How To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)

Similar documents
Web Security Considerations

Communication Security for Applications

Communication Systems SSL

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Chapter 17. Transport-Level Security

Chapter 7 Transport-Level Security

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

CSC 474 Information Systems Security

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

CSC Network Security

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

The Secure Sockets Layer (SSL)

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Network Security Essentials Chapter 5

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Transport Layer Security Protocols

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Secure Socket Layer. Security Threat Classifications

Network Security Part II: Standards

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

SECURE SOCKETS LAYER (SSL)

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Transport Level Security

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

SSL Secure Socket Layer

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Computer and Network Security

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Secure Sockets Layer

TLS/SSL in distributed systems. Eugen Babinciuc

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Lecture 10: Communications Security

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Chapter 32 Internet Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

SSL Secure Socket Layer

, ) I Transport Layer Security

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Cryptography and Network Security IPSEC

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

SSL: Secure Socket Layer

Lecture 4: Transport Layer Security (secure Socket Layer)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Chapter 10. Network Security

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Security Protocols/Standards

Web Security. Mahalingam Ramkumar

Lab 7. Answer. Figure 1

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Overview. SSL Cryptography Overview CHAPTER 1

Information Security

T Cryptography and Data Security

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

SSL A discussion of the Secure Socket Layer

Einführung in SSL mit Wireshark

EXAM questions for the course TTM Information Security May Part 1

mod_ssl Cryptographic Techniques

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Chapter 9. IP Secure

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

As enterprises conduct more and more

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Three attacks in SSL protocol and their solutions

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

SSL Handshake Analysis

IPSec and SSL Virtual Private Networks

, SNMP, Securing the Web: SSL

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Learning Network Security with SSL The OpenSSL Way

Some solutions commonly used in order to guarantee a certain level of safety and security are:

Lecture 9 - Network Security TDTS (ht1)

The Beautiful Features of SSL And Why You Want to Use Them?

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

TLS and SRTP for Skype Connect. Technical Datasheet

Security. Learning Objectives. This module will help you...

SBClient SSL. Ehab AbuShmais

Authenticity of Public Keys

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

ERserver. iseries. Securing applications with SSL

Key Management (Distribution and Certification) (1)

ERserver. iseries. Secure Sockets Layer (SSL)

Netzwerksicherheit: Anwendungen

Transcription:

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1

Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Recommended Reading C. Ding - COMP581 - L22 2

Security Facilities in the TCP/IP Protocol Stack HTTP FTP SMTP S/MIME PGP SET HTTP FTP SMTP SSL or TLS HTTP Kerberos SMTP HTTP TCP TCP UDP TCP IP/IPSec IP IP a) Network level b) Transport level c) ApplicaCon level C. Ding - COMP581 - L22 3

SSL and TLS: Information SSL was originated by Netscape, Version 2, 3, 3.1 TLS is an IETF protocol. First version of TLS can be viewed as an SSLv3.1 They are the most popular transport layer security protocols C. Ding - COMP581 - L22 4

SSL: Brief Introduction Based on connection-oriented and reliable service (e.g., TCP) Able to provide security services for any TCP-based application protocol, e.g., HTTP, FTP, TELNET, etc. Application independent C. Ding - COMP581 - L22 5

SSL Services Client- server authentication Data confidentiality Data origin authentication Data integrity C. Ding - COMP581 - L22 6

SSL Architecture C. Ding - COMP581 - L22 7

SSL Protocol Structure It makes use of TCP to provide reliable end-to-end secure service. Auth. & encryption algorithms, keys, random numbers, alert messages SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Record Protocol SSL Alert Protocol TCP IP C. Ding - COMP581 - L22 8

SSL Protocol Components: SSL Record Protocol Layered on top of a connection-oriented and reliable transport layer service Provides message origin authentication, data confidentiality, and data integrity SSL sub-protocols Layered on top of the SSL Record Protocol Provides support for SSL session and connection establishment C. Ding - COMP581 - L22 9

SSL Connection and Session Connection: a transport (in the OSI layering model definition) that provides a suitable service. For SSL, such connections are peerto-peer relationships. Every connection is associated with one session. Session: an association between a client and a server. Defines a set of cryptographic parameters, which can be shared among multiple connections. Is is used to avoid the expensive negotiation of new security parameters for each connection. C. Ding - COMP581 - L22 10

SSL State Information SSL session is stateful SSL protocol must initialize and maintain session state information on either side of the session SSL session can be used for a number of connections (i.e., it has a lifetime) connection state information C. Ding - COMP581 - L22 11

SSL Session State Information Elements Session ID: An arbitrary byte sequence chosen by the server to identify an active or resumable session state. Peer certificate: X509.v3 certificate of the peer Compression method: algorithm to compress data before encryption Cipher spec: specification of data encryption and Message Authentication Code (MAC) algorithms Master secret: 48-byte secret shared between client and server Is resumable: flag that indicates whether the session can be used to initiate new connections C. Ding - COMP581 - L22 12

More on SSL Session State A previous session may be resumed (use Session ID and its session cache) A new session may be negotiated (use Session ID and the Handshake Protocol) C. Ding - COMP581 - L22 13

SSL Connection State Information Elements Server and client random: byte sequences that are chosen by server and client for each connection. Server write MAC secret: secret used for MAC on data written by server Client write MAC secret: secret used for MAC on data written by client [different from server write MAC key] Server write key: key used for data encryption by server and decryption by client Client write key: key used for encryption by client and decryption by server [different from server write key] Initialization vectors: for CBC mode (two are different!) Sequence number: for both transmitted and received messages, maintained by each party. C. Ding - COMP581 - L22 14

Session & Connection State: Pictorial Description Session State Session ID Cer=ficates Resumable? Authen=ca=on and encryp=on algorithms Client + Server).hello.randoms Compression algorithm Connec=on State Master key MD5,SHA Established by the SSL Handshake Protocol secret keys (MAC, encryp=on), two IV s for Client and Server Server and client random: for each connec=on by both Sequence number for transmi[ed and received messages: C. Ding - COMP581 - L22 15

Current and Pending State Current state: There is a current operating state for both read and write (i.e., receive and send). Pending state: In addition, during the Handshake Protocol, pending read and write states are created. Updating: Upon successful conclusion of the Handshake protocol, the pending states become the current states. C. Ding - COMP581 - L22 16

Connection and Session Establishing a session by the Handshake protocol Master key, hash algor. Encryption algorithm, session keys, IV s, etc. Copying pending state into current state Now ready for connections in this session Connection 1 Change cipher Spec protocol Client Connection 2 Connection 3 Server C. Ding - COMP581 - L22 17

SSL Record Protocol C. Ding - COMP581 - L22 18

SSL Record Protocol Operation SSL Record Header SSL Record SSL Record C. Ding - COMP581 - L22 19

SSL Record Content Content type (8 bits) Defines higher layer protocol that must be used to process the payload data (which may be handshake, alert, or change_cipher_spec messages). Protocol version number (major & Minor) (8 bits) Defines SSL version in use. (3, 0) for SSLv3 Length (16 bits): length in bytes of (compressed) plaint. Data payload Optionally compressed and encrypted Encryption and compression requirements are defined during SSL handshake MAC (0, 16, or 20 bytes) Appended for each record for message origin authentication and data integrity verification C. Ding - COMP581 - L22 20

Change Cipher Spec Protocol C. Ding - COMP581 - L22 21

Change Cipher Spec Protocol It is one of the three SSL-specific protocols that use the SSL Record Protocol. It consists of a single message, which consists of a single byte with value 1. The sole purpose of this message is to cause the pending state to be copied into the current state, which updates the cipher suite to be used on this connection. byte change session state C. Ding - COMP581 - L22 22

Alert Protocol C. Ding - COMP581 - L22 23

Alert Protocol Used to transmit alerts via SSL Record Protocol to peer entity. Alert message: (alert level, alert description) Alert messages are compressed and encrypted, as specified by the current state. Format of the message in this protocol: Level byte Alert byte errors occurred during handshaking <=== errors occurred during processing at the sever C. Ding - COMP581 - L22 24

Handshake Protocol C. Ding - COMP581 - L22 25

Handshake Protocol The most complex part of SSL. Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data is transmitted. C. Ding - COMP581 - L22 26

SSL Handshake SSL version number, cipher suit, client-hello random, session ID SSL version number, selected cipher set, server-hello random, digi. certif., signed data Client uses the info of STEP2 for SERVER AUTHENTICATION if Failed TERMINATE if Successful go to STEP 4 CLIENT PreMaster Secret Generated for the session, encrypts it with the Server s Public Key If Server Requested for CLIENT AUTHENTICATION:Client Sends Signed Data & Encrypted PreMaster Secret (This is Optional) Server Authenticates Client, if failure TERMINATE else decrypt PREMASTER SECRET to generate MASTER SECRET SERVER Both the Client and Server use the Master Secret to Generate Session keys and 9) Client and Server sends messages to each other that Handshake is finished C. Ding - COMP581 - L22 27

Pre-master secret, master secret, and symmetric key The three words A, BB and CCC are also given as input values here Pre-master secret Clienthello random Serverhello random Message Digest Algorithms Master secret C. Ding - COMP581 - L22 28

Pre-master secret, master secret, and symmetric key The three words A, BB and CCC are also given as input values here Master secret Client random Server random Message Digest Algorithms Symmetric key block Symmetric key block = client write MAC secret, server write MAC secret, client write key, server write key, client write IV, and server write IV C. Ding - COMP581 - L22 29

Details Omitted in the Handshake Protocol Pre-master secret exchange methods: RSA: A 48-byte pre-master key generated by client, and encrypted by the server s public key. The encrypted one is sent to server. Diffie-Hellman: (three variants of DH) omitted. Cipher algorithm: RC4, RC2, DES, 3DES, IDEA,... Server authentication: (using digital certificates) Client authentication: (using digital certificates) C. Ding - COMP581 - L22 30

SSL Applications C. Ding - COMP581 - L22 31

The Main Usage of SSL Secure tunnel through the Internet Consumer Merchant Non-Internet (telephone) line Internet Issuer bills Consumer Consumer must trust merchant with card Similar to ordinary phone order High transaction costs Credit Card Acquirer Credit Card Issuer Acquirer notifies Issuer C. Ding - COMP581 - L22 32

The Main Usage of SSL After the SSL Handshaking If you want people to buy from your site, you must provide an order form with Secure Sockets Layer (SSL) encryption technology O Brien (2000) C. Ding - COMP581 - L22 33

Transport Layer Security (Protocol) Similar to SSLv3. Differences in the: version number message authentication code pseudorandom function alert codes cipher suites client certificate types certificate_verify and finished message cryptographic computations padding C. Ding - COMP581 - L22 34

Recommended Reading W. Stallings, Cryptography and Network Security, 2nd, 3rd Edition, Prentice Hall B.A. Forouzan, Cryptography and Network Security, McGraw-Hill. Garfinkel, S., and Spafford, G. Web Security & Commerce. O Reilly and Associates, 1997 The SSL Protocol Version 3.0 Transport Layer Security Working Group RFC-2246 http://wp.netscape.com/eng/ssl3/ssl-toc.html OpenSSL website: www.openssl.org C. Ding - COMP581 - L22 35

Appendix Pictorial description of SSL protocols C. Ding - COMP581 - L22 36

SSL Procedure: Protocol 1 Handshake protocol Record protocol Handshake messages Handshake messages current session state pending session state Null ini=ally Aber handshaking, pending state is produced C. Ding - COMP581 - L22 37

SSL Procedure: Protocol 2 Change cipher Spec protocol Change- cipher- spec message 1 byte Record protocol Change- cipher- spec message 1 byte current session state pending session state Generated earlier by handshaking protocol Copy the pending state into current state, aber finishing the change cipher protocol C. Ding - COMP581 - L22 38

SSL Procedure: Protocol 2 more detailed information Client pending session state R: current session state W: current session state R: current session state W: current session state change_cipher_spec message pending session state Server C. Ding - COMP581 - L22 39

SSL Procedure: Protocol 2 more detailed information pending session state Server R: current session state W: current session state R: current session state W: current session state change_cipher_spec message Client pending session state C. Ding - COMP581 - L22 40

SSL Procedure: Protocol 3 Alert protocol Record protocol Alert message Alter message current session state pending session state Aber this protocol, whether this connec=on should be terminated C. Ding - COMP581 - L22 41

SSL Procedure: Protocol 4 Applica=on data Record protocol SSL Record data current session state pending session state C. Ding - COMP581 - L22 42

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information