SSL/TLS
Download as PPTX, PDF2 likes1,453 views
SSL/TLS is a protocol that provides encryption and authentication for web requests. It evolved from earlier SSL versions into the current TLS standard. During a TLS handshake, the client and server agree on encryption parameters and verify certificates from a certificate authority to establish a secure connection. TLS allows for session resumption to reuse encryption settings for subsequent connections via session identifiers or tickets. However, TLS is still vulnerable to man-in-the-middle and DNS hijacking attacks if certificate authorities are compromised.
SSL/TLS
- 1. SSL/TLS
- 2. Agenda • History • Lifecycle of a web request • HTTP Request Handshake • Encryption • What is SSL/TLS • Certificate Authorities • TLS Resumption • How it works • Vulnerabilities
- 3. History • The SSL protocol was originally developed at Netscape. • To enable ecommerce transaction security on the web, which required • Encryption to protect customer's personal data • Authentication • Integrity guarantees to ensure a safe transaction. • Evolved from SSL 1.0,2.0,3.0 in to TLS • When SSL protocol is standardized by IETF, it was renamed to Transport Layer Security(TLS). TLS 1.0 is an upgrade to SSL 3.0
- 5. HTTP Request Handshake • SYN - (Synchronize) Initiates a connection • FIN - (Final) Cleanly terminates a connection • ACK – Acknowledges received data Problems : • Clear text • Unsecured • No encryption • No certificates required
- 8. What is SSL • Intermediate layer between transport and security • It provides following services • Encryption • Authentication • Integrity
- 9. Certificate Authorities • A certificate authority (CA) is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. • The browser specifies which CAs to trust (root CAs), and the burden is then on the CAs to verify each site they sign, and to audit and verify that these certificates are not misused or compromised. If the security of any site with the CA’s certificate is breached, then it is also the responsibility of that CA to revoke the compromised certificate.
- 10. How it works Before the client and the server can begin exchanging application data over TLS, the encrypted tunnel must be negotiated, the client and server must agree on • The version of the TLS protocol • Choose Cipher suite • Verify certificate if necessary
- 11. TLS Session Resumption • TLS provides an ability to resume or share the same negotiated secret key data between multiple connections. • This is achieved by using session identifier created in earlier TLS handshake. • Client sends the session identifier to server in ClientHello message. If server recognizes the client session Id, previous cipher suite and MAC can be reused. • Stateless Resumption : Session tickets can be generated by the server with all session information and can be sent to client during TLS handshake.
- 12. Vulnerabilities • Man in the middle attack(MITM) • DNS Hijacking • CA Private Key is compromised
Editor's Notes
- #4: Datagram TLS is for UDP
- #9: Encryption A mechanism to obfuscate what is sent from one computer to another.Authentication A mechanism to verify the validity of provided identification material.Integrity A mechanism to detect message tampering and forgery.
- #11: The ingenious part of this handshake, and the reason TLS works in practice, is its use of public key cryptography (also known as asymmetric key cryptography), which allows the peers to negotiate a shared secret key without having to establish any prior knowledge of each other, and to do so over an unencrypted channel.As part of the TLS handshake, the protocol also allows both connection peers to authenticate their identity. When used in the browser, this authentication mechanism allows the client to verify that the server is who it claims to be (e.g., your bank) and not someone simply pretending to be the destination by spoofing its name or IP address. This verification is based on the established chain of trust. In addition, the server can also optionally verify the identity of the client—e.g., a company proxy server can authenticate all employees, each of whom could have his own unique certificate signed by the company. Finally, with encryption and authentication in place, the TLS protocol also provides its own message framing mechanism and signs each message with a message authentication code (MAC). The MAC algorithm is a one-way cryptographic hash function (effectively a checksum), the keys to which are negotiated by both connection peers. Whenever a TLS record is sent, a MAC value is generated and appended for that message, and the receiver is then able to compute and verify the sent MAC value to ensure message integrity and authenticity.
- #12: In practice, most web applications attempt to establish multiple connections to the same host to fetch resources in parallel, which makessession resumption a must-have optimization to reduce latency and computational costs for both sides. Most modern browsers intentionally wait for the first TLS connection to complete before opening new connections to the same server. subsequent TLS connections can reuse the SSL session parameters toavoid the costly handshake.