Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

Similar documents
SSL Tunnels. Introduction

Internet Programming. Security

Chapter 17. Transport-Level Security

Web Security Considerations

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Network Security Protocols

Overview. SSL Cryptography Overview CHAPTER 1

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Generating and Installing SSL Certificates on the Cisco ISA500

TLS/SSL in distributed systems. Eugen Babinciuc

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Communication Systems SSL

Creating and Managing Certificates for My webmethods Server. Version 8.2 and Later

Crypto Lab Public-Key Cryptography and PKI

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Web Security: Encryption & Authentication

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Lecture 7: Transport Level Security SSL/TLS. Course Admin

GT 6.0 GSI C Security: Key Concepts

Authenticity of Public Keys

Web Security. Mahalingam Ramkumar

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

CSC 474 Information Systems Security

Apache Security with SSL Using Ubuntu

Using etoken for SSL Web Authentication. SSL V3.0 Overview

CSC Network Security

Chapter 7 Transport-Level Security

SSL Certificates HOWTO

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

COMP 3704 Computer Security

The Beautiful Features of SSL And Why You Want to Use Them?

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Managing SSL certificates in the ServerView Suite

Programming with cryptography

SBClient SSL. Ehab AbuShmais

Instructions on TLS/SSL Certificates on Yealink Phones

Grid Computing - X.509

Communication Security for Applications

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Implementing Secure Sockets Layer on iseries

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Cisco SSL Encryption Utility

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Implementing SSL Security on a PowerExchange Network

Certificates and network security

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Network Security Part II: Standards

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Virtual Private Network with OpenVPN

Virtual Private Networks

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Apache, SSL and Digital Signatures Using FreeBSD

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Transport Level Security

Learning Network Security with SSL The OpenSSL Way

Binding Security Tokens to TLS Channels. A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp.

Low-Level TLS Hacking

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Apache Security with SSL Using Linux

What is network security?

Cornerstones of Security

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

WEB SERVICES CERTIFICATE GUIDE

SSL/TLS: The Ugly Truth

Security Goals Services

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Network Security Essentials Chapter 5

Secure Sockets Layer

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

SECURE Web Gateway. HTTPS/SSL Technical FAQ. Version 1.1. Date 04/10/12

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Understanding digital certificates

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities


[SMO-SFO-ICO-PE-046-GU-

TLS and SRTP for Skype Connect. Technical Datasheet

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Secure Socket Layer. Security Threat Classifications

HMRC Secure Electronic Transfer (SET)

As enterprises conduct more and more

ISM/ISC Middleware Module

What is an SSL Certificate?

Cisco Expressway Certificate Creation and Use

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Configuring Security Features of Session Recording

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

Transcription:

Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol History 1994 version 1 of protocol designed 1994/1995 v2.0 - implemented in Netscape 1995 v3.0 1999 TLS <RFC 2246> : Secure Socket Layer is a communication protocol: provides higher level of abstraction than normal sockets: server authentication client authentication encryption uses normal sockets as base and adds security to it Many implementations of, e.g., Open (quite difficult to use!) Establishing an Connection The client (browser) opens a connection to server port Browser sends client hello message. Client hello message contains: version of browser uses ciphers and data compression methods it supports The Server responds with a server hello message. Server hello message contains session id the chosen versions for ciphers and data compression methods. Establishing an Connection (con t.) The server sends its certificate used to authenticate server to client Optionally the server may request client s certificate If requested, client will send its certificate of authentication if client has no certificate then connection failure Client sends a ClientKeyExchange message symmetric session key chosen digital envelope is created using server s public key and contains the symmetric session key 1

Client (Browser) Session Key. 1. Client sends ClientHello message 2.Server acknowledges with ServerHello message 3. Server sends its certificate Server Establishing an Connection (con t.) Optionally, if client authentication is used the client will send a CertificateVerify message. Server and client send ChangeCipherSpec message indicating they are ready to begin encrypted transmission. Client and server send Finished messages to each other These are a message digest of their entire conversation up to this point. If the digests match then messages were received without interference. (4. Server requests client s certificate) Server Certificat e (5. Client sends its certificate) Server s Client public key Certificate Server s private key 6. Client sends ClientKeyExchange message Digital envelope X. (7. Client sends a Certificate Verify message) Digital signature Session key. 8. Both send ChangeCipherSpec messages 9. Both send Finished messages security services: server authentication data encryption client authentication (optional) Server authentication: -enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA s public key to extract server s public key from certificate. Visit your browser s security menu to see its trusted CAs. Available in two versions one version uses 128-bit symmetric keys (originally for use in USA only) one version uses 40-bit keys (was used for international commerce) latter complied with US export regulations (restrictions on the export of cryptographic technology) most restrictions have been removed (after years of public controversy, series of lawsuits,...) Fast, efficient, accepted, and widely used Integrated with browser (unlike SET) Open A free fully featured Open-Source toolkit implementing and TLS Consists of two libs libssl.a -- /TLS functionality libcrypto.a -- cryptography library used to secure http traffic (https) Libcrypto used in implementations of ssh, kerberos, and IPsec. Open libssl.a: /TLS protocols symmetric cryptographic operations ciphers and message digests asymmetric cryptographic operations digital signatures, enveloping PKI extensive X.509 certificate support libcrypt.a: symmetric ciphers asymmetric ciphers authentication and hashing digital signatures 2

Open stunnel: an Tunnel Start by initializing : get yourself a key pair, get it certified by a CA initialize the library create context load your key in the context, define the list of CAs whom you trust Create a normal TCP connection. Create an connection (uses the TCP connection): attach the connection with the TCP socket number of checks are realized anyway (e.g., the server key must be certified) use the connection to transfer data Close the connection and the TCP socket. stunnel allows you to use without messing with the code: http://www.stunnel.org/ here: version 3.23 stunnel creates a daemon which converts insecure connections into Your client TCP socket Port 9998 stunnel Your server TCP socket Port 1234 stunnel connection stunnel Configuration stunnel can be used at one or both sides: a non- client with stunnel can interoperate with an server a non- server with stunnel can interoperate with an client You must configure each stunnel daemon: which port to listen to where to forward incoming connections keys, certificates, etc. Using stunnel at Server Side Generate a key for your server and self-sign it: openssl req -new -x509 -nodes -out server.pem -keyout server.pem chmod 0600 server.pem Start stunnel at server side: stunnel -f -d 9999 -r localhost:1234 -p server.pem -f: run in foreground mode (otherwise it will fork and run in background) -d 9999: wait for incoming connections on port 9999 -r localhost:1234: forward incoming connections to localhost, on port 1234 (using TCP) -p server.pem: the server key/certificate can be found in server.pem Using stunnel at Client Side Authentication with stunnel Generate a key for your client and self-sign it: openssl req -new -x509 -nodes -out client.pem -keyout client.pem chmod 0600 client.pem Start stunnel at client side: stunnel -f -c 9998 -r myserver.cse.nd.edu:9999 -p client.pem -f: run in foreground mode -c: run in client mode -r myserver.cse.nd.edu:9999: forward incoming connections to myserver, on port 9999 (using ) -p client.pem: the client key/certificate can be found in client.pem Did you notice that we used self-signed client and server keys? keys were not certified by CA each other s identity cannot be checked by default, stunnel does not check certificates You can set up authentication 1. create a CA 2. create a key for each party which needs to prove its ID (usually the server): creates a key/certificate pair and a request for the CA to sign it 3. sign each key/certificate pair with your CA 4. run stunnel and ask it to check certificates you will be using the CA.sh script that comes with openssl: Solaris: /usr/local/openssl/ssl/misc/ca.sh Linux: /usr/lib/ssl/misc/ca.sh (often) 3

Creating a CA Create a Server Key CA.sh -newca you will be asked a certificate filename, type enter to create one you will be asked a passphrase, this is to protect the key of your CA (don t forget it) you will be asked other information: company name, country, email,... create a CA in directory democa/: CA s public key is in democa/cacert.pem CA s private key is in democa/cakey.pem Repeat the following instructions for each party which needs to authenticate itself (usually only the server). CA.sh -newreq you will be asked a passphrase (do not use the same as for CA) you will be asked the same questions when creating the CA when asked for a Common Name, use fully qualified name of the machine (mymachine.cse.nd.edu) Request (with private key) is now in newreq.pem Sign the Key with the CA Give your request to the CA and make it sign it: CA.sh -sign you will be asked the CA s passphrase will create the signature file in newcert.pem Create your own certified key file (private key and certificate in same file): cat newreq.pem newcert.pem > server-signedkey.pem Then you can use server-signed-key.pem with stunnel Using stunnel with Server Authentication Start stunnel at server side with your new authenticated key: stunnel -f -d 9999 -r localhost:1234 -p server-signedkey.pem Start stunnel at client side: stunnel -c -v2 -f -d 9998 -r mymachine:9999 -p client.pem -A democa/cacert.pem -v2: require authentication by the other party -A democa/cacert.pem: indicates which CA I trust (public key) and SET Online Credit Card Use SET (Secure Electronic Transactions) similar to Developed by Visa, Mastercard, Netscape, and Microsoft Relies on cryptography and digital signatures Merchant never sees credit card information! Thus far, has not caught on much, due to costs involved in integrating SET into existing systems and lack of interest among consumers 4

Problems Security Neither merchant nor consumer are authenticated. Merchant gets consumers credit card number for possible later misuse. Cost for merchants, around 3.5% of purchase price plus transaction fee of 20-30 cents per transaction. Social equity many people do not have access to credit cards (young adults, plus almost 100 million other adult Americans who cannot afford cards or are considered high risk) Secure Electronic Transactions (SET) designed for payment-card transactions over Internet. provides security services among 3 players: customer merchant merchant s bank All must have certificates. Customer s card number passed to merchant s bank without merchant ever seeing number in plain text. prevents merchants from stealing, leaking payment card numbers. 1. Customer browses and decides to purchase SET SET uses and PKI. Customer must have a SET enabled browser and merchant needs SET enabled server. Consumer s credit card issuing bank issues a digital certificate (electronic wallet) with consumer s public key and bank s public key (signed with bank s private key). Merchants get a similar digital certificate from bank. 2. SET sends order and payment information Customer Merchant 7. Merchant completes order 3. Merchant forwards payment information 9. Issuer sends credit card to bank bill to customer 8. Merchant captures transaction 6. Bank authorizes payment 4. Bank checks with issuer for payment authorization Bank Bank Merchant s bank Customer s bank 5. Issuer authorizes payment Issuer Payment Request 1. Cardholder initiates request to merchant 2. Merchant generates response digitally signs response with merchant s private key send response to cardholder along with merchant s signature certificate and key exchange certificate 3. Cardholder receives and verifies both certificates and merchant s digital signature 4. Cardholder creates ordering and payment instructions Payment Request 5. Cardholder generates digital signatures on order and payment instructions encrypts payment instructions with random symmetric key encrypts order with random symmetric key and cardholder account information with payment server s public key 5

Payment Request 6. Cardholder sends to merchant order information encrypted payment instructions encrypted symmetric key signature certificate 7. Merchant verifies cardholder s signature certificate and digital signature on order 8. Merchant forwards payment info and encrypted symmetric key to payment gateway Payment Request 9. Merchant waits for authorization from payment gateway (next section) 10. When authorized, merchant creates digitally signed purchase confirmation and forwards the confirmation and digital signature to cardholder 11. Merchant may now fill the order 12. Cardholder receives merchant s response verifies merchant s authenticity using signature certificate saves merchant s response as proof of payment 1. Merchant creates digitally signed authorization request and encrypts it with a randomly generated symmetric key 2. Merchant encrypts symmetric key with payment gateway s key exchange (public) key 3. Merchant sends to payment gateway encrypted authorization request encrypted symmetric key encrypted payment info from cardholder signature certificate of cardholder signature certificate of merchant key exchange certificate of merchant 4. Payment gateway verifies the two merchant certificates decrypts and verifies the digital signature of the authorization request 5. Payment gateway verifies cardholder certificate decrypts and verifies the digital signature of the payment information ensures consistency between merchant s authorization request and cardholder s payment information (e.g., amounts match) 6. Payment gateways sends authorization request through its financial network to cardholder s financial institution 7. If approved, payment gateway creates a digitally signed authorization response encrypts it with a randomly generated symmetric key encrypts symmetric key with with merchant s key exchange (public) key 8. Payment gateway sends to merchant encrypted authorization response encrypted symmetric key its signature certificate 9. Merchant verifies payment gateway s signature certificate verifies digital signature of response stores response as proof of authorization 6

SET Comments To its credit, SET is well designed is based upon sound PKC principles is well documented encourages anyone/everyone to implement, could be added to browsers/servers SET Comments SET has three weaknesses implementations not as clean as the specification, so interoperability is an issue given the complexity, not surprising that in initial trials the transactions were slow (30 seconds) Secure Sockets Layer has taken the lead by integrating security directly into the browser 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information