SlideShare a Scribd company logo

Secure socket layer

Download as PPTX, PDF
Emprovise, profile picture
Emprovise

The TLS/SSL protocol provides privacy and integrity of communications over TCP by encrypting message content and verifying message integrity. It operates in layers, with the TLS record protocol handling fragmentation, compression, encryption, and MAC verification of messages, and the TLS handshake protocol allowing client and server to authenticate and establish encryption parameters before transmitting application data. Openssl is an open source implementation of the TLS/SSL protocols and cryptographic functions used for tasks like generating certificates.

Software
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Secure socket layer
The primary goal of SSL is to provide privacy and data integrity between two communicating applications over the network The SSL or TLS protocol is layered on top of reliable transport layer protocols such as TCP TLS is defined in RFC 2246, 4346, 5246 SSL is application protocol independent such that higher level protocols can layer on top of it SSL/TLS does not specify how the higher level protocols add security with TLS
SSL 1.0 Developed by Netscape in early 1994 Never released publicly SSL 2.0 Published by Netscape in early 1995 Contained number of security flaws SSL 3.0 Designed to cover previous flaws, released 1996 TLS 1.0 Internet standard based on SSL 3.0, January 1999 Not interoperable with SSL 3.0 (can back down to SSL)
Cryptographic security: provides secure connection Interoperability: enables applications to utilize TLS, independent of their implementation Extensibility: provides a framework to incorporate new encryption methods Relative Efficiency: incorporate an optional session caching scheme to reduce the number of connections that need to be established
TLS allow peers to agree upon security parameters, authenticate themselves and report errors to each other. TLS takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients.
TLS Record Protocol provides secure connection using properties such as private and reliable connection encapsulates various high level protocols such as TLS Handshake Protocol TLS Handshake Protocol allows Server-Client to authenticate each other and negotiate keys and cryptographic algorithms before data is transmitted by application protocol
Connection is Private symmetric encryption such as DES or RC4 is used keys generated uniquely for each connection based on secret negotiated by TLS Handshake Protocol can be used without encryption Connection is reliable Message transport includes a message integrity check using a keyed MAC (Message Auth Code) Secure hash function (e.g. SHA, MD5, etc) used for MAC computations can operate without a MAC
Peer's identity can be authenticated using asymmetric, or public key cryptography e.g. RSA, DSS (optional but required for at least a single peer) negotiation of a shared secret is secure and unavailable to eavesdroppers negotiation is reliable with no modification in its communication without being detected
Most of the operations in TLS record and handshake layer require a keyed MAC Secure digest of data is protected by a secret TLS uses HMAC to carry out handshakes with the algorithms MD5 and SHA1 Data expansion function defined as P_hash(secret,seed) = HMAC_hash(secret, A(1) + seed) + HMAC_hash(secret, A(2) + seed) + HMAC_hash(secret, A(3) + seed) + 
 iterated to produce the required quantity of data
construction required to do expansion of secrets into blocks of data for the purposes of key generation or validation takes as input a secret, seed, and an identifying label and produces an output of arbitrary length PRF is secured by using atleast two hash algorithms TLS's PRF is created by splitting the secret into two halves and using one half to generate data with MD5 and the other half to generate data with SHA-1, then exclusive-o’ring the outputs of these two expansion functions together PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)
receives uninterpreted data from higher layers and fragments information blocks into TLS- plaintext records carrying data in chunks records are compressed using the compression algorithm defined in the current session state Encryption and MAC functions translate a compressed record into a TLS-cipher text Stream ciphers convert compressed fragments into cipher text fragment structures. MAC is computed before encryption
Message Frag1 Frag2 Frag3 Com1 Com2 Com3 Encrypt2Encrypt1 Encrypt3 Data Stream App Data Record Proto Units Compressed Units MAC Encrypted Units TCP Packet
The Record Protocol requires an algorithm to generate keys, IVs, and MAC secrets from the security parameters provided by the handshake protocol Master secret is hashed into a sequence of secure bytes, which are assigned to the MAC secrets, keys, and non-export IVs required by the current connection state When generating keys and MAC secrets, the master secret is used as an entropy source, and random values provide unencrypted salt material and IVs for exportable ciphers
TLS Record protocol operates using connection states Connection states specifies compression, bulk encryption and MAC algorithms with parameters, MAC secret, bulk encryption keys and IVs for connections in both read and write directions There are 4 connection states (current read and write states, and pending read and write states) records are processed in the current read and write states TLS Handshake protocol can set the security parameters for the pending states and can selectively change pending states to current state
Consists of a suite of three sub-protocols Handshake protocol, Alert protocol and Change Cipher Spec protocol used to allow peers to agree upon security parameters for record layer, authenticate themselves, instantiate negotiated security parameters, and report errors to each other responsible for negotiating a session Many connections can be instantiated using same session through resumption feature of TLS
Used to signal transitions in ciphering strategies Such transitions signals can be sent by both the client and server The receiver on receipt of signals instructs the Record Layer to immediately copy the read pending state into the read current state The sender after sending such signal instructs the Record Layer to make the write pending state the write active state
supported by the TLS Record layer used to convey alert messages with the severity of the message and a description of the alert alert messages are encrypted and compressed Closing alerts client and server must share knowledge that the connection is ending to avoid a truncation attacks Either party may initiate the close by sending close notify alert Error alerts On error detection, the detecting party informs the other party about the error using an error alert
Alerts Level Description bad_record_mac Fatal incorrect MAC decryption_failed Fatal invalid way of ciphertext decryption record_overflow Fatal record length more than 2^14+2048 bytes decompression_failure Fatal Improper input to decompression function handshake_failure Fatal unable to negotiate acceptable security params bad/unsupported_certi Fatal/W certificate of corrupt/unsupported type illegal_parameter Fatal field in handshake was out of range access_denied Fatal sender decided not to proceed with negotiation decode_error Fatal message could not be decoded (incorrect length) decrypt_error Fatal/W handshake cryptographic operation failed export_restriction Fatal negotiation incompliant with export restrictions insufficient_security Fatal server requires more secure ciphers internal_error Fatal Internal error unrelated to peer or protocol no_renegotiation Warn renegotiation is not possible
operates on top of the TLS Record Layer produces cryptographic parameters of the session state Handshake messages are supplied to TLS Record Layer, which are processed and transmitted according to the current active session state. Hello Request message can be sent at any time and not bound by ordering rules, but it should be ignored by the client when it is in the middle of an handshake handshake messages are intended to have transmission precedence over application data
Exchange hello messages to agree on algorithms, exchange random values, and check for session resumption Exchange cryptographic parameters to allow client- server to agree on a premaster secret Exchange certificates and cryptographic info to allow client-server to authenticate themselves Generate a master secret from the premaster secret and exchanged random values Provide security parameters to the record layer Allow the client and server to verify peer calculated security parameters and that the handshake occurred without tampering by an attacker
Selected Cipher Suite Selected Comp Algo Selected Version S X509 Certificate Cryptographic Info SSL Client SSL Server Session ID Random Data Cipher Suite List Compression Algo List Version List CL X509 Certificate Premaster secret ClientHello Certificate ServerKeyExchange CertificateRequest ServerHello ServerHelloDone Certificate ClientKeyExchange CertificateVerify Finished [ChangeCipherSpec] Application Data Finished [ChangeCipherSpec]
Algorithms I Support, My random Number Verify Certificate and extract server’s public key, Encrypt pre-master’s secret with server’s public key Send checksum of handshake messages using secret key Compare checksum on the client side Compute secret key Use these algorithms, My random number, My digital certificate Compare checksum on server side Send checksum of handshake messages using secret key Decrypt pre-master secret key with server’s private key Compute secret key Client Server
ServerHello [ChangeCipherSpec] Finished Application Data SSL Client SSL Server ClientHello [ChangeCipherSpec] Finished Application Data
OpenSource implementation of the SSL and TLS protocols and basic cryptographic functions Provides generic TLS/SSL server and client implementation. Used to create, sign, verify and check certificates. Create a self signed certificate using following commands openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.pem -out mycert.pem openssl req -new -x509 -extensions v3_ca -keyout mykey.pem -out mycert.pem -days 365 -config ./openssl.cnf Verify the certificate created: openssl verify mycert.pem Display the X509 certificate: openssl x509 -in mycert.pem -text -noout
Check a Certificate Signing Request (CSR) : openssl req -text -noout -verify -in CSR.csr Check a private key: openssl rsa -in privateKey.key -check Launch secure server using specified certificate: openssl s_server -accept 4433 -cert mycert.pem -key mykey.pem -www -state -debug Launch secure client using SSL/TLS to connect: openssl s_client -connect localhost:4433
Secure socket layer

More Related Content

PPTX
Transport layer security
Hrudya Balachandran
 
PPTX
Transport layer security
Hrudya Balachandran
 
PPTX
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
 
PPTX
Secure Socket Layer
Pina Parmar
 
PPT
security in transport layer ssl
STUDENT
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PPTX
Transport Layer Security
Chhatra Thapa
 
PDF
SSL/TLS Handshake
Arpit Agarwal
 
Transport layer security
Hrudya Balachandran
 
Transport layer security
Hrudya Balachandran
 
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
 
Secure Socket Layer
Pina Parmar
 
security in transport layer ssl
STUDENT
 
SSL And TLS
Ghanshyam Patel
 
Transport Layer Security
Chhatra Thapa
 
SSL/TLS Handshake
Arpit Agarwal
 

What's hot (20)

PPSX
Secure socket layer
Nishant Pahad
 
PPTX
Transport Layer Security
Huda Seyam
 
PPTX
ssl
vivek lohiya
 
PPTX
Fundamental of Secure Socket Layer (SSL) | Part - 2
Vishal Kumar
 
PPTX
Ssl (Secure Socket Layer)
Sandeep Gupta
 
PPT
Introduction to Secure Sockets Layer
Nascenia IT
 
PPTX
secure socket layer
Amar Shah
 
PDF
How (un)secure is SSL/TLS?
Microsoft
 
PDF
TLS/SSL Protocol Design 201006
Nate Lawson
 
PDF
TLS/SSL Internet Security Talk
Nisheed KM
 
PPT
Ip Sec Rev1
Ram Dutt Shukla
 
PDF
SSL intro
Three Lee
 
PPTX
Ssl and tls
Rana assad ali
 
PPT
SSL/TLS
Dr Anjan Krishnamurthy
 
PPTX
Secure Socket Layer
Abhishek Gupta
 
PDF
Transport Layer Security
Ibrahiem Mohammed
 
PPTX
TLS - Transport Layer Security
ByronKimani
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPT
Ssl (Secure Sockets Layer)
Asad Ali
 
PPTX
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Secure socket layer
Nishant Pahad
 
Transport Layer Security
Huda Seyam
 
ssl
vivek lohiya
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Vishal Kumar
 
Ssl (Secure Socket Layer)
Sandeep Gupta
 
Introduction to Secure Sockets Layer
Nascenia IT
 
secure socket layer
Amar Shah
 
How (un)secure is SSL/TLS?
Microsoft
 
TLS/SSL Protocol Design 201006
Nate Lawson
 
TLS/SSL Internet Security Talk
Nisheed KM
 
Ip Sec Rev1
Ram Dutt Shukla
 
SSL intro
Three Lee
 
Ssl and tls
Rana assad ali
 
SSL/TLS
Dr Anjan Krishnamurthy
 
Secure Socket Layer
Abhishek Gupta
 
Transport Layer Security
Ibrahiem Mohammed
 
TLS - Transport Layer Security
ByronKimani
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Ssl (Secure Sockets Layer)
Asad Ali
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Ad

Similar to Secure socket layer (20)

PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PPT
Transportsec
Bogdan Korniyenko
 
PPT
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
PPTX
Transport Layer Security (TLS)
Arun Shukla
 
PPT
4th unit bkjnkljnkjxzczczxczxczxczxvzxvzxzxv
saranyas493379
 
PPT
Web securiy - Network security essentials
ssuser000e54
 
PPT
Secure socket later
Muhammad Ahmad Nazar
 
PPT
Transport layer security.ppt
ImXaib
 
PPTX
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
PPT
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
PDF
BAIT1103 Chapter 4
limsh
 
PPT
03-SSL (1).ppt
ZAKARIAABED1
 
PPT
this is ppt this is ppt this is ppt this is ppt
ghorilemin
 
PPT
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
ghorilemin
 
PPT
03-SSL (2).ppt
ShounakDas16
 
PDF
TLS Perf: from three to zero in one spec
Natasha Rooney
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
TLS/SSL Protocol Design
Nate Lawson
 
PDF
Web Security
Dr.Florence Dayana
 
PPTX
Network and internet security
SabthamiS1
 
cryptography and network security thid.ppt
ubaidullah75790
 
Transportsec
Bogdan Korniyenko
 
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
Transport Layer Security (TLS)
Arun Shukla
 
4th unit bkjnkljnkjxzczczxczxczxczxvzxvzxzxv
saranyas493379
 
Web securiy - Network security essentials
ssuser000e54
 
Secure socket later
Muhammad Ahmad Nazar
 
Transport layer security.ppt
ImXaib
 
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
BAIT1103 Chapter 4
limsh
 
03-SSL (1).ppt
ZAKARIAABED1
 
this is ppt this is ppt this is ppt this is ppt
ghorilemin
 
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
ghorilemin
 
03-SSL (2).ppt
ShounakDas16
 
TLS Perf: from three to zero in one spec
Natasha Rooney
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
TLS/SSL Protocol Design
Nate Lawson
 
Web Security
Dr.Florence Dayana
 
Network and internet security
SabthamiS1
 
Ad

More from Emprovise (20)

PDF
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Emprovise
 
PPTX
Leadership and Success Lessons for Life/Business
Emprovise
 
PPTX
Effective java
Emprovise
 
PPTX
EJB3 Advance Features
Emprovise
 
PPTX
Enterprise Java Beans 3 - Business Logic
Emprovise
 
PPTX
EJB3 Basics
Emprovise
 
PPTX
RESTful WebServices
Emprovise
 
PPTX
J2EE Patterns
Emprovise
 
PPTX
Spring JMS
Emprovise
 
PPTX
JMS
Emprovise
 
PPTX
Spring Web Services
Emprovise
 
PPTX
Spring Web Webflow
Emprovise
 
PPTX
Spring Web Views
Emprovise
 
PPTX
Spring MVC
Emprovise
 
PPTX
Enterprise Spring
Emprovise
 
PPTX
Spring Basics
Emprovise
 
PPTX
Apache Struts 2 Advance
Emprovise
 
PPTX
Apache Struts 2 Framework
Emprovise
 
PPTX
Java Servlets
Emprovise
 
PPTX
Java Advance Concepts
Emprovise
 
Highlights of AWS ReInvent 2023 (Announcements and Best Practices)
Emprovise
 
Leadership and Success Lessons for Life/Business
Emprovise
 
Effective java
Emprovise
 
EJB3 Advance Features
Emprovise
 
Enterprise Java Beans 3 - Business Logic
Emprovise
 
EJB3 Basics
Emprovise
 
RESTful WebServices
Emprovise
 
J2EE Patterns
Emprovise
 
Spring JMS
Emprovise
 
JMS
Emprovise
 
Spring Web Services
Emprovise
 
Spring Web Webflow
Emprovise
 
Spring Web Views
Emprovise
 
Spring MVC
Emprovise
 
Enterprise Spring
Emprovise
 
Spring Basics
Emprovise
 
Apache Struts 2 Advance
Emprovise
 
Apache Struts 2 Framework
Emprovise
 
Java Servlets
Emprovise
 
Java Advance Concepts
Emprovise
 

Recently uploaded (20)

PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Introduction to Artificial Intelligence
lohedi9363
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Introduction Database Management System for Course Database
ReinertYosua
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 

Secure socket layer

  • 2. The primary goal of SSL is to provide privacy and data integrity between two communicating applications over the network The SSL or TLS protocol is layered on top of reliable transport layer protocols such as TCP TLS is defined in RFC 2246, 4346, 5246 SSL is application protocol independent such that higher level protocols can layer on top of it SSL/TLS does not specify how the higher level protocols add security with TLS
  • 3. SSL 1.0 Developed by Netscape in early 1994 Never released publicly SSL 2.0 Published by Netscape in early 1995 Contained number of security flaws SSL 3.0 Designed to cover previous flaws, released 1996 TLS 1.0 Internet standard based on SSL 3.0, January 1999 Not interoperable with SSL 3.0 (can back down to SSL)
  • 4. Cryptographic security: provides secure connection Interoperability: enables applications to utilize TLS, independent of their implementation Extensibility: provides a framework to incorporate new encryption methods Relative Efficiency: incorporate an optional session caching scheme to reduce the number of connections that need to be established
  • 5. TLS allow peers to agree upon security parameters, authenticate themselves and report errors to each other. TLS takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients.
  • 6. TLS Record Protocol provides secure connection using properties such as private and reliable connection encapsulates various high level protocols such as TLS Handshake Protocol TLS Handshake Protocol allows Server-Client to authenticate each other and negotiate keys and cryptographic algorithms before data is transmitted by application protocol
  • 7. Connection is Private symmetric encryption such as DES or RC4 is used keys generated uniquely for each connection based on secret negotiated by TLS Handshake Protocol can be used without encryption Connection is reliable Message transport includes a message integrity check using a keyed MAC (Message Auth Code) Secure hash function (e.g. SHA, MD5, etc) used for MAC computations can operate without a MAC
  • 8. Peer's identity can be authenticated using asymmetric, or public key cryptography e.g. RSA, DSS (optional but required for at least a single peer) negotiation of a shared secret is secure and unavailable to eavesdroppers negotiation is reliable with no modification in its communication without being detected
  • 9. Most of the operations in TLS record and handshake layer require a keyed MAC Secure digest of data is protected by a secret TLS uses HMAC to carry out handshakes with the algorithms MD5 and SHA1 Data expansion function defined as P_hash(secret,seed) = HMAC_hash(secret, A(1) + seed) + HMAC_hash(secret, A(2) + seed) + HMAC_hash(secret, A(3) + seed) + 
 iterated to produce the required quantity of data
  • 10. construction required to do expansion of secrets into blocks of data for the purposes of key generation or validation takes as input a secret, seed, and an identifying label and produces an output of arbitrary length PRF is secured by using atleast two hash algorithms TLS's PRF is created by splitting the secret into two halves and using one half to generate data with MD5 and the other half to generate data with SHA-1, then exclusive-o’ring the outputs of these two expansion functions together PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed)
  • 11. receives uninterpreted data from higher layers and fragments information blocks into TLS- plaintext records carrying data in chunks records are compressed using the compression algorithm defined in the current session state Encryption and MAC functions translate a compressed record into a TLS-cipher text Stream ciphers convert compressed fragments into cipher text fragment structures. MAC is computed before encryption
  • 12. Message Frag1 Frag2 Frag3 Com1 Com2 Com3 Encrypt2Encrypt1 Encrypt3 Data Stream App Data Record Proto Units Compressed Units MAC Encrypted Units TCP Packet
  • 13. The Record Protocol requires an algorithm to generate keys, IVs, and MAC secrets from the security parameters provided by the handshake protocol Master secret is hashed into a sequence of secure bytes, which are assigned to the MAC secrets, keys, and non-export IVs required by the current connection state When generating keys and MAC secrets, the master secret is used as an entropy source, and random values provide unencrypted salt material and IVs for exportable ciphers
  • 14. TLS Record protocol operates using connection states Connection states specifies compression, bulk encryption and MAC algorithms with parameters, MAC secret, bulk encryption keys and IVs for connections in both read and write directions There are 4 connection states (current read and write states, and pending read and write states) records are processed in the current read and write states TLS Handshake protocol can set the security parameters for the pending states and can selectively change pending states to current state
  • 15. Consists of a suite of three sub-protocols Handshake protocol, Alert protocol and Change Cipher Spec protocol used to allow peers to agree upon security parameters for record layer, authenticate themselves, instantiate negotiated security parameters, and report errors to each other responsible for negotiating a session Many connections can be instantiated using same session through resumption feature of TLS
  • 16. Used to signal transitions in ciphering strategies Such transitions signals can be sent by both the client and server The receiver on receipt of signals instructs the Record Layer to immediately copy the read pending state into the read current state The sender after sending such signal instructs the Record Layer to make the write pending state the write active state
  • 17. supported by the TLS Record layer used to convey alert messages with the severity of the message and a description of the alert alert messages are encrypted and compressed Closing alerts client and server must share knowledge that the connection is ending to avoid a truncation attacks Either party may initiate the close by sending close notify alert Error alerts On error detection, the detecting party informs the other party about the error using an error alert
  • 18. Alerts Level Description bad_record_mac Fatal incorrect MAC decryption_failed Fatal invalid way of ciphertext decryption record_overflow Fatal record length more than 2^14+2048 bytes decompression_failure Fatal Improper input to decompression function handshake_failure Fatal unable to negotiate acceptable security params bad/unsupported_certi Fatal/W certificate of corrupt/unsupported type illegal_parameter Fatal field in handshake was out of range access_denied Fatal sender decided not to proceed with negotiation decode_error Fatal message could not be decoded (incorrect length) decrypt_error Fatal/W handshake cryptographic operation failed export_restriction Fatal negotiation incompliant with export restrictions insufficient_security Fatal server requires more secure ciphers internal_error Fatal Internal error unrelated to peer or protocol no_renegotiation Warn renegotiation is not possible
  • 19. operates on top of the TLS Record Layer produces cryptographic parameters of the session state Handshake messages are supplied to TLS Record Layer, which are processed and transmitted according to the current active session state. Hello Request message can be sent at any time and not bound by ordering rules, but it should be ignored by the client when it is in the middle of an handshake handshake messages are intended to have transmission precedence over application data
  • 20. Exchange hello messages to agree on algorithms, exchange random values, and check for session resumption Exchange cryptographic parameters to allow client- server to agree on a premaster secret Exchange certificates and cryptographic info to allow client-server to authenticate themselves Generate a master secret from the premaster secret and exchanged random values Provide security parameters to the record layer Allow the client and server to verify peer calculated security parameters and that the handshake occurred without tampering by an attacker
  • 21. Selected Cipher Suite Selected Comp Algo Selected Version S X509 Certificate Cryptographic Info SSL Client SSL Server Session ID Random Data Cipher Suite List Compression Algo List Version List CL X509 Certificate Premaster secret ClientHello Certificate ServerKeyExchange CertificateRequest ServerHello ServerHelloDone Certificate ClientKeyExchange CertificateVerify Finished [ChangeCipherSpec] Application Data Finished [ChangeCipherSpec]
  • 22. Algorithms I Support, My random Number Verify Certificate and extract server’s public key, Encrypt pre-master’s secret with server’s public key Send checksum of handshake messages using secret key Compare checksum on the client side Compute secret key Use these algorithms, My random number, My digital certificate Compare checksum on server side Send checksum of handshake messages using secret key Decrypt pre-master secret key with server’s private key Compute secret key Client Server
  • 23. ServerHello [ChangeCipherSpec] Finished Application Data SSL Client SSL Server ClientHello [ChangeCipherSpec] Finished Application Data
  • 24. OpenSource implementation of the SSL and TLS protocols and basic cryptographic functions Provides generic TLS/SSL server and client implementation. Used to create, sign, verify and check certificates. Create a self signed certificate using following commands openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.pem -out mycert.pem openssl req -new -x509 -extensions v3_ca -keyout mykey.pem -out mycert.pem -days 365 -config ./openssl.cnf Verify the certificate created: openssl verify mycert.pem Display the X509 certificate: openssl x509 -in mycert.pem -text -noout
  • 25. Check a Certificate Signing Request (CSR) : openssl req -text -noout -verify -in CSR.csr Check a private key: openssl rsa -in privateKey.key -check Launch secure server using specified certificate: openssl s_server -accept 4433 -cert mycert.pem -key mykey.pem -www -state -debug Launch secure client using SSL/TLS to connect: openssl s_client -connect localhost:4433

Editor's Notes

  • #22: Session ID is transmitted without encryption or immediate MAC protection content of the handshake protected by Finished messages at the end When the server receives an incorrectly formatted RSA block it generates a random 48-byte value and proceeds using it as the premaster secret Fatal error if a finished message is not preceded by a change cipher spec message Change cipher spec messages, alerts and any other record types are not handshake messages