The Secure Sockets Layer (SSL)



Similar documents
Web Security Considerations

Communication Systems SSL

Transport Layer Security Protocols

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Network Security Part II: Standards

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

CSC Network Security

CSC 474 Information Systems Security

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Chapter 7 Transport-Level Security

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Chapter 17. Transport-Level Security

Secure Socket Layer. Security Threat Classifications

Communication Security for Applications

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Network Security Essentials Chapter 5

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

SECURE SOCKETS LAYER (SSL)

Transport Level Security

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Security Protocols/Standards

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Sockets Layer

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

TLS/SSL in distributed systems. Eugen Babinciuc

TLS and SRTP for Skype Connect. Technical Datasheet

Three attacks in SSL protocol and their solutions

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

SSL Secure Socket Layer

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

SSL A discussion of the Secure Socket Layer

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

, SNMP, Securing the Web: SSL

Web Security. Mahalingam Ramkumar

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

T Cryptography and Data Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

As enterprises conduct more and more

Lab 7. Answer. Figure 1

Overview. SSL Cryptography Overview CHAPTER 1

Chapter 32 Internet Security

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

SSL Handshake Analysis

Lecture 4: Transport Layer Security (secure Socket Layer)

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

SSL: Secure Socket Layer

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Properties of Secure Network Communication

, ) I Transport Layer Security

SSL Secure Socket Layer

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Key Management (Distribution and Certification) (1)

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Chapter 9. IP Secure

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Information Security

Authenticity of Public Keys

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Security. Learning Objectives. This module will help you...

ENHANCED SECURITY IN SECURE SOCKET LAYER 3.0 SPECIFICATION

ERserver. iseries. Secure Sockets Layer (SSL)

Security Policy Revision Date: 23 April 2009

Chapter 10. Network Security

Protocol Rollback and Network Security

Lecture 9 - Network Security TDTS (ht1)

T Cryptography and Data Security

Differences Between SSLv2, SSLv3, and TLS

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Virtual Private Networks

Standards and Products. Computer Security. Kerberos. Kerberos

Cleaning Encrypted Traffic

Chapter 51 Secure Sockets Layer (SSL)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS by Nikos Mavroyanopoulos

ETSF10 Part 3 Lect 2

SSL/TLS: The Ugly Truth

Chapter 34 Secure Sockets Layer (SSL)

ERserver. iseries. Securing applications with SSL

Web Security: Encryption & Authentication

Transcription:

Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course there are major security issues involved here that need to be addressed. Nobody wants to send their credit card number over the Internet unless they have a guarantee that only the intended recipient will receive it. As businesses begin to see the threats of the Internet to electronic commerce, the demand for secure web pages grows. A number of approaches to providing Web security are possible. The various approaches are similar in many ways but may differ with respect to their scope of applicability and relative location within the TCP/IP protocol stack. For example we can have security at the IP level making it transparent to end users and applications. However another relatively general-purpose solution is to implement security just above TCP. The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard known as Transport Layer Security (TLS). This chapter looks at SSL which was originated by Netscape. The Internet standard, TLS, can be viewed essentially as SSLv3.1 and is very close to and backward compatible with SSLv3. We will mainly be interested in SSLv3 at present. 11.1 Overview As mentioned, the Secure Sockets Layer (SSL) is a method for providing security for web based applications. It is designed to make use of TCP to provide a reliable endto-end secure service. SSL is not a single protocol but rather two layers of protocols as illustrated in figure 11.1. It can be seen that one layer makes use of TCP directly. This layer is known as the SSL Record Protocol and it provides basic security services to various higher layer protocols. An independent protocol that makes use of the record protocol is the Hypertext Markup Language (HTTP) protocol. Another three higher level protocols that also make use of this layer are part of the SSL stack. They are used in the management of SSL exchanges and are as follows: 1. Handshake Protocol. 2. Change Cipher Spec Protocol. 3. Alert Protocol. 111

Figure 11.1: SSL protocol stack. The SSL record protocol, which is at a lower layer and offers services to these three higher level protocols, is discussed first. 11.2 SSL Record Protocol This protocol provides two services for SSL connections: 1. Confidentiality - using conventional encryption. 2. Message Integrity - using a Message Authentication Code (MAC). In order to operate on data the protocol performs the following actions (see figure 11.2): It takes an application message to be transmitted and fragments it into manageable blocks. These blocks are 2 14 = 16, 384 bytes or less. These blocks are then optionally compressed which must be lossless and may not increase the content length by more than 1024 bytes. A message authentication code is then computed over the compressed data using a shared secret key. This is then appended to the compressed (or plaintext) block. The compressed message plus MAC are then encrypted using symmetric encryption. Encryption may not increase the content length by more than 1024 bytes, so that the total length may not exceed 2 14 + 2048. A number of different encryption algorithms are permitted. The final step is to prepend a header, consisting of the following fields: 112

Figure 11.2: SSL Record Protocol Operation. Content type (8 bits) - The higher layer protocol used to process the enclosed fragment. Major Version (8 bits) - Indicates major version of SSL in use. For SSLv3, the value is 3. Minor Version (8 bits) - Indicates minor version in use. For SSLv3, the value is 0. Compressed Length (16 bits) - The length in bytes of the compressed (or plaintext) fragment. The overall format is shown in figure 11.3. The content type above is one of four types; the three higher level protocols given above that make use of the SSL record, and a fourth known as application data. The first three are described next as they are SSL specific protocols. 11.3 Change Cipher Spec Protocol This consists of a single message which consists of a single byte with the value 1. This is used to cause the pending state to be copied into the current state which updates the cipher suite to be used on this connection. 11.4 Alert Protocol This protocol is used to convey SSL-related alerts to the peer entity. It consists of two bytes the first of which takes the values 1 (warning) or 2 (fatal). If the level is fatal SSL immediately terminates the connection. The second byte contains a code that indicates 113

Figure 11.3: SSL record format. the specific alert. 11.5 Handshake Protocol This is the most complex part of SSL and allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record. This protocol is used before any application data is sent. It consists of a series of messages exchanged by the client and server, all of which have the format shown in figure 11.5. Each message has three fields: 1. Type (1 byte): Indicates one of 10 messages such as hello request (see figure 11.4). 2. Length (3 bytes): The length of the message in bytes. 3. Content( 0 byte): The parameters associated with this message such version of SSL being used. The Handshake Protocol is shown in figure 11.6. This consists of four phases: 1. Establish security capabilities including protocol version, session ID, cipher suite, compression method and initial random numbers. This phase consists of the client hello and server hello messages which contain the following (this is for the client however it s a little different for the server): Version: The highest SSL version understood by client 114

Figure 11.4: SSL Handshake protocol message types. Figure 11.5: SSL record protocol payload. Random: 32-bit timestamp and 28 byte nonce. Session ID: A variable length session identifier. CipherSuite: List of cryptoalgorithms supported by client in decreasing order of preference. Both key exchange and CipherSpec (this includes fields such as CipherAlgorithm, MacAlgorithm, CipherType, HashSize, Key Material and IV Size) are defined. Compression Method: List of methods supported by client. 2. Server may send certificate, key exchange, and request certificate it also signals end of hello message phase. The certificate sent is one of a chain of X.509 certificates discussed earlier in the course. The server key exchange is sent only if required. A certificate may be requested from the client if needs be by certificate request. 3. Upon receipt of the server done message, the client should verify that the server provided a valid certificate, if required, and check that the server hello parameters are acceptable. If all is satisfactory, the client sends one or more messages 115

back to the server. The client sends certificate if requested (if none available then it sends a no certificate alert instead). Next the client sends client key exchange message. Finally, the client may send certificate verification. 4. Change cipher suite and finish handshake protocol. The secure connection is now setup and the client and server may begin to exchange application layer data. Figure 11.6: Handshake protocol action. 116

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information