1. CSCE 790: Computer Network Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina

2. 10/7/20032 Web Security Web is now widely used by business, government, and individuals But Internet and Web are vulnerable Have a variety of threats integrity confidentiality denial of service authentication Need to add security mechanisms

3. 10/7/20033 Security Socket Layer (SSL) Security service at transport layer Originally developed by Netscape SSLv3 was designed with public input Subsequently became Internet standard known as Transport Layer Security (TLS) Use TCP to provide reliable end-to-end service SSL has two layers of protocols

4. 10/7/20034 SSL Protocol Architecture

5. 10/7/20035 SSL Elements SSL session an association between client and server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections SSL connection a transient, peer-to-peer, communications link associated with 1 SSL session

6. 10/7/20036 SSL Record Protocol confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4- 40, RC4-128 message is compressed before encryption (optional) message integrity using a MAC with shared secret key similar to HMAC but with different padding

7. 10/7/20037 SSL Record Protocol Operation

8. 10/7/20038 SSL Change Cipher Spec Protocol A single message with only one byte “1” Cause pending state to become current, hence updating the cipher suite in use

9. 10/7/20039 SSL Alert Protocol Use two-byte message to convey SSL-related alerts to peer entity First byte is severity level warning(1) or fatal(2) Second byte is specific alert Always fatal: unexpected_message, bad_record_mac, decompression_failure, handshake_failure, illegal_parameter Other alerts: close_notify, no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown Compressed and encrypted like all SSL data

10. 10/7/200310 SSL Handshake Protocol Allow server and client to authenticate each other negotiate encryption and MAC algorithms negotiate cryptographic keys to be used Comprise a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish

11. 10/7/200311 SSL Handshake Messages

12. 10/7/200312 Transport Layer Security (TLS) Specified as IETF standard RFC 2246 Similar to SSLv3 but with minor differences in record format version number use HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding

13. 10/7/200313 Next Class Midterm! Oct. 16 in class about 10 problems 75 minutes 10% of final grade Review lecture slides and related papers discussed in class