Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 465 TLS Last Updated: Oct 31, 2017.

Published byHarriet Barber Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 465 TLS Last Updated: Oct 31, 2017."— Presentation transcript:

1 CS 465 TLS Last Updated: Oct 31, 2017

2 Student Learning Goals
Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic primitives are used and why? Understand session resumption Understand the limitations of TLS

3 Genesis of TLS SSLv1 (1994) Netscape unreleased
SSLv2 (1994) Netscape First release PCT (1995) Microsoft SSLv3 (1995) Netscape STLP (1996) Microsoft TLS 1.0 ( ) IETF (aka SSLv3.1) WTLS (1998) WAP Forum TLS 1.1 (2006) TLS 1.2 (2008) Source: SSL and TLS, Rescorla

4 SSL Record Protocol Operation
Source: Network Security Essentials (Stallings)

5 SSL Record Format SSL Record Format
Source: Network Security Essentials (Stallings)

6 RSA Key Exchange Method
Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Client Key Exchange [Pre-master secret encrypted with server public key] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

7 RSA Key Exchange Method
Client Mutual Authentication Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Certificate Client Key Exchange [Pre-master secret encrypted with server public key] Certificate Verify Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

8 DHE Key Exchange Method
Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate [chain of X.509 Certs] Server Key Exchange [signed DH info] Random_client, Random_server, g, p, server DH param Server Hello Done Client Key Exchange [client DH public param] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

9 Key Material for TLS RSA DHE
Client generates pre-master secret Sends to server encrypted with servers public key DHE DH shared key is the pre-master secret Pre-master secret and random values used to compute master secret Master secret and random values used to compute key block material Key block contains 4 or 6 keys Two keys for AES, 2 keys for MAC, 2 keys (IV) for block cipher mode if needed

10 Perfect Forward Secrecy
In vanilla RSA, the premaster secret is encrypted with the server’s public key If the server’s private key is compromised all past and future sessions are also compromised Majority of TLS uses vanilla RSA Alternatives Ephemeral Diffie-Hellman (DHE-RSA) Elliptic curve variation is faster (ECDHE)

11 Forward Secrecy Using an ephemeral key
Even if the server’s private key is later compromised, past sessions cannot be decrypted, even if captured and stored by a third party

12 TLS 1.3 https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
Reduced round trips in the handshake Certificates are encrypted Quick session resumption

13 Review Questions How many shared keys are derived between a client and a server that establish a TLS session? How does the server prove ownership of its private key? How does the client prove ownership of its private key when client authentication is (rarely) used? What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption?

14 Review Questions How many shared keys are derived between a client and a server that establish a TLS session? Each side generates 4-6 keys How does the server prove ownership of its private key? Implicitly by decrypting the pre-master secret and finishing handshake How does the client prove ownership of its private key when client authentication is (rarely) used? Send digital signature to the server What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption? Finished message

15 Limitations/Issues Certificate Authority system TLS Proxies
TLS Inspection Proxies, Middleboxes Other approaches Pinning (TOFU) Notaries (Crowd) DANE (DNS-based)

Download ppt "CS 465 TLS Last Updated: Oct 31, 2017."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Chapter 8 Web Security.

Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Similar presentations

Ads by Google