TLS authentication using ETSI TS and IEEE certificates

Slides:

Advertisements

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Advertisements

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

We leave the world of cryptography for a while.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

A Survey of WAP Security Architecture Neil Daswani

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –

PKI & SSL Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.

Secure Socket Layer (SSL)

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Web Security Network Systems Security

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

TLS user mapping hint extension Stefan Santesson Microsoft.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

Authorization via TLS Welcome! Simon Josefsson – Security advisor to PDC/KTH Middleware Security Group Meeting Stockholm,

TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.

Advanced Client/Server Authentication in TLS

Key management issues in PGP

IT443 – Network Security Administration Instructor: Bo Sheng

CSCI 555 Adv Computer Security

Network Security Gene Itkis

Mark Brown RedPhone Security

Transmission of IPv6 Packets over IEEE OCB Networks

Secure Sockets Layer (SSL)

CSCE 715: Network Systems Security

COMP3220 Web Infrastructure COMP6218 Web Architecture

GSS-API based Authentication and Key Establishment in TLS

S/MIME T ANANDHAN.

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

CSE 4095 Transport Layer Security TLS, Part II

CSE 4095 Transport Layer Security TLS

SSL (Secure Socket Layer)

Chapter 7 WEB Security.

(Man in the Middle) MITM in Mesh

Security at the Transport Layer: SSL and TLS

CSCE 815 Network Security Lecture 16

SSL Protocol Figures used in the presentation

The Secure Sockets Layer (SSL) Protocol

A Programmer’s Guide to Secure Connections

Chapter 7 WEB Security.

Transport Layer Security (TLS)

Advanced Computer Networks

Presentation transcript:

TLS authentication using ETSI TS 103 097 and IEEE 1609.2 certificates IETF meeting 93 – Prague – TLS WG session Wednesday, July 22, 2015

Objective & Motivations Objective: enable C/S authentication using C-ITS* certificates Motivations: C-ITS networks are highly mobile with a limited bandwidth X.509 certificates are not optimized for bandwidth and delay-sensitive applications Definition of new certificates for C-ITS US: IEEE 1609.2 EU: ETSI TS 103 097 Use case: secured communication between a vehicle and a server on the Internet: e.g. vehicle data upload on a remote log server e.g. vehicle software update e.g. traffic light information via 3G/LTE communication (SPAT) Authentication between an ITS-Station and a server should be possible using C- ITS certificates e.g.1: rent company e.g.2: vehicle manufacturer SPAT = Signal Phase and Timing adapter = adjust *C-ITS: Co-operative Intelligent Transportation System

Modifications on TLS Handshake Client Server ClientHello /* cert_type extension */ ----------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* Certificate <---------- ServerHelloDone ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data <---------> Restrictions on CertificateRequest message RFC 6091 (deprecated) RFC 7250 * Indicates optional or situation-dependent messages that are not always sent.

Technical modifications ClientHello and ServerHello messages of the handshake protocol SHALL include the cert_type extension [RFC 6091] enum { X.509(0), OpenPGP(1), RawPublicKey(2), IEEE(TBD), ETSI(TBD), (255) }CertificateType; RFC 6091 (deprecated) RFC 7250

Technical specifications CertificateRequest SHALL be filled with the following values: CertificateRequest as defined in [RFC 5246] enum { rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), fortezza_dms_RESERVED(20), ECDSA_sign(64), (255) }ClientCertificateType; opaque DistinguishedName<1..2^16-1>; struct { ClientCertificateType certificate_types<1..2^8-1>; SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; DistinguishedName certificate_authorities<0..2^16-1>; }CertificateRequest; Filled values ClientCertificateType ECDSA_sign(64) SignatureAndHashAlgorithm {0x04,0x03} (ECDSA-SHA256) DistinguishedName List of HashedId8 [ETSI TS 103 097] (The server informs the client about the certificate authorities it trusts to help the client to select a corresponding certificate)

Thank you!

Verification of ETSI certificate ETSI TS 103 097 certificate format: version signer_info subject_info verification /encryption keys assurance_level ItsAid_ssp list validity_restrictions signature 1. Verify that the certificate content is conform to one of ETSI profiles. 2. Verify the certificate’s signer identity: IF The certificate digest included in signer_info is known: Go to step 3. ELSE: IF It is a root certificate digest: Verification failed (error – untrusted root CA). Pause the current certificate verification process and start verification of the next certificate in the chain recursively by restarting from step 1. Once verified, resume the certificate verification. 3. Verify that the certificate is not in the Certificate Revocation List (CRL). 4. Verify the signature of the certificate (see [10] for details). 5. Verify subject_info: subject_name shall be a 32 bytes hash of the server URL. Note that this step is only done by clients. Servers shall ignore this step. 6. Verify validity_restrictions: only time validity is checked, space validity (geographical region) is ignored. 7. Verifity its_aid_ssp: ITS-AID included in the certificate shall be consistent with those included in the signer’s certificate (heritage).