Security at the Transport Layer Lecture 6

Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community wanted their own version free from any patents/restrictions n Thus was born TLS, which is very similar to SSL  IETF changed the name to avoid showing bias – and add a few things  E.g: TLS defines additional alert codes  TLS MAC covers compression version field in addition to what SSL MAC covers  TLS v1.0 is very similar to SSL v3.1

Information and Nework Security3 SSL TCP/IP SSL/TLS HTTPNNTPFTPTelnet Other Apps Etc.

Information and Nework Security4 Digital certificates and the CA n Public key cryptography avoids the problem of key distributions but it has its weakness: the public key is public and anyone can forge a public key announcement n Solution: public-key certificate: ç, the whole thing, is signed by a trusted third party (TTP)  The TTP is a certificate authority (CA) çA user can present her public key to the CA in a secure manner and obtain a certificate çThe user can then publish her public key çAnyone needs this user’s public key can obtain the certificate and verify that it is valid by the way of the attached trusted signature

Information and Nework Security5 Client/Server Mutual Authentication n Establish trust with intended recipients n Signed Digital Certificates çServer authenticates Client (optional) çClient authenticates Server

Information and Nework Security6 Secure Sockets Layer (SSL) n SSL is designed to run in user-level process – no need to change the OS (not like IPSec that runs in superuser-level process) n SSL uses TCP only (not UDP), hence it is simple and it does not have to worry about timing out and retransmitting lost data (TCP does that for SSL) n Applications based on TCP needs to change (even minimum) to work with SSL

Information and Nework Security7 Secure Sockets Layer (SSL) n The primary goal of the SSL Protocol is ç To provide privacy and reliability between two communicating applications.  Allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery ( Many applications at Application Layer are based on client/server model )

Information and Nework Security8 SSL – Secure Client/Server Communication n SSL Server authentication allows clients to confirm a server’s identity SSL client authentication allows server to confirm a client’s identity ( optional ) SSL client authentication allows server to confirm a client’s identity ( optional ) n SSL provides confidentiality and integrity çSent information is encrypted çIntegrity check is carried out to detect tampering

Information and Nework Security9 SSL – Secure Client/Server Communication n To allow Secure Client/Server Communication to happen using SSL: çThe peer's identity can be authenticated using certificates [basically using asymmetric (private key cryptography like DES), and public key, cryptography (e.g., RSA, DSS, etc.)]. çEncryption is used after an initial handshake to define a secret key. Secret key cryptography is used for data encryption (e.g., DES, RC4, etc.) çIntegrity check is done using a keyed MAC: Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.

Information and Nework Security10 SSL Main Functions n Negotiates and employs essential functions for secure transactions çMutual Authentication çData Encryption çData Integrity

Information and Nework Security11 SSL Structure ChangeCipher Alert Handshake Record Layer TCP/IP } SSL/TLS Application Layer (http – imap – etc)

Information and Nework Security12 Cipher Suite n n For public-key, secret key encryption and certificate verification we need ç çpublic-key algorithm ç çSecret key encryption algorithm ç çmessage digest (hash) algorithm (MD5, SHA-1, etc) n n This collection is called a cipher suite n n SSL supports many different cipher suites n n Client and server must decide on which one to use n n The client offers a choice; the server picks one

Information and Nework Security13 SSL Protocols n n SSL consists of two protocol layers (The Record Layer and its above layer which consists of ChangeCipherSpec protocol, Alert protocol and Handshake protocol.) n The SSL record protocol: ç takes an application message to be transmitted, ç fragments the data into manageable blocks, ç optionally compresses the data, çapplies MAC, çencrypts, çadds a header and transmits the resulting unit in TCP segment

Information and Nework Security14 SSL Other Protocols n n The Handshake protocol negotiates all options of the session (most important) çThe handshake protocol involves using SSL record protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled client n n The ChangeCipherSpec protocol indicates the channel is ready for secure communications n n The Alert protocol indicates errors or other caution conditions have occurred in the connection

Information and Nework Security15 The Changecipherspec Structure The Changecipherspec Structure n The change cipher spec message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys struct { enum { change_cipher_spec(1), (255) } type; enum { change_cipher_spec(1), (255) } type; } ChangeCipherSpec; } ChangeCipherSpec;

Information and Nework Security16 Alert Message Structure n n The Alert protocol specifies and conveys the status of transmitted messages struct { AlertLevel level; AlertLevel level; AlertDescription description; AlertDescription description; } Alert;

Information and Nework Security17 Handshake Protocol n The TLS Handshake Protocol involves the following steps: çExchange hello messages to agree on algorithms, exchange random values, and check for session resumption. çExchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret. çExchange certificates and cryptographic information to allow the client and server to authenticate themselves. çGenerate a master secret from the premaster secret and exchanged random values. çProvide security parameters to the record layer. çAllow the client and server to verify that their peer has calculated the same security parameters and that the handshake occurred without tampering by an attacker.

Information and Nework Security18 ClientHello Message Structure struct { ProtocolVersion client_version; ProtocolVersion client_version; Random random; Random random; SessionID session_id; SessionID session_id; CipherSuite cipher_suites; CipherSuite cipher_suites; CompressionMethod_list compression_methods; CompressionMethod_list compression_methods; } ClientHello;

Information and Nework Security19 ServerHello Message Structure struct { ProtocolVersion server_version; ProtocolVersion server_version; Random random; Random random; SessionID session_id; SessionID session_id; CipherSuite cipher_suite; CipherSuite cipher_suite; CompressionMethod_list compression_method; CompressionMethod_list compression_method; } ServerHello;

Information and Nework Security20 Message Flow of full Handshake Client Server ClientHello > ServerHello Certificate* ServerKeyExchange* CertificateRequest* < ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished > [ChangeCipherSpec] < Finished Application Data * Indicates optional or situation-dependent messages that are not always sent. Borrowed from rft2246

Information and Nework Security21 Client/Server Server new thread s1 to serve client1 new thread s2 to serve client2 main thread client1 client2 message

Information and Nework Security22 Client/Server Socket Connection Client A Server Original socket Newly returned socket #1 Client B #2 Newly returned socket accept

Information and Nework Security23 Client/Server with TCP and Socket Client must contact server server process must first be running server must have created socket (door) that welcomes client’s contact Client contacts server by: creating client-local TCP socket specifying IP address, port number of server process When client creates socket: client TCP establishes connection to server TCP When contacted by client, server TCP creates new socket for server process to communicate with client –allows server to talk with multiple clients

Information and Nework Security24 TCP socket programming flow ServerClient socket() listen() accept() read() bind() Block until connection from client Process requests write() read() close() socket() write() connect() read() close() well-known port Connection establishment TCP three-way handshake Data (request) Data (reply) End-of-file notification

Information and Nework Security25 SSL Applications – Simple Demo /*We can use SSL to build secure Internet application The purpose of this simple program is to show you how to connect to a secure website using SSL and Java Secure Socket Extension */ //TestSSL.java class public class TestSSL { public static void main(String [] args) { try { new java.net.URL(" + args[0] + "/").getContent(); } catch (Exception exception) { exception.printStackTrace();} } /* you can compile this application on sng: javac TestSSL.java And run it with the security option (load HTTPS protocol handler) : java – Djava.protocol.handler.pkgs=com.sun.net.ssl.internal. – Djavax.net.debug=ssl TestSSL sng.its.monash.edu.au */

Information and Nework Security26 SSL-based Client (skeleton) import javax.net.ssl.*; public class SecureChatClient { public class SecureChatClient { SSLSocket socket; SSLSocket socket; public SecureChatClient() { public SecureChatClient() { try { try { SSLSocketFactory sslFact = (SSLSocketFactory)SSLSocketFactory.getDefault(); socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); /* more code for input/ouput */ /* more code for input/ouput */ } } public static void main(String[] args) { new SecureChatClient(); } } } }

Information and Nework Security27 SSL-based Server (skeleton) import javax.net.ssl.*; import java.security.*; public class SecureChatServer { SSLServerSocket ssocket; SSLSocket clientSocket; public SecureChatServer() { Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs", System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal. "com.sun.net.ssl.internal. try { try { SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); ssocket = (SSLServerSocket)sslSrvFact.createServerSocket(5002); ssocket = (SSLServerSocket)sslSrvFact.createServerSocket(5002); clientSocket = (SSLSocket)ssocket.accept(); …} } …} } public static void main(String[] args) { public static void main(String[] args) { new SecureChatServer(); new SecureChatServer(); }}

Information and Nework Security28 SSL/TLS and IPSec n SSL/TLS is useful for building Secure Network and Internet Applications n Both IPSec and SSL are useful for building VPN n SSL/TLS can be used to provide peer entity authentication such as authentication between client and server of Client/Server software applications. IPSec is used to provide security between hosts and networks n IPSec can be used to enhance the security of the whole network when used with firewalls or routers. SSL/TLS is designed to provide security mainly for Client/Server applications