Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Web Security Network Systems Security
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
IT443 – Network Security Administration Instructor: Bo Sheng
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
Transport Layer Security (TLS)
Presentation transcript:

Secure Sockets Layer (SSL) Protocol by Steven Giovenco

Overview History History SSL SSL SSL Roles SSL Roles Protocol Stack Protocol Stack The 4 Protocols The 4 Protocols The Record Layer The Record Layer Message Authentication Code Message Authentication Code Handshaking ChangeCipherSpec Protocol More Handshaking Alert and Application Protocols Benefits and Drawbacks

History Need for secure web communication Need for secure web communication Netscape Netscape Worried especially about credit card transaction over the web Worried especially about credit card transaction over the web Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary SSLv SSLv

SSLv2 SSLv2 also released in 1994 SSLv2 also released in 1994 SSLv1 wasn’t widely implemented SSLv1 wasn’t widely implemented Rules for establishing secure connection Rules for establishing secure connection Rules for public key encryption Rules for public key encryption Optional certificate-based authentication for servers and even clients Optional certificate-based authentication for servers and even clients Flexible Flexible No specifically required encryption, compression, or key generation algorithm No specifically required encryption, compression, or key generation algorithm

SSL Roles Two roles Two roles Client Client Initiates communication, lists possibilities for choices Initiates communication, lists possibilities for choices Server Server Listens for client connections, chooses from possibilities sent from clients Listens for client connections, chooses from possibilities sent from clients Both roles simply add Secure Sockets Layer to protocol stack Both roles simply add Secure Sockets Layer to protocol stack

SSL and the Protocol Stack SSL between Transmission Control Protocol (TCP) layer and Application layer SSL between Transmission Control Protocol (TCP) layer and Application layer Actually 2 layers Actually 2 layers Record Record Secure Application Secure Application Can run under any protocol that relies on TCP, including HTTP, LDAP, POP3, FTP Can run under any protocol that relies on TCP, including HTTP, LDAP, POP3, FTP

The Four Upper Layer Protocols Handshaking Protocol Handshaking Protocol Establish communication variables Establish communication variables ChangeCipherSpec Protocol ChangeCipherSpec Protocol Alert to a change in communication variables Alert to a change in communication variables Alert Protocol Alert Protocol Messages important to SSL connections Messages important to SSL connections Application Encryption Protocol Application Encryption Protocol Encrypt/Decrypt application data Encrypt/Decrypt application data

Record Layer Frames and encrypts upper level data into one protocol for transport through TCP Frames and encrypts upper level data into one protocol for transport through TCP 5 byte frame 5 byte frame 1 st byte protocol indicator 1 st byte protocol indicator 2 nd byte is major version of SSL 2 nd byte is major version of SSL 3 rd byte is minor version of SSL 3 rd byte is minor version of SSL Last two bytes indicate length of data inside frame, up to 2 14 Last two bytes indicate length of data inside frame, up to 2 14 Message Authentication Code (MAC) Message Authentication Code (MAC)

Message Authentication Code MAC secures connection in two ways MAC secures connection in two ways Ensure Client and Server are using same encryption and compression methods Ensure Client and Server are using same encryption and compression methods Ensure messages sent were received without error or interference Ensure messages sent were received without error or interference Both sides compute MACs to match them Both sides compute MACs to match them No match = error or attack No match = error or attack

Handshaking Messages ClientHello ClientHello ServerHello ServerHello *Certificate *Certificate ServerKeyExchange ServerKeyExchange *CertificateRequest *CertificateRequest ServerHelloDone ServerHelloDone *Certificate *Certificate *CertificateVerify *CertificateVerify ClientKeyExchange ClientKeyExchange ChangeCipherSpec ChangeCipherSpec Finished Finished *=optional

The Process Begins Client Sends ClientHello Client Sends ClientHello Highest SSL version supported Highest SSL version supported 32-byte random number 32-byte random number SessionID SessionID List of supported encryption methods List of supported encryption methods List of supported compression methods List of supported compression methods

The Server Responds Server Sends ServerHello Server Sends ServerHello SSL version that will be used SSL version that will be used 32-byte random number 32-byte random number SessionID SessionID Encryption method that will be used Encryption method that will be used Compression method that will be used Compression method that will be used

Server Authentication To authenticate Server, Server sends Certificate To authenticate Server, Server sends Certificate Server’s public key certificate Server’s public key certificate Issuing authority’s root certificate Issuing authority’s root certificate When Client receives Certificate, it decides whether or not to trust Server When Client receives Certificate, it decides whether or not to trust Server This is the only step that might involve User if User never specified whether or not to trust issuing authority before This is the only step that might involve User if User never specified whether or not to trust issuing authority before

Still Shaking Hands Server Sends ServerKeyExchange Server Sends ServerKeyExchange Any information necessary for public key encryption system Any information necessary for public key encryption system If Sever wishes Client to be authenticated, Server sends CertificateRequest message If Sever wishes Client to be authenticated, Server sends CertificateRequest message The client would respond to this with a Certificate message encrypted with Server’s public key The client would respond to this with a Certificate message encrypted with Server’s public key Server sends ServerHelloDone Server sends ServerHelloDone

Client Responds Client sends ClientKeyExchange Client sends ClientKeyExchange Information necessary for public key encryption system Information necessary for public key encryption system Encrypted with Server’s public key Encrypted with Server’s public key Compute secret keys using Key Derivation Function such as Diffie-Hellman Compute secret keys using Key Derivation Function such as Diffie-Hellman If Client is being authenticated, Client sends CertificateVerify If Client is being authenticated, Client sends CertificateVerify Digest of previous messages encrypted with Client’s private key Digest of previous messages encrypted with Client’s private key

ChangeCipherSpec Protocol Special protocol with only one message Special protocol with only one message When Client processes encryption information, it sends ChangeCipherSpec message When Client processes encryption information, it sends ChangeCipherSpec message Signals all following messages will be encrypted Signals all following messages will be encrypted ChangeCipherSpec is always followed by Finished message ChangeCipherSpec is always followed by Finished message

The End of the Beginning Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages After both Client and Server receive Finish messages, Handshaking phase is over After both Client and Server receive Finish messages, Handshaking phase is over All following communication is encrypted All following communication is encrypted Encryption and compression methods can be changed with new ChangeCipherSpec messages Encryption and compression methods can be changed with new ChangeCipherSpec messages

Alert and Application Protocols Alert protocol always two byte message Alert protocol always two byte message First byte indicates severity of message First byte indicates severity of message Warning or Fatal Warning or Fatal A Fatal alert will terminate the connection A Fatal alert will terminate the connection Second byte indicate preset error code Second byte indicate preset error code Secure connection end alert not always used Secure connection end alert not always used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used Simply give a datagram to the Record Layer Simply give a datagram to the Record Layer

Benefits Ease of implementation Ease of implementation For network application developers For network application developers As easy as implementing unsecured Sockets As easy as implementing unsecured Sockets For network implementation developers For network implementation developers Simply add layer to established network protocol stack Simply add layer to established network protocol stack For Users For Users Only need to authorize certificates Only need to authorize certificates

Drawbacks More bandwidth needed More bandwidth needed Slower Slower Needs a dedicated port – 443 for HTTPS Needs a dedicated port – 443 for HTTPS Assumes reliable transport for underlying transport protocol Assumes reliable transport for underlying transport protocol No UDP No UDP Implications for streaming media, VoIP Implications for streaming media, VoIP

Summary Need for secure communication Need for secure communication Netscape issues SSL spec Netscape issues SSL spec The 4 SSL protocols The 4 SSL protocols Message Authentication Code Message Authentication Code Handshaking Handshaking Alert and Application messages Alert and Application messages Benefits and Drawbacks Benefits and Drawbacks

References Rescorla, Eric. SSL and TLS. Boston: Addison-Wesley, 2001 Rescorla, Eric. SSL and TLS. Boston: Addison-Wesley, 2001 “Secure Sockets Layer.” Netscape Network Netscape Communications Corporation. 2 Nov 2004 “Secure Sockets Layer.” Netscape Network Netscape Communications Corporation. 2 Nov 2004 “Secure Socket Layer.” WindowSecurity.com. 22 July WindowSecurity.com. 2 Nov 2004 “Secure Socket Layer.” WindowSecurity.com. 22 July WindowSecurity.com. 2 Nov 2004 Thomas, Stephen A. SSL and TLS Essentials. New York: Wiley Computer Publishing, 2000 Thomas, Stephen A. SSL and TLS Essentials. New York: Wiley Computer Publishing, 2000 “Transport Layer Security.” Wikipedia the Free Encyclopedia. 1 Nov Wikipedia. 2 Nov 2004 “Transport Layer Security.” Wikipedia the Free Encyclopedia. 1 Nov Wikipedia. 2 Nov 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.