secure socket layer
DESCRIPTION
SSL and TLS are security layers used below application layer of TCP/IP model. Structure and working of these layers are explained in the presentation.TRANSCRIPT
Naveen KumarM.E., ECE (Regular)
Outline Web Security
Introduction to SSL/TLS
Secure Socket Layer (SSL)
Where, What and How about SSL
Architecture
The Four Protocols
Simple Handshake process
Transport Layer Security (TLS)
TLS Overview
Public Key Certificates
Implementation & Applications of SSL/TLS
Summary
References
April 12, 2023 NITTTR, Chandigarh 2
“Use your mentality, Wake up to reality”---From the song, “I've got you under my skin” by Cole Porter
April 12, 2023 3NITTTR, Chandigarh
Reality!!!
April 12, 2023 4NITTTR, Chandigarh
Web security
Web is now widely used by businesses, government firms
and individuals.
but Internet & Web space are vulnerable.
have a variety of threats related to
Integrity : Someone might alter content
Confidentiality : Anyone can see content
Denial of service
Authentication : Not clear who you are talking with
need added security mechanisms
April 12, 2023 5NITTTR, Chandigarh
Introduction (contd.)
Secure Sockets Layer (SSL)
Developed by Netscape Corporation
Versions 1, 2, and 3 (released in 1996)
Transport Layer Security (TLS)
Successor of SSL
IETF standards track protocol, based on SSL 3.0
Last updated in RFC 5246 (2008)
April 12, 2023 6NITTTR, Chandigarh
Introduction (contd.) Transport Layer Security (TLS) and its
predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols that provide security for
communications over networks such as the
Internet.
TLS and SSL encrypt the segments of network
connections at the Transport Layer end-to-end.
April 12, 2023 7NITTTR, Chandigarh
SECURE SOCKET LAYER
(SSL)
April 12, 2023 8NITTTR, Chandigarh
Where SSL fits?
HTTP SMTP POP3
80 25 110
HTTPS SSMTP SPOP3
443 465 995
Secure Socket Layer
Transport
Network
Data Link
Port No.
April 12, 2023 9NITTTR, Chandigarh
What security is provided?
By providing:
Endpoint Authentication
Unilateral or Bilateral
Communication Confidentiality
For preventing:
Eavesdropping
Tampering
Message Forgery
April 12, 2023 10NITTTR, Chandigarh
How security is provided?
April 12, 2023 11NITTTR, Chandigarh
Uses public key scheme
Each client-server pair uses2 public keys
○ one for client (browser)created when browser is installed on client machine
○ one for server (http server)created when server is installed on server hardware
2 private keys○ one for client browser○ one for server (http server)
April 12, 2023 12NITTTR, Chandigarh
Cipher Suite
Common Cipher Suite algorithms:
Encryption algorithm
○ RC4,Triple DES,AES, IDEA, DES, Camellia
Message authentication code (MAC) algorithm
○ Authentication by RSA, DSA, ECDSA
○ Hashing by MD5, SHA
Key exchange algorithm
○ RSA, Diffie-Hellman, ECDH, SRP, PSK
Pseudorandom function (PRF)
April 12, 2023 13NITTTR, Chandigarh
SSL Architecture
April 12, 2023 14NITTTR, Chandigarh
SSL Architecture (Contd.)
SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
SSL connection
a transient, peer-to-peer, communications link
associated with 1 SSL session
April 12, 2023 15NITTTR, Chandigarh
April 12, 2023 NITTTR, Chandigarh 16
The Four Upper Layer Protocols
Application Encryption ProtocolEncrypt/Decrypt application data
Change Cipher Spec ProtocolAlert to a change in communication variables
Alert ProtocolMessages important to SSL connections
Handshaking ProtocolEstablish communication variables
SSL Record Protocol
Services provided are :
Confidentiality
using symmetric encryption with a shared secret key defined by
Handshake Protocol
IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
message is compressed before encryption
Message integrity
using a MAC (Message Authentication Code) created using a
shared secret key and a short message
April 12, 2023 17NITTTR, Chandigarh
SSL Record Protocol (Contd.)
April 12, 2023 NITTTR, Chandigarh 18
SSL Change Cipher Spec Protocol
one of 3 SSL specific protocols which use the
SSL Record protocol
a single message
Purpose of message
Cause copy of pending state to current state.
Updates cipher suite to be used on the current
connection .
April 12, 2023 19NITTTR, Chandigarh
SSL Alert Protocol
conveys SSL-related alerts to peer entity Consists of two bytes
1st byte : warning or fatal2nd byte: code for specific alerts
specific alert types
unexpected message, bad record mac, decompression failure,
handshake failure, illegal parameter
close notify, no certificate, bad certificate, unsupported certificate,
certificate revoked, certificate expired, certificate unknown
compressed & encrypted like all SSL data
April 12, 2023 20NITTTR, Chandigarh
SSL Handshake Protocol (1/10)
The most complex part of SSL. allows server & client to:
authenticate each otherto negotiate encryption & MAC algorithmsto negotiate cryptographic keys to be used
comprises a series of messages in phasesEstablish Security CapabilitiesServer Authentication and Key ExchangeClient Authentication and Key ExchangeFinish
April 12, 2023 21NITTTR, Chandigarh
Simple Handshake process (2/10)
The client(Alice) and server(Bob) must agree on various
parameters to establish the connection
Alice request a secure connections and presents a list of Cipher Suites
Bob picks the strongest supported Cipher Suite
Bob sends back his digital certificate
○ Including the certificate authority and his public key
By encrypting using the server’s public key, Alice send a random
number to Bob securely
Alice and Bob generate key material from the random number
Secure connection established
April 12, 2023 22NITTTR, Chandigarh
Simple Handshake process (3/10)
April 12, 2023 23NITTTR, Chandigarh
Simple Handshake process (4/10)
April 12, 2023 24NITTTR, Chandigarh
Simple Handshake process (5/10)
April 12, 2023 25NITTTR, Chandigarh
Simple Handshake process (6/10)
April 12, 2023 26NITTTR, Chandigarh
Simple Handshake process (7/10)
April 12, 2023 27NITTTR, Chandigarh
Simple Handshake process (8/10)
April 12, 2023 28NITTTR, Chandigarh
Simple Handshake process (9/10)
April 12, 2023 29NITTTR, Chandigarh
SSL Handshake Protocol (10/10)
April 12, 2023 30NITTTR, Chandigarh
TLS (Transport Layer Security)
IETF standard RFC 2246 similar to SSLv3 with minor differences
in record format version numberuses HMAC for MACa pseudo-random function expands secretshas additional alert codessome changes in supported cipherschanges in certificate negotiationschanges in use of padding
April 12, 2023 31NITTTR, Chandigarh
32
Changes from SSL 3.0 to TLS
Fortezza removed
Additional Alerts added
Modification to hash calculations
Protocol version 3.1 in ClientHello,
ServerHello
April 12, 2023 NITTTR, Chandigarh
33
What is TLS?
Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols
IP
TCP
TLS
HTTP Telnet FTP LDAP
April 12, 2023 NITTTR, Chandigarh
34
TLS: Privacy
Encrypt message so it cannot be read Use conventional cryptography with shared
keyDES, 3DESRC2, RC4IDEA
A
Message Message
B
$%&#!@
April 12, 2023 NITTTR, Chandigarh
35
TLS:Key Exchange
Need secure method to exchange secret key Use public key encryption for this
“key pair” is used - either one can encrypt and then the other can decrypt
slower than conventional cryptographyshare one key, keep the other private
Choices are RSA or Diffie-Hellman
April 12, 2023 NITTTR, Chandigarh
36
TLS: Integrity
Compute fixed-length Message Authentication Code (MAC)Includes hash of messageIncludes a shared secretInclude sequence number
Transmit MAC with message
April 12, 2023 NITTTR, Chandigarh
37
Integrity (Contd.)
Receiver creates new MACshould match transmitted MAC
TLS allows MD5, SHA-1
A B
Message’
MAC’
MAC
=?
Message
MAC
April 12, 2023 NITTTR, Chandigarh
38
TLS: Authentication
Verify identities of participants Client authentication is optional Certificate is used to associate identity with
public key and other attributes
A
Certificate
B
Certificate
April 12, 2023 NITTTR, Chandigarh
39
TLS: Architecture
TLS defines Record Protocol to transfer application and TLS information
A session is established using a Handshake Protocol
TLS Record Protocol
Handshake Protocol
Alert Protocol
ChangeCipher Spec
April 12, 2023 NITTTR, Chandigarh
40
TLS: Record Protocol
April 12, 2023 NITTTR, Chandigarh
41
TLS: Handshake
Negotiate Cipher-Suite AlgorithmsSymmetric cipher to useKey exchange methodMessage digest function
Establish and share master secret Optionally authenticate server and/or client
April 12, 2023 NITTTR, Chandigarh
42
Handshake Phases
Hello messages
Certificate and Key Exchange messages
Change Cipher Spec and Finished messages
April 12, 2023 NITTTR, Chandigarh
43
TLS: Hello
Client “Hello” - initiates sessionPropose protocol versionPropose cipher suiteServer chooses protocol and suite
Client may request use of cached sessionServer chooses whether to honor request
April 12, 2023 NITTTR, Chandigarh
44
TLS: Key Exchange
Server sends certificate containing public key
(RSA) or Diffie-Hellman parameters
Client sends encrypted “pre-master” secret to
server using Client Key Exchange message
Master secret calculated
Use random values passed in Client and Server Hello
messages
April 12, 2023 NITTTR, Chandigarh
45
Public Key Certificates
X.509 Certificate associates public key with
identity
Certification Authority (CA) creates certificate
Adheres to policies and verifies identity
Signs certificate
User of Certificate must ensure it is valid
April 12, 2023 NITTTR, Chandigarh
46
Validating a Certificate
Must recognize accepted CA in certificate
chain
One CA may issue certificate for another CA
Must verify that certificate has not been
revoked
CA publishes Certificate Revocation List (CRL)
April 12, 2023 NITTTR, Chandigarh
47
X.509 Certificate Issues
Certificate Administration is complexHierarchy of Certification AuthoritiesMechanisms for requesting, issuing, revoking
certificates
X.500 names are complicated Description formats are cumbersome
(ASN.1)
April 12, 2023 NITTTR, Chandigarh
48
TLS: HTTP Application
HTTP is most common TLS applicationhttps://
Requires TLS-capable web server Requires TLS-capable web browser
Netscape NavigatorInternet ExplorerCryptozilla
○ Netscape Mozilla sources with SSLeay
April 12, 2023 NITTTR, Chandigarh
49
TLS “Alternatives”
S-HTTP: secure HTTP protocol, shttp://
IPSec: secure IP SET: Secure Electronic Transaction
Protocol and infrastructure for bank card payments
SASL: Simple Authentication and Security Layer (RFC 2222)
April 12, 2023 NITTTR, Chandigarh
Implementation of SSL/TLS
SSL and TLS have been widely implemented
Open source software projects
○ OpenSSL, NSS, or GnuTLS
Microsoft Windows
○ Part of its Secure Channel
Browsers
○ Apple Safari
○ Mozilla Firefox (2+)
○ Internet Explorer, etc.
April 12, 2023 50NITTTR, Chandigarh
Application of SSL/TLS
On top of the Transport Layer protocols
Primarily with TCP
Datagram Transport Layer Security(DTLS) for UDP
Encapsulating the application protocols
HTTP (HTTPS)
for securing WWW traffic
FTP (FTPS), SMTP, NNTP, etc.
April 12, 2023 51NITTTR, Chandigarh
52
Summary
SSL/TLS addresses the need for security in
Internet communications
Privacy - conventional encryption
Integrity - Message Authentication Codes
Authentication - X.509 certificates
SSL in use today with web browsers and
servers
April 12, 2023 NITTTR, Chandigarh
References
William Stallings, 5th Edition, “Transport-Level
Security”, Chapter 16, Pages : 509-543
www.cse.buffalo.edu/DBGROUP/nachi/
ecopres/fengmei.ppt
http://www.slideshare.net/leethree/ssl-intro
April 12, 2023 53NITTTR, Chandigarh
April 12, 2023 54NITTTR, Chandigarh