an introduction to ssl tls and certificates
Download
Skip this Video
Download Presentation
An Introduction to SSL/TLS and Certificates

Loading in 2 Seconds...

play fullscreen
1 / 44

L/TLS and Certificates - PowerPoint PPT Presentation


  • 410 Views
  • Uploaded on

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch [email protected] CertCo Overview Background Established in 1996. Banker’s Trust spinoff. Privately held. Mission

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'L/TLS and Certificates' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
an introduction to ssl tls and certificates

An Introduction to SSL/TLS and Certificates

Providing secure communication over the Internet

Frederick J. Hirsch

[email protected]

certco overview
CertCo Overview
  • Background

Established in 1996. Banker’s Trust spinoff. Privately held.

  • Mission

CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce.

  • Expertise

Cryptography, risk management, law, technology and banking.

  • Location

Headquarters: New York City

Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.

outline
Outline
  • Problem: Creating applications which can communicate securely over the Internet
  • TLS: Transport Layer Security (SSL)
  • Certificates
  • Related technology: S-HTTP, IPSec, SET, SASL
  • References
security issues
Security Issues
  • Privacy
    • Anyone can see content
  • Integrity
    • Someone might alter content
  • Authentication
    • Not clear who you are talking with
tls transport layer security
TLS: Transport Layer Security
  • formerly known asSSL: Secure Sockets Layer
  • Addresses issues of privacy, integrity and authentication
    • What is it?
    • How does it address the issues?
    • How is it used
what is tls

HTTP

Telnet

FTP

LDAP

TLS

TCP

IP

What is TLS?
  • Protocol layer
  • Requires reliable transport layer (e.g. TCP)
  • Supports any application protocols
tls privacy

A

B

Message

$%&#[email protected]

Message

TLS: Privacy
  • Encrypt message so it cannot be read
  • Use conventional cryptography with shared key
    • DES, 3DES
    • RC2, RC4
    • IDEA
tls key exchange
TLS:Key Exchange
  • Need secure method to exchange secret key
  • Use public key encryption for this
    • “key pair” is used - either one can encrypt and then the other can decrypt
    • slower than conventional cryptography
    • share one key, keep the other private
  • Choices are RSA or Diffie-Hellman
tls integrity
TLS: Integrity
  • Compute fixed-length Message Authentication Code (MAC)
    • Includes hash of message
    • Includes a shared secret
    • Include sequence number
  • Transmit MAC with message
tls integrity10

A

B

Message

Message’

MAC

=?

MAC

MAC’

TLS: Integrity
  • Receiver creates new MAC
    • should match transmitted MAC
  • TLS allows MD5, SHA-1
tls authentication

A

B

Certificate

Certificate

TLS: Authentication
  • Verify identities of participants
  • Client authentication is optional
  • Certificate is used to associate identity with public key and other attributes
tls overview
TLS: Overview
  • Establish a session
    • Agree on algorithms
    • Share secrets
    • Perform authentication
  • Transfer application data
    • Ensure privacy and integrity
tls architecture

Handshake Protocol

Change

Cipher Spec

Alert Protocol

TLS Record Protocol

TLS: Architecture
  • TLS defines Record Protocol to transfer application and TLS information
  • A session is established using a Handshake Protocol
tls handshake
TLS: Handshake
  • Negotiate Cipher-Suite Algorithms
    • Symmetric cipher to use
    • Key exchange method
    • Message digest function
  • Establish and share master secret
  • Optionally authenticate server and/or client
handshake phases
Handshake Phases
  • Hello messages
  • Certificate and Key Exchange messages
  • Change CipherSpec and Finished messages
tls hello
TLS: Hello
  • Client “Hello” - initiates session
    • Propose protocol version
    • Propose cipher suite
    • Server chooses protocol and suite
  • Client may request use of cached session
    • Server chooses whether to honor request
tls key exchange18
TLS: Key Exchange
  • Server sends certificate containing public key (RSA) or Diffie-Hellman parameters
  • Client sends encrypted “pre-master” secret to server using Client Key Exchange message
  • Master secret calculated
    • Use random values passed in Client and Server Hello messages
public key certificates
Public Key Certificates
  • X.509 Certificate associates public key with identity
  • Certification Authority (CA) creates certificate
    • Adheres to policies and verifies identity
    • Signs certificate
  • User of Certificate must ensure it is valid
validating a certificate
Validating a Certificate
  • Must recognize accepted CA in certificate chain
    • One CA may issue certificate for another CA
  • Must verify that certificate has not been revoked
    • CA publishes Certificate Revocation List (CRL)
x 509 certificate content
Version

Serial Number

Signature Algorithm Identifier

Object Identifier (OID)

e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 1}

Issuer (CA) X.500 name

Validity Period (Start,End)

Subject X.500 name

Subject Public Key

Algorithm

Value

Issuer Unique Id (Version 2 ,3)

Subject Unique Id (Version 2,3)

Extensions (version 3)

optional

CA digital Signature

X.509: Certificate Content
subject names
Subject Names
  • X.500 Distinguished Name (DN)
  • Associated with node in hierarchical directory (X.500)
  • Each node has Relative Distinguished Name (RDN)
    • Path for parent node
    • Unique set of attribute/value pairs for this node
example subject name
Example Subject Name
  • Country at Highest Level (e.g. US)
  • Organization typically at next level (e.g. CertCo)
  • Individual below (e.g. Common Name “Elizabeth” with Id = 1)

DN = {

      • C=US;
      • O=CertCo;
      • CN=Elizabeth, ID=1}
version 3 certificates
Version 3 Certificates
  • Version 3 X.509 Certificates support alternative name formats as extensions
    • X.500 names
    • Internet domain names
    • e-mail addresses
    • URLs
  • Certificate may include more than one name
certificate signature
Certificate Signature
  • RSA Signature
    • Create hash of certificate
    • Encrypt using CA’s private key
  • Signature verification
    • Decrypt using CA’s public key
    • Verify hash
tls serverkeyexchange
Client

ClientHello

Server

ServerHello

Certificate

ServerKeyExchange

TLS: ServerKeyExchange
tls certificate request
Client

ClientHello

Server

ServerHello

Certificate

ServerKeyExchange

CertificateRequest

TLS: Certificate Request
tls client certificate
Client

ClientHello

ClientCertificate

ClientKeyExchange

Server

ServerHello

Certificate

ServerKeyExchange

CertificateRequest

TLS: Client Certificate
tls change cipher spec finished
Client

[ChangeCipherSpec]

Finished

Application Data

Server

[ChangeCipherSpec]

Finished

Application Data

TLS: Change Cipher Spec, Finished
tls change cipher spec finished30
TLS: Change Cipher Spec/Finished
  • Change Cipher Spec
    • Announce switch to negotiated algorithms and values
  • Finished
    • Send copy of handshake using new session
    • Permits validation of handshake
tls using a session
Client

ClientHello (Session #)

[ChangeCipherSpec]

Finished

Application Data

Server

ServerHello (Session #)

[ChangeCipherSpec]

Finished

Application Data

TLS: Using a Session
changes from ssl 3 0 to tls
Changes from SSL 3.0 to TLS
  • Fortezza removed
  • Additional Alerts added
  • Modification to hash calculations
  • Protocol version 3.1 in ClientHello, ServerHello
tls http application
TLS: HTTP Application
  • HTTP most common TLS application
    • https://
  • Requires TLS-capable web server
  • Requires TLS-capable web browser
    • Netscape Navigator
    • Internet Explorer
    • Cryptozilla
      • Netscape Mozilla sources with SSLeay
web servers
Web Servers
  • Apache-SSL
  • Apache mod_ssl
  • Stronghold
  • Roxen
  • iNetStore
other applications
Other Applications
  • Telnet
  • FTP
  • LDAP
  • POP
  • SSLrsh
  • Commercial Proxies
tls implementation
TLS: Implementation
  • Cryptographic Libraries
    • RSARef, BSAFE
  • TLS/SSL packages
    • SSLeay
    • SSLRef
x 509 certificate issues
X.509 Certificate Issues
  • Certificate Administration is complex
    • Hierarchy of Certification Authorities
    • Mechanisms for requesting, issuing, revoking certificates
  • X.500 names are complicated
  • Description formats are cumbersome (ASN.1)
x 509 alternative sdsi
X.509 Alternative: SDSI
  • SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson)
    • Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0
    • Eliminate X.500 names - use DNS and text
    • Everyone is their own CA
    • Instead of ASN.1 use “S-expressions” and simple syntax
    • Name and Authorization certificates
tls alternatives
TLS “Alternatives”
  • S-HTTP: secure HTTP protocol, shttp://
  • IPSec: secure IP
  • SET: Secure Electronic Transaction
    • Protocol and infrastructure for bank card payments
  • SASL: Simple Authentication and Security Layer (RFC 2222)
summary
Summary
  • SSL/TLS addresses the need for security in Internet communications
    • Privacy - conventional encryption
    • Integrity - Message Authentication Codes
    • Authentication - X.509 certificates
  • SSL in use today with web browsers and servers
references 1
References - 1
  • Engelschall, Ralph, mod_ssl, <http://www.engelschall.com/sw/mod_ssl>
  • Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall 1997.
  • Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, <http://www.fjhirsch.com/wwwj/>
  • Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”, <http://www.psy.uq.oz.au/~ftp/Crypto/>
  • Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.
references 2
References - 2
  • Rivest, Ron, SDSI, <http://theory.lcs.mit.edu/~cis/sdsi.html>
  • Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition,Prentice Hall, 1999.
  • Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <http://www.counterpane.com/ssl.html>
  • Internet Drafts and RFCs <http://www.ietf.org/>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents.
  • PKCS standards: <http://www.rsa.com/rsalabs/pubs/PKCS/>
references 3
References - 3
  • Microsoft Security Documents <http://www.microsoft.com/workshop/security/contents.htm>
  • Netscape Security Documents <http://www.netscape.com/eng/security/>
ad