CS 465 TLS Last Updated: Oct 31, 2017.

Slides:

Advertisements

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Advertisements

Web security: SSL and TLS

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Cryptography and Network Security

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Web Security (SSL / TLS)

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Cryptography and Network Security Chapter 17

Chapter 8 Web Security.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

CSCI 6962: Server-side Design and Programming

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Computer and Network Security

The Secure Sockets Layer (SSL) Protocol

IT443 – Network Security Administration Instructor: Bo Sheng

CSCI 555 Adv Computer Security

Security Outline Encryption Algorithms Authentication Protocols

Cryptography and Network Security

Secure Sockets Layer (SSL)

UNIT.4 IP Security.

CSCE 715: Network Systems Security

Visit for more Learning Resources

BINF 711 Amr El Mougy Sherif Ismail

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

CSE 4095 Transport Layer Security TLS, Part II

CSE 4095 Transport Layer Security TLS

Cryptography and Network Security

Cryptography and Network Security Chapter 16

刘振上海交通大学计算机科学与工程系电信群楼3-509

Cryptography and Network Security

SSL (Secure Socket Layer)

Security at the Transport Layer: SSL and TLS

CSCE 815 Network Security Lecture 16

TLS and DLP Behind the green lock.

The Secure Sockets Layer (SSL) Protocol

Cryptography and Network Security Chapter 16

A Programmer’s Guide to Secure Connections

Transport Layer Security (TLS)

刘振上海交通大学计算机科学与工程系电信群楼3-509

Cryptography and Network Security

Cryptography Lecture 27.

TLS Encryption and Decryption

Presentation transcript:

CS 465 TLS Last Updated: Oct 31, 2017

Student Learning Goals Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic primitives are used and why? Understand session resumption Understand the limitations of TLS

Genesis of TLS SSLv1 (1994) Netscape unreleased SSLv2 (1994) Netscape First release PCT (1995) Microsoft SSLv3 (1995) Netscape STLP (1996) Microsoft TLS 1.0 (1997-1999) IETF (aka SSLv3.1) WTLS (1998) WAP Forum TLS 1.1 (2006) TLS 1.2 (2008) Source: SSL and TLS, Rescorla

SSL Record Protocol Operation Source: Network Security Essentials (Stallings)

SSL Record Format SSL Record Format Source: Network Security Essentials (Stallings)

RSA Key Exchange Method Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Client Key Exchange [Pre-master secret encrypted with server public key] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

RSA Key Exchange Method Client Mutual Authentication Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Certificate Client Key Exchange [Pre-master secret encrypted with server public key] Certificate Verify Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

DHE Key Exchange Method Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate [chain of X.509 Certs] Server Key Exchange [signed DH info] Random_client, Random_server, g, p, server DH param Server Hello Done Client Key Exchange [client DH public param] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

Key Material for TLS RSA DHE Client generates pre-master secret Sends to server encrypted with servers public key DHE DH shared key is the pre-master secret Pre-master secret and random values used to compute master secret Master secret and random values used to compute key block material Key block contains 4 or 6 keys Two keys for AES, 2 keys for MAC, 2 keys (IV) for block cipher mode if needed

Perfect Forward Secrecy In vanilla RSA, the premaster secret is encrypted with the server’s public key If the server’s private key is compromised all past and future sessions are also compromised Majority of TLS uses vanilla RSA Alternatives Ephemeral Diffie-Hellman (DHE-RSA) Elliptic curve variation is faster (ECDHE)

Forward Secrecy Using an ephemeral key Even if the server’s private key is later compromised, past sessions cannot be decrypted, even if captured and stored by a third party

TLS 1.3 https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ Reduced round trips in the handshake Certificates are encrypted Quick session resumption

Review Questions How many shared keys are derived between a client and a server that establish a TLS session? How does the server prove ownership of its private key? How does the client prove ownership of its private key when client authentication is (rarely) used? What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption?

Review Questions How many shared keys are derived between a client and a server that establish a TLS session? Each side generates 4-6 keys How does the server prove ownership of its private key? Implicitly by decrypting the pre-master secret and finishing handshake How does the client prove ownership of its private key when client authentication is (rarely) used? Send digital signature to the server What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption? Finished message

Limitations/Issues Certificate Authority system TLS Proxies TLS Inspection Proxies, Middleboxes Other approaches Pinning (TOFU) Notaries (Crowd) DANE (DNS-based)