1 / 44

An Introduction to SSL/TLS and Certificates

An Introduction to SSL/TLS and Certificates. Providing secure communication over the Internet. Frederick J. Hirsch fjh@fjhirsch.com. CertCo Overview. Background Established in 1996. Banker’s Trust spinoff. Privately held. Mission

fala
Download Presentation

An Introduction to SSL/TLS and Certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch fjh@fjhirsch.com

  2. CertCo Overview • Background Established in 1996. Banker’s Trust spinoff. Privately held. • Mission CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce. • Expertise Cryptography, risk management, law, technology and banking. • Location Headquarters: New York City Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.

  3. Outline • Problem: Creating applications which can communicate securely over the Internet • TLS: Transport Layer Security (SSL) • Certificates • Related technology: S-HTTP, IPSec, SET, SASL • References

  4. Security Issues • Privacy • Anyone can see content • Integrity • Someone might alter content • Authentication • Not clear who you are talking with

  5. TLS: Transport Layer Security • formerly known asSSL: Secure Sockets Layer • Addresses issues of privacy, integrity and authentication • What is it? • How does it address the issues? • How is it used

  6. HTTP Telnet FTP LDAP TLS TCP IP What is TLS? • Protocol layer • Requires reliable transport layer (e.g. TCP) • Supports any application protocols

  7. A B Message $%&#!@ Message TLS: Privacy • Encrypt message so it cannot be read • Use conventional cryptography with shared key • DES, 3DES • RC2, RC4 • IDEA

  8. TLS:Key Exchange • Need secure method to exchange secret key • Use public key encryption for this • “key pair” is used - either one can encrypt and then the other can decrypt • slower than conventional cryptography • share one key, keep the other private • Choices are RSA or Diffie-Hellman

  9. TLS: Integrity • Compute fixed-length Message Authentication Code (MAC) • Includes hash of message • Includes a shared secret • Include sequence number • Transmit MAC with message

  10. A B Message Message’ MAC =? MAC MAC’ TLS: Integrity • Receiver creates new MAC • should match transmitted MAC • TLS allows MD5, SHA-1

  11. A B Certificate Certificate TLS: Authentication • Verify identities of participants • Client authentication is optional • Certificate is used to associate identity with public key and other attributes

  12. TLS: Overview • Establish a session • Agree on algorithms • Share secrets • Perform authentication • Transfer application data • Ensure privacy and integrity

  13. Handshake Protocol Change Cipher Spec Alert Protocol TLS Record Protocol TLS: Architecture • TLS defines Record Protocol to transfer application and TLS information • A session is established using a Handshake Protocol

  14. TLS: Record Protocol

  15. TLS: Handshake • Negotiate Cipher-Suite Algorithms • Symmetric cipher to use • Key exchange method • Message digest function • Establish and share master secret • Optionally authenticate server and/or client

  16. Handshake Phases • Hello messages • Certificate and Key Exchange messages • Change CipherSpec and Finished messages

  17. TLS: Hello • Client “Hello” - initiates session • Propose protocol version • Propose cipher suite • Server chooses protocol and suite • Client may request use of cached session • Server chooses whether to honor request

  18. TLS: Key Exchange • Server sends certificate containing public key (RSA) or Diffie-Hellman parameters • Client sends encrypted “pre-master” secret to server using Client Key Exchange message • Master secret calculated • Use random values passed in Client and Server Hello messages

  19. Public Key Certificates • X.509 Certificate associates public key with identity • Certification Authority (CA) creates certificate • Adheres to policies and verifies identity • Signs certificate • User of Certificate must ensure it is valid

  20. Validating a Certificate • Must recognize accepted CA in certificate chain • One CA may issue certificate for another CA • Must verify that certificate has not been revoked • CA publishes Certificate Revocation List (CRL)

  21. Version Serial Number Signature Algorithm Identifier Object Identifier (OID) e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 1} Issuer (CA) X.500 name Validity Period (Start,End) Subject X.500 name Subject Public Key Algorithm Value Issuer Unique Id (Version 2 ,3) Subject Unique Id (Version 2,3) Extensions (version 3) optional CA digital Signature X.509: Certificate Content

  22. Subject Names • X.500 Distinguished Name (DN) • Associated with node in hierarchical directory (X.500) • Each node has Relative Distinguished Name (RDN) • Path for parent node • Unique set of attribute/value pairs for this node

  23. Example Subject Name • Country at Highest Level (e.g. US) • Organization typically at next level (e.g. CertCo) • Individual below (e.g. Common Name “Elizabeth” with Id = 1) DN = { • C=US; • O=CertCo; • CN=Elizabeth, ID=1}

  24. Version 3 Certificates • Version 3 X.509 Certificates support alternative name formats as extensions • X.500 names • Internet domain names • e-mail addresses • URLs • Certificate may include more than one name

  25. Certificate Signature • RSA Signature • Create hash of certificate • Encrypt using CA’s private key • Signature verification • Decrypt using CA’s public key • Verify hash

  26. Client ClientHello Server ServerHello Certificate ServerKeyExchange TLS: ServerKeyExchange

  27. Client ClientHello Server ServerHello Certificate ServerKeyExchange CertificateRequest TLS: Certificate Request

  28. Client ClientHello ClientCertificate ClientKeyExchange Server ServerHello Certificate ServerKeyExchange CertificateRequest TLS: Client Certificate

  29. Client [ChangeCipherSpec] Finished Application Data Server [ChangeCipherSpec] Finished Application Data TLS: Change Cipher Spec, Finished

  30. TLS: Change Cipher Spec/Finished • Change Cipher Spec • Announce switch to negotiated algorithms and values • Finished • Send copy of handshake using new session • Permits validation of handshake

  31. Client ClientHello (Session #) [ChangeCipherSpec] Finished Application Data Server ServerHello (Session #) [ChangeCipherSpec] Finished Application Data TLS: Using a Session

  32. Changes from SSL 3.0 to TLS • Fortezza removed • Additional Alerts added • Modification to hash calculations • Protocol version 3.1 in ClientHello, ServerHello

  33. TLS: HTTP Application • HTTP most common TLS application • https:// • Requires TLS-capable web server • Requires TLS-capable web browser • Netscape Navigator • Internet Explorer • Cryptozilla • Netscape Mozilla sources with SSLeay

  34. Web Servers • Apache-SSL • Apache mod_ssl • Stronghold • Roxen • iNetStore

  35. Other Applications • Telnet • FTP • LDAP • POP • SSLrsh • Commercial Proxies

  36. TLS: Implementation • Cryptographic Libraries • RSARef, BSAFE • TLS/SSL packages • SSLeay • SSLRef

  37. X.509 Certificate Issues • Certificate Administration is complex • Hierarchy of Certification Authorities • Mechanisms for requesting, issuing, revoking certificates • X.500 names are complicated • Description formats are cumbersome (ASN.1)

  38. X.509 Alternative: SDSI • SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson) • Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0 • Eliminate X.500 names - use DNS and text • Everyone is their own CA • Instead of ASN.1 use “S-expressions” and simple syntax • Name and Authorization certificates

  39. TLS “Alternatives” • S-HTTP: secure HTTP protocol, shttp:// • IPSec: secure IP • SET: Secure Electronic Transaction • Protocol and infrastructure for bank card payments • SASL: Simple Authentication and Security Layer (RFC 2222)

  40. Summary • SSL/TLS addresses the need for security in Internet communications • Privacy - conventional encryption • Integrity - Message Authentication Codes • Authentication - X.509 certificates • SSL in use today with web browsers and servers

  41. References - 1 • Engelschall, Ralph, mod_ssl, <http://www.engelschall.com/sw/mod_ssl> • Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall 1997. • Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, <http://www.fjhirsch.com/wwwj/> • Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”, <http://www.psy.uq.oz.au/~ftp/Crypto/> • Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.

  42. References - 2 • Rivest, Ron, SDSI, <http://theory.lcs.mit.edu/~cis/sdsi.html> • Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition,Prentice Hall, 1999. • Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <http://www.counterpane.com/ssl.html> • Internet Drafts and RFCs <http://www.ietf.org/>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents. • PKCS standards: <http://www.rsa.com/rsalabs/pubs/PKCS/>

  43. References - 3 • Microsoft Security Documents <http://www.microsoft.com/workshop/security/contents.htm> • Netscape Security Documents <http://www.netscape.com/eng/security/>

  44. http://www.fjhirsch.com/~fhirsch/SSL/

More Related