Presentation is loading. Please wait.

Presentation is loading. Please wait.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line."— Presentation transcript:

1 0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line

2 1 What does “Secure” Mean? +Confidentiality Prevent eavesdropping +Authenticity Communication line cannot be overtaken +Integrity Messages cannot be modified during transport –Non-reputiation “you can’t prove I said that!”

3 2 Layered Architecture Application Layer Handshake Layer Record Layer Transport Layer (TCP/IP) SSLSSL Application Data Protocol Handshake Protocol Change Cipher Spec Protocol Alert Protocol

4 3 SSL is a Statefull Protocol Session State  Session ID  Peer certificate  Compression method  Cipher Spec.  Master Secret  Is resumable (flag) SSL handles multiple simultaneous sessions Connection State  Random data  MAC Secrets  Transport Keys  IVs (for CBC block ciphers)  Sequence numbers Each session handles multiple connections

5 4 TLS’ State Model Connection State  Master Secret  Random data  CipherSpec  Compression Method  MAC Secrets  Transport Keys  IVs (for CBC block ciphers)  Sequence numbers Session State (?)  Session ID  Peer certificate  Is resumable (flag)

6 5 State Structure RSA, 3DES, SHA, Keys, … ClientServer Pending Current Read Write Pending Current Read Write RSA, 3DES, SHA, Keys, … Null, Null, Null, …

7 6 Record Layer Transport Layer DATA Type Length Version SSL Plaintext Fragment SSL Compressed Compression SSL Ciphertext Encryption & Authentication Stream or block ciphered MAC

8 7 MAC Computation MAC = hash(MAC_secret + pad 2 + hash(MAC_secret + pad 1 + seq_num + length + content)) hash = SHA-1 or MD5 pad 1 = 0x36 repeated 40 times (SHA-1) of 48 times (MD5) pad 2 = 0x5C repeated as above

9 8 Handshake Protocol ServerClient Client Hello Server Hello Certificate Cert. Req. Server Key Exchange ServerHello Done Certificate Client Key Exchange Certificate Verify ChangeCipherspec Finished ChangeCipherspec Finished ASN.1 Encoded Acceptable certificate types Acceptable CAs Empty MAC on handshake messages, except ChangeCipherSpec

10 9 Client Hello Type Length Data Handshake Version Random Session ID Client Hello Supported cipher suites Supported compression methods Example Cipher Suites: SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA …

11 10 Server Hello Type Length Data Handshak e Version Random Session ID Server Hello Cipher suite Compression method

12 11 Server Key Exchange Type Length Data Handshake p (modulus, prime) g (generator) g a s mod p Server Key Exchange (Diffie-Hellman) m (modulus = p*q) e (pub. exp.) Signature Server Key Exchange (RSA) Signature Diffie-Hellman Client Computes: PreMasterSecret = (g a s ) a c mod p Client Sends : g a c to server Server Computes: PreMasterSecret = (g a c ) a s mod p RSA Client Computes: y = PreMasterSecret e mod p Client sends : y to server Server Computes: PreMasterSecret = y d mod p

13 12 Change Cipherspec ClientServer Pending Current Read Write Pending Current Read Write Change Cipherspec (Server) Change Cipherspec (Client)

14 13 Key Generation ms = MD5(pms + SHA(‘A’ + pms + client_random + server_random)) + MD5(pms + SHA(‘BB’ + pms + client_random + server_random)) + MD5(pms + SHA(‘CCC’ + pms + client_random + server_random)) Where ms = “Master Secret” (48 bytes) pms = “Pre Master Secret” (48 bytes) Key material computed by (Pseudo) random data = MD5(ms + SHA(‘A’ + ms + client_random + server_random)) + MD5(ms + SHA(‘BB’ + ms + client_random + server_random)) + MD5(ms + SHA(‘CCC’ + ms + client_random + server_random)) + …

15 14 Dropping ChangeCipherSpec Attack: Remove the ChangeCipherSpec message entirely from the communication, forcing communication to proceed with initial cipher spec (null). SSL defence: Implementation must check that a ChangeCipherSpec message has been received before a Finished message is received.

16 15 Key Exchange Rollback Attack: Make client use a prime modulus for its RSA key exchange by tampering with cipher suite specs in ClientHello and ServerHello. SSL defence: Implementation must check that the number of fields in the ServerKeyExchange message matches the chosen cipher suite.

17 16 Experts in cryptography info@cryptomathic.com www.cryptomathic.com

Download ppt "0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line."

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets. Overview of Lecture We covered an overview of authenticated key exchange protocols In this lecture we will –Look at issues related to.

Secure Sockets. Overview of Lecture We covered an overview of authenticated key exchange protocols In this lecture we will –Look at issues related to.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Transport Layer Security (TLS) Bill Burr November 2, 2001.

Transport Layer Security (TLS) Bill Burr November 2, 2001.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Similar presentations

Ads by Google