Presentation is loading. Please wait.

Presentation is loading. Please wait.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Published byMartin Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security."— Presentation transcript:

1 SMUCSE 5349/7349 SSL/TLS

2 SMUCSE 5349/7349 Layers of Security

3 SMUCSE 5349/7349 SSL History Evolved through –Unreleased v1 (Netscape) –Flawed-but-useful v2 –Version 3 from scratch –Standard TLS1.0 SSL3.0 with minor tweaks, hence Version field is 3.1 Defined in RFC2246, http://www.ietf.org/rfc/rfc2246.txt Open-source implementation at http://www.openssl.org/

4 SMUCSE 5349/7349 Overview Establish a session –Agree on algorithms –Share secrets –Perform authentication Transfer application data –Ensure privacy and integrity

5 SMUCSE 5349/7349 Architecture Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec

6 SMUCSE 5349/7349 Architecure (cont’d) HANDLES COMMUNICATION WITH THE APPLICATION Protocols INITIALIZES COMMUNCATION BETWEEN CLIENT & SERVER INITIALIZES SECURE COMMUNICATION HANDLES DATA COMPRESSION ERROR HANDLING

7 SMUCSE 5349/7349 Handshake Negotiate Cipher-Suite Algorithms –Symmetric cipher to use –Key exchange method –Message digest function Establish and share master secret Optionally authenticate server and/or client

8 SMUCSE 5349/7349 Handshake Phases Hello messages Certificate and Key Exchange messages Change CipherSpec and Finished messages

9 SMUCSE 5349/7349 SSL Messages OFFER CIPHER SUITE MENU TO SERVER SELECT A CIPHER SUITE SEND CERTIFICATE AND CHAIN TO CA ROOT CLIENT SIDE SERVER SIDE SEND PUBLIC KEY TO ENCRYPT SYMM KEY SERVER NEGOTIATION FINISHED SEND ENCRYPTED SYMMETRIC KEY SOURCE: THOMAS, SSL AND TLS ESSENTIALS ACTIVATE ENCRYPTION CLIENT PORTION DONE ( SERVER CHECKS OPTIONS ) ACTIVATESERVER ENCRYPTION SERVER PORTION DONE ( CLIENT CHECKS OPTIONS ) NOW THE PARTIES CAN USE SYMMETRIC ENCRYPTION

10 SMUCSE 5349/7349 Client Hello –Protocol version SSLv3(major=3, minor=0) TLS (major=3, minor=1) –Random Number 32 bytes First 4 bytes, time of the day in seconds, other 28 bytes random Prevents replay attack –Session ID 32 bytes – indicates the use of previous cryptographic material –Compression algorithm

11 SMUCSE 5349/7349 Client Hello - Cipher Suites INITIAL (NULL) CIPHER SUITE PUBLIC-KEY ALGORITHM SYMMETRIC ALGORITHM HASH ALGORITHM CIPHER SUITE CODES USED IN SSL MESSAGES SSL_NULL_WITH_NULL_NULL = { 0, 0 } SSL_RSA_WITH_NULL_MD5 = { 0, 1 } SSL_RSA_WITH_NULL_SHA = { 0, 2 } SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 } SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 } SSL_RSA_WITH_RC4_128_SHA = { 0, 5 } SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 } SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 } SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 } SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 } SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0, 10 }

12 SMUCSE 5349/7349 Server Hello Version Random Number –Protects against handshake replay Session ID –Provided to the client for later resumption of the session Cipher suite –Usually picks client’s best preference – No obligation Compression method

13 SMUCSE 5349/7349 Certificates Sequence of X.509 certificates –Server’s, CA’s, … X.509 Certificate associates public key with identity Certification Authority (CA) creates certificate –Adheres to policies and verifies identity –Signs certificate User of Certificate must ensure it is valid

14 SMUCSE 5349/7349 Validating a Certificate Must recognize accepted CA in certificate chain –One CA may issue certificate for another CA Must verify that certificate has not been revoked –CA publishes Certificate Revocation List (CRL)

15 SMUCSE 5349/7349 Client Key Exchange Premaster secret –Created by client; used to “seed” calculation of encryption parameters –2 bytes of SSL version + 46 random bytes –Sent encrypted to server using server’s public key This is where the attack happened in SSLv2

16 SMUCSE 5349/7349 Change Cipher Spec & Finished Messages Change Cipher Spec –Switch to newly negotiated algorithms and key material Finished –First message encrypted with new crypto parameters –Digest of negotiated master secret, the ensemble of handshake messages, sender constant –HMAC approach of nested hashing

17 SMUCSE 5349/7349 SSL Encryption Master secret –Generated by both parties from premaster secret and random values generated by both client and server Key material –Generated from the master secret and shared random values Encryption keys –Extracted from the key material

18 SMUCSE 5349/7349 Generating the Master Secret SOURCE: THOMAS, SSL AND TLS ESSENTIALS SERVER’S PUBLIC KEY IS SENT BY SERVER IN ServerKeyExchange CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER CLIENT SENDS PREMASTER SECRET IN ClientKeyExchange SENT BY CLIENT IN ClientHello SENT BY SERVER IN ServerHello MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS

19 SMUCSE 5349/7349 Generation of Key Material SOURCE: THOMAS, SSL AND TLS ESSENTIALS JUST LIKE FORMING THE MASTER SECRET EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET...

20 SMUCSE 5349/7349 Obtaining Keys from the Key Material SOURCE: THOMAS, SSL AND TLS ESSENTIALS SECRET VALUES INCLUDED IN MESSAGE AUTHENTICATION CODES INITIALIZATION VECTORS FOR DES CBC ENCRYPTION SYMMETRIC KEYS

21 SMUCSE 5349/7349 SSL Record Protocol

22 SMUCSE 5349/7349 Record Header Three pieces of information –Content type Application data Alert Handshake Change_cipher_spec –Content length Suggests when to start processing –SSL version Redundant check for version agreement

23 SMUCSE 5349/7349 Protocol (cont’d) Max. record length 2 14 – 1 MAC –Data –Headers –Sequence number To prevent replay and reordering attack Not included in the record

24 SMUCSE 5349/7349 Alerts and Closure Alert the other side of exceptions –Different levels –Terminate and session cannot be resumed Closure notify –To prevent truncation attack (sending a TCP FIN before the sender is finished)

Download ppt "SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.

Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security

Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Similar presentations

Ads by Google