secure socket layer

Naveen KumarM.E., ECE (Regular)

Outline Web Security

Introduction to SSL/TLS

Secure Socket Layer (SSL)

Where, What and How about SSL

Architecture

The Four Protocols

Simple Handshake process

Transport Layer Security (TLS)

TLS Overview

Public Key Certificates

Implementation & Applications of SSL/TLS

Summary

References

April 12, 2023 NITTTR, Chandigarh 2

“Use your mentality, Wake up to reality”---From the song, “I've got you under my skin” by Cole Porter

April 12, 2023 3NITTTR, Chandigarh

Reality!!!


Web security

Web is now widely used by businesses, government firms

and individuals.

but Internet & Web space are vulnerable.

have a variety of threats related to

Integrity : Someone might alter content

Confidentiality : Anyone can see content

Denial of service

Authentication : Not clear who you are talking with

need added security mechanisms


Introduction (contd.)

Secure Sockets Layer (SSL)

Developed by Netscape Corporation

Versions 1, 2, and 3 (released in 1996)

Transport Layer Security (TLS)

Successor of SSL

IETF standards track protocol, based on SSL 3.0

Last updated in RFC 5246 (2008)


Introduction (contd.) Transport Layer Security (TLS) and its

predecessor, Secure Sockets Layer (SSL), are

cryptographic protocols that provide security for

communications over networks such as the

Internet.

TLS and SSL encrypt the segments of network

connections at the Transport Layer end-to-end.


SECURE SOCKET LAYER

(SSL)


Where SSL fits?

HTTP SMTP POP3

80 25 110

HTTPS SSMTP SPOP3

443 465 995

Secure Socket Layer

Transport

Network

Data Link

Port No.


What security is provided?

By providing:

Endpoint Authentication

Unilateral or Bilateral

Communication Confidentiality

For preventing:

Eavesdropping

Tampering

Message Forgery


How security is provided?


Uses public key scheme

Each client-server pair uses2 public keys

○ one for client (browser)created when browser is installed on client machine

○ one for server (http server)created when server is installed on server hardware

2 private keys○ one for client browser○ one for server (http server)


Cipher Suite

Common Cipher Suite algorithms:

Encryption algorithm

○ RC4,Triple DES,AES, IDEA, DES, Camellia

Message authentication code (MAC) algorithm

○ Authentication by RSA, DSA, ECDSA

○ Hashing by MD5, SHA

Key exchange algorithm

○ RSA, Diffie-Hellman, ECDH, SRP, PSK

Pseudorandom function (PRF)


SSL Architecture


SSL Architecture (Contd.)

SSL session

an association between client & server

created by the Handshake Protocol

define a set of cryptographic parameters

may be shared by multiple SSL connections

SSL connection

a transient, peer-to-peer, communications link

associated with 1 SSL session



The Four Upper Layer Protocols

Application Encryption ProtocolEncrypt/Decrypt application data

Change Cipher Spec ProtocolAlert to a change in communication variables

Alert ProtocolMessages important to SSL connections

Handshaking ProtocolEstablish communication variables

SSL Record Protocol

Services provided are :

Confidentiality

using symmetric encryption with a shared secret key defined by

Handshake Protocol

IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128

message is compressed before encryption

Message integrity

using a MAC (Message Authentication Code) created using a

shared secret key and a short message


SSL Record Protocol (Contd.)


SSL Change Cipher Spec Protocol

one of 3 SSL specific protocols which use the

SSL Record protocol

a single message

Purpose of message

Cause copy of pending state to current state.

Updates cipher suite to be used on the current

connection .


SSL Alert Protocol

conveys SSL-related alerts to peer entity Consists of two bytes

1st byte : warning or fatal2nd byte: code for specific alerts

specific alert types

unexpected message, bad record mac, decompression failure,

handshake failure, illegal parameter

close notify, no certificate, bad certificate, unsupported certificate,

certificate revoked, certificate expired, certificate unknown

compressed & encrypted like all SSL data


SSL Handshake Protocol (1/10)

The most complex part of SSL. allows server & client to:

authenticate each otherto negotiate encryption & MAC algorithmsto negotiate cryptographic keys to be used

comprises a series of messages in phasesEstablish Security CapabilitiesServer Authentication and Key ExchangeClient Authentication and Key ExchangeFinish


Simple Handshake process (2/10)

The client(Alice) and server(Bob) must agree on various

parameters to establish the connection

Alice request a secure connections and presents a list of Cipher Suites

Bob picks the strongest supported Cipher Suite

Bob sends back his digital certificate

○ Including the certificate authority and his public key

By encrypting using the server’s public key, Alice send a random

number to Bob securely

Alice and Bob generate key material from the random number

Secure connection established


SSL Handshake Protocol (10/10)


TLS (Transport Layer Security)

IETF standard RFC 2246 similar to SSLv3 with minor differences

in record format version numberuses HMAC for MACa pseudo-random function expands secretshas additional alert codessome changes in supported cipherschanges in certificate negotiationschanges in use of padding


32

Changes from SSL 3.0 to TLS

Fortezza removed

Additional Alerts added

Modification to hash calculations

Protocol version 3.1 in ClientHello,

ServerHello

April 12, 2023 NITTTR, Chandigarh

33

What is TLS?

Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols

IP

TCP

TLS

HTTP Telnet FTP LDAP


34

TLS: Privacy

Encrypt message so it cannot be read Use conventional cryptography with shared

keyDES, 3DESRC2, RC4IDEA

A

Message Message

B

$%&#!@


35

TLS:Key Exchange

Need secure method to exchange secret key Use public key encryption for this

“key pair” is used - either one can encrypt and then the other can decrypt

slower than conventional cryptographyshare one key, keep the other private

Choices are RSA or Diffie-Hellman


36

TLS: Integrity

Compute fixed-length Message Authentication Code (MAC)Includes hash of messageIncludes a shared secretInclude sequence number

Transmit MAC with message


37

Integrity (Contd.)

Receiver creates new MACshould match transmitted MAC

TLS allows MD5, SHA-1

A B

Message’

MAC’

MAC

=?

Message

MAC


38

TLS: Authentication

Verify identities of participants Client authentication is optional Certificate is used to associate identity with

public key and other attributes

A

Certificate

B

Certificate


39

TLS: Architecture

TLS defines Record Protocol to transfer application and TLS information

A session is established using a Handshake Protocol

TLS Record Protocol

Handshake Protocol

Alert Protocol

ChangeCipher Spec


40

TLS: Record Protocol


41

TLS: Handshake

Negotiate Cipher-Suite AlgorithmsSymmetric cipher to useKey exchange methodMessage digest function

Establish and share master secret Optionally authenticate server and/or client


42

Handshake Phases

Hello messages

Certificate and Key Exchange messages

Change Cipher Spec and Finished messages


43

TLS: Hello

Client “Hello” - initiates sessionPropose protocol versionPropose cipher suiteServer chooses protocol and suite

Client may request use of cached sessionServer chooses whether to honor request


44

TLS: Key Exchange

Server sends certificate containing public key

(RSA) or Diffie-Hellman parameters

Client sends encrypted “pre-master” secret to

server using Client Key Exchange message

Master secret calculated

Use random values passed in Client and Server Hello

messages


45

Public Key Certificates

X.509 Certificate associates public key with

identity

Certification Authority (CA) creates certificate

Adheres to policies and verifies identity

Signs certificate

User of Certificate must ensure it is valid


46

Validating a Certificate

Must recognize accepted CA in certificate

chain

One CA may issue certificate for another CA

Must verify that certificate has not been

revoked

CA publishes Certificate Revocation List (CRL)


47

X.509 Certificate Issues

Certificate Administration is complexHierarchy of Certification AuthoritiesMechanisms for requesting, issuing, revoking

certificates

X.500 names are complicated Description formats are cumbersome

(ASN.1)


48

TLS: HTTP Application

HTTP is most common TLS applicationhttps://

Requires TLS-capable web server Requires TLS-capable web browser

Netscape NavigatorInternet ExplorerCryptozilla

○ Netscape Mozilla sources with SSLeay


49

TLS “Alternatives”

S-HTTP: secure HTTP protocol, shttp://

IPSec: secure IP SET: Secure Electronic Transaction

Protocol and infrastructure for bank card payments

SASL: Simple Authentication and Security Layer (RFC 2222)


Implementation of SSL/TLS

SSL and TLS have been widely implemented

Open source software projects

○ OpenSSL, NSS, or GnuTLS

Microsoft Windows

○ Part of its Secure Channel

Browsers

○ Apple Safari

○ Mozilla Firefox (2+)

○ Internet Explorer, etc.


Application of SSL/TLS

On top of the Transport Layer protocols

Primarily with TCP

Datagram Transport Layer Security(DTLS) for UDP

Encapsulating the application protocols

HTTP (HTTPS)

for securing WWW traffic

FTP (FTPS), SMTP, NNTP, etc.


52

Summary

SSL/TLS addresses the need for security in

Internet communications

Privacy - conventional encryption

Integrity - Message Authentication Codes

Authentication - X.509 certificates

SSL in use today with web browsers and

servers


References

William Stallings, 5th Edition, “Transport-Level

Security”, Chapter 16, Pages : 509-543

www.cse.buffalo.edu/DBGROUP/nachi/

ecopres/fengmei.ppt

http://www.slideshare.net/leethree/ssl-intro


secure socket layer

Technology

ssl handshake protocol

ssl sessiondecember

ssl datadecember

ssl architecturedecember

ssl fits

ssl record protocol

ssl specific protocols

ssl record protocolservices