Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

Published byTimothy Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption."— Presentation transcript:

1 SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption

2 SSL/TLS Secure Socket Layer Protocol (SSL)
Designed by Netscape in 1994 To protect WWW applications and electronic transactions Transport layer security protocol (TLS) A revised version of SSLv3 Two major components: Record protocol, on top of transport-layer protocols Handshake protocol, change-cipher-spec protocol, and alert protocol; they reside between application-layer protocols and the record protocol

3 SSL Example Hyper Text Transmission Protocol over SSL (https)
Implemented in the application layer of OSI model Uses SSL to Encrypt HTTP packets Authentication between server & client

4 SSL Structure

5 SSL Handshake Protocol
Allows the client and the server to negotiate and select cryptographic algorithms and to exchange keys Allows authentication to each other Four phases: Select cryptographic algorithms Client Hello Message Server Hello Message Authenticate Server and Exchange Key Authenticate Client and Exchange Key Complete Handshake

6 Phase 1a: Client Hello Message
The client’s hello message contains the following information: Version number, VC: Highest SSL version installed on the client machine Eg VC = 3 Pseudo Random string, rc 32-byte string 4 byte time stamp 28 byte nonce Session ID, SC If Sc=0 then a new SSL connection on a new session If Sc!= 0 then a new SSL connection on existing session, or update parameters of the current SSL connection Cipher suite: (PKE, SKA, Hash) Eg. <RSA, ECC, Elgamal,AES-128, 3DES, Whirlpool, SHA-384, SHA-1> Lists public key encryption algorithms, symmetric key encryption algorithms and hash functions supported by the client Compression Method Eg. <WINZIP, ZIP, PKZIP> Lists compression methods supported by the client

7 Phase 1b: Server Hello Message
The server’s hello message contains the following information: Version number, VS: VS = min {VClient,V} Highest SSL version installed at server-side Pseudo Random string, rs 32-byte string 4 byte time stamp 28 byte nonce Session ID, SS If Sc=0 then Ss = new session ID If Sc!= 0 then Ss=Sc Cipher suite: (PKE, SKA, Hash) Eg. <RSA,AES-128,Whirpool> Lists public key encryption algorithm, symmetric key encryption algorithm and hash function supported by the server Compression Method Eg. <WINZIP> Compression method that the server selected from the client’s list.

8 Phase 2 Server sends the following information to the client:
Server’s public-key certificate Server’s key-exchange information Server’s request of client’s public-key certificate Server’s closing statement of server_hello message Note: The authentication part is often not implemented

9 Phase 3 Client responds the following information to the server:
Client’s public-key certificate Client’s key-exchange information Client’s integrity check value of its public-key certificate The key-exchange information is used to generate a master key i.e., if in Phase 1, the server chooses RSA to exchange secret keys, then the client generates and exchanges a secret key as follows: Verifies the signature of the server’s public-key certificate Gets server’s public key Ksu Generates a 48-byte pseudorandom string spm (pre-master secret) Encrypts spm with Ksu using RSA and sends the ciphertext as key-exchange information to the server

10 Phase 3 (cont.) After phase 3 both sides now have rc, rs, spm, then both the client & the server will calculate the shared master secret sm: sm = H1(spm || H2 (‘A’ || spm || rc || rs)) || H1(spm || H2 (‘BB’ || spm || rc || rs)) || H1(spm || H2 (‘CCC’ || spm || rc || rs))

11 Phase 4 Client & Server send each other a change_cipher_spec message and a finish message to close the handshake protocol. Now both sides calculate secret-key block Kb using same method as we did to calculate the master secret except we use Sm instead of Spm Kb = H1(Sm || H2 (‘A’ || Sm || Rc || Rs)) || H1(Sm || H2 (‘BB’ || Sm || Rc || Rs)) || H1(Sm || H2 (‘CCC’ || Sm || Rc || Rs)) Kb is divided into six blocks, each of which forms a secret key Kb = Kc1 || Kc2 || Kc3 || Ks1 || Ks2 || Ks3 || Z (where Z is remaining substring) Put the secret keys into two groups: Group I: (Kc1, Kc2, Kc3) = (Kc,HMAC, Kc,E, IVc) (protect packets from client to server) Group II: (Ks1, Ks2, Ks3) = (Ks,HMAC, Ks,E, IVs) (protect packets from server to client)

12 SSL Record Protocol After establishing a secure communication session, both the client and the server will use the SSL record protocol to protect their communications The client does the following: Divide M into a sequence of data blocks M1, M2, …, Mk Compress Mi to get Mi’ = CX(Mi) Authenticate Mi’ to get Mi” = Mi’ || HKc,HMAC(Mi’) Encrypt Mi” to get Ci = EKc,HMAC(Mi”) Encapsulate Ci to get Pi = [SSL record header] || Ci Transmit Pi to the server

13 The HMAC Function function hmac (key, message) if (length(key) > blocksize) then key = hash(key) // keys longer than blocksize are shortened end if if (length(key) < blocksize) then key = key ∥ [0x00 * (blocksize - length(key))] // keys shorter than blocksize are zero-padded ('∥' is concatenation) o_key_pad = [0x5c * blocksize] ⊕ key // Where blocksize is that of the underlying hash function i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR) return hash(o_key_pad ∥ hash(i_key_pad ∥ message)) // Where '∥' is concatenation end function

Download ppt "SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google