Transport Layer Security Protocols

Transcription

1 SSL/TLS 1

2 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known as TLS Use TCP to provide a reliable end-to-end service Application independent Can be used for any application protocol: telnet, ftp.. Transport Layer Security (TLS) SSL 3.0 is very similar to TLS (RFC 2246) 2

3 Location of SSL SSL is build on top of TCP Provides a TCP like interface In theory can be used by all type of applications in a transparent manner 3

4 SSL Architecture Rely on TCP for a reliable communication Two Layers SSL Record Protocol provides basic security services Handshake, change cipher spec, Alert.. 4

5 SSL Basic Protocol 5

6 SSL Session and Connection Each SSL session can be used for multiple connections SSL Session An association between the client and the server Are used to avoid negotiation of new security parameters for each connection SSL Connection A connection is a transport that provides a suitable type of service Each connection is associated with one session 6

7 SSL Session A SSL session consists of Session ID X.509 public-key certificate of peer (could be null) Compression Algorithm Cipher Spec: Encryption Algorithm, Message Digest Algorithm, etc Master Secret: 48 Byte secret shared between the client and the server 7

8 An X.509 Certificate 8

9 Data Transmission using SSL (SSL Record Protocol) 9

10 SSL Record Format 10

11 SSL Record Protocol 2 services: Confidentiality Using symmetric encryption with a shared secret key defined by Handshake protocol Message integrity Using a MAC with a shared secret key Layered protocol: Fragmentation application data into blocks Compression MAC Encryption Transmit over TCP 11

12 SSL Record Protocol Payload 12

13 Handshake Protocol Establish security capabilities Protocol version, session ID, cipher suite, compression method, IV Server authentication and key exchange Send certificate, key exchange, request client certificate Client authentication and key exchange Send certificate, key exchange, certificate verification Finish 13

14 SSL Change Cipher Spec Protocol one of 3 SSL specific protocols which use the SSL Record protocol a single message causes pending state to become current hence updating the cipher suite in use 14

15 SSL Alert Protocol conveys SSL-related alerts to peer entity severity warning or fatal specific alert unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown compressed & encrypted like all SSL data 15

16 Master Secret Creation The master secret is a one-time 48-byte value A Pre-master key is exchanged first RSA or Diffie-Hellman Master secret is computed from the pre-master secret, client random and server random 16

17 Generation of Cryptographic Parameters Session Key: Generated from the master secret, client random, and server random Client write MAC secret Server write MAC secret Client Write Key Server Write Key Client Write IV Server Write IV 17

18 Application Ports used with SSL 18

19 Web Securities 19

20 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Stateless protocol, requests are independent. 20

21 How the Web Works: Other Elements Hyper-text markup language (html). Other application specific document. e.g., MIME, graphics, video/audio, postscript, Java applets, etc. Browsers. Display html documents and embedded graphics. Run Java program. Start helper applications

22 Web Vulnerabilities Revealing private information on server Intercept of client information Execute unauthorized programs Denial of service... 22

23 Web Security Authentication: Basic (username, password) Can be used along with cookie Digest Access control via addresses Multi-layered: S-http (secure http), just for http Proposed by CommerceNet, pretty much dead SSL (TLS), generic for TCP https: http over SSL IPSec 23

24 HTTP Authentication - Basic Client doesn t know which method Client attempts access (GET, PUT, ) normally Server returns 401 unauthorized Realm: protection space Client tries again with (user:password) Passwords in the clear Repeated for each access 24

25 From Basic Authentication to Forms and Cookies Not all sites use basic authentication Many instead ask the user to type username/password into a HTML form Server looks up the user and sends back a cookie The browser (client) resends the cookie on subsequent requests 25

26 HTTP Access Control - Digest Server sends www-authenticate parameters: Realm Domain Nonce, new for each 401 response e.g.. H(client-IP:timestamp:server-secret) Algorithm e.g., MD5 26

27 HTTP Access Control - Digest 27

28 HTTP Access Control - Digest 28