Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Transcription

1 Secure Socket Layer/ Transport Layer Security (SSL/TLS) David Sánchez Universitat Pompeu Fabra

2 World Wide Web (www) Client/server services running over the Internet or TCP/IP Intranets nets widely used by business, government, individuals netcraft.com/archives/2003/04/09/.com/archives/2003/04/09/netcraft_ssl_survey.html Internet & Web are vulnerable

3 Some Web Threats

4 Web Security Approaches

5 TLS Client/Server Model

6 SSL Introduction transport layer security service originally developed by Netscape SSLvn 3 designed with public review and industry input subsequently became Internet standard known as TLS

7 SSL Goals Cryptographic security Interoperability Extensibility Relative efficiency

8 SSL Security Services Server authentication Client authentication or anonymous (for anonymous servers) Data integrity Data confidentiality

9 SSL Protocol Stack

10 SSL Key Concepts SSL session an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections SSL connection a transient, peer-to to-peer, communications link associated with 1 SSL session

11 Session Parameters Session identifier Peer certificate Compression method Cipher spec Master secret Is resumable

12 Connection Parameters Server and client random Server write MAC secret Client write MAC secret Server write key Client write key Initialization vectors Sequence numbers

13 Keying Material Client/server PU certificate, PR Pre-master secret S Master secret K Connection IV s, MAC key and encryption keys

14 SSL Record Protocol Services message integrity using a MAC with shared secret key similar to HMAC but with different padding confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza,, RC4-40, 40, RC4-128 message is compressed before encryption

15 SSL Record Protocol Operation

16 SSL Handshake Protocol allows server & client to: authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in 4 phases 1. Establish Security Capabilities 2. Server Authentication and Key Exchange 3. Client Authentication and Key Exchange 4. Finish

17 SSL Handshake Protocol

18 SSL Change Cipher Spec Protocol a single message updates the cipher suite to be used for a connection after the handshake protocol

19 SSL Alert Protocol conveys SSL-related alerts to peer entity Severity Fatal Warning Specific alerts Fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter Warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown compressed & encrypted like all SSL data

20 TLS TLS 1.0 IETF standard RFC 2246 similar to SSLv3 record format version number uses HMAC for MAC a pseudo-random function expands secrets additional alert codes some changes in supported ciphers changes in certificate types & negotiations changes in crypto computations & padding TLS 1.1 RFC 4346 (April 2006)