Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)

Published byJayden Bishop Modified over 11 years ago

Similar presentations

Presentation on theme: "Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)"— Presentation transcript:

1 Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)

2 SSL De facto Standard for client-server security IETF RFC: The TLS Protocol Version 1.0 (RFC 2246) All commodity browsers support SSL Open implementations (e.g. SSLRef, SSLPlus, SSLava, SSLeay, openSSL, modSSL)

3 SSL/TLS Framework HTTP(S) TCP Hand- shake Change Cipher Applica tion Alert Record Layer Key Exchange Data Enc/Auth

4 SSL/TLS Record Layer HTTP-Data Lengthhttp3.1 Lengthhttp3.1 Lengthhttp3.1Padd.MACP. Length Fragmentation Compression Encryption

5 SSL/TLS: Handshake bank. com bank. com

6 Protocol Specification

7 SSL/TLS: ciphersuites Key Exchange- Algorithm Certificate Type ServerKey- Exchange ClientKey- Exchange Description RSARSA Encryption NoEncrypted premaster secret Client encrypts premaster secret with server's public key RSAExport (>512 Bit) RSA SigningYes (ephemeral RSAKey 512 Bit) Encrypted premaster secret Client encrypts premaster secret with server's ephemeral public key DHE-DSSDSS SigningYes (g s mod p) g c mod pDiffie-Hellman key exchange, Server signs (g s mod p) with DSS- signature.

8 SSL/TLS: ciphersuites Key Exchange Algorithm. Certificate Typ ServerKey- Exchange ClientKey- Exchange Description DHE-RSARSA SigningYes (g s mod p) g c mod pDiffie-Hellman Key exchange, Server signs (g s mod p) with RSA signature DH-DSSsigned DH, using DSS signature No (g s mod p in server certificate) g c mod pDiffie-Hellman key exchange with server's static DH exponent DH-RSAsigned DH, using RSA signature No (g s mod p in server certificate) g c mod pDiffie-Hellman key exchange with server's static DH exponent

9 TLS Renegotiation The spec allows a party (either I or R) to initiate a change cipher procedure by sending a special message, authenticated under the current session key. As a result, a new key is negotiated from scratch. There is no binding between the old and new keys – these are two independent sessions. Still the two sessions appear for applications as the same stream. Consequently, it is possible to attack the protocol:

10 TLS Renegotiation attack Client Attacker Server

11 TLS Renegotiation attack Client Attacker Server There is much work currently done at the IETF on how to fix the protocol. This is a great example for the importance of modeling and proof in practical crypto.

Download ppt "Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)"

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Transport Layer Security (TLS) Bill Burr November 2, 2001.

Transport Layer Security (TLS) Bill Burr November 2, 2001.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Similar presentations

Ads by Google