Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
We leave the world of cryptography for a while.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
A Survey of WAP Security Architecture Neil Daswani
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
Application Layer Protocol Negotiation
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
1 /10 Pascal URIEN, IETF 66 h, Wednesday July 12 th,Montreal, Canada draft-urien-badra-eap-tls-identity-protection-00.txt
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Web Security Network Systems Security
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
TLS user mapping hint extension Stefan Santesson Microsoft.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Transport Layer Security (TLS) Extensions: Extension Definitions draft-ietf-tls-rfc4366-bis-00.
Draft-fieau-https-delivery-delegation-02 A CDNi Use case Lurk BoF Frédéric Fieau Orange Emile Stephan, Benoît Gaussen IETF 95 – Buenos Aires.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Authorization via TLS Welcome! Simon Josefsson – Security advisor to PDC/KTH Middleware Security Group Meeting Stockholm,
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Advanced Client/Server Authentication in TLS
TLS authentication using ETSI TS and IEEE certificates
Network Security Gene Itkis
Mark Brown RedPhone Security
CSCE 715: Network Systems Security
GSS-API based Authentication and Key Establishment in TLS
CSE 4095 Transport Layer Security TLS, Part II
Chapter 7 WEB Security.
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
Chapter 7 WEB Security.
Presentation transcript:

Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session

Motivation TLS is used to protect many different applications, but TLS does not provide any evidence of the protected content –Of course not, it is the transport layer … –But, the alternative is evidence mechanism in every application that makes use of TLS

Signatures Digital signatures are used to generate the evidence Both the client and the server must have certified signature keys

Proposed Evidence Creation Exchange Client Server ClientHello (w/ extns) > ServerHello (w/ extns) Certificate+ ServerKeyExchange* CertificateRequest+ < ServerHelloDone Certificate+ ClientKeyExchange CertificateVerify+ ChangeCipherSpec Finished > ChangeCipherSpec < Finished Application Data Application Data Alert(evidence_start1) > Application Data < Alert(evidence_start2) Application Data Application Data Alert(evidence_end1) > Application Data < Alert(evidence_end2) EvidenceRequest > < EvidenceResponse Application Data Application Data

Application Support To gather evidence from an unchanged application, the evidence start alerts are sent immediately after the Finished message, and the evidence end alerts are sent at the end of the session If willing to change an application, then alerts can be placed at “interesting” content

Evidence Protocol (1 of 3) enum { request(1), response(2), (255) } EvidenceMsgType; struct { EvidenceMsgType evidence_msg_type; uint24 length; /* number of octets in message */ select (EvidenceMsgType) { case request: EvidenceRequest; case response: EvidenceResponse; } body; } EvidenceProtocol;

Evidence Protocol (2 of 3) struct { Evidence evidence ; ASN.1Cert party1_certificate; EvidenceSignature party1_signature; } EvidenceRequest; struct { EvidenceCreateSuite evidence_suite; uint32 gmt_unix_time; opaque handshake_protocol_hash ; opaque app_data_sent_hash ; opaque app_data_received_hash ; } Evidence;

Evidence Protocol (3 of 3) struct { Evidence evidence ; ASN.1Cert party1_certificate; EvidenceSignature party1_signature; ASN.1Cert party2_certificate; EvidenceSignature party2_signature; } EvidenceResponse;

Request to TLS Working Group Authors are asking the TLS WG to accept the document, and move it forward as a Proposed Standard

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.