Mark Brown RedPhone Security

Slides:

Advertisements

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Advertisements

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Internet Security CSCE 813 Transport Layer Security

TESTING CRYPTOGRAPHIC PROTOCOL IMPLEMENTATIONS. Verifying crypto protocols  Lots of formal methods  Good representative: Blanchet’s ProVerif Mainly.

Security at the Transport Layer Lecture 6. Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

We leave the world of cryptography for a while.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

A Survey of WAP Security Architecture Neil Daswani

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –

Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Application Layer Protocol Negotiation

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.

Secure Socket Layer (SSL)

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.

1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt

Web Security Network Systems Security

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

TLS user mapping hint extension Stefan Santesson Microsoft.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Transport Layer Security (TLS) Extensions: Extension Definitions draft-ietf-tls-rfc4366-bis-00.

8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Authorization via TLS Welcome! Simon Josefsson – Security advisor to PDC/KTH Middleware Security Group Meeting Stockholm,

TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.

Advanced Client/Server Authentication in TLS

TLS authentication using ETSI TS and IEEE certificates

Network Security Gene Itkis

CSCE 715: Network Systems Security

COMP3220 Web Infrastructure COMP6218 Web Architecture

GSS-API based Authentication and Key Establishment in TLS

CSE 4095 Transport Layer Security TLS, Part II

Mark A. Shaw CS 522 Project Presentation

MIDP Application Security

TLS 1.3: What has changed Dmitry Belyavskiy Cryptocom.

Chapter 7 WEB Security.

Lecture 8: Transport Level Security – SSL/TLS

(Man in the Middle) MITM in Mesh

Security at the Transport Layer: SSL and TLS

CSCE 815 Network Security Lecture 16

SSL Protocol Figures used in the presentation

Chapter 7 WEB Security.

RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00

Presentation transcript:

Mark Brown RedPhone Security Transport Layer Security (TLS) Authorization Extensions <draft-housley-tls-authz-extns-01.txt> Mark Brown RedPhone Security Russ Housley Vigil Security

Overview (1 of 2) Authorization extensions for the Handshake Protocol in both TLS 1.0 and TLS 1.1 Allow client to provide authorization information to the server Allow server to provide authorization information to the client

Overview (2 of 2) Client Server ClientHello (with AuthorizationData) --------> ServerHello (with AuthorizationData) Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> <-------- Finished Application Data <-------> Application Data

Two Authorization Formats enum { x509_attr_cert(0), saml_assertion(1), x509_attr_cert_url(2), saml_assertion_url(3), (255) } AuthzDataFormat; X.509 Attribute Certificate SAML Assertion URL to fetch either of these, with a hash value to ensure that the correct object was obtained

AuthorizationData (1 of 2) struct { AuthorizationDataEntry authz_data_list<1..2^16-1>; } AuthorizationData; AuthzDataFormat authz_format; select (authz_format) { case x509_attr_cert: X509AttrCert; case saml_assertion: SAMLAssertion; case x509_attr_cert_url: URLandHash; case saml_assertion_url: URLandHash; } authz_data_entry; } AuthorizationDataEntry;

AuthorizationData (2 of 2) opaque X509AttrCert<1..2^16-1>; opaque SAMLAssertion<1..2^16-1>; struct { opaque url<1..2^16-1>; HashType hash_type; select (hash_type) { case sha1: SHA1Hash; case sha256: SHA256Hash; } hash; } URLandHash; enum { sha1(0), sha256(1), (255) } HashType;

Sensitive Authorization Information Solved by double handshake Client Server ClientHello (no AuthorizationData) --------> ServerHello (no AuthorizationData) Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> <-------- Finished (more on next slide)

The rest of the double handshake Client Server ClientHello (with AuthorizationData) --------> ServerHello (with AuthorizationData) Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> <-------- Finished Application Data <-------> Application Data

More efficient with resumption Client Server ClientHello (no AuthorizationData) --------> ServerHello (no AuthorizationData) Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> <-------- Finished (with AuthorizationData) --------> (with AuthorizationData Application Data <-------> Application Data

Open Issue Need to allow an empty AuthorizationData extension Client wants authorization information from the server, so it needs to include the extension in the client hello message Server wants to indicate that the authorization information provided by the client was accepted, but the server has none to provide

Way Forward Should this become a TLS WG document? If not, will proceed as standards-track individual submission