Published on


Published in: Technology, Education
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Tutorial introduction for those with no or little familiarity with security, SSL/TLS or Public Key Infrastructures will start with basic concepts and then as the presentation progresses drill deeper into the technology since different experiences in the group how application can communicate securely over the Internet using SSL/TLS & Certificates
  • SSL

    1. 1. An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet
    2. 2. CertCo Overview <ul><li>Background </li></ul><ul><li>Established in 1996. Banker’s Trust spinoff. Privately held. </li></ul><ul><li>Mission </li></ul><ul><li>CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce. </li></ul><ul><li>Expertise </li></ul><ul><li>Cryptography, risk management, law, technology and banking. </li></ul><ul><li>Location </li></ul><ul><li>Headquarters: New York City </li></ul><ul><li>Regional Offices: Cambridge (MA), Washington, DC, United Kingdom. </li></ul>
    3. 3. Outline <ul><li>Problem: Creating applications which can communicate securely over the Internet </li></ul><ul><li>TLS: Transport Layer Security (SSL) </li></ul><ul><li>Certificates </li></ul><ul><li>Related technology: S-HTTP, IPSec, SET, SASL </li></ul><ul><li>References </li></ul>
    4. 4. Security Issues <ul><li>Privacy </li></ul><ul><ul><li>Anyone can see content </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Someone might alter content </li></ul></ul><ul><li>Authentication </li></ul><ul><ul><li>Not clear who you are talking with </li></ul></ul>
    5. 5. TLS: Transport Layer Security <ul><li>formerly known as SSL: Secure Sockets Layer </li></ul><ul><li>Addresses issues of privacy, integrity and authentication </li></ul><ul><ul><li>What is it? </li></ul></ul><ul><ul><li>How does it address the issues? </li></ul></ul><ul><ul><li>How is it used </li></ul></ul>
    6. 6. What is TLS? <ul><li>Protocol layer </li></ul><ul><li>Requires reliable transport layer (e.g. TCP) </li></ul><ul><li>Supports any application protocols </li></ul>IP TCP TLS HTTP Telnet FTP LDAP
    7. 7. TLS: Privacy <ul><li>Encrypt message so it cannot be read </li></ul><ul><li>Use conventional cryptography with shared key </li></ul><ul><ul><li>DES, 3DES </li></ul></ul><ul><ul><li>RC2, RC4 </li></ul></ul><ul><ul><li>IDEA </li></ul></ul>A Message Message B $%&#!@
    8. 8. TLS:Key Exchange <ul><li>Need secure method to exchange secret key </li></ul><ul><li>Use public key encryption for this </li></ul><ul><ul><li>“ key pair” is used - either one can encrypt and then the other can decrypt </li></ul></ul><ul><ul><li>slower than conventional cryptography </li></ul></ul><ul><ul><li>share one key, keep the other private </li></ul></ul><ul><li>Choices are RSA or Diffie-Hellman </li></ul>
    9. 9. TLS: Integrity <ul><li>Compute fixed-length Message Authentication Code (MAC) </li></ul><ul><ul><li>Includes hash of message </li></ul></ul><ul><ul><li>Includes a shared secret </li></ul></ul><ul><ul><li>Include sequence number </li></ul></ul><ul><li>Transmit MAC with message </li></ul>
    10. 10. TLS: Integrity <ul><li>Receiver creates new MAC </li></ul><ul><ul><li>should match transmitted MAC </li></ul></ul><ul><li>TLS allows MD5, SHA-1 </li></ul>A B Message’ MAC’ MAC =? Message MAC
    11. 11. TLS: Authentication <ul><li>Verify identities of participants </li></ul><ul><li>Client authentication is optional </li></ul><ul><li>Certificate is used to associate identity with public key and other attributes </li></ul>A Certificate B Certificate
    12. 12. TLS: Overview <ul><li>Establish a session </li></ul><ul><ul><li>Agree on algorithms </li></ul></ul><ul><ul><li>Share secrets </li></ul></ul><ul><ul><li>Perform authentication </li></ul></ul><ul><li>Transfer application data </li></ul><ul><ul><li>Ensure privacy and integrity </li></ul></ul>
    13. 13. TLS: Architecture <ul><li>TLS defines Record Protocol to transfer application and TLS information </li></ul><ul><li>A session is established using a Handshake Protocol </li></ul>TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec
    14. 14. TLS: Record Protocol
    15. 15. TLS: Handshake <ul><li>Negotiate Cipher-Suite Algorithms </li></ul><ul><ul><li>Symmetric cipher to use </li></ul></ul><ul><ul><li>Key exchange method </li></ul></ul><ul><ul><li>Message digest function </li></ul></ul><ul><li>Establish and share master secret </li></ul><ul><li>Optionally authenticate server and/or client </li></ul>
    16. 16. Handshake Phases <ul><li>Hello messages </li></ul><ul><li>Certificate and Key Exchange messages </li></ul><ul><li>Change CipherSpec and Finished messages </li></ul>
    17. 17. TLS: Hello <ul><li>Client “ Hello ” - initiates session </li></ul><ul><ul><li>Propose protocol version </li></ul></ul><ul><ul><li>Propose cipher suite </li></ul></ul><ul><ul><li>Server chooses protocol and suite </li></ul></ul><ul><li>Client may request use of cached session </li></ul><ul><ul><li>Server chooses whether to honor request </li></ul></ul>
    18. 18. TLS: Key Exchange <ul><li>Server sends certificate containing public key (RSA) or Diffie-Hellman parameters </li></ul><ul><li>Client sends encrypted “pre-master” secret to server using Client Key Exchange message </li></ul><ul><li>Master secret calculated </li></ul><ul><ul><li>Use random values passed in Client and Server Hello messages </li></ul></ul>
    19. 19. Public Key Certificates <ul><li>X.509 Certificate associates public key with identity </li></ul><ul><li>Certification Authority (CA) creates certificate </li></ul><ul><ul><li>Adheres to policies and verifies identity </li></ul></ul><ul><ul><li>Signs certificate </li></ul></ul><ul><li>User of Certificate must ensure it is valid </li></ul>
    20. 20. Validating a Certificate <ul><li>Must recognize accepted CA in certificate chain </li></ul><ul><ul><li>One CA may issue certificate for another CA </li></ul></ul><ul><li>Must verify that certificate has not been revoked </li></ul><ul><ul><li>CA publishes Certificate Revocation List (CRL) </li></ul></ul>
    21. 21. X.509: Certificate Content <ul><li>Version </li></ul><ul><li>Serial Number </li></ul><ul><li>Signature Algorithm Identifier </li></ul><ul><ul><li>Object Identifier (OID) </li></ul></ul><ul><ul><li>e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 1} </li></ul></ul><ul><li>Issuer (CA) X.500 name </li></ul><ul><li>Validity Period (Start,End) </li></ul><ul><li>Subject X.500 name </li></ul><ul><li>Subject Public Key </li></ul><ul><ul><li>Algorithm </li></ul></ul><ul><ul><li>Value </li></ul></ul><ul><li>Issuer Unique Id (Version 2 ,3) </li></ul><ul><li>Subject Unique Id (Version 2,3) </li></ul><ul><li>Extensions (version 3) </li></ul><ul><ul><li>optional </li></ul></ul><ul><li>CA digital Signature </li></ul>
    22. 22. Subject Names <ul><li>X.500 Distinguished Name (DN) </li></ul><ul><li>Associated with node in hierarchical directory (X.500) </li></ul><ul><li>Each node has Relative Distinguished Name (RDN) </li></ul><ul><ul><li>Path for parent node </li></ul></ul><ul><ul><li>Unique set of attribute/value pairs for this node </li></ul></ul>
    23. 23. Example Subject Name <ul><li>Country at Highest Level (e.g. US) </li></ul><ul><li>Organization typically at next level (e.g. CertCo) </li></ul><ul><li>Individual below (e.g. Common Name “Elizabeth” with Id = 1) </li></ul><ul><ul><li>DN = { </li></ul></ul><ul><ul><ul><li>C=US; </li></ul></ul></ul><ul><ul><ul><li>O=CertCo; </li></ul></ul></ul><ul><ul><ul><li>CN=Elizabeth, ID=1} </li></ul></ul></ul>
    24. 24. Version 3 Certificates <ul><li>Version 3 X.509 Certificates support alternative name formats as extensions </li></ul><ul><ul><li>X.500 names </li></ul></ul><ul><ul><li>Internet domain names </li></ul></ul><ul><ul><li>e-mail addresses </li></ul></ul><ul><ul><li>URLs </li></ul></ul><ul><li>Certificate may include more than one name </li></ul>
    25. 25. Certificate Signature <ul><li>RSA Signature </li></ul><ul><ul><li>Create hash of certificate </li></ul></ul><ul><ul><li>Encrypt using CA’s private key </li></ul></ul><ul><li>Signature verification </li></ul><ul><ul><li>Decrypt using CA’s public key </li></ul></ul><ul><ul><li>Verify hash </li></ul></ul>
    26. 26. TLS: ServerKeyExchange <ul><li>Client </li></ul><ul><li>ClientHello </li></ul><ul><ul><li>Server </li></ul></ul><ul><ul><li>ServerHello </li></ul></ul><ul><ul><li>Certificate </li></ul></ul><ul><ul><li>ServerKeyExchange </li></ul></ul>
    27. 27. TLS: Certificate Request <ul><li>Client </li></ul><ul><li>ClientHello </li></ul><ul><ul><li>Server </li></ul></ul><ul><ul><li>ServerHello </li></ul></ul><ul><ul><li>Certificate </li></ul></ul><ul><ul><li>ServerKeyExchange </li></ul></ul><ul><ul><li>CertificateRequest </li></ul></ul>
    28. 28. TLS: Client Certificate <ul><li>Client </li></ul><ul><li>ClientHello </li></ul><ul><li>ClientCertificate </li></ul><ul><li>ClientKeyExchange </li></ul><ul><ul><li>Server </li></ul></ul><ul><ul><li>ServerHello </li></ul></ul><ul><ul><li>Certificate </li></ul></ul><ul><ul><li>ServerKeyExchange </li></ul></ul><ul><ul><li>CertificateRequest </li></ul></ul>
    29. 29. TLS: Change Cipher Spec, Finished <ul><li>Client </li></ul><ul><li>[ChangeCipherSpec] </li></ul><ul><li>Finished </li></ul><ul><li>Application Data </li></ul><ul><ul><li>Server </li></ul></ul><ul><ul><li>[ChangeCipherSpec] </li></ul></ul><ul><ul><li>Finished </li></ul></ul><ul><ul><li>Application Data </li></ul></ul>
    30. 30. TLS: Change Cipher Spec/Finished <ul><li>Change Cipher Spec </li></ul><ul><ul><li>Announce switch to negotiated algorithms and values </li></ul></ul><ul><li>Finished </li></ul><ul><ul><li>Send copy of handshake using new session </li></ul></ul><ul><ul><li>Permits validation of handshake </li></ul></ul>
    31. 31. TLS: Using a Session <ul><li>Client </li></ul><ul><li>ClientHello (Session #) </li></ul><ul><li>[ChangeCipherSpec] </li></ul><ul><li>Finished </li></ul><ul><li>Application Data </li></ul><ul><ul><li>Server </li></ul></ul><ul><ul><li>ServerHello (Session #) </li></ul></ul><ul><ul><li>[ChangeCipherSpec] </li></ul></ul><ul><ul><li>Finished </li></ul></ul><ul><ul><li>Application Data </li></ul></ul>
    32. 32. Changes from SSL 3.0 to TLS <ul><li>Fortezza removed </li></ul><ul><li>Additional Alerts added </li></ul><ul><li>Modification to hash calculations </li></ul><ul><li>Protocol version 3.1 in ClientHello, ServerHello </li></ul>
    33. 33. TLS: HTTP Application <ul><li>HTTP most common TLS application </li></ul><ul><ul><li>https:// </li></ul></ul><ul><li>Requires TLS-capable web server </li></ul><ul><li>Requires TLS-capable web browser </li></ul><ul><ul><li>Netscape Navigator </li></ul></ul><ul><ul><li>Internet Explorer </li></ul></ul><ul><ul><li>Cryptozilla </li></ul></ul><ul><ul><ul><li>Netscape Mozilla sources with SSLeay </li></ul></ul></ul>
    34. 34. Web Servers <ul><li>Apache-SSL </li></ul><ul><li>Apache mod_ssl </li></ul><ul><li>Stronghold </li></ul><ul><li>Roxen </li></ul><ul><li>iNetStore </li></ul>
    35. 35. Other Applications <ul><li>Telnet </li></ul><ul><li>FTP </li></ul><ul><li>LDAP </li></ul><ul><li>POP </li></ul><ul><li>SSLrsh </li></ul><ul><li>Commercial Proxies </li></ul>
    36. 36. TLS: Implementation <ul><li>Cryptographic Libraries </li></ul><ul><ul><li>RSARef, BSAFE </li></ul></ul><ul><li>TLS/SSL packages </li></ul><ul><ul><li>SSLeay </li></ul></ul><ul><ul><li>SSLRef </li></ul></ul>
    37. 37. X.509 Certificate Issues <ul><li>Certificate Administration is complex </li></ul><ul><ul><li>Hierarchy of Certification Authorities </li></ul></ul><ul><ul><li>Mechanisms for requesting, issuing, revoking certificates </li></ul></ul><ul><li>X.500 names are complicated </li></ul><ul><li>Description formats are cumbersome (ASN.1) </li></ul>
    38. 38. X.509 Alternative: SDSI <ul><ul><li>SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson) </li></ul></ul><ul><ul><ul><li>Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0 </li></ul></ul></ul><ul><ul><ul><li>Eliminate X.500 names - use DNS and text </li></ul></ul></ul><ul><ul><ul><li>Everyone is their own CA </li></ul></ul></ul><ul><ul><ul><li>Instead of ASN.1 use “S-expressions” and simple syntax </li></ul></ul></ul><ul><ul><ul><li>Name and Authorization certificates </li></ul></ul></ul>
    39. 39. TLS “Alternatives” <ul><li>S-HTTP: secure HTTP protocol, shttp:// </li></ul><ul><li>IPSec: secure IP </li></ul><ul><li>SET: Secure Electronic Transaction </li></ul><ul><ul><li>Protocol and infrastructure for bank card payments </li></ul></ul><ul><li>SASL: Simple Authentication and Security Layer (RFC 2222) </li></ul>
    40. 40. Summary <ul><li>SSL/TLS addresses the need for security in Internet communications </li></ul><ul><ul><li>Privacy - conventional encryption </li></ul></ul><ul><ul><li>Integrity - Message Authentication Codes </li></ul></ul><ul><ul><li>Authentication - X.509 certificates </li></ul></ul><ul><li>SSL in use today with web browsers and servers </li></ul>
    41. 41. References - 1 <ul><li>Engelschall, Ralph, mod_ssl, <> </li></ul><ul><li>Ford, Warwick, Baum, Michael S. Secure Electronic Commerce , Prentice Hall 1997. </li></ul><ul><li>Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, <> </li></ul><ul><li>Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”, <> </li></ul><ul><li>Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World , Prentice Hall, 1995. </li></ul>
    42. 42. References - 2 <ul><li>Rivest, Ron, SDSI, <> </li></ul><ul><li>Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall, 1999. </li></ul><ul><li>Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <> </li></ul><ul><li>Internet Drafts and RFCs <>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents. </li></ul><ul><li>PKCS standards: <> </li></ul>
    43. 43. References - 3 <ul><li>Microsoft Security Documents <> </li></ul><ul><li>Netscape Security Documents <> </li></ul>