Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

Published byEmerson Burditt Modified over 10 years ago

Similar presentations

Presentation on theme: "ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport."— Presentation transcript:

1 ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport Layer Security (TLS)

2 ITA, 2.11.2011, 8-TLS.pptx 2 TLS Session Example

3 ITA, 2.11.2011, 8-TLS.pptx 3 TLS Market Share of Certification Authorities 2010 Netcraft Ltd https://ssl.netcraft.com/ssl-sample-report/CMatch/certs

4 ITA, 2.11.2011, 8-TLS.pptx 4 Secure Network Protocols for the OSI Stack Application layerssh, S/MIME, PGP, Kerberos, WSS Transport layerTLS, [SSL] Network layerIPsec Data Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layerQuantum Cryptography Communication layersSecurity protocols

5 ITA, 2.11.2011, 8-TLS.pptx 5 TLS/SSL Protocol Layers Secure Transport Layer TLS TCP IP Application Transport Fragmentation Compression Authentication Encryption Insecure Transport Layer TCP IP Application Sockets

6 ITA, 2.11.2011, 8-TLS.pptx 6 Handshake Change CipherSpec Alert Application Application Data (messages) TLS - Record Protocol (records) TLS Record Protocol TCP - Transport Protocol (stream) IP - Network Protocol (packets)

7 ITA, 2.11.2011, 8-TLS.pptx 7 [Compressed] Data MAC Padding TCP Header Record Header n * Block Cipher Size Record Body TLS Record Structure Application Data (Segment 1) Record Header Encrypted Data Application Data (Segment 2) 5 Bytes

8 ITA, 2.11.2011, 8-TLS.pptx 8 TLS Handshake Protocol Server Server Hello RSRS RSRS ServerHelloDone Client Client Hello RCRC RCRC Application Data° Certificate* ClientKeyExchange CertificateVerify* *optional ServerKeyExchange* Certificate* CertificateRequest* *optional Finished° ChangeCipherSpec Finished° ChangeCipherSpec °encrypted

9 ITA, 2.11.2011, 8-TLS.pptx 9 Resuming a TLS Session Client Client Hello RCRC RCRC Application Data° Finished° ChangeCipherSpec Server Server HelloRSRS Finished° ChangeCipherSpec °encrypted

10 ITA, 2.11.2011, 8-TLS.pptx 10 Implemented SSL/TLS Protocol Versions SSL – Secure Sockets Layer Version 2.0 Initially developed by Netscape SSL 2.0 is sensitive to man-in-the-middle attacks leading e.g. to the negotiation of weak encryption keys SSL 2.0 should not be used anymore SSL – Secure Sockets Layer Version 3.0 Internet Draft authored by Netscape, November 1996 Supported by all browsers Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack TLS – Transport Layer Security Version 1.0 (SSL 3.1) IETF RFC 2246, January 1999 TLS 1.0 ist not backwards compatible to SSL 3.0 (differences in MAC computation, PRF function for master_secret and key material) Supported by all browsers Vulnerable to the BEAST Cipher-Block-Chaining (CBC) attack

11 ITA, 2.11.2011, 8-TLS.pptx 11 BEAST – Browser Exploit Against SSL/TLS Authors Thai Duong and Juliano Rizzo presented their exploit on September 23 2011 at the 7th ekoparty Security Conference in Buenos Aires. Exploit The exploit uses a known-plaintext attack on the Cipher-Block-Chaining (CBC) encryption vulnerability of SSL 3.0 and TLS 1.0 which has been known since 2001 and was fixed by TLS 1.1 in 2006. Approach The BEAST JavaScript code running in a browser decrypts encrypted cookies sent via HTTPS within a couple of seconds. Fix Temporary workaround: Set up HTTPS web servers with stream ciphers (e.g. the rather outdated RC4 algorithm) Migration of HTTPS web servers and browsers to TLS 1.1 or 1.2.

12 ITA, 2.11.2011, 8-TLS.pptx 12 Latest TLS Protocol Versions TLS – Transport Layer Security Version 1.1 (SSL 3.2) IETF RFC 4346, April 2006 Protection against CBC attacks (Serge Vaudenay, EPFL, 2004): Implicit Initialization Vector (IV) is replaced with an explicit IV Handling of padding errors is changed to use the bad_record_mac alert rather then decryption_failed. TLS – Transport Layer Security Version 1.2 (SSL 3.3) IETF RFC 5246, August 2008, updated by RFC Combined MD5/SHA-1 hash and PRF functions replaced by SHA-256 based default algorithms or cipher-suite specified methods. Support of Authenticated Encryption with Additional Data (AEAD) modes (e.g. AES-GCM accelerated by Intel AES-NI instruction set) TLS 1.1 and 1.2 Support Windows 7, Windows Server 2008 R2 GnuTLS library, the OpenSSL 1.0.1 snapshot and strongSwan libtls.

13 ITA, 2.11.2011, 8-TLS.pptx 13 SSL/TLS Configuration Options Mozilla Firefox

14 ITA, 2.11.2011, 8-TLS.pptx 14 SSL/TLS Configuration Options Mozilla Firefox

15 ITA, 2.11.2011, 8-TLS.pptx 15 SSL/TLS Configuration Options Microsoft Internet Explorer

16 ITA, 2.11.2011, 8-TLS.pptx 16 TLS Enhanced TCP-based Application Protocols Service Name PortSecured Service https 443/tcp http protocol over TLS smtps 465/tcp smtp protocol over TLS smtp 25/tcpSTARTTLS keyword (RFC 2487) imaps 993/tcp imap4 protocol over TLS imap4143/tcpSTARTTLS keyword (RFC 2595) pop3s 995/tcp pop3 protocol over TLS pop3110/tcpSTLS keyword (RFC 2595) ldaps 636/tcp ldap protocol over TLS ircs 994/tcp irc protocol over TLS nntps 563/tcp nntp protocol over TLS

Download ppt "ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport."

Similar presentations

Kommunikationssysteme (KSy) - Block 8

Kommunikationssysteme (KSy) - Block 8
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.

Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Similar presentations

Ads by Google