EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Cryptography and Network Security Chapter 17
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Transport-level and Web Security (SSL / TLS, SSH)
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
EEC 688/788 Secure and Dependable Computing
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
1 EEC 688/788 Secure and Dependable Computing Lecture 4 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Executive Director and Endowed Chair
Cryptography and Network Security
NET 536 Network Security Networks and Communication Department
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Secure Web Application-SSL
Cryptography and Network Security
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

2 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao Outline Announcement –Midterm#1: March 20 th, 4-6pm (moved from March 27 th ) Secure Socket Layer Pretty Good Privacy

3 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL: The Secure Sockets Layer SSL (Secure Sockets Layer): a security package for secure communication over Internet –Introduced in 1995, Netscape Communications Corp SSL builds a secure connection between two sockets, including –Parameter negotiation between client and server –Mutual authentication of client and server –Secret communication –Data integrity protection

4 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao Secure Sockets Layer Documentation The SSL Protocol version 3.0 Internet Draft: The TLS Protocol version 1.0 Internet Draft: "HTTP Over TLS" Information RFC: SSL and TLS: Designing and Building Secure Systems by Eric Rescorla. Addison Wesley Professional, 2000 Analysis of the SSL 3.0 Protocol, by David Wagner and Bruce Schneier, revised.pdf

5 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL: The Secure Sockets Layer HTTPS (Secure HTTP): HTTP over SSL –Sometimes it is available at a new port (443) instead of the standard port (80) Layers (and protocols) for home user using HTTPS

6 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL: The Secure Sockets Layer SSL consists of two main subprotocols: –handshake protocol –record protocol SSL supports multiple cryptographic algorithms –The strongest one uses triple DES with three separate keys for encryption and SHA-1 for message integrity –For ordinary e-commerce applications, RC4 is used with a 128-bit key for encryption and MD5 is used for message authentication

7 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL: The Secure Sockets Layer TCP SSL Record Layer Protocol Application Data SSL Handshake Protocol SSL Alert Protocol Application software SSL Change Cipher Spec Protocol

8 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol ClientKeyEx

9 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Message #1: Client hello –SSL version; Random structure (timestamp and nonce); Session id; CipherSuites; Compression methods Message #2: Server hello –SSL version*; Random structure (timestamp and nonce); Session id; CipherSuite*; Compression method* * selection based on client’s preference by the server

10 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Message #3: Server certificate (server key exchange message would be sent if there is no certificate) Message #4: Server hello done –To indicate the end of the server hello and associated messages

11 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Message #5: ClientKeyExchange - RSA encrypted premaster secret message –48-byte long (version number and random bytes), encrypted using server’s public key

12 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Message #6&8: Change cipher spec –Sent by both client and server to notify receiving party that subsequent records will be protected under the new CipherSpec and keys –The client sends a change cipher spec message following handshake key exchange and certificate verify messages (if any) –The server sends one after successfully processing the key exchange message it received from the client

13 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol The Change cipher spec message is an independent SSL Protocol content type, and is not actually an SSL handshake message –This is designed as a performance improvement –This message cannot be combined with the finished message (change cipher spec is unencrypted [or encrypted using the previous session key] and the finished message is encrypted using the new session key)

14 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Message #7&9: Finished –Sent immediately after a change cipher specs msg –The finished message is the first protected with the just-negotiated algorithms, keys, and secrets –No acknowledgment of the finished message is required; parties may begin sending confidential data immediately after sending the finished message

15 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Output Pre-master Secret Client Random Server Random Master Secret Key Block Clint MAC Server MAC Client Write Server Write Client IV Server IV

16 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Output Master secret: computed based on the premaster secret and the nonces proposed by the client and the server master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random)); Session keys, MAC secrets, and IVs: the master secret is used as an entropy source, and the random values provide unencrypted salt material and IVs for exportable ciphers

17 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Output To generate the key material, compute key_block = MD5(master_secret + SHA('A' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA('BB' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA('CCC' + master_secret + ServerHello.random + ClientHello.random)) + [...]; until enough output has been generated

18 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Handshake Protocol Output Then the key_block is partitioned as follows: client_write_MAC_secret[CipherSpec.hash_size] server_write_MAC_secret[CipherSpec.hash_size] client_write_key[CipherSpec.key_material] server_write_key[CipherSPec.key_material] client_write_IV[CipherSpec.IV_size] /* non-export ciphers */ server_write_IV[CipherSpec.IV_size] /* non-export ciphers */

19 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL Record Protocol MAC = hash(MAC_write_secret + pad_2 + hash(MAC_write_secret + pad_1 + seq_num + length + content)); <= 16 KB each Why?

20 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao SSL and TLS In 1996, Netscape Communications Corp. turned SSL over to IETF for standardization. The result was TLS (Transport Layer Security) –It is described in RFC 2246 –The changes made to SSL were relatively small, but just enough that SSL version 3 and TLS cannot interoperate –The TLS version is also known as SSL version 3.1

21 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao Security PGP– Pretty Good Privacy PEM – Privacy Enhanced Mail S/MIME

22 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao PGP – Pretty Good Privacy PGP (Pretty Good Privacy): security package that provides privacy, authentication, digital signatures, and compression, all in an easy-to-use form –Created by Zimmermann, released in 1991 –Zimmermann is a privacy advocate whose motto is: If privacy is outlawed, only outlaws will have privacy –The complete package, including all the source code, is distributed free of charge via the Internet –Due to its quality, price (zero), and easy availability on UNIX, Linux, Windows, and Mac OS platforms, it is widely used today

23 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao PGP – Pretty Good Privacy PGP encrypts data by using a block cipher called IDEA (International Data Encryption Algorithm) –It has been patented and OpenPGP has stopped using it Key management uses RSA Data integrity uses MD5 Compression uses the ZIP program, which uses the Ziv-Lempel algorithm (Ziv and Lempel, 1977) –Compression saves bandwidth –It also wipes out the frequency information contained in the plaintext. In effect, it converts the plaintext into junk

24 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao PGP – Pretty Good Privacy PGP in operation for sending a message

25 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao PGP – Pretty Good Privacy Alice sends an P to Bob using PGP: –Both Alice and Bob have private (D X ) and public (E X ) RSA keys. Assume that each one knows the other's public key –PGP first hashes Alice’s message, P, using MD5, and then encrypts the resulting hash using her private RSA key, D A –The encrypted hash and the original message are concatenated into a single message, P1, and compressed using the ZIP program, the output of this step is P1.Z

26 Spring 2007EEC693: Secure & Dependable ComputingWenbing Zhao PGP – Pretty Good Privacy –Next, PGP prompts Alice for some random input. Both the content and the typing speed are used to generate a 128-bit IDEA message key, K M –K M is now used to encrypt P1.Z with IDEA in cipher feedback mode –In addition, K M is encrypted with Bob's public key, E B. These two components are then concatenated and converted to base64