SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Web Security Network Systems Security
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Secure Socket Layer Originally by Yu Yang and Lilly Wang Originally by Yu Yang and Lilly Wang Modified by T. A. Yang Modified by T. A. Yang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
SSL (Secure Socket Layer)
Transport Layer Security (TLS)
Presentation transcript:

SMUCSE 5349/7349 SSL/TLS

SMUCSE 5349/7349 Layers of Security

SMUCSE 5349/7349 SSL History Evolved through –Unreleased v1 (Netscape) –Flawed-but-useful v2 –Version 3 from scratch –Standard TLS1.0 SSL3.0 with minor tweaks, hence Version field is 3.1 Defined in RFC2246, Open-source implementation at

SMUCSE 5349/7349 Overview Establish a session –Agree on algorithms –Share secrets –Perform authentication Transfer application data –Ensure privacy and integrity

SMUCSE 5349/7349 Architecture Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec

SMUCSE 5349/7349 Architecure (cont’d) HANDLES COMMUNICATION WITH THE APPLICATION Protocols INITIALIZES COMMUNCATION BETWEEN CLIENT & SERVER INITIALIZES SECURE COMMUNICATION HANDLES DATA COMPRESSION ERROR HANDLING

SMUCSE 5349/7349 Handshake Negotiate Cipher-Suite Algorithms –Symmetric cipher to use –Key exchange method –Message digest function Establish and share master secret Optionally authenticate server and/or client

SMUCSE 5349/7349 Handshake Phases Hello messages Certificate and Key Exchange messages Change CipherSpec and Finished messages

SMUCSE 5349/7349 SSL Messages OFFER CIPHER SUITE MENU TO SERVER SELECT A CIPHER SUITE SEND CERTIFICATE AND CHAIN TO CA ROOT CLIENT SIDE SERVER SIDE SEND PUBLIC KEY TO ENCRYPT SYMM KEY SERVER NEGOTIATION FINISHED SEND ENCRYPTED SYMMETRIC KEY SOURCE: THOMAS, SSL AND TLS ESSENTIALS ACTIVATE ENCRYPTION CLIENT PORTION DONE ( SERVER CHECKS OPTIONS ) ACTIVATESERVER ENCRYPTION SERVER PORTION DONE ( CLIENT CHECKS OPTIONS ) NOW THE PARTIES CAN USE SYMMETRIC ENCRYPTION

SMUCSE 5349/7349 Client Hello –Protocol version SSLv3(major=3, minor=0) TLS (major=3, minor=1) –Random Number 32 bytes First 4 bytes, time of the day in seconds, other 28 bytes random Prevents replay attack –Session ID 32 bytes – indicates the use of previous cryptographic material –Compression algorithm

SMUCSE 5349/7349 Client Hello - Cipher Suites INITIAL (NULL) CIPHER SUITE PUBLIC-KEY ALGORITHM SYMMETRIC ALGORITHM HASH ALGORITHM CIPHER SUITE CODES USED IN SSL MESSAGES SSL_NULL_WITH_NULL_NULL = { 0, 0 } SSL_RSA_WITH_NULL_MD5 = { 0, 1 } SSL_RSA_WITH_NULL_SHA = { 0, 2 } SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 } SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 } SSL_RSA_WITH_RC4_128_SHA = { 0, 5 } SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 } SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 } SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 } SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 } SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 }

SMUCSE 5349/7349 Server Hello Version Random Number –Protects against handshake replay Session ID –Provided to the client for later resumption of the session Cipher suite –Usually picks client’s best preference – No obligation Compression method

SMUCSE 5349/7349 Certificates Sequence of X.509 certificates –Server’s, CA’s, … X.509 Certificate associates public key with identity Certification Authority (CA) creates certificate –Adheres to policies and verifies identity –Signs certificate User of Certificate must ensure it is valid

SMUCSE 5349/7349 Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL)

SMUCSE 5349/7349 Client Key Exchange Premaster secret –Created by client; used to “seed” calculation of encryption parameters –2 bytes of SSL version + 46 random bytes –Sent encrypted to server using server’s public key This is where the attack happened in SSLv2

SMUCSE 5349/7349 Change Cipher Spec & Finished Messages Change Cipher Spec –Switch to newly negotiated algorithms and key material Finished –First message encrypted with new crypto parameters –Digest of negotiated master secret, the ensemble of handshake messages, sender constant –HMAC approach of nested hashing

SMUCSE 5349/7349 SSL Encryption Master secret –Generated by both parties from premaster secret and random values generated by both client and server Key material –Generated from the master secret and shared random values Encryption keys –Extracted from the key material

SMUCSE 5349/7349 Generating the Master Secret SOURCE: THOMAS, SSL AND TLS ESSENTIALS SERVER’S PUBLIC KEY IS SENT BY SERVER IN ServerKeyExchange CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER CLIENT SENDS PREMASTER SECRET IN ClientKeyExchange SENT BY CLIENT IN ClientHello SENT BY SERVER IN ServerHello MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS

SMUCSE 5349/7349 Generation of Key Material SOURCE: THOMAS, SSL AND TLS ESSENTIALS JUST LIKE FORMING THE MASTER SECRET EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET...

SMUCSE 5349/7349 Obtaining Keys from the Key Material SOURCE: THOMAS, SSL AND TLS ESSENTIALS SECRET VALUES INCLUDED IN MESSAGE AUTHENTICATION CODES INITIALIZATION VECTORS FOR DES CBC ENCRYPTION SYMMETRIC KEYS

SMUCSE 5349/7349 SSL Record Protocol

SMUCSE 5349/7349 Record Header Three pieces of information –Content type Application data Alert Handshake Change_cipher_spec –Content length Suggests when to start processing –SSL version Redundant check for version agreement

SMUCSE 5349/7349 Protocol (cont’d) Max. record length 2 14 – 1 MAC –Data –Headers –Sequence number To prevent replay and reordering attack Not included in the record

SMUCSE 5349/7349 Alerts and Closure Alert the other side of exceptions –Different levels –Terminate and session cannot be resumed Closure notify –To prevent truncation attack (sending a TCP FIN before the sender is finished)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.