Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 05 Secure Connection The topic to be covered this week is secure connection. Apparently, the.

Published byἈρέθουσα Διαμαντόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 05 Secure Connection The topic to be covered this week is secure connection. Apparently, the."— Presentation transcript:

1 Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec
05 Secure Connection The topic to be covered this week is secure connection. Apparently, the goal is build a secure channel between two communication entities such that data transmission on this secure channel keeps private from attackers. Kai Bu

2 insecure at first Insecure at first mrj jzk txh hello, txh
Without such a secure channel, Whenever you send a message to the other, the message has to stay in a plaintext form, which can be easily eavesdropped by the attacker. mrj jzk txh hello, txh

3 secure communication against adversaries
crypto as savior secure communication against adversaries shared secret key mrj ??? jzk txh hello, txh hello, txh asdfghjkl enc dec

4 secure communication against adversaries
insecure still… secure communication against adversaries shared secret key But the question is, we are given with only an insecure channel; When we share the secret key through this channel, the attacker can still overhear it; mrj !!! jzk txh

5 secure communication against adversaries
insecure still… secure communication against adversaries shared secret key With the overheard secret key, the attacker can still crack subsequent messages even though they might be encrypted. mrj !!! hello, txh dec jzk txh hello, txh hello, txh asdfghjkl enc dec

6 secure communication against adversaries
insecure still… secure communication against adversaries shared secret key how to securely share it? Now the question becomes, how to securely share the secret key? mrj !!! hello, txh dec jzk txh hello, txh hello, txh asdfghjkl enc dec

7 public key cryptography
secure communication against adversaries Remember that now we can turn to public key cryptography mrj jzk txh

8 public key cryptography
secure communication against adversaries pub priv In this case, the receiver owns a pair of public key and private key mrj jzk txh

9 public key cryptography
secure communication against adversaries pub priv Since public key is allowed to be known by everyone by design, The receiver can simply send it to the sender over the insecure channel without any concern. mrj jzk txh

10 public key cryptography
secure communication against adversaries shared secret key protected from attacker pub priv mrj jzk txh asdfghjkl enc dec

11 secure communication against adversaries
symmetric crypto it is secure communication against adversaries shared secret key protected from attacker mrj ??? jzk txh hello, txh hello, txh asdfghjkl enc dec

12 wow

13 private communication
over public internet protect their data during transfer by creating a uniquely encrypted channel for private communications over the public Internet.

14 private communication
Secure Connection private communication over public internet This is exactly what secure connection assures us.

15 Secure Connection Protocol: SSL/TLS Application: HTTPS
1. The client sends a hello message to the server. 2. The server responds with a hello message and sends the server's certificate. 3. The client performs the following actions: Verifies that the SSL/TLS server certificate is signed by a root certificate that the client trusts. Extracts the public key from the server certificate. Generates a premaster secret and encrypts it with the server's public key. Sends the encrypted premaster secret to the server. 4. To decrypt the client's premaster secret, the server sends it to the HSM. The HSM uses the private key in the HSM to decrypt the premaster secret and then it sends the premaster secret to the server. Independently, the client and server each use the premaster secret and some information from the hello messages to calculate a master secret. 5. The handshake process ends. For the rest of the session, all messages sent between the client and the server are encrypted with derivatives of the master secret.

16 HTTPS Use HTTPS as an example to walk through SSL/TLS principles

17 hyper text transfer secure
HTTPS hyper text transfer secure Use HTTPS as an example to walk through SSL/TLS principles

18 Threats Eavesdropping Manipulation Impersonation SSL stands for

19 Solutions Eavesdropping Encryption Manipulation Integrity (MAC)
Impersonation Signature SSL stands for

20 Protocol FIN FIN, ACK ACK

21 Protocol TCP handshake TLS handshake connection termination FIN
FIN, ACK ACK

22 Protocol TCP handshake TLS handshake connection termination FIN
FIN, ACK ACK

23 HTTPS step by step Use HTTPS as an example to walk through SSL/TLS principles

24 step 1: connection request
HTTPS step 1: connection request

25 asdf User types a link in the address bar

26 https://www.votefor.com where is votefor? asdf
User types a link in the address bar

27 https://www.votefor.com what’s votefor’s IP? asdf
User types a link in the address bar

28 https://www.votefor.com votefor  IP DNS: Domain Name System asdf
User types a link in the address bar

29 DNS Hierarchy

30 DNS Resolution DNS resolution. Each web server (and indeed any host connected to the internet) has a unique IP address in textual form, translating it to an IP address (in this case, ) is a process known asDNS resolution or DNS lookup; here DNS stands forDomain Name Service.

31 DNS Hijacking

32 https://www.votefor.com avoid link camouflage: www.vote4.com asdf
asdf Now make sure that you have correctly typed the address you want to connect in the address bar;

33 Connection Request CLIENT HELLO SSL Protocol version Session ID
List of Cipher Suites CLIENT HELLO Extensions Given the secure DNS resolution process and correct input of the website address, Users sends a CLIENT HELLO message to the server

34 HTTPS step 2: sever response

35 Server Response SERVER HELLO SSL Protocol version Session ID
Selected Cipher Server Certificate SERVER HELLO Extensions Client Certificate Request (optional)

36 Server Response SERVER HELLO SSL Protocol version Session ID
Selected Cipher Server Certificate Public Key? SERVER HELLO Extensions Client Certificate Request (optional)

37 Server Response SERVER HELLO SSL Protocol version Session ID
Selected Cipher Server Certificate Public Key? SERVER HELLO Extensions Client Certificate Request (optional)

38 why not directly transfer
SERVER HELLO Extensions Client Certificate Request (optional) SERVER HELLO SSL Protocol version Session ID Selected Cipher Server Certificate Public Key? SERVER HELLO Extensions Client Certificate Request (optional)

39 what if the attacker hijacks key-channel?
mrj jzk txh hello, txh

40 Man-In-The-Middle Attack
what if the attacker hijacks key-channel? key1 key2 mrj jzk txh hello, txh

41 SERVER HELLO SSL Protocol version Session ID Selected Cipher Server Certificate Public Key? SERVER HELLO Extensions Client Certificate Request (optional)

42 Certificate Issued by a trusted third party Certificate Authority (CA)
VeriSign, GeoTrust, Digicert, etc.

43 Certificate Goal: vouch for server public key Principle:
signed by CA’s private key verifiable by CA’s public key

44 step 3: certificate verification
HTTPS step 3: certificate verification

45 What to Verify? Certificate Authority

46 What to Verify? Certificate Authority trusted? certificate integrity?

47 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date

48 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date expired?

49 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date expired? Certificate Revocation List

50 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date expired? Certificate Revocation List valid?

51 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date expired? Certificate Revocation List valid? Domain Name

52 What to Verify? Certificate Authority trusted? certificate integrity?
Certificate Date expired? Certificate Revocation List valid? Domain Name intended?

53 How to Verify? Domain Name Public Key CA Name CA Signature

54 How to Verify? Domain Name Public Key CA Name CA Signature
should I trust the CA?

55 How to Verify? Domain Name Public Key CA Name CA Signature
should I trust the CA? query locally built-in certificate store CA Name Public Key CA Signature

56 How to Verify? Domain Name Public Key CA Name CA Signature
I trust the CA? query locally built-in certificate store CA Name Public Key verify integrity and authenticity CA Signature

57 How to Verify? Domain Name Public Key CA Name CA Signature
I trust the CA? query locally built-in certificate store CA Name Public Key verify integrity and authenticity CA Signature

58 How to Verify? Domain Name Public Key CA Name CA Signature
I trust the CA? query locally built-in certificate store CA Name Public Key verify integrity and authenticity CA Signature

59 How to Verify? Domain Name Public Key CA Name I trust the Public Key?
CA Signature CA Name Public Key verify integrity and authenticity CA Signature

60 How to Verify? Domain Name Public Key CA Name I trust the Public Key?
CA Signature Root CA? CA Name Public Key verify integrity and authenticity CA Signature

61 hmm, what if signed by “branch” CA?

62 Certificate Chain

63 wait, is a valid certificate
still valid?

64 wait, is a valid certificate
still valid? enable CRL check

65 Certificate Revocation List
Certificates that have been revoked by the issuing CA before their scheduled expiration date and should no longer be trusted Two states revoked: irreversibly revoked hold: only temporary invalidity, reversible Revoked: A certificate is irreversibly revoked if, for example, it is discovered that the certificate authority (CA) had improperly issued a certificate, or if a private-key is thought to have been compromised. Certificates may also be revoked for failure of the identified entity to adhere to policy requirements, such as publication of false documents, misrepresentation of software behaviour, or violation of any other policy specified by the CA operator or its customer. The most common reason for revocation is the user no longer being in sole possession of the private key (e.g., the token containing the private key has been lost or stolen). Hold: This reversible status can be used to note the temporary invalidity of the certificate (e.g., if the user is unsure if the private key has been lost). If, in this example, the private key was found and nobody had access to it, the status could be reinstated, and the certificate is valid again, thus removing the certificate from future CRLs.

66 Certificate Revocation List
Periodically issued by a CRL issuer CA per se, or some other trusted third parties Query supported as well Tradeoff between security and efficiency

67 Certificate Revocation List
Periodically issued by a CRL issuer CA per se, or some other trusted third parties Query supported as well Tradeoff between security and efficiency Always a time gap between when a certificate is revoked AND when its revocation approaches a client

68 nitpicking: do I have to trust Root CA?

69 HTTPS step 4: key exchange

70 step 5: secure communication
HTTPS step 5: secure communication

71 HTTPS step 6: bye

72 ?

73 Readings SSL and HTTPS by Nickolai Zeldovich
Everything About HTTPS and SSL (Java) by Akhil Raj

74 Thank You be on the road Run your own race.

Download ppt "Kai Bu kaibu@zju.edu.cn http://list.zju.edu.cn/kaibu/netsec 05 Secure Connection The topic to be covered this week is secure connection. Apparently, the."

Similar presentations

CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Chapter 8 Web Security.

Chapter 8 Web Security.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Introduction to Secure Sockets Layer (SSL) Protocol Based on: https://developer.mozilla.org/En/Introduction_to_SSL#The_SSL_Protocol.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: 102088 March 10, 2001.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Similar presentations

Ads by Google