Communication Systems SSL

Similar documents
Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

CSC 474 Information Systems Security

CSC Network Security

Web Security Considerations

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Secure Socket Layer. Security Threat Classifications

Network Security Essentials Chapter 5

The Secure Sockets Layer (SSL)

SECURE SOCKETS LAYER (SSL)

Transport Layer Security Protocols

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Communication Security for Applications

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Cryptography and Network Security IPSEC

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Chapter 7 Transport-Level Security

Chapter 17. Transport-Level Security

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Transport Level Security

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

SSL Secure Socket Layer

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Network Security Part II: Standards

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

SSL Secure Socket Layer

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Information Security

Secure Sockets Layer

Lecture 4: Transport Layer Security (secure Socket Layer)

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Authenticity of Public Keys

Overview. SSL Cryptography Overview CHAPTER 1

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

ISA 562 Information System Security

Security Protocols/Standards

Computer and Network Security

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Protocol Rollback and Network Security

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Web Security. Mahalingam Ramkumar

Three attacks in SSL protocol and their solutions

Learning Network Security with SSL The OpenSSL Way

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

SSL: Secure Socket Layer

T Cryptography and Data Security

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Transport Layer Security (TLS)

Some solutions commonly used in order to guarantee a certain level of safety and security are:

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Savitribai Phule Pune University

, SNMP, Securing the Web: SSL

Chapter 10. Network Security

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Network Security Protocols

SSL Handshake Analysis

mod_ssl Cryptographic Techniques

TLS-RSA-PSK. Channel Binding using Transport Layer Security with Pre Shared Keys

Security. Learning Objectives. This module will help you...

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

SSL A discussion of the Secure Socket Layer

Chapter 34 Secure Sockets Layer (SSL)

TLS and SRTP for Skype Connect. Technical Datasheet

Chapter 27 Secure Sockets Layer (SSL)

Chapter 51 Secure Sockets Layer (SSL)

Network Security. Chapter 12 Security Protocols of the Transport Layer

Security Policy Revision Date: 23 April 2009

, ) I Transport Layer Security

Secure network protocols: how SSL/TLS, SSH, SFTP and FTPS work

SSL and TLS. An Overview of A Secure Communications Protocol. Simon Horman aka Horms. horms@valinux.co.jp horms@verge.net.au horms@debian.

TLS/SSL in distributed systems. Eugen Babinciuc

T Cryptography and Data Security

Einführung in SSL mit Wireshark

Embedded SSL. Christophe Kiennert, Pascal Urien. Embedded SSL - Christophe Kiennert, Pascal Urien 1

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

SSL Troubleshooting with Wireshark and Tshark

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI

Differences Between SSLv2, SSLv3, and TLS

Certificates and network security

Transcription:

Communication Systems SSL Computer Science

Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2

Network Security Goals Confidentiality: only sender, intended receiver should understand message contents sender encrypts message receiver decrypts message Privacy: hide `who is doing what with whom` Authentication: sender, receiver want to confirm identity of each other Integrity: sender, receiver want to ensure messages are not altered (in transit, or afterwards) without detection Access and Availability: services must be accessible and available to users 3

Network Security on Different Layers Security measures could be hooked to different layers of the stack Link layer: one `hop` (e.g. wireless link) IP Layer (IP-Sec): transparent to application (next Friday) Transport Layer (SSL/TLS): easy, widely used Application Layer (PGP, S/MIME) 4

SSL (Secure Socket Layer) Transport layer security service, yields secure channel Secure byte stream Optional public-key server authentication Optional client authentication Development started by Netscape to offer secure Internet business Used/Implemented with HTTP first (HTTPS, port 443) Hash: combined MD5 & SHA Encryption: Diffie Helman, RSA & DES, RC4 Version 3 designed with public input; subsequently became Internet standard TLS (Transport Layer Security) 5

SSL (Secure Socket Layer) Uses TCP to provide a reliable end-to-end service Not restricted for secure web (HTTP) transactions Useful for any TCP based service to be secured: HTTP, IMAP, POP, NNTP, telnet, telephony signaling SSL implements two layers of protocols SSL session Association between client & server Created by the Handshake Protocol Define a set of cryptographic parameters May be shared by multiple SSL connections 6

SSL (Secure Socket Layer) SSL connection A transient, peer-to-peer, communications link Associated with one SSL session 7

SSL record protocol Confidentiality the handshake protocol defines a shared key for encryptions of SSL payloads Using symmetric encryption with a shared secret key defined by Handshake Protocol stateful protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 Message is compressed before encryption 8

SSL record protocol and format The record format leads to Message Integrity the handshake protocol defines a shared key used to form message authentication code (MAC) Similar to HMAC but with different padding 9

SSL MAC calculation Hash(MAC_secret_key pad2 hash(mac_secret_key pad1 seqnum SSLcompressed.type SSLcompressed.length SSLcompressed.fragment)) Where: Mac_secret_key pad1 = 0x36 repeated 48 times for MD5 40 times for SHA-1 pad2 = 0x5C repeated SSLcompressed.type = the higher level protocol used to process this fragment 10

SSL encryption Fragment size 2 14 = 16384 bytes Compression must be lossless and must not increase length more than 1024 No compression algorithm specified in SSLv3 default no compression Block Cipher Encryption Methods - IDEA (128) RC2-40, DES-40, DES (56), 3DES (168) Stream Cipher Encryption choices - RC4-40, RC4-128 11

SSL payload / Change Cipher Specification Protocol Change Cipher Spec Protocol consists of a single message of a single byte with value 1 it means copy pending state to current state 12

SSL Alert Protocol Conveys SSL-related alerts to peer entity Severity Warning or fatal: 1=warning, 2=fatal Specific alert Unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter Close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown Compressed and encrypted like all SSL data 13

SSL Handshake Protocol Most complex part of SSL Allows the server and client to authenticate each other Negotiate encryption, MAC algorithm and cryptographic keys Used before any application data are transmitted Message Fields Type (8) Length (24) Content ( 1 byte) parameters Several Message types 14

SSL Handshake Protocol message types Message types (name (value)): Hello-request (null) Client-hello (version,random(32b), sessionid, cipher suite, compression method) Server_hello (same as Client-hello) Certificate (chain of X.509v3 certificates) Server_key_exchange (parameters, signature) Certificate_request (type, authorities) Server_done (null) Certificate_verify (signature) Client_key_exchange (parameters, signature) Finished (hash value) 15

SSL Handshake Protocol Colored messages are optional Phase 1-3 messages are plaintext 16

SSL Handshake Protocol Phase 1 Establish security capabilities Client_hello - Version = highest SSL understood by client - Random 32 bit time stamp + 28 random bytes (secure random number generator) - sessionid: 0 to establish new connection, non-zero means update parameters of an existing session - Ciphersuite: sequence of cryptographic algorithms in decreasing order of preference (key exchange + CipherSpec) - Compression methods: sequence of compression methods 17

SSL Handshake Protocol Phase 1 Establish security capabilities Server_hello is sent back - same as from client but confirmation to suggested values: - Highest common version, new random field, same sessionid if nonzero, new sessionid otherwise, the selected ciphersuite and the selected compression technique Key Exchange methods RSA secret key is encrypted with receiver s RSA public key Fixed Diffie-Hellman Ephemeral Diffie Hellman Anonymous Diffie-Hellman Fortezza 18

SSL Handshake Protocol Phase 1 CipherSpec follows containing the fields Cipher algorithm MAC algorithm CipherType: block or stream Hash size: 0, 16 for MD5 or 20 for SHA-1 bytes Key material sequence of bytes used to generate keys IV size of Initial Value for Cipher Block Chaining (CBC) 19

SSL Handshake Protocol Phase 2 Server Authentication and Key Exchange Server sends Certificate: X.509 certificate chain (not required for anonymous Diffie-Hellman) Server_key_exchange (not always need e.g. fixed Diffie-Hellman) - Hash(Client_hello.random ServerHello.random ServerParms) Certificate_request: certificate type and certificate authorities Server_hello_done: I m done and I ll wait on response 20

SSL Handshake Protocol Phase 3 Client Authentication and Key Exchange Client verifies server certificate and checks the server hello paramters If not in list of CAs, may trust the new certificate Client generates 48 byte pre-secret Client sends pre-secret encrypted w/ server s public key in certificate Certificate: if requested, client_key_exchange message must be sent Certificate_verify message to provide explicit verification of client certificate Session key now generated from master secret and client hello random provides salt 21

SSL Handshake Protocol Phase 4, 5 Finishing up: switch to next cipher_spec Client sends Change_cipher_spec message Finished message under new algorithms, keys (new cipher_spec) Server answers Change_cipher_spec message Finished message under new algorithms, keys (new cipher_spec) Phase 5: Now encrypted application data could be exchanged between both parties 22

SSL Version 3 and Transport Layer Security IETF standard RFC 2246 similar to SSLv3 With minor differences in record format version number uses HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding 23

Communication Systems Computer Science

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information