2. 8: Network Security 8-2
Secure sockets layer (SSL)
• provides transport layer security to any TCP-based application
using SSL services.
– e.g., between Web browsers, servers for e-commerce (shttp)
• security services:
– server authentication, data encryption, client authentication (optional)
TCP
IP
TCP enhanced with SSL
TCP
socket
Application
TCP
IP
TCP API
SSL sublayer
Application
SSL
socket
3. TCP Handshake & SSL Handshake
1. Handshake:
• Bob establishes TCP
connection to Alice
• authenticates Alice via
CA signed certificate
• creates, encrypts (using
Alice’s public key),
sends master secret key
to Alice
decrypt using
KA
-
to get MS
create
Master
Secret
(MS)
4. 8-4
2. Key Derivation:
• Alice, Bob use shared secret (MS) to generate 4 keys:
– EB: Bob->Alice data encryption key
– MB: Bob->Alice MAC key
– EA: Alice->Bob data encryption key
– MA: Alice->Bob MAC key
Used for sending data
from Bob to Alice
Used for sending data
from Alice to Bob
Now, both Bob and Alice share the same 4 keys
(Ea,Ma,Eb,Mb)
5. H( ).
MB
b1b2b3 … bn
d
d H(d)
d H(d)
H( ).
EB
byte stream:
block n bytes
together
SSL seq. #
d H(d)Type Ver Len
SSL record
encrypted using EBunencrypted
b1b2b3 … bn
d
d H(d)
d H(d)
decrypt using
EB & SSL seq.#
d H(d)Type Ver Len
encrypted using EBunencrypted
TCP/IP Transmission
Check for integrity
MB
3. Data Transfer
6. 8-6
4. Connection Closure
• SSL 2.0 terminates the underlying TCP connection
by simply sending TCP FIN segment
=> give chances for Truncation Attack
• Solution:
SSL 3.0 (TLS) introduces closing handshake,
the recipient knows the message has not ended until this
action has been performed.