Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security at the Transport Layer: SSL and TLS

Published byMeredith Bond Modified over 6 years ago

Similar presentations

Presentation on theme: "Security at the Transport Layer: SSL and TLS"— Presentation transcript:

1 Security at the Transport Layer: SSL and TLS
Chapter 17 Security at the Transport Layer: SSL and TLS Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2 Chapter 17 Objectives ❏ To discuss the need for security services at the transport layer of the Internet model ❏ To discuss the general architecture of SSL ❏ To discuss the general architecture of TLS ❏ To compare and contrast SSL and TLS

3 17 Continued Figure Location of SSL and TLS in the Internet model

4 Topics discussed in this section:
SSL ARCHITECTURE SSL is designed to provide security and compression services to data generated from the application layer. Topics discussed in this section: Services Key Exchange Algorithms Encryption/Decryption Alogrithms Hash Algorithms Cipher Suite Compression Algorithms Crypography Parameter Generation Session and Connections

5 17.1.1 Services Fragmentation Compression Message Integrity
Confidentiality Framing

6 17.1.2 Key Exchange Algorithms
Figure Key-exchange methods

7 Continued Null There is no key exchange in this method. No pre-master secret is established between the client and the server. Note Both client and server need to know the value of the pre-master secret.

8 Continued RSA Figure RSA key exchange; server public key

9 17.1.2 Continued Anonymous Diffie-Hellman
Figure Anonymous Diffie-Hellman key exchange

10 17.1.2 Continued Ephemeral Diffie-Hellman key exchange
Figure Ephemeral Diffie-Hellman key exchange

11 Continued Fixed Diffie-Hellman Another solution is the fixed Diffie-Hellman method. All entities in a group can prepare fixed Diffie-Hellman parameters (g and p). Fortezza Fortezza is a registered trademark of the U.S. National Security Agency (NSA). It is a family of security protocols developed for the Defense Department.

12 17.1.3 Encryption/Decryption Algorithms
Figure Encryption/decryption algorithms

13 Continued NULL The NULL category simply defines the lack of an encryption/decryption algorithm. Stream RC Two RC algorithms are defined in stream mode. Block RC One RC algorithm is defined in block mode. DES All DES algorithms are defined in block mode.

14 Continued IDEA The IDEA algorithm defined in block mode is IDEA_CBC, with a 128-bit key. Fortezza The one Fortezza algorithm defined in block mode is FORTEZZA_CBC.

15 Hash Algorithm Figure Hash algorithms for message integrity

16 Continued NULL The two parties may decline to use an algorithm. In this case, there is no hash function and the message is not authenticated. MD5 The two parties may choose MD5 as the hash algorithm. In this case, a 128-key MD5 hash algorithm is used. SHA-1 The two parties may choose SHA as the hash algorithm. In this case, a 160-bit SHA-1 hash algorithm is used.

17 Cipher Suite The combination of key exchange, hash, and encryption algorithms defines a cipher suite for each SSL session.

18 Continued Table SSL cipher suite list

19 17.1.6 Compression Algorithms
Compression is optional in SSLv3. No specific compression algorithm is defined for SSLv3. Therefore, the default compression method is NULL.

20 17.1.7 Cryptographic Parameter Generation
Figure Calculation of master secret from pre-master secret

21 Continued Figure Calculation of key material from master secret

22 Continued Figure Extractions of cryptographic secrets from key material

23 17.1.8 Sessions and Connections
Note In a session, one party has the role of a client and the other the role of a server; in a connection, both parties have equal roles, they are peers.

24 Continued Figure A session and connections

25 Continued Session State Table Session state parameters

26 17.1.8 Continued Connection State
Table Connection state parameters

27 and three write secrets.
Continued Note The client and the server have six different cryptography secrets: three read secrets and three write secrets. The read secrets for the client are the same as the write secrets for the server and vice versa.

28 Topics discussed in this section:
Four Protocols We have discussed the idea of SSL without showing how SSL accomplishes its tasks. SSL defines four protocols in two layers, as shown in Figure Topics discussed in this section: Handshake Protocol ChangeCipher Spec Protocol Alert Protocol Record Protocol

29 17.2. Continued Figure Four SSL protocols

30 Handshake Protocol Figure Handshake Protocol

31 Continued Figure Phase I of Handshake Protocol

32 After Phase I, the client and server know the following:
Continued Note After Phase I, the client and server know the following: ❏ The version of SSL ❏ The algorithms for key exchange, message authentication, and encryption ❏ The compression method ❏ The two random numbers for key generation

33 Continued Figure Phase II of Handshake Protocol

34 ❏ The server is authenticated to the client.
Continued Note After Phase II, ❏ The server is authenticated to the client. ❏ The client knows the public key of the server if required.

35 Continued Figure Four cases in Phase II

36 Continued Figure Phase III of Handshake Protocol

37 ❏ The client is authenticated for the server.
Continued Note After Phase III, ❏ The client is authenticated for the server. ❏ Both the client and the server know the pre-master secret.

38 Continued Figure Four cases in Phase III

39 Continued Figure Phase IV of Handshake Protocol

40 After Phase IV, the client and server are ready to exchange data.
Continued Note After Phase IV, the client and server are ready to exchange data.

41 17.2.2 ChangeCipherSpec Protocol
Figure Movement of parameters from pending state to active state

42 Alert Protocol Table Alerts defined for SSL

43 Record Protocol Figure Processing done by the Record Protocol

44 Continued Figure Calculation of MAC

45 Topics discussed in this section:
SSL MESSAGE FORMATS As we have discussed, messages from three protocols and data from the application layer are encapsulated in the Record Protocol messages. Topics discussed in this section: ChangeCipherSpec Protocol Alert Protocol Handshake Protocol Application Data

46 17.3 Continued Figure Record Protocol general header

47 17.3.1 ChangeCipherSpec Protocol
Figure ChangeCipherSpec message

48 Alert Protocol Figure Alert message

49 Handshake Protocol Figure Generic header for Handshake Protocol

50 Continued Table Types of Handshake messages

51 Continued Figure Virtual tributary types

52 Continued Figure ClientHello message

53 Continued Figure ServerHello message

54 Continued Figure Certificate message

55 Continued Figure ServerKeyExchange message

56 Continued Figure CertificateRequest message

57 Continued Figure ServerHelloDone message

58 Continued Figure CertificateVerify message

59 Continued Figure Hash calculation for CertificateVerify message

60 Continued Figure ClientKeyExchange message

61 Continued Figure Finished message

62 Continued Figure Hash calculation for Finished message

63 Application Data Figure Record Protocol message for application data

64 Topics discussed in this section:
Transport Layer Security (TLS) The Transport Layer Security (TLS) protocol is the IETF standard version of the SSL protocol. The two are very similar, with slight differences. Topics discussed in this section: Version Cipher Suite Generation of Cryptographic Secrets Alert Protocol Handshake Protocol Record Protocol

65 Version The first difference is the version number (major and minor). The current version of SSL is 3.0; the current version of TLS is 1.0. In other words, SSLv3.0 is compatible with TLSv1.0.

66 Cipher Suite Another minor difference between SSL and TLS is the lack of support for the Fortezza method. TLS does not support Fortezza for key exchange or for encryption/decryption. Table 17.6 shows the cipher suite list for TLS (without export entries).

67 Continued Table Cipher Suite for TLS

68 17.4.3 Generation of Cryptographic Secrets
Figure Data-expansion function

69 Continued Figure PRF

70 Continued Figure Master secret generation

71 Continued Figure Key material generation

72 Alert Protocol TLS supports all of the alerts defined in SSL except for NoCertificate. TLS also adds some new ones to the list. Table 17.7 shows the full list of alerts supported by TLS.

73 Continued Table Alerts defined for TLS

74 Handshake Protocol Figure Hash for CertificateVerify message in TLS

75 Continued Figure Hash for Finished message in TLS

76 Record Protocol Figure HMAC for TLS

Download ppt "Security at the Transport Layer: SSL and TLS"

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.

Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CN8814: Network Security1 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) TLS (SSL-VPN)

CN8814: Network Security1 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) TLS (SSL-VPN)

Similar presentations

Ads by Google