob. Not tampered. (Integrity) • Truncation attack • “BOMB THE BUILDING AT 2:00 IF ENEMY DOES NOT SURRENDER” •  “BOMB THE BUILDING AT 2:00” • Tampering • “Transfer $100 to Alice” •  “Transfer $100 to Bob” • Alice is sure that the message come from Bob, no one else. (Authenticity) • Man-In-The-Middle attack
  • 7. Step 1: Protect Against Eavesdroppers • Symmetric encryption (private/shared key) • Algorithms are based on bit shifting and XORing • Stream ciphers: RC4 • Block ciphers: DES, AES • DES: Breaks input into 8-byte blocks and scrambles them in using 8- byte keys (only 56 bit is used) • weak • 3DES: Use 56 * 3 = 168 bit key on 8 byte blocks • Very slow in SW implementation • AES: Defined for 128-, 192-, and 256-bit keys. • Fast in SW/HW implementation • RC4: Use 40 bits and 128 bits keys • Straightforward to crack
  • 8. Step 2: Secure Key Exchange • Q)How can exchange a shared key over an insecure medium, on which eavesdroppers can see the key? • A) Public-key cryptography • Public key can decrypt messages encrypted with private key • Private key can decrypt messages encrypted with public key • Algorithms are based on BIGNUM manipulation • Most common algorithm: RSA • Ron Rivest, Adi Shamir, and Leonard Adleman
  • 9. RSA • Three numbers: e, d, n • (m^e)^d % n = m • m = message • d = private key • (e, n) = public key • d cannot be computed from (e, d) – computationally infeasible • Break a message into blocks of length n or less and encrypt them • Alice sends message m encrypted with Bob’s public key (e, n) • C has sent to Bob. C = (m^e) % n • Bob reclaims m = (C^d) % n • Though Eve can eavesdrop C, she cannot decrypt C into m without d.
  • 10. RSA • (m^e)^d % n = m • Public key: (e=3, n=55) then • d= 27 • n and d have to be enormous • 512 (weak), 1024, 2048 bit number • Should do numerical operation for 2048 bit number (617 decimal digits) • Very slow  practical use is only for key exchange, not for data encryption
  • 11. Diffie-Hellman Key Exchange • Eve has Bob’s private key somehow (compromised key) • Alice send shared key encrypted with Bob’s public key • Eve can eavesdrop the message and retrieve the shared key. • Once Eve has the shared key of Alice and Bob, she can see all their messages afterwards • Diffie-Hellman key exchange: Perfect forward secrecy • Public numbers (g, p) and ephemeral numbers a and b. • g is usually 2 • a, b, p is large number (512, 1024, 2048 bit) • Alice chooses a and sends Y(a) = (g^a % p) • Bob chooses b and send Y(b) = (g^b % p) • Alice computes Z = Y(b)^a % p = (g ^ ab % p) • Bob computes Z = Y(a)^b % p = (g ^ ab % p) • Z is shared key
  • 12. Elliptic Curve Cryptography • TLS 1.2 introduced support for Elliptic-Curve Cryptography (ECC) in 2008 • Math • Why ECC? • ECC 80 bit private key ~ RSA 512-bit private key • Public-key operation is O(n), where n is the number of bit in private key
  • 13. Step 3. Authentication • Public key cryptography supported by certificates • Alice receives certificates from Bob • Alice verify certificates whether it is really from Bob and not tampered • Alice has Bob’s public key, then proceeds to key exchange
  • 14. Digital Signature • RSA: (m^e)^d % n = m •  (m^d)^e % n = m • Message encrypted with Alice’s Public Key • Only Alice can read • Message encrypted with Alice’s Private Key • Bob can verify the message is coming from Alice • Identity proof: role of signature • Message with message digest encrypted with Alice’s Private key • Bob can verify the message is coming from Alice, without tampering
  • 15. Message Digest • MD5 (RFC1321) • Transform 512 bit blocks to 128 bit hashes and compute the sum. • Birthday Paradox • How many people needed to have 50% chance that two of them share the same birthday? • 1.1772 * sqrt(n) • MD5 collisions • 50% chance to collide: 2.2 * 10^19 • 2005: MD5 collisions are computed in an hour using commodity hardware • Secure Hash Algorithm (SHA) • SHA-1: 160-bit • SHA-2: 224, 256, 384, 512-bit
  • 16. HMAC (Hash-based Message Authentication Code) • Replay attack to retrieve original data from MD5 hash • If domain is not large, compute all set of (message, MD5) • Ex. Credit card number • Storage can be reduced using rainbow table • HMAC (RFC 2104) • Include secret in the hash: H(m,s), s can be up to 64 byte • Use SHA • SSL • Every SSL records are HMAC’ed before being encrypted to keep message authenticity
  • 17. Digital Signature Algorithms (DSA) • Federal Information Processing Standard (FIPS) for digital signatures • DSA vs RSA signature • DSA is faster in signing, but much slower in verifying • DSA generates smaller signature for same strength • DSA requires 1024 bits key only to be compatible with standard • ECDSA • DSA with elliptic curve cryptography • Smaller signature
  • 18. Step 4. X.509 Certificates • Alice receives a certificate from Bob • How to verify the certificate is from Bob? • SSL uses a “Trusted Intermediary” • Trusted intermediary digitally signs Bob’s public key • Alice must have access to the public key of the trusted intermediary to verify the signature of Bob’s public key • If Mallory does MITM and send to Alice her certificate, not Bob’s certificate? • Other information, like Bob’s name, is included in addition to public key • Certificate: a holder for public key and other information, which is signed by trusted intermediary (CA) • Certificate Authority: a trusted intermediary responsible for signing certificates
  • 19. Certificate Revocation • When there is a problem with the certificate? • Specified cryptography is outdated •  Validity period • The private key is compromised •  Revocation • CAs are responsible for keeping a list of revoked certificates (CRL) • The client should checks it periodically • Key: serial ID • Should be unique within a CA
  • 20. X.509 • International Telecommunication Union (ITU) defines and maintains SSL/TLS certificate format in a series of documents • X.509 : Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks • RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version shall be v3 }
  • 21. Reference • [BPST] Bulletproof SSL and TLS, Ivan Ristic, Feisty Duck • [IST] Implementing SSL/TLS, Joshua Davies, Wiley