SlideShare a Scribd company logo

Transport layer security

Download as PPTX, PDF
Hrudya Balachandran
Hrudya Balachandran
TechnologyEducation
1 of 26
Transport Layer Security Presented By Hrudya
TLS  IETF standard RFC 2246 similar to SSLv3  with minor differences  in record format version number  uses HMAC for MAC  a pseudo-random function expands secrets  based on HMAC using SHA-1 or MD5  has additional alert codes  some changes in supported ciphers  changes in certificate types & negotiations  changes in crypto computations & padding
Goals  The goals of TLS Protocol, in order of their priority, are: Cryptographic security: TLS should be used to establish a secure connection between two parties.  Interoperability: Independent programmers should be able to develop applications utilizing TLS that will then be able to successfully exchange cryptographic parameters without knowledge of one another's code.  Extensibility: TLS seeks to provide a framework into which new public key and bulk encryption methods can be incorporated as necessary. This will also accomplish two sub-goals: to prevent
Record Layer
Continue  The record layer encapsulates messages for transmission over the underlying communications protocol, usually TCP/IP.  A record begins with a header which includes the version of the protocol, the length of the data in bytes and the type of the message etc
 After the header comes the message data. This is compressed by the compression algorithm that has been negotiated for the connection. The MAC is then calculated for the compressed data and appended to the record.  If a block cipher is in effect for the connection then then a pad is added in order for the message size to be a multiple of the block size of the cipher.
General format of all TLS records
Version Number  The TSL record format is the same as that of SSL Record format.  Record format and the fields in the header have the same meanings.  The one difference is in the version values.  For major version of TLS  Major version = 3  Minor Version = 1
The Record Protocol  When the record protocol receives the data from the application layer, it might perform the following tasks:  Fragments the data into blocks or reassembles fragmented data into its original structure.  Numbers the sequence of data blocks in the message to protect against attacks that attempt to reorder data.  Compresses or decompresses the data using the compression algorithm negotiated in the handshake protocol.  Encrypts or decrypts the data using the encryption keys and cryptographic algorithm negotiated during the handshake protocol.  Applies an HMAC (or, for SSL 3.0, a MAC) to outgoing data. It then computes the HMAC and verifies that it is identical to the value that was transmitted in order to check data integrity when a message is received.
Message Authentication Codes  A Message Authentication Codes (MAC) are used to ensure that messages are not tampered with or otherwise corrupted during transit.  This can be thought of as a digest of the message which includes a secret key.  It is constructed when data is sent, and verified when it is received.  It is not possible to reproduce the digest without knowing both the input text and the key, and thus a would-be attacker needs to know the secret in order to construct a valid MAC for a message that has been altered.
Message Authentication Code  The Message Authentication Code (MAC) used for TLS is HMAC  HMAC is expressed by the following equation, HMACK(M) = H[(K+ opad)||H[(K+ ipad)||M]] Where: : is concatenation M : is the plain-text to be encrypted H : is the hashing function (either MD-5 or SHA-1) K+ : secret key padded with zeros on the left so that the result is equal to the block length of the hash code (for MD-5 and SHA1 block length is 512 bits) ipad : 00110110 (36 in hexa decimal) repeated 64 times (512 bits) opad : 01011101 (5c in hexa decimal) repeated 64 times (512 bits)
 SSLv3 uses the same algorithm , except that  The padding bits are concatenated with the secret key rather than being XORed with the secret key padded to the block length.  The level of security is same in both the cases .
Generation Of Cryptographic Secrets  The generation of cryptographic secrets is more complex in TSL than in SSL.  TSL first defines two functions  Pseudorandom Function  Data Expansion Function
Data Expansion Function  First, we define a data expansion function, P_hash(secret,      data) which uses a single hash function to expand a secret and seed into an arbitrary quantity of output. This function can be considered as multiple section function, where each section creates one hash value . Each section uses HMAC , secret and seed The second seed is the output of the first HMAC of previous function. P_hash can be iterated as many times as is necessary to produce the required quantity of data. For example, if P_SHA-1 was being used to create 64 bytes of data,  it would have to be iterated 4 times , creating 80 bytes of output data;  the last 16 bytes of the final iteration would then be
Pseudorandom Function  TLS makes use of a pseudo random function, referred to as PRF to expand secrets into blocks of data for purpose of key generation and validation.  It uses a relatively small shared secret value to generate longer blocks of data in way that is secure from the kind of attacks made on hash functions and MACs  The PRF is based on Data Expansion Function and is given as  P_hash(secret, seed) = HMAC_hash(secret, A(1) || seed)|| HMAC_hash(secret, A(2) || seed) || HMAC_hash(secret, A(3) || seed) || ... Where + indicates concatenation. A() is defined as: A(0) = seed A(i) = HMAC_hash(secret, A(i-1))
 Usually pseudo random function is the combination of two data     expansion functions one using MD-5 and other using SHA-1 PRF takes 3 inputs a secret , a label and a seed. The label and seed are concatenated and serve as the seed for each data expansion function. The secret is divided into two halves; each half is used as the secret for each data expansion function. The output of two data expansion functions is exclusive or-ed together to create the final expanded secret. The PRF is then defined as  PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed);  S1 and S2 are the two halves of the secret and each is the same length. S1 is taken from the first half of the secret, S2 from the second half.
Alert Codes  TSL supports all of the alert codes defined in SSLv3 with the exception of no-certificate.  A number of additional codes are also defined :
Cipher Suites  Cipher suites define the encryption and hashing functions that will be used by the connection once the handshake concludes as well as the keyexchange method used during the handshake.  There are several small differences between the cipher suites available under SSLv3 and under TLS  Key Exchange :TLS supports all of the key exchange techniques of SSLv3 with the exception of Fortezza.  Symmetric Encryption Algorithms: TLS includes all of the TLS encryption algorithms found in SSLv3 with the exception of Fortezza.
Client Certificate Types  In TLS Client Authentication, the client (browser) uses a certificate to authenticate itself during the TLS handshake.  When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server.  TLS defines the following certificate types to be requested in a certificate_request message:  Rsa_sign  Dss_sign  Rsa_fixed_dh  Dss_fixed_dh  These are all defined in SSLv3.
Certificate Verified and Finished Messages  Certificate Verified : In TLS certificate_verify message , the MD5 and SHA-1 hashes are calculated only over handshake_message  (master secret and pads are excluded because they provide no additional security )  The finished message in TSL is a hash based on the shared master_secret , previous handshake messages and a label that identifies client or server  PRF(master_secret,finished_label,MD5(handshake_messa ges)||SHA-1(handshake_messages))  Where  finished_label is the string “client finished” for client and “server finished” for server
Cryptographic Computations      Pre-master Secret The generation of the premaster secret in TLS is exactly same as in SSL. Master Secret TLS uses the PRF function to create the master secret from the pre-master secret. This is achieved by using  Pre-master secret as the secret  The string “” as the label &  Concatenation of client random number and server random number as seed  Note: label is actually ASCII code of the string “master secret” i.e. label defines the output we want to create - the master secret.  Master_secret = PRF(pre_master_secret,”master secret”,Clienthello.random||serverhello.random)
Key Material  TLS uses the PRF function to create the key material from the master secret . This time  the secret is the master secret ,  the label is the string “key expansion” and  Seed is the concatenation of server random number and client random number.  Key_block = PRF ( master_secret, “key expansion”, SecurityParameters.server_random || SecurityParameters.client_random)
MASTER SECRET Secret “KEY EXPANSION” Label SR| CR Seed PSEUDORANDOM FUNCTION (PRF) KEY MATERIAL

Recommended

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerAbhishek Gupta
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 

Recommended

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerAbhishek Gupta
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3Siddhartha Rao
 
Classification of routing protocols
Classification of routing protocolsClassification of routing protocols
Classification of routing protocolsMenaga Selvaraj
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket LayerDr.Florence Dayana
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithmPrateek Pandey
 
security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
What is pseudo random number
What is pseudo random numberWhat is pseudo random number
What is pseudo random numberAkshay Tikekar
 

More Related Content

What's hot

Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Classification of routing protocols
Classification of routing protocolsClassification of routing protocols
Classification of routing protocolsMenaga Selvaraj
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket LayerDr.Florence Dayana
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 

What's hot (20)

Pgp
PgpPgp
Pgp
 
SSL
SSLSSL
SSL
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
SSL intro
SSL introSSL intro
SSL intro
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
Kerberos
KerberosKerberos
Kerberos
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
block ciphers
block ciphersblock ciphers
block ciphers
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3
 
Classification of routing protocols
Classification of routing protocolsClassification of routing protocols
Classification of routing protocols
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket Layer
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
 

Viewers also liked

security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
What is pseudo random number
What is pseudo random numberWhat is pseudo random number
What is pseudo random numberAkshay Tikekar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
The Ultimate Sequence Diagram Tutorial
The Ultimate Sequence Diagram TutorialThe Ultimate Sequence Diagram Tutorial
The Ultimate Sequence Diagram TutorialCreately
 
Transport layer (computer networks)
Transport layer (computer networks)Transport layer (computer networks)
Transport layer (computer networks)Fatbardh Hysa
 

Viewers also liked (6)

security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer ssl
 
What is pseudo random number
What is pseudo random numberWhat is pseudo random number
What is pseudo random number
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Cryptography
CryptographyCryptography
Cryptography
 
The Ultimate Sequence Diagram Tutorial
The Ultimate Sequence Diagram TutorialThe Ultimate Sequence Diagram Tutorial
The Ultimate Sequence Diagram Tutorial
 
Transport layer (computer networks)
Transport layer (computer networks)Transport layer (computer networks)
Transport layer (computer networks)
 

Similar to Transport layer security

Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Network security
Network securityNetwork security
Network securityanoop negi
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 

Similar to Transport layer security (20)

Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
ssl
sslssl
ssl
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
TLS network
TLS networkTLS network
TLS network
 
Moein
MoeinMoein
Moein
 
Unit 6
Unit 6Unit 6
Unit 6
 
Network security
Network securityNetwork security
Network security
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Survey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile CommunicationSurvey of Hybrid Encryption Algorithm for Mobile Communication
Survey of Hybrid Encryption Algorithm for Mobile Communication
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 

More from Hrudya Balachandran

Tta protocolsfinalppt-140305235749-phpapp02
Tta protocolsfinalppt-140305235749-phpapp02Tta protocolsfinalppt-140305235749-phpapp02
Tta protocolsfinalppt-140305235749-phpapp02Hrudya Balachandran
 
Kerala Science Congress - Poster Presentation
Kerala Science Congress - Poster PresentationKerala Science Congress - Poster Presentation
Kerala Science Congress - Poster PresentationHrudya Balachandran
 
Wavelength selection based on wavelength availability
Wavelength selection based on wavelength availabilityWavelength selection based on wavelength availability
Wavelength selection based on wavelength availabilityHrudya Balachandran
 
Amplifier classes of operation and biasing networks latest
Amplifier classes of operation and biasing networks latestAmplifier classes of operation and biasing networks latest
Amplifier classes of operation and biasing networks latestHrudya Balachandran
 
Two dimensional signals and systems
Two dimensional signals and systemsTwo dimensional signals and systems
Two dimensional signals and systemsHrudya Balachandran
 

More from Hrudya Balachandran (11)

Tta protocolsfinalppt-140305235749-phpapp02
Tta protocolsfinalppt-140305235749-phpapp02Tta protocolsfinalppt-140305235749-phpapp02
Tta protocolsfinalppt-140305235749-phpapp02
 
KSC Paper
KSC Paper KSC Paper
KSC Paper
 
Kerala Science Congress - Poster Presentation
Kerala Science Congress - Poster PresentationKerala Science Congress - Poster Presentation
Kerala Science Congress - Poster Presentation
 
Catv
CatvCatv
Catv
 
Wavelength selection based on wavelength availability
Wavelength selection based on wavelength availabilityWavelength selection based on wavelength availability
Wavelength selection based on wavelength availability
 
Team work
Team work Team work
Team work
 
Fano algorithm
Fano algorithmFano algorithm
Fano algorithm
 
Amplifier classes of operation and biasing networks latest
Amplifier classes of operation and biasing networks latestAmplifier classes of operation and biasing networks latest
Amplifier classes of operation and biasing networks latest
 
Two dimensional signals and systems
Two dimensional signals and systemsTwo dimensional signals and systems
Two dimensional signals and systems
 
GPRS
GPRSGPRS
GPRS
 
Fiber bragg gratings
Fiber bragg gratingsFiber bragg gratings
Fiber bragg gratings
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Transport layer security

  • 2. TLS  IETF standard RFC 2246 similar to SSLv3  with minor differences  in record format version number  uses HMAC for MAC  a pseudo-random function expands secrets  based on HMAC using SHA-1 or MD5  has additional alert codes  some changes in supported ciphers  changes in certificate types & negotiations  changes in crypto computations & padding
  • 3. Goals  The goals of TLS Protocol, in order of their priority, are: Cryptographic security: TLS should be used to establish a secure connection between two parties.  Interoperability: Independent programmers should be able to develop applications utilizing TLS that will then be able to successfully exchange cryptographic parameters without knowledge of one another's code.  Extensibility: TLS seeks to provide a framework into which new public key and bulk encryption methods can be incorporated as necessary. This will also accomplish two sub-goals: to prevent
  • 5. Continue  The record layer encapsulates messages for transmission over the underlying communications protocol, usually TCP/IP.  A record begins with a header which includes the version of the protocol, the length of the data in bytes and the type of the message etc
  • 6.  After the header comes the message data. This is compressed by the compression algorithm that has been negotiated for the connection. The MAC is then calculated for the compressed data and appended to the record.  If a block cipher is in effect for the connection then then a pad is added in order for the message size to be a multiple of the block size of the cipher.
  • 7. General format of all TLS records
  • 8. Version Number  The TSL record format is the same as that of SSL Record format.  Record format and the fields in the header have the same meanings.  The one difference is in the version values.  For major version of TLS  Major version = 3  Minor Version = 1
  • 9. The Record Protocol  When the record protocol receives the data from the application layer, it might perform the following tasks:  Fragments the data into blocks or reassembles fragmented data into its original structure.  Numbers the sequence of data blocks in the message to protect against attacks that attempt to reorder data.  Compresses or decompresses the data using the compression algorithm negotiated in the handshake protocol.  Encrypts or decrypts the data using the encryption keys and cryptographic algorithm negotiated during the handshake protocol.  Applies an HMAC (or, for SSL 3.0, a MAC) to outgoing data. It then computes the HMAC and verifies that it is identical to the value that was transmitted in order to check data integrity when a message is received.
  • 10. Message Authentication Codes  A Message Authentication Codes (MAC) are used to ensure that messages are not tampered with or otherwise corrupted during transit.  This can be thought of as a digest of the message which includes a secret key.  It is constructed when data is sent, and verified when it is received.  It is not possible to reproduce the digest without knowing both the input text and the key, and thus a would-be attacker needs to know the secret in order to construct a valid MAC for a message that has been altered.
  • 11. Message Authentication Code  The Message Authentication Code (MAC) used for TLS is HMAC  HMAC is expressed by the following equation, HMACK(M) = H[(K+ opad)||H[(K+ ipad)||M]] Where: : is concatenation M : is the plain-text to be encrypted H : is the hashing function (either MD-5 or SHA-1) K+ : secret key padded with zeros on the left so that the result is equal to the block length of the hash code (for MD-5 and SHA1 block length is 512 bits) ipad : 00110110 (36 in hexa decimal) repeated 64 times (512 bits) opad : 01011101 (5c in hexa decimal) repeated 64 times (512 bits)
  • 12.  SSLv3 uses the same algorithm , except that  The padding bits are concatenated with the secret key rather than being XORed with the secret key padded to the block length.  The level of security is same in both the cases .
  • 13. Generation Of Cryptographic Secrets  The generation of cryptographic secrets is more complex in TSL than in SSL.  TSL first defines two functions  Pseudorandom Function  Data Expansion Function
  • 14.
  • 15. Data Expansion Function  First, we define a data expansion function, P_hash(secret,      data) which uses a single hash function to expand a secret and seed into an arbitrary quantity of output. This function can be considered as multiple section function, where each section creates one hash value . Each section uses HMAC , secret and seed The second seed is the output of the first HMAC of previous function. P_hash can be iterated as many times as is necessary to produce the required quantity of data. For example, if P_SHA-1 was being used to create 64 bytes of data,  it would have to be iterated 4 times , creating 80 bytes of output data;  the last 16 bytes of the final iteration would then be
  • 16. Pseudorandom Function  TLS makes use of a pseudo random function, referred to as PRF to expand secrets into blocks of data for purpose of key generation and validation.  It uses a relatively small shared secret value to generate longer blocks of data in way that is secure from the kind of attacks made on hash functions and MACs  The PRF is based on Data Expansion Function and is given as  P_hash(secret, seed) = HMAC_hash(secret, A(1) || seed)|| HMAC_hash(secret, A(2) || seed) || HMAC_hash(secret, A(3) || seed) || ... Where + indicates concatenation. A() is defined as: A(0) = seed A(i) = HMAC_hash(secret, A(i-1))
  • 17.  Usually pseudo random function is the combination of two data     expansion functions one using MD-5 and other using SHA-1 PRF takes 3 inputs a secret , a label and a seed. The label and seed are concatenated and serve as the seed for each data expansion function. The secret is divided into two halves; each half is used as the secret for each data expansion function. The output of two data expansion functions is exclusive or-ed together to create the final expanded secret. The PRF is then defined as  PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed);  S1 and S2 are the two halves of the secret and each is the same length. S1 is taken from the first half of the secret, S2 from the second half.
  • 18.
  • 19. Alert Codes  TSL supports all of the alert codes defined in SSLv3 with the exception of no-certificate.  A number of additional codes are also defined :
  • 20. Cipher Suites  Cipher suites define the encryption and hashing functions that will be used by the connection once the handshake concludes as well as the keyexchange method used during the handshake.  There are several small differences between the cipher suites available under SSLv3 and under TLS  Key Exchange :TLS supports all of the key exchange techniques of SSLv3 with the exception of Fortezza.  Symmetric Encryption Algorithms: TLS includes all of the TLS encryption algorithms found in SSLv3 with the exception of Fortezza.
  • 21. Client Certificate Types  In TLS Client Authentication, the client (browser) uses a certificate to authenticate itself during the TLS handshake.  When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server.  TLS defines the following certificate types to be requested in a certificate_request message:  Rsa_sign  Dss_sign  Rsa_fixed_dh  Dss_fixed_dh  These are all defined in SSLv3.
  • 22. Certificate Verified and Finished Messages  Certificate Verified : In TLS certificate_verify message , the MD5 and SHA-1 hashes are calculated only over handshake_message  (master secret and pads are excluded because they provide no additional security )  The finished message in TSL is a hash based on the shared master_secret , previous handshake messages and a label that identifies client or server  PRF(master_secret,finished_label,MD5(handshake_messa ges)||SHA-1(handshake_messages))  Where  finished_label is the string “client finished” for client and “server finished” for server
  • 23. Cryptographic Computations      Pre-master Secret The generation of the premaster secret in TLS is exactly same as in SSL. Master Secret TLS uses the PRF function to create the master secret from the pre-master secret. This is achieved by using  Pre-master secret as the secret  The string “” as the label &  Concatenation of client random number and server random number as seed  Note: label is actually ASCII code of the string “master secret” i.e. label defines the output we want to create - the master secret.  Master_secret = PRF(pre_master_secret,”master secret”,Clienthello.random||serverhello.random)
  • 24.
  • 25. Key Material  TLS uses the PRF function to create the key material from the master secret . This time  the secret is the master secret ,  the label is the string “key expansion” and  Seed is the concatenation of server random number and client random number.  Key_block = PRF ( master_secret, “key expansion”, SecurityParameters.server_random || SecurityParameters.client_random)