Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)



Similar documents
Web Security Considerations

Communication Systems SSL

CSC Network Security

CSC 474 Information Systems Security

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Communication Security for Applications

SSL Secure Socket Layer

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

The Secure Sockets Layer (SSL)

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Lecture 7: Transport Level Security SSL/TLS. Course Admin

SSL Secure Socket Layer

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Network Security Essentials Chapter 5

Information Security

Transport Layer Security Protocols

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

SECURE SOCKETS LAYER (SSL)

Secure Socket Layer. Security Threat Classifications

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

ISA 562 Information System Security

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Authenticity of Public Keys

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Transport Level Security

Network Security Part II: Standards

Chapter 17. Transport-Level Security

Protocol Rollback and Network Security

Chapter 7 Transport-Level Security

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Web Security. Mahalingam Ramkumar

Lecture 4: Transport Layer Security (secure Socket Layer)

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Security Protocols/Standards

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

TLS-RSA-PSK. Channel Binding using Transport Layer Security with Pre Shared Keys

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Sockets Layer

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

SSL: Secure Socket Layer

, ) I Transport Layer Security

Lab 7. Answer. Figure 1

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Overview. SSL Cryptography Overview CHAPTER 1

Transport Layer Security (TLS)

TLS and SRTP for Skype Connect. Technical Datasheet

Computer and Network Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

TLS/SSL in distributed systems. Eugen Babinciuc

Einführung in SSL mit Wireshark

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Low-Level TLS Hacking

, SNMP, Securing the Web: SSL

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Cryptography and Network Security IPSEC

T Cryptography and Data Security

SSL/TLS: The Ugly Truth

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Three attacks in SSL protocol and their solutions

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

EXAM questions for the course TTM Information Security May Part 1

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

SSL and TLS. An Overview of A Secure Communications Protocol. Simon Horman aka Horms. horms@valinux.co.jp horms@verge.net.au horms@debian.

Introduction to Cryptography

Chapter 32 Internet Security

mod_ssl Cryptographic Techniques

Network Security Protocols

Network Security Standards. Key distribution Kerberos SSL/TLS

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

The Beautiful Features of SSL And Why You Want to Use Them?

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI

CS 3251: Computer Networking 1 Security Protocols I

Key Management (Distribution and Certification) (1)

ERserver. iseries. Securing applications with SSL

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Asymetrical keys. Alices computer generates a key pair. A public key: XYZ (Used to encrypt) A secret key: ABC98765 (Used to decrypt)

Learning Network Security with SSL The OpenSSL Way

IPSec and SSL Virtual Private Networks

Transcription:

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1

SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols implement security at the application layer Popular for securing the web, but not part of it Is a general purpose secure communication protocol suite Uses certificate authentication HTTP FTP SMTP SSL/TLS TCP Note: throughout we will focus on SSLv3. Assume SSLv3 unless stated otherwise. IP 2

Model Often a one-way authentication mechanism, used to prove the authenticity of a web-server to a client. Server-side certificates Root CA certifications distributed with browser Non-certified (or expired) certificates can be accepted Mutual authentication performed using client-side certificates Less frequently uses (almost never in Web applications) Where used for enterprise internal or as layer for non-web based applications, much more frequently. 3

SSL as protocol suite Data Protocols Record Protocol Control Protocols Handshake Protocol Change Cipher Suite Protocol Alert Protocol Session Alice Connection Connection Connection Connection Connection Connection Bob 4

SSL Session State Session ID Peer certificate (sometimes) Cipher Spec Compression algorithm Master Secret 5

SSL Connection State Server and client random Server MAC key Client MAC key Server write key Client write key Initialization vectors 6

Handshake Protocol The purpose of the handshake protocols is to authenticate one or both parties negotiate shared master keys Protocol operates in 4 phases Phase 1: establish security context Phase 2: server publishes certificate and key seeds Phase 3: client completes key exchange Phase 4: complete handshake 7

Phase 1 Client sends and offer (CLIENT_HELLO) including SSL Version (highest supported) Random (RC) - { timestamp, plus 28 random bytes } Session ID - { 0 = new session,!0 = refresh } CipherSuite - algorithm selections for security/compression Server replies with (SERVER_HELLO) response Section of SSL version, crypto and compression algorithms A new session ID (as needed) (SID) A server random number (RS) 8

Phase 2 Server sends a (CERTIFICATE) This contains the public key certificate for the server Ks+ Server sends a (SERVER_KEY_EXCHANGE) This contains the server parameters for the key exchange to be performed (there are many variants) For example, the anonymous Diffie-Hellman sends the prime number and primitive root (n,r) The key exchange parameters are signed using the private key of the server with exchanged random numbers, e.g., sig(k s, [n g X = g x mod n]) = Sig(K s,r c R s n g X) Server sends a completion (SERVER_DONE) 9

Phase 3 Client sends a (CERTIFICATE) - optional This contains the public key certificate for the clients Ks+ Client sends a response (CLIENT_KEY_EXCHANGE) This contains the client s key exchange parameters As before this is the public client Diffie-Hellman parameters Signed if client has signing capability The parties generate the pre_master_secret X = g x mod n Y = g y mod n p ms = Y x mod n = X y mod n 10

Phase 4 Both sides complete the process by computing the 48 byte master secret: M s k = MD5(p ms SHA( A p ms R c R s )) MD5(p ms SHA( BB p ms R c R s )) MD5(p ms SHA( CCC p ms R c R s )) Then generate a key block of secret bytes key block = MD5(M s k SHA( A M s k R c R s )) MD5(M s k SHA( BB M s k R c R s )) MD5(M s k SHA( CCC M s k R c R s )) MD5(M s k SHA( DDDD M s k R c R s ))... 11

Transport Keys Just use the key_block as a PRF to generate enough bytes to generate the keys for clients and servers. key_block Client Write Key Server Write Key Client MAC Key Server MAC Key... Note: this PRF is practically of unlimited length and in practice (although generated differently) is used extensively on TLS. 12

Record Protocol Provides to client (initiator) and server (service) Original Data Confidentiality (via encryption) Fragmented Data Fragmented Data Fragmented Data Integrity (via MAC) Compressed Data Data is fragmented, compressed, and security constructions applied. Compressed Data M A C Encrypted Data H D R Encrypted Data 13

RFC 2104 (MAC for TLS) Given: h() = hash function B = input/out byte-length of h K = a secret key pad i = inner pad = 0x35 repeated B times pad o = outer pad = 0x5C repeated B times text = text to MAC Compute the MAC: MAC(K, text) = (H((K pad o ) H((K pad i ) text))

Alert/CCS Protocol Change Cipher Suite Protocol Trigged at end of handshake, causes security association to be enabled Alert Protocols - signals MAC failure No known certificate Handshake failure Bad certificate Close notification 15

Why?... does SSL work?... does SSL not work?... is SSL so popular? 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information