An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch

Slides:



Advertisements
Similar presentations
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Cryptography and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Cryptography and Network Security
Cryptography and Network Security
SSL (Secure Socket Layer)
CSCE 815 Network Security Lecture 16
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch

2 CertCo Overview Background Established in Banker’s Trust spinoff. Privately held. Mission CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce. Expertise Cryptography, risk management, law, technology and banking. Location Headquarters: New York City Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.

3 Outline Problem: Creating applications which can communicate securely over the Internet TLS: Transport Layer Security (SSL) Certificates Related technology: S-HTTP, IPSec, SET, SASL References

4 Security Issues Privacy –Anyone can see content Integrity –Someone might alter content Authentication –Not clear who you are talking with

5 TLS: Transport Layer Security formerly known as SSL: Secure Sockets Layer Addresses issues of privacy, integrity and authentication –What is it? –How does it address the issues? –How is it used

6 What is TLS? Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols IP TCP TLS HTTPTelnetFTPLDAP

7 TLS: Privacy Encrypt message so it cannot be read Use conventional cryptography with shared key –DES, 3DES –RC2, RC4 –IDEA A Message B

8 TLS:Key Exchange Need secure method to exchange secret key Use public key encryption for this –“key pair” is used - either one can encrypt and then the other can decrypt –slower than conventional cryptography –share one key, keep the other private Choices are RSA or Diffie-Hellman

9 TLS: Integrity Compute fixed-length Message Authentication Code (MAC) –Includes hash of message –Includes a shared secret –Include sequence number Transmit MAC with message

10 TLS: Integrity Receiver creates new MAC –should match transmitted MAC TLS allows MD5, SHA-1 AB Message’ MAC’ MAC =? Message MAC

11 TLS: Authentication Verify identities of participants Client authentication is optional Certificate is used to associate identity with public key and other attributes A Certificate B

12 TLS: Overview Establish a session –Agree on algorithms –Share secrets –Perform authentication Transfer application data –Ensure privacy and integrity

13 TLS: Architecture TLS defines Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec

14 TLS: Record Protocol

15 TLS: Handshake Negotiate Cipher-Suite Algorithms –Symmetric cipher to use –Key exchange method –Message digest function Establish and share master secret Optionally authenticate server and/or client

16 Handshake Phases Hello messages Certificate and Key Exchange messages Change CipherSpec and Finished messages

17 TLS: Hello Client “ Hello ” - initiates session –Propose protocol version –Propose cipher suite –Server chooses protocol and suite Client may request use of cached session –Server chooses whether to honor request

18 TLS: Key Exchange Server sends certificate containing public key (RSA) or Diffie-Hellman parameters Client sends encrypted “pre-master” secret to server using Client Key Exchange message Master secret calculated –Use random values passed in Client and Server Hello messages

19 Public Key Certificates X.509 Certificate associates public key with identity Certification Authority (CA) creates certificate –Adheres to policies and verifies identity –Signs certificate User of Certificate must ensure it is valid

20 Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL)

21 X.509: Certificate Content Version Serial Number Signature Algorithm Identifier –Object Identifier (OID) –e.g. id-dsa: {iso(1) member- body(2) us(840) x9-57 (10040) x9algorithm(4) 1} Issuer (CA) X.500 name Validity Period (Start,End) Subject X.500 name Subject Public Key –Algorithm –Value Issuer Unique Id (Version 2,3) Subject Unique Id (Version 2,3) Extensions (version 3) –optional CA digital Signature

22 Subject Names X.500 Distinguished Name (DN) Associated with node in hierarchical directory (X.500) Each node has Relative Distinguished Name (RDN) –Path for parent node –Unique set of attribute/value pairs for this node

23 Example Subject Name Country at Highest Level (e.g. US) Organization typically at next level (e.g. CertCo) Individual below (e.g. Common Name “Elizabeth” with Id = 1) DN = { C=US; O=CertCo; CN=Elizabeth, ID=1}

24 Version 3 Certificates Version 3 X.509 Certificates support alternative name formats as extensions –X.500 names –Internet domain names – addresses –URLs Certificate may include more than one name

25 Certificate Signature RSA Signature –Create hash of certificate –Encrypt using CA’s private key Signature verification –Decrypt using CA’s public key –Verify hash

26 TLS: ServerKeyExchange Client  ClientHello Server  ServerHello  Certificate  ServerKeyExchange

27 TLS: Certificate Request Client  ClientHello Server  ServerHello  Certificate  ServerKeyExchange  CertificateRequest

28 TLS: Client Certificate Client  ClientHello  ClientCertificate  ClientKeyExchange Server  ServerHello  Certificate  ServerKeyExchange  CertificateRequest

29 TLS: Change Cipher Spec, Finished Client  [ChangeCipherSpec]  Finished  Application Data Server  [ChangeCipherSpec]  Finished  Application Data

30 TLS: Change Cipher Spec/Finished Change Cipher Spec –Announce switch to negotiated algorithms and values Finished –Send copy of handshake using new session –Permits validation of handshake

31 TLS: Using a Session Client  ClientHello (Session #)  [ChangeCipherSpec]  Finished  Application Data Server  ServerHello (Session #)  [ChangeCipherSpec]  Finished  Application Data

32 Changes from SSL 3.0 to TLS Fortezza removed Additional Alerts added Modification to hash calculations Protocol version 3.1 in ClientHello, ServerHello

33 TLS: HTTP Application HTTP most common TLS application – Requires TLS-capable web server Requires TLS-capable web browser –Netscape Navigator –Internet Explorer –Cryptozilla Netscape Mozilla sources with SSLeay

34 Web Servers Apache-SSL Apache mod_ssl Stronghold Roxen iNetStore

35 Other Applications Telnet FTP LDAP POP SSLrsh Commercial Proxies

36 TLS: Implementation Cryptographic Libraries –RSARef, BSAFE TLS/SSL packages –SSLeay –SSLRef

37 X.509 Certificate Issues Certificate Administration is complex –Hierarchy of Certification Authorities –Mechanisms for requesting, issuing, revoking certificates X.500 names are complicated Description formats are cumbersome (ASN.1)

38 X.509 Alternative: SDSI –SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson) Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0 Eliminate X.500 names - use DNS and text Everyone is their own CA Instead of ASN.1 use “S-expressions” and simple syntax Name and Authorization certificates

39 TLS “Alternatives” S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction –Protocol and infrastructure for bank card payments SASL: Simple Authentication and Security Layer (RFC 2222)

40 Summary SSL/TLS addresses the need for security in Internet communications –Privacy - conventional encryption –Integrity - Message Authentication Codes –Authentication - X.509 certificates SSL in use today with web browsers and servers

41 References - 1 Engelschall, Ralph, mod_ssl, Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, Hudson, Tim J, Young, Eric A, “SSLeay and SSLapps FAQ”, Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.

42 References - 2 Rivest, Ron, SDSI, Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall, Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” Internet Drafts and RFCs. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents. PKCS standards:

43 References - 3 Microsoft Security Documents Netscape Security Documents

44