SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad

Overview Brief Introduction to Public-Key Infrastructure Brief Introduction to Public-Key Infrastructure Public-keys, Certificates & Digital Signatures Public-keys, Certificates & Digital Signatures Relevance to Electronic Commerce Relevance to Electronic Commerce SSL SSL Protocol details Protocol details Cryptographic details Cryptographic details

Internet Threats Weak security in TCP/IP Weak security in TCP/IP Eavesdropping Eavesdropping Theft of valuable information Theft of valuable information Fraud Fraud Authentication Authentication Non-repudiation Non-repudiation Difficult to transform normal business practices into Internet usable form with such issues

Small Intro to PKI Problem Solved by PKI? Problem Solved by PKI? Secure communication over an insecure channel Secure communication over an insecure channel Confidentiality, authentication, non-repudation and Integrity Confidentiality, authentication, non-repudation and Integrity Asymmetric key cryptography: one (public) key encrypts, the other (private) decrypts Asymmetric key cryptography: one (public) key encrypts, the other (private) decrypts The whole technique is public-key cryptography The whole technique is public-key cryptography Solutions: RSA, El-Gamal, ECC Solutions: RSA, El-Gamal, ECC Issues with PKI Issues with PKI Verifying the ownership and security of public-keys Verifying the ownership and security of public-keys High cost of computation when sending bulk data (RSA exponentiation) High cost of computation when sending bulk data (RSA exponentiation)

Addressing Issues in PKI Digital signatures: encryption with private key, un- forgeable in real-time; verifiable with public-keys Digital signatures: encryption with private key, un- forgeable in real-time; verifiable with public-keys Other critical uses as well : non-repudiation Other critical uses as well : non-repudiation Certificates: Public-keys that are digitally signed by a trusted-third party, e.g., a certifying authority (CA) Certificates: Public-keys that are digitally signed by a trusted-third party, e.g., a certifying authority (CA) Catch22: Need the Public-key of the CA to verify! Catch22: Need the Public-key of the CA to verify! Certificate hierarchy: A method used to verify certificates issued by CAs whose public-keys are not known Certificate hierarchy: A method used to verify certificates issued by CAs whose public-keys are not known CAs sign exchange and sign each other’s public-keys securely CAs sign exchange and sign each other’s public-keys securely To reduce computational overhead PKI is generally used in as a vehicle to convey session keys To reduce computational overhead PKI is generally used in as a vehicle to convey session keys Reducing the overhead further without too many modifications to current PKI-based protocols is an open area Reducing the overhead further without too many modifications to current PKI-based protocols is an open area

X.509 v3 Certificate Attributes version (v3) serial number signature algorithm id issuer name validity period subject name subject public key info issuer unique identifier subject unique identifier CA’s signature extensions extn.a cf value extnb cf value extn.c cf value criticality flag Can include any data, including graphics (GIF), video, audio, etc. Can include any data, including graphics (GIF), video, audio, etc. Sharath Jeppu

Relevance to E-Commerce Business model in electronic world Business model in electronic world Customer shops for product using e-carts Customer shops for product using e-carts Makes a payment in credit card Makes a payment in credit card Gets confirmation of payment and delivery Gets confirmation of payment and delivery Problems Problems How to secure the credit-card information when sent over a public network like Internet? How to secure the credit-card information when sent over a public network like Internet? How to trust that the merchant has not charged more than what you ordered? How to trust that the merchant has not charged more than what you ordered? How to make the merchant is liable if the delivery is not made? How to make the merchant is liable if the delivery is not made? PKI solves these problems PKI solves these problems Need appropriate protocols that work in real-time Need appropriate protocols that work in real-time And hence, SSL & SET And hence, SSL & SET

SSL: Secure Sockets Layer Runs above TCP/IP below application layer Runs above TCP/IP below application layer Purpose Purpose Provide secure & authenticated communication between client & server Provide secure & authenticated communication between client & server Services Services Authenticates server to client Authenticates server to client Negotiation of cryptographic parameters Negotiation of cryptographic parameters Session key establishment & encrypted communication Session key establishment & encrypted communication Connection reliability is maintained via message integrity checks (message authentication codes MAC) Connection reliability is maintained via message integrity checks (message authentication codes MAC) Optional: authenticate client to server (often, not possible; password authentication is current default) Optional: authenticate client to server (often, not possible; password authentication is current default)

Protocol Details SSL Record Layer SSL Record Layer This lies below SSL handshake and encapsulates the handshake data This lies below SSL handshake and encapsulates the handshake data Alert protocol Alert protocol Closure, error, unsupported certificate etc Closure, error, unsupported certificate etc SSL Handshake SSL Handshake Sets up the connection between client and server Sets up the connection between client and server Negotiates cryptographic parameters Negotiates cryptographic parameters Provides confidentiality, authentication, reliability and integrity of data Provides confidentiality, authentication, reliability and integrity of data Change cipher Change cipher Signals change in ciphering strategies Signals change in ciphering strategies

SSL States Session State characterized by Session State characterized by session identifier session identifier peer certificate peer certificate compression method compression method cipher spec (DES, MD5 etc) cipher spec (DES, MD5 etc) master secret (shared secret between server and client) master secret (shared secret between server and client) flag (is resumable) flag (is resumable)

SSL States Connection State Connection State server and client random byte sequences server and client random byte sequences MAC secret used by server MAC secret used by server MAC secret used by client MAC secret used by client encryption key used by server encryption key used by server encryption key used by client encryption key used by client initialization vector for CBC mode initialization vector for CBC mode sequence numbers sequence numbers

SSL Handshake

References William Stallings: Cryptography and Network Security William Stallings: Cryptography and Network Security Sun Website: 10/contents.htm Sun Website: 10/contents.htm 10/contents.htm 10/contents.htm Netscape SSL Specification V3: SPEC.HTM Netscape SSL Specification V3: SPEC.HTM SPEC.HTM SPEC.HTM