Netzwerksicherheit Übung 6 SSL/TLS, Thomas Schneider Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 10. 14.12.2007 Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 1 / 18
SSL/TLS Secure Socket Layer / Transport Layer Security (SSL/TLS) TLS 1.0 ˆ= SSL 3.1 SSL/TLS secures TCP connections: Authentication with Certificates (asymm.: RSA, DSA,...) Key-Exchange (asymm.: RSA, DH,...) Data Encryption (symm.: RC4, DES, 3DES, IDEA, AES,...) Data Integrity (symm.: MD5, SHA-1,...) XXXS = XXX over SSL/TLS e.g.: HTTPS(443), IMAPS(993), POP3S(995), FTPS(989,990) Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 2 / 18
Authentication with Certificates Ensures communication with intended communication partner without pre-shared secrets ( asymmetric cryptography): A challenge-response protocol ensures that the communication partner possesses the private key corresponding to a (!!!) public key. A certificate glues the public key +K A of A to her name. This mapping is verified and afterwards guaranteed by a (indirectly) trusted certification authority CA by signing the mapping with the CA s private key CK CA : CA A = Cert CKCA (+K A ) = CA[..., CA,..., A, +K A ] Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 3 / 18
X.509 Certificates RFC 3280: Internet X.509 Public Key Infrastructure, Certificate and Certificate Revocation List (CRL) Profile http://tools.ietf.org/html/rfc3280 Certificate Contents and Format 203,4)5 6789:&);#<)=#>$:?:&@$#A %:GD@$7># F9GC>:$HE 6#>:CQ)C? B@9:Q:$< %78L#&$RA 6789:&) ;#<)ID?C B#>A:CD =#>$:?:&@$# %#>:@9)"7E8#> F9GC>:$HE)IJ 6@>@E#$#>A IAA7#>)"@E# "C$)K#?C># "C$)F?$#> %78L#&$)"@E# F9GC>:$HE)IJ 6@>@E#$#>A ;#< IAA7#>)MD:N7#)IJ %78L#&$)MD:N7#)IJ OP$#DA:CDA %:GD@$7># B#>A:CD)1 B#>A:CD)+ B#>A:CD)S F99)B#>A:CDA Certificate:! F)!"#$%&'()*'&)+,%-%&.,) Data: :A) Version: 1 (0x0) ACE#)AC>$)C?))T@AATC>$() Serial Number: 3 (0x3) &#>$:?<:DG)$H@$)@)T789:&)U#<) 8#9CDGA)$C)@)AT#&:?:&)D@E# Validity! =#>$:?:&@$#A)@>#):AA7#Q)8<) &)+,%-%&.,%/0'.",1/+%,%)2'3456! CN=localhost I?)@99)7A#>A)UDCV)?C>)A7>#)$H#) Subject Public Key Info: T789:&)U#<)C?)$H#)=F()#W#><) 7A#>)&@D)&H#&U)#W#><) RSA Public Key: (512 bit) Modulus (512 bit): &#>$:?:&@$#):AA7#Q)8<)$H:A)=F! =#>$:?:&@$#A)&@D)@WC:Q) CD9:D#XT@>$:&:T@$:CD)C?)@)YY6) d5:b1:e6:14:75! YH#)A#&7>:$<)C?)$H#)T>:W@$#) Exponent: 65537 (0x10001) U#<)C?)$H#)=F):A)&>7&:@9)$C) $H#)A#&7>:$<)C?)@99)7A#>AZ Signature Algorithm: sha1withrsaencryption Issuer: C=DE, ST=Bavaria, L=Erlangen, O=FAU, OU=CS 7 / NetSec, CN=NetSec CA/emailAddress=thomas.schneider@informatik.stud.uni-erlangen.de Not Before: Nov 30 08:54:42 2007 GMT Not After : Nov 29 08:54:42 2008 GMT Subject: C=DE, ST=Bavaria, L=Erlangen, O=FAU, OU=CS 7 / NetSec, Public Key Algorithm: rsaencryption 00:e5:fc:b2:0a:76:58:ce:44:e9:c7:5a:4e:4e:ac: 87:85:13:3e:1d:7f:7e:60:4c:ba:dd:56:1d:f7:dc: ce:9b:f4:24:5e:b8:e7:da:45:4e:17:b2:81:d5:d3: 35:f7:4e:19:a7:b8:c2:d3:60:d7:91:a8:ce:68:43: Signature Algorithm: sha1withrsaencryption 90:50:56:16:4f:94:16:54:f1:42:a0:fe:1b:79:35:5e:e4:fe: 7e:fa:ce:f8:6d:c9:ce:50:a6:68:39:4f:02:58:63:f2:dd:3d: f5:c3:7d:52:b5:97:0d:1e:38:dd:62:8f:cd:fa:d0:c0:4e:49: 1a:b8:a5:1a:ab:f5:35:20:e1:50 Thomas Schneider:!"#$%#&'()*%)+,,-.+,,/ Netzwerksicherheit Übung 6 SSL/TLS, -0+1 4 / 18
Certificate Hierarchy Self Signed Root Certificate (Issuer=Subject) Certificate Request Certificate Request: Data: Version: 0 (0x0) Subject: C=DE, ST=Bavaria, L=Erlangen, O=FAU, OU=CS 7 / NetSec, CN=localhost Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (512 bit) Modulus (512 bit): 00:e5:fc:b2:0a:76:58:ce:44:e9:c7:5a:4e:4e:ac: 87:85:13:3e:1d:7f:7e:60:4c:ba:dd:56:1d:f7:dc: ce:9b:f4:24:5e:b8:e7:da:45:4e:17:b2:81:d5:d3: 35:f7:4e:19:a7:b8:c2:d3:60:d7:91:a8:ce:68:43: d5:b1:e6:14:75 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1withrsaencryption a7:c5:e2:96:51:0b:53:c3:bb:f5:4e:35:7e:c1:50:62:83:48: 9a:75:90:fe:d1:12:71:31:0d:43:83:36:34:67:c4:2a:9f:99: 41:22:4f:de:fb:15:cb:10:ab:ea:d1:9c:e1:de:1a:6b:f8:00: ca:59:bf:1f:4a:ed:fd:06:06:90 Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 5 / 18
SSL/TLS implementations (open source: implementation in C + console tools) FIPS 140-2 (Level 1) certified http://www.openssl.org Examples http://www.rtfm.com/openssl-examples/ man openssl(1), ssl(3) Java TM Secure Socket Extension (JSSE) Reference Guide http://java.sun.com/j2se/1.4.2/docs/guide/ security/jsse/jsserefguide.html Secure Your Sockets with JSSE http://www.onjava.com/pub/a/onjava/2001/05/ 03/java_security.html Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 6 / 18
: Certificate Mini-HOWTO Generate symmetrically encrypted 1024 bit RSA key pair: openssl genrsa -aes128 -out CAkey.pem 1024 Show RSA key: openssl rsa -text < CAkey.pem Generate self-signed root certificate for RSA key: openssl req -new -x509 -key CAkey.pem -out CAcert.pem Show certificate: openssl x509 -text < CAcert.pem Generate certificate request (CR) for key: openssl req -new -key key.pem -out req.pem Show certificate request: openssl req -text < req.pem Issue certificate by signing CR with CA certificate: openssl x509 -req -in req.pem -CA CAcert.pem -CAkey CAkey.pem -CAcreateserial -out cert.pem Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 7 / 18
Code IT! Extension of a given HTTPS client and server from http://www.rtfm.com/openssl-examples/ HTTPS (RFC 2818): http://www.ietf.org/rfc/rfc2818.txt Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 8 / 18
SSL initialization (common.c) SSL_CTX* initialize_ctx(char* keyfile, char* pwd){... // Global system initialization SSL_library_init(); SSL_load_error_strings(); // An error write context bio_err=bio_new_fp(stderr,bio_noclose); // Create our context meth=sslv23_method(); ctx=ssl_ctx_new(meth); // Load our keys and certificates if(!(ssl_ctx_use_certificate_chain_file(ctx, keyfile))) berr_exit("can t read certificate file"); Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 10 / 18
// Password callback pass=pwd; SSL_CTX_set_default_passwd_cb(ctx, password_cb); // Private key file if(!(ssl_ctx_use_privatekey_file(ctx, keyfile, SSL_FILETYPE_PEM))) berr_exit("can t read key file"); // Load the CAs we trust if(!(ssl_ctx_load_verify_locations(ctx,ca_list, 0))) berr_exit("can t read CA list"); #if (OPENSSL_VERSION_NUMBER < 0x00905100L) SSL_CTX_set_verify_depth(ctx,1); #endif return ctx; } // initialize_ctx Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 12 / 18
SSL client (wclient.c)... // Build our SSL context ctx=initialize_ctx(keyfile,password); // Connect the TCP socket sock=tcp_connect(host,port); // Connect the SSL socket ssl=ssl_new(ctx); sbio=bio_new_socket(sock,bio_noclose); SSL_set_bio(ssl,sbio,sbio); if(ssl_connect(ssl)<=0) berr_exit("sslconnect error" if(require_server_auth) check_cert(ssl,host); // make HTTP request... Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 14 / 18
Check certificate correctness (client.c) // Check that common name matches host name void check_cert(ssl *ssl, char *host) {... // Verify certificate chain if(ssl_get_verify_result(ssl)!=x509_v_ok) berr_exit("certificate doesn t verify"); } // Check the common name peer=ssl_get_peer_certificate(ssl); X509_NAME_get_text_by_NID(X509_get_subject_name (peer),nid_commonname, peer_cn, 256); if(strcasecmp(peer_cn,host)) err_exit("common name doesn t match hostname"); Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 16 / 18
Server (wserver.c) // Build our SSL context ctx=initialize_ctx(keyfile,password); load_dh_params(ctx,dhfile); sock=tcp_listen(); while(1){ if((s=accept(sock,0,0))<0)err_exit("accept err"); if((pid=fork())) close(s); else { sbio=bio_new_socket(s,bio_noclose); ssl=ssl_new(ctx); SSL_set_bio(ssl,sbio,sbio); if((r=ssl_accept(ssl)<=0)) berr_exit("ssl accept error."); http_serve(ssl,s); exit(0); }}... Thomas Schneider: Netzwerksicherheit Übung 6 SSL/TLS, 18 / 18