Hariharan Venkataraman

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Advertisements

Cryptography and Network Security Chapter 16
Web security: SSL and TLS
CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Secure Socket Layer Originally by Yu Yang and Lilly Wang Originally by Yu Yang and Lilly Wang Modified by T. A. Yang Modified by T. A. Yang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Cryptography and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Cryptography and Network Security Chapter 16
Cryptography and Network Security
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

Hariharan Venkataraman Transport Layer Security (TLS) Team: Techno Gautami Parulkar Hariharan Venkataraman Jigar Patel karthik gottiparthy Neeraj Sharma

Presentation Agenda…… Introduction TLS Protocol Stack TLS Handshake Improvement Demo

TLS… Cryptographic protocol to provide secure communications on the internet Similar to SSL with slight differences Preventions of eavesdropping, tampering, and message forgery Current approved version of TLS is 1.1

TLS Protocol Stack… TLS Handshake Protocol Alert TLS IP TCP HTTP FTP 1 2 3 TLS Record Protocol TLS Handshake Protocol TLS Change Cipher Spec Protocol Alert TLS IP TCP HTTP FTP SMTP Consists of two layers Layer 1 consists of application layer, and three handshake sub protocols Layer 2 is the record layer Handshake protocol Used to negotiate session information between client and the server Session information consists of [1] session ID [2] cipher suites tat are to be uesd [3]certificates if requested [4]compression algorithm [5]secret keys used Change cipher spec protocol changes the key material used for the Encryption between the client and the server Alert protocol uses error messages to indicate occurrence of error between The peers

TLS Record Protocol… Data Data MAC Data MAC Record header Record Layer fragments the data received from the application layer to the size appropriate to the cryptographic algorithm Then compresses of decompresses the fragments and applies MAC or HMAC Then encrypts the data using the information exchanged in the handshake process Record header Encrypted Data & MAC

Full TLS Handshake…

Limitations of TLS… Time consuming Handshake messages during connection establishment. Limitation of the session caching period at the server’s cache. Access security threat (web jacking). Time consuming and expensive RSA private key decryption. Denial of Service Attacks (DoS).

Limitations condt… Denial of Service Attacks (DoS).

Counter Measures… Resume Handshake Mechanism: The client resumes the previously negotiated TLS session by sending the session ID. The server stores the session for certain period of time before evicting the session (aborting the session) causing the client to perform the full Handshake. Amazon’s servers evict the session every 2mins .As a result the clients had to perform full handshake even tough the client wanted to resume the session

Eric Rescorla,Dan Boneh,Hovav Shacham proposed two mechanism. 1. Fast Track Handshake Message. 2. Client side session caching. Fast Track Handshake Message: The ordinary TLS handshake mechanism follows: 1) negotiating the session parameter’s 2) authentication of the server and optionally the client. 3) Establishing the shared cryptographic secret  

Ordinary TLS Handshake The ordinary TLS handshake follows: negotiating the session parameter’s authentication of the server and optionally the client. Establishing the shared cryptographic secret

Fast Track Handshake… Specifically used for short lived TLS session ,no resumption done. The peers have not communicated at all. The client and the server well established session got expired in the middle. Eg. Amazon clients placed multiple requests in the 2min window of the server’s cache.

Fast Track HS condt. The Fast track clients store the long-lived server information such as the server certificate and the preferred cipher suite. The HS parameters are called the determining Parameters. The long-lived parameters do not change unless the configuration of either the client or the server changes.

Handshake Parameters… 1st Category: The server’s certificate chain; ·  The server’s Diffie-Hellman group, if any; and ·  Whether client authentication is required; if so, ·   Acceptable client certificate types; and ·    Acceptable certificate authorities. 2nd Category: The preferred client–server cipher suite; and The preferred client–server compression method

Fast Handshake Diagram

Description… The clientHelloFT message must include the fast-track hash function with the Hash of determining parameters. Once the client validates the server certificate ,it is not required to again revalidate it. Verification of the SHA-1 hash of the determining parameters is required.

The server uses the information of clientHello msg and its own configuration to form a version of determining parameters. These determining parameters are exchanged using the cryptographic hash and for more security handshake MAC is included in the finished message. The 3 msg Server Certificate,Certificate Request, Server Hello done are not included in the Fast Track Handshake.

Performance Table…

Details… The first cipher suite, called “TLS RSA WITH 3DES EDE CBC SHA” in RFC 2246 (and called “DES-CBC3-SHA” in OpenSSL), uses RSA for key exchange. It does not require a ServerKeyExchange message to be sent. The second cipher suite, “TLS DHE RSAWITH 3DES EDE CBC SHA” (“EDH-RSA-DES-CBC3-SHA” in OpenSSL), employs EDH for key exchange, with RSA authentication .

Advantages & Disadvantages It implements 3 flows instead of 4 flows. It saves bandwidth and time , improves network traffic. Disadvantages: Does not support RSA key exchange. Though the 3 msg are not included in the HS ,they do not involve any significant computational intensive operations.

Client Side Caching… To reduce the overload of session caching on the server, the client is forced to store the session information in its cache. This mechanism is used for resuming the sessions. The cached data sent to client is encrypted by symmetric cipher key called the enc-key.

Client side caching condt. The integrity is still not guaranteed ,server uses MAC with the fixed server key called mac-key. A token is formed using enc-key and mac-key. Token= enc-key [cache data || mac] Mac= mac-key [cache data]

The Authentication Token retains all the information about the session The Authentication Token retains all the information about the session .Only that the master key has to be shared. This token is included in the session ID . Problem: The session Id is 32 bytes but the master secret in the token is 48 bytes, cannot fit in the ID. The server provides the session ID in the server Hello message, which is transmitted before it knows the master secret.

To overcome this problem the normal zero length session ID is sent in the server hello message. Then the extended session ID message is sent containing the authentication token is sent immediately before the change cipher spec message.

Connection Establishment…

During the connection establishment the client signals the server about its capability of CSSC using the client side cache capable extension in the client Hello. If the server wants to request it sends a client side cache capable request extension. For the resumption of the session the client send the authentication token, if it is less than 256 bytes, it is placed in the session ID.

Disadvantage The session can become invalid due to expiration, improper closer and error. Authentication tokens are self-authenticating and hence it is difficult to invalidate the session easily, if an error is found . Solution: To invalidate the session is to have a blacklist consisting of sessions that have been invalidated but may not have been expired.

Performance Improvement by Re-balancing Clients send simultaneous requests flooding the server causing it to crash or result in Denial of Service. DoS attacks cause the server to deny service to legitimate clients. The server consumes a lot of CPU processing time to perform the costly computation like decrypting key.

Solution to this problem is Load Distribution where the client performs more work and the server performs commensurately less work. A mechanism called the Client Aided RSA speeds up the processing by the factor of 11 to 19.

The server can encrypt the session key thus shifting the decryption burden to the client. But for this the server has to authenticate the client and if the server cannot verify it will lead to DOS attacks. The server needs to verify all the certificate chain. Therefore, the Client Aided RSA is used.

CA-RSA

Attacks on TLS… Denial of Service is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Man in the middle (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between the two communicating peers.

Conclusion… SSL / TLS is the most widely deployed security protocol, standard Easy to implement, deploy and use Widely available, flexible, supports many scenarios Mature cryptographic design

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.