Security at the Transport Layer Lecture 6. Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Web Security Network Systems Security
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Cryptography and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
SSL (Secure Socket Layer)
Security at the Transport Layer: SSL and TLS
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

Security at the Transport Layer Lecture 6

Information and Nework Security2 SSL/TLS n SSL was developed by Phil Karlton & Netscape. çThe standards community wanted their own version free from any patents/restrictions n Thus was born TLS, which is very similar to SSL  IETF changed the name to avoid showing bias – and add a few things  E.g: TLS defines additional alert codes  TLS MAC covers compression version field in addition to what SSL MAC covers  TLS v1.0 is very similar to SSL v3.1

Information and Nework Security3 SSL TCP/IP SSL/TLS HTTPNNTPFTPTelnet Other Apps Etc.

Information and Nework Security4 Digital certificates and the CA n Public key cryptography avoids the problem of key distributions but it has its weakness: the public key is public and anyone can forge a public key announcement n Solution: public-key certificate: ç, the whole thing, is signed by a trusted third party (TTP)  The TTP is a certificate authority (CA) çA user can present her public key to the CA in a secure manner and obtain a certificate çThe user can then publish her public key çAnyone needs this user’s public key can obtain the certificate and verify that it is valid by the way of the attached trusted signature

Information and Nework Security5 Client/Server Mutual Authentication n Establish trust with intended recipients n Signed Digital Certificates çServer authenticates Client (optional) çClient authenticates Server

Information and Nework Security6 Secure Sockets Layer (SSL) n SSL is designed to run in user-level process – no need to change the OS (not like IPSec that runs in superuser-level process) n SSL uses TCP only (not UDP), hence it is simple and it does not have to worry about timing out and retransmitting lost data (TCP does that for SSL) n Applications based on TCP needs to change (even minimum) to work with SSL

Information and Nework Security7 Secure Sockets Layer (SSL) n The primary goal of the SSL Protocol is ç To provide privacy and reliability between two communicating applications.  Allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery ( Many applications at Application Layer are based on client/server model )

Information and Nework Security8 SSL – Secure Client/Server Communication n SSL Server authentication allows clients to confirm a server’s identity SSL client authentication allows server to confirm a client’s identity ( optional ) SSL client authentication allows server to confirm a client’s identity ( optional ) n SSL provides confidentiality and integrity çSent information is encrypted çIntegrity check is carried out to detect tampering

Information and Nework Security9 SSL – Secure Client/Server Communication n To allow Secure Client/Server Communication to happen using SSL: çThe peer's identity can be authenticated using certificates [basically using asymmetric (private key cryptography like DES), and public key, cryptography (e.g., RSA, DSS, etc.)]. çEncryption is used after an initial handshake to define a secret key. Secret key cryptography is used for data encryption (e.g., DES, RC4, etc.) çIntegrity check is done using a keyed MAC: Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.

Information and Nework Security10 SSL Main Functions n Negotiates and employs essential functions for secure transactions çMutual Authentication çData Encryption çData Integrity

Information and Nework Security11 SSL Structure ChangeCipher Alert Handshake Record Layer TCP/IP } SSL/TLS Application Layer (http – imap – etc)

Information and Nework Security12 Cipher Suite n n For public-key, secret key encryption and certificate verification we need ç çpublic-key algorithm ç çSecret key encryption algorithm ç çmessage digest (hash) algorithm (MD5, SHA-1, etc) n n This collection is called a cipher suite n n SSL supports many different cipher suites n n Client and server must decide on which one to use n n The client offers a choice; the server picks one

Information and Nework Security13 SSL Protocols n n SSL consists of two protocol layers (The Record Layer and its above layer which consists of ChangeCipherSpec protocol, Alert protocol and Handshake protocol.) n The SSL record protocol: ç takes an application message to be transmitted, ç fragments the data into manageable blocks, ç optionally compresses the data, çapplies MAC, çencrypts, çadds a header and transmits the resulting unit in TCP segment

Information and Nework Security14 SSL Other Protocols n n The Handshake protocol negotiates all options of the session (most important) çThe handshake protocol involves using SSL record protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled client n n The ChangeCipherSpec protocol indicates the channel is ready for secure communications n n The Alert protocol indicates errors or other caution conditions have occurred in the connection

Information and Nework Security15 The Changecipherspec Structure The Changecipherspec Structure n The change cipher spec message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys struct { enum { change_cipher_spec(1), (255) } type; enum { change_cipher_spec(1), (255) } type; } ChangeCipherSpec; } ChangeCipherSpec;

Information and Nework Security16 Alert Message Structure n n The Alert protocol specifies and conveys the status of transmitted messages struct { AlertLevel level; AlertLevel level; AlertDescription description; AlertDescription description; } Alert;

Information and Nework Security17 Handshake Protocol n The TLS Handshake Protocol involves the following steps: çExchange hello messages to agree on algorithms, exchange random values, and check for session resumption. çExchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret. çExchange certificates and cryptographic information to allow the client and server to authenticate themselves. çGenerate a master secret from the premaster secret and exchanged random values. çProvide security parameters to the record layer. çAllow the client and server to verify that their peer has calculated the same security parameters and that the handshake occurred without tampering by an attacker.

Information and Nework Security18 ClientHello Message Structure struct { ProtocolVersion client_version; ProtocolVersion client_version; Random random; Random random; SessionID session_id; SessionID session_id; CipherSuite cipher_suites; CipherSuite cipher_suites; CompressionMethod_list compression_methods; CompressionMethod_list compression_methods; } ClientHello;

Information and Nework Security19 ServerHello Message Structure struct { ProtocolVersion server_version; ProtocolVersion server_version; Random random; Random random; SessionID session_id; SessionID session_id; CipherSuite cipher_suite; CipherSuite cipher_suite; CompressionMethod_list compression_method; CompressionMethod_list compression_method; } ServerHello;

Information and Nework Security20 Message Flow of full Handshake Client Server ClientHello > ServerHello Certificate* ServerKeyExchange* CertificateRequest* < ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished > [ChangeCipherSpec] < Finished Application Data * Indicates optional or situation-dependent messages that are not always sent. Borrowed from rft2246

Information and Nework Security21 Client/Server Server new thread s1 to serve client1 new thread s2 to serve client2 main thread client1 client2 message

Information and Nework Security22 Client/Server Socket Connection Client A Server Original socket Newly returned socket #1 Client B #2 Newly returned socket accept

Information and Nework Security23 Client/Server with TCP and Socket Client must contact server server process must first be running server must have created socket (door) that welcomes client’s contact Client contacts server by: creating client-local TCP socket specifying IP address, port number of server process When client creates socket: client TCP establishes connection to server TCP When contacted by client, server TCP creates new socket for server process to communicate with client –allows server to talk with multiple clients

Information and Nework Security24 TCP socket programming flow ServerClient socket() listen() accept() read() bind() Block until connection from client Process requests write() read() close() socket() write() connect() read() close() well-known port Connection establishment TCP three-way handshake Data (request) Data (reply) End-of-file notification

Information and Nework Security25 SSL Applications – Simple Demo /*We can use SSL to build secure Internet application The purpose of this simple program is to show you how to connect to a secure website using SSL and Java Secure Socket Extension */ //TestSSL.java class public class TestSSL { public static void main(String [] args) { try { new java.net.URL(" + args[0] + "/").getContent(); } catch (Exception exception) { exception.printStackTrace();} } /* you can compile this application on sng: javac TestSSL.java And run it with the security option (load HTTPS protocol handler) : java – Djava.protocol.handler.pkgs=com.sun.net.ssl.internal. – Djavax.net.debug=ssl TestSSL sng.its.monash.edu.au */

Information and Nework Security26 SSL-based Client (skeleton) import javax.net.ssl.*; public class SecureChatClient { public class SecureChatClient { SSLSocket socket; SSLSocket socket; public SecureChatClient() { public SecureChatClient() { try { try { SSLSocketFactory sslFact = (SSLSocketFactory)SSLSocketFactory.getDefault(); socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); /* more code for input/ouput */ /* more code for input/ouput */ } } public static void main(String[] args) { new SecureChatClient(); } } } }

Information and Nework Security27 SSL-based Server (skeleton) import javax.net.ssl.*; import java.security.*; public class SecureChatServer { SSLServerSocket ssocket; SSLSocket clientSocket; public SecureChatServer() { Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs", System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal. "com.sun.net.ssl.internal. try { try { SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); ssocket = (SSLServerSocket)sslSrvFact.createServerSocket(5002); ssocket = (SSLServerSocket)sslSrvFact.createServerSocket(5002); clientSocket = (SSLSocket)ssocket.accept(); …} } …} } public static void main(String[] args) { public static void main(String[] args) { new SecureChatServer(); new SecureChatServer(); }}

Information and Nework Security28 SSL/TLS and IPSec n SSL/TLS is useful for building Secure Network and Internet Applications n Both IPSec and SSL are useful for building VPN n SSL/TLS can be used to provide peer entity authentication such as authentication between client and server of Client/Server software applications. IPSec is used to provide security between hosts and networks n IPSec can be used to enhance the security of the whole network when used with firewalls or routers. SSL/TLS is designed to provide security mainly for Client/Server applications