SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
- 1. 1 SSL/TLS
- 2. 2 Transport Layer Security Protocols • Secure Socket Layer (SSL) – Originally designed to by Netscape to secure HTTP – Version 2 is being replaced by version 3 – Subsequently became Internet Standard known as TLS – Use TCP to provide a reliable end-to-end service – Application independent • Can be used for any application protocol: telnet, ftp.. • Transport Layer Security (TLS) – SSL 3.0 is very similar to TLS (RFC 2246)
- 3. 3 Location of SSL • SSL is build on top of TCP • Provides a TCP like interface • In theory can be used by all type of applications in a transparent manner
- 4. 4 SSL Architecture • Rely on TCP for a reliable communication • Two Layers – SSL Record Protocol provides basic security services – Handshake, change cipher spec, Alert..
- 6. 6 SSL Session and Connection • Each SSL session can be used for multiple connections • SSL Session – An association between the client and the server – Are used to avoid negotiation of new security parameters for each connection • SSL Connection – A connection is a transport that provides a suitable type of service – Each connection is associated with one session
- 7. 7 SSL Session • A SSL session consists of – Session ID – X.509 public-key certificate of peer (could be null) – Compression Algorithm – Cipher Spec: • Encryption Algorithm, Message Digest Algorithm, etc – Master Secret: 48 Byte secret shared between the client and the server
- 9. 9 Data Transmission using SSL (SSL Record Protocol)
- 11. 11 SSL Record Protocol • 2 services: – Confidentiality • Using symmetric encryption with a shared secret key defined by Handshake protocol – Message integrity • Using a MAC with a shared secret key • Layered protocol: – Fragmentation application data into blocks – Compression – MAC – Encryption – Transmit over TCP
- 12. 12 SSL Record Protocol Payload
- 13. 13 Handshake Protocol • Establish security capabilities – Protocol version, session ID, cipher suite, compression method, IV • Server authentication and key exchange – Send certificate, key exchange, request client certificate • Client authentication and key exchange – Send certificate, key exchange, certificate verification • Finish
- 14. 14 SSL Change Cipher Spec Protocol • one of 3 SSL specific protocols which use the SSL Record protocol • a single message • causes pending state to become current • hence updating the cipher suite in use
- 15. 15 SSL Alert Protocol • conveys SSL-related alerts to peer entity • severity • warning or fatal • specific alert • unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter • close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown • compressed & encrypted like all SSL data
- 16. 16 Master Secret Creation • The master secret is a one-time 48-byte value – A Pre-master key is exchanged first • RSA or Diffie-Hellman – Master secret is computed from the pre-master secret, client random and server random
- 17. 17 Generation of Cryptographic Parameters • Session Key: Generated from the master secret, client random, and server random – Client write MAC secret – Server write MAC secret – Client Write Key – Server Write Key – Client Write IV – Server Write IV
- 18. 18 Application Ports used with SSL
- 20. 20 How the Web Works - HTTP • Hypertext transfer protocol (http). • Clients request “documents” (or scripts) through URL. • Server response with “documents”. • Stateless protocol, requests are independent.
- 21. 21 How the Web Works: Other Elements • Hyper-text markup language (html). • Other application specific document. – e.g., MIME, graphics, video/audio, postscript, Java applets, etc. • Browsers. – Display html documents and embedded graphics. – Run Java program. – Start helper applications. – ...
- 22. 22 Web Vulnerabilities • http://www.w3.org/Security/Faq • Revealing private information on server • Intercept of client information • Execute unauthorized programs • Denial of service • ...
- 23. 23 Web Security • Authentication: – Basic (username, password) • Can be used along with cookie – Digest • Access control via addresses • Multi-layered: – S-http (secure http), just for http • Proposed by CommerceNet, pretty much dead – SSL (TLS), generic for TCP • https: http over SSL – IPSec
- 24. 24 HTTP Authentication - Basic • Client doesn’t know which method • Client attempts access (GET, PUT, …) normally • Server returns – “401 unauthorized” – Realm: protection space • Client tries again with (user:password) – Passwords in the clear – Repeated for each access
- 25. 25 From Basic Authentication to Forms and Cookies • Not all sites use basic authentication • Many instead ask the user to type username/password into a HTML form • Server looks up the user and sends back a cookie • The browser (client) resends the cookie on subsequent requests
- 26. 26 HTTP Access Control - Digest • Server sends www-authenticate parameters: – Realm – Domain – Nonce, new for each 401 response • e.g.. H(client-IP:timestamp:server-secret) – Algorithm • e.g., MD5
- 27. 27 HTTP Access Control - Digest
- 28. 28 HTTP Access Control - Digest