1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

Slides:



Advertisements
Similar presentations
ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Sockets. Overview of Lecture We covered an overview of authenticated key exchange protocols In this lecture we will –Look at issues related to.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Transport-level and Web Security (SSL / TLS, SSH)
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Web Security Network Systems Security
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Executive Director and Endowed Chair
CSCI 555 Adv Computer Security
CSCE 715: Network Systems Security
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
Secure Web Application-SSL
SSL (Secure Socket Layer)
Chapter 7 WEB Security.
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Chapter 7 WEB Security.
Transport Layer Security (TLS)
Presentation transcript:

1 SSL/TLS

2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication and integrity to prevent message alteration / injection Web security approaches IP Security: it is transparent to end users and applications. Security above TCP Application-specific security: embedded within the particular application

3 Comparison of web security approaches IP Sec TCP HTTPFTPSMTP IP TCP HTTPFTPSMTP SSL(TLS) IP TCP HTTPSMTP SETS/MIMEPGP

4 SSL(Secure Sockets Layer protocol) History SSL v1: Designed by Netscape, never deployed SSL v2: Deployed in Netscape Navigator 1.1 in 1995 SSL v3: Substantial overhaul, fixing security flaws, publicly reviewed TLS(Transport Layer Security protocol) v1 IETF standard SSLv3 with little tweak

5 SSL Handshake Protocol Clientserver client_hello server_hello certificate server_key_exchange certificate_request server_hello_done certificate client_key_exchange certificate_verify change_cipher_spec finished change_cipher_spec finished Phase 1 Phase 2 Phase 3 Phase 4 Blue: optional message

6 Phase 1: establish security capabilities {client, server}_hello message Version: the highest SSL version Random 32-bit timestamp 28 bytes random number Session ID Cipher suite client_hello: Ciphers are listed in decreasing order of preference server_hello: chosen cipher Compression method

7 Cipher Suite Cipher suite = (key exchange methods, cipher spec) Key exchange methods RSA: encrypt key with receiver ’ s public key Fixed Diffie-Hellman Server ’ s certificate contains DH public parameters signed by CA. The client provides its DH public parameters either in a certificate or in a key exchange message. Ephemeral Diffie-Hellman Certificate contains server ’ s public key. DH public parameters are signed using the server ’ s private key. Anonymous Diffie-Hellman Each side sends its DH public parameters to the other without authentication.

8 Cipher spec Cipher Algorithm (RC4, RC2, DES, 3DES, DES40, IDEA) MAC Algorithm (MD5, SHA-1) Cipher Type (stream or block) Is Exportable (true or false) Hash size (0 or 16 bytes for MD5, 20 bytes for SHA-1) IV size: IV size for Cipher Block Chaining(CBC) encryption

9 Phase 2: Server authentication and key exchange S  C: certificate RSA: Certificate contains server ’ s public key Fixed DH: Certificate contains DH public parameters signed by CA. Ephemeral DH: Certificate contains server ’ s public key. S  C: server_key_exchange Anonymous DH: {g, p, g s } Ephemeral DH: {g, p, g s } + signature of {g, p, g s } RSA: if server ’ s key is only for a signature-only key, the server create a temporary RSA public/private keys and send the temporary public key S  C: certificate_request Cert_type (RSA or DSS for key exchange) List of acceptable certificate authorities S  C: server_hello_done, no parameters A signature is created by computing hash(client_rand || server_rand || server parameters) and encrypting it with the sender ’ s private key.

10 Phase 3 After phase 2, client has all values required to generate the session key C  S: certificate If server requested a certificate C  S: client_key_exchange RSA: client generates 48 byte pre-master secret, encrypts it with server ’ s public key or temporary RSA key from a server_key_exchange message. Ephemeral or anonymous DH: client ’ s DH public parameters Fixed DH: null (certificate contained client ’ s DH key) C  S: certificate_verify Only used if client sent certificate with signing key K C CertificateVerify.signature.md5_hash = {MD5( master secret || pad2 || MD5( handshake messages || master secret || pad1 ))} K C -1

11 Phase 4 After phase 3, client and server share master secret and authenticated each other Phase 4: Finish C  S: change_cipher_spec Copies the pending Cipher spec in the current CipherSpec. C  S: finished MD5( master_secret || pad2 || MD5( handshake messages || Sender || master_secret || pad1 )) || SHA-1( master_secret || pad2 || SHA-1( handshake messages || Sender || master_secret || pad1 )) pad1 and pad2 are the values defined earlier for the MAC Handshake messages contains all messages up to now S  C: change_cipher_spec S  C: finished

12 Cryptographic computation Client and server perform DH calculation to create the shared pre-master secret (PS). Master secret (MS) creation from pre-master secret (PS), Client random (CR), Server random (SR) MS = MD5( PS || SHA-1( ‘ A ’ || PS || CR || SR )) || MD5( PS || SHA-1( ‘ BB ’ || PS || CR || SR )) || MD5( PS || SHA-1( ‘ CCC ’ || PS || CR || SR )) CipherSpec requires client & server MAC key, client & server encryption key, client & server IV, generated from MS: MD5( MS || SHA-1( ‘ A ’ || MS || SR || CR )) || MD5( MS || SHA-1( ‘ BB ’ || MS || SR || CR )) || MD5( MS || SHA-1( ‘ CCC ’ || MS || SR || CR )) || MD5( MS || SHA-1( ‘ DDDD ’ || MS || SR || CR )) || …

13 SSL Record format SSL Record = Content type || Major version || Minor version || Length ||{ Data || MAC( K ’, Data ) } K MAC( K ’, Data ) = hash( K ’ || pad2 || hash( K ’ || pad1 || seq_num || compressed_type || length || Data )) hash: MD5 or SHA-1 pad1 = 0x … pad2 = 0x5C5C5C … seq_num: sequence number for message

14 Sample SSL session Client has no certificate, only server authenticated C  S: client_hello S  C: server_hello Ephemeral DH key exchange, RC4 encryption, MD5-based MAC S  C: Server certificate, containing RSA public key Client checks validity + verifies URL matches certificate! S  C: Server_key_exchange: g, p, g s, {H(g, p, g s )} K S -1 S  C: server_hello_done C  S: client_key_exchange: g c C  S: change_cipher_spec C  S: finished S  C: change_cipher_spec S  C: finished

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.