An introduction to ssl tls and certificates
Download
1 / 44

L/TLS and Certificates - PowerPoint PPT Presentation


  • 403 Views
  • Updated On :

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch fjh@fjhirsch.com CertCo Overview Background Established in 1996. Banker’s Trust spinoff. Privately held. Mission

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'L/TLS and Certificates' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
An introduction to ssl tls and certificates l.jpg

An Introduction to SSL/TLS and Certificates

Providing secure communication over the Internet

Frederick J. Hirsch

fjh@fjhirsch.com


Certco overview l.jpg
CertCo Overview

  • Background

    Established in 1996. Banker’s Trust spinoff. Privately held.

  • Mission

    CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce.

  • Expertise

    Cryptography, risk management, law, technology and banking.

  • Location

    Headquarters: New York City

    Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.


Outline l.jpg
Outline

  • Problem: Creating applications which can communicate securely over the Internet

  • TLS: Transport Layer Security (SSL)

  • Certificates

  • Related technology: S-HTTP, IPSec, SET, SASL

  • References


Security issues l.jpg
Security Issues

  • Privacy

    • Anyone can see content

  • Integrity

    • Someone might alter content

  • Authentication

    • Not clear who you are talking with


Tls transport layer security l.jpg
TLS: Transport Layer Security

  • formerly known asSSL: Secure Sockets Layer

  • Addresses issues of privacy, integrity and authentication

    • What is it?

    • How does it address the issues?

    • How is it used


What is tls l.jpg

HTTP

Telnet

FTP

LDAP

TLS

TCP

IP

What is TLS?

  • Protocol layer

  • Requires reliable transport layer (e.g. TCP)

  • Supports any application protocols


Tls privacy l.jpg

A

B

Message

$%&#!@

Message

TLS: Privacy

  • Encrypt message so it cannot be read

  • Use conventional cryptography with shared key

    • DES, 3DES

    • RC2, RC4

    • IDEA


Tls key exchange l.jpg
TLS:Key Exchange

  • Need secure method to exchange secret key

  • Use public key encryption for this

    • “key pair” is used - either one can encrypt and then the other can decrypt

    • slower than conventional cryptography

    • share one key, keep the other private

  • Choices are RSA or Diffie-Hellman


Tls integrity l.jpg
TLS: Integrity

  • Compute fixed-length Message Authentication Code (MAC)

    • Includes hash of message

    • Includes a shared secret

    • Include sequence number

  • Transmit MAC with message


Tls integrity10 l.jpg

A

B

Message

Message’

MAC

=?

MAC

MAC’

TLS: Integrity

  • Receiver creates new MAC

    • should match transmitted MAC

  • TLS allows MD5, SHA-1


Tls authentication l.jpg

A

B

Certificate

Certificate

TLS: Authentication

  • Verify identities of participants

  • Client authentication is optional

  • Certificate is used to associate identity with public key and other attributes


Tls overview l.jpg
TLS: Overview

  • Establish a session

    • Agree on algorithms

    • Share secrets

    • Perform authentication

  • Transfer application data

    • Ensure privacy and integrity


Tls architecture l.jpg

Handshake Protocol

Change

Cipher Spec

Alert Protocol

TLS Record Protocol

TLS: Architecture

  • TLS defines Record Protocol to transfer application and TLS information

  • A session is established using a Handshake Protocol



Tls handshake l.jpg
TLS: Handshake

  • Negotiate Cipher-Suite Algorithms

    • Symmetric cipher to use

    • Key exchange method

    • Message digest function

  • Establish and share master secret

  • Optionally authenticate server and/or client


Handshake phases l.jpg
Handshake Phases

  • Hello messages

  • Certificate and Key Exchange messages

  • Change CipherSpec and Finished messages


Tls hello l.jpg
TLS: Hello

  • Client “Hello” - initiates session

    • Propose protocol version

    • Propose cipher suite

    • Server chooses protocol and suite

  • Client may request use of cached session

    • Server chooses whether to honor request


Tls key exchange18 l.jpg
TLS: Key Exchange

  • Server sends certificate containing public key (RSA) or Diffie-Hellman parameters

  • Client sends encrypted “pre-master” secret to server using Client Key Exchange message

  • Master secret calculated

    • Use random values passed in Client and Server Hello messages


Public key certificates l.jpg
Public Key Certificates

  • X.509 Certificate associates public key with identity

  • Certification Authority (CA) creates certificate

    • Adheres to policies and verifies identity

    • Signs certificate

  • User of Certificate must ensure it is valid


Validating a certificate l.jpg
Validating a Certificate

  • Must recognize accepted CA in certificate chain

    • One CA may issue certificate for another CA

  • Must verify that certificate has not been revoked

    • CA publishes Certificate Revocation List (CRL)


X 509 certificate content l.jpg

Version

Serial Number

Signature Algorithm Identifier

Object Identifier (OID)

e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 1}

Issuer (CA) X.500 name

Validity Period (Start,End)

Subject X.500 name

Subject Public Key

Algorithm

Value

Issuer Unique Id (Version 2 ,3)

Subject Unique Id (Version 2,3)

Extensions (version 3)

optional

CA digital Signature

X.509: Certificate Content


Subject names l.jpg
Subject Names

  • X.500 Distinguished Name (DN)

  • Associated with node in hierarchical directory (X.500)

  • Each node has Relative Distinguished Name (RDN)

    • Path for parent node

    • Unique set of attribute/value pairs for this node


Example subject name l.jpg
Example Subject Name

  • Country at Highest Level (e.g. US)

  • Organization typically at next level (e.g. CertCo)

  • Individual below (e.g. Common Name “Elizabeth” with Id = 1)

    DN = {

    • C=US;

    • O=CertCo;

    • CN=Elizabeth, ID=1}


Version 3 certificates l.jpg
Version 3 Certificates

  • Version 3 X.509 Certificates support alternative name formats as extensions

    • X.500 names

    • Internet domain names

    • e-mail addresses

    • URLs

  • Certificate may include more than one name


Certificate signature l.jpg
Certificate Signature

  • RSA Signature

    • Create hash of certificate

    • Encrypt using CA’s private key

  • Signature verification

    • Decrypt using CA’s public key

    • Verify hash


Tls serverkeyexchange l.jpg

Client

ClientHello

Server

ServerHello

Certificate

ServerKeyExchange

TLS: ServerKeyExchange


Tls certificate request l.jpg

Client

ClientHello

Server

ServerHello

Certificate

ServerKeyExchange

CertificateRequest

TLS: Certificate Request


Tls client certificate l.jpg

Client

ClientHello

ClientCertificate

ClientKeyExchange

Server

ServerHello

Certificate

ServerKeyExchange

CertificateRequest

TLS: Client Certificate


Tls change cipher spec finished l.jpg

Client

[ChangeCipherSpec]

Finished

Application Data

Server

[ChangeCipherSpec]

Finished

Application Data

TLS: Change Cipher Spec, Finished


Tls change cipher spec finished30 l.jpg
TLS: Change Cipher Spec/Finished

  • Change Cipher Spec

    • Announce switch to negotiated algorithms and values

  • Finished

    • Send copy of handshake using new session

    • Permits validation of handshake


Tls using a session l.jpg

Client

ClientHello (Session #)

[ChangeCipherSpec]

Finished

Application Data

Server

ServerHello (Session #)

[ChangeCipherSpec]

Finished

Application Data

TLS: Using a Session


Changes from ssl 3 0 to tls l.jpg
Changes from SSL 3.0 to TLS

  • Fortezza removed

  • Additional Alerts added

  • Modification to hash calculations

  • Protocol version 3.1 in ClientHello, ServerHello


Tls http application l.jpg
TLS: HTTP Application

  • HTTP most common TLS application

    • https://

  • Requires TLS-capable web server

  • Requires TLS-capable web browser

    • Netscape Navigator

    • Internet Explorer

    • Cryptozilla

      • Netscape Mozilla sources with SSLeay


Web servers l.jpg
Web Servers

  • Apache-SSL

  • Apache mod_ssl

  • Stronghold

  • Roxen

  • iNetStore


Other applications l.jpg
Other Applications

  • Telnet

  • FTP

  • LDAP

  • POP

  • SSLrsh

  • Commercial Proxies


Tls implementation l.jpg
TLS: Implementation

  • Cryptographic Libraries

    • RSARef, BSAFE

  • TLS/SSL packages

    • SSLeay

    • SSLRef


X 509 certificate issues l.jpg
X.509 Certificate Issues

  • Certificate Administration is complex

    • Hierarchy of Certification Authorities

    • Mechanisms for requesting, issuing, revoking certificates

  • X.500 names are complicated

  • Description formats are cumbersome (ASN.1)


X 509 alternative sdsi l.jpg
X.509 Alternative: SDSI

  • SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson)

    • Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0

    • Eliminate X.500 names - use DNS and text

    • Everyone is their own CA

    • Instead of ASN.1 use “S-expressions” and simple syntax

    • Name and Authorization certificates


Tls alternatives l.jpg
TLS “Alternatives”

  • S-HTTP: secure HTTP protocol, shttp://

  • IPSec: secure IP

  • SET: Secure Electronic Transaction

    • Protocol and infrastructure for bank card payments

  • SASL: Simple Authentication and Security Layer (RFC 2222)


Summary l.jpg
Summary

  • SSL/TLS addresses the need for security in Internet communications

    • Privacy - conventional encryption

    • Integrity - Message Authentication Codes

    • Authentication - X.509 certificates

  • SSL in use today with web browsers and servers


References 1 l.jpg
References - 1

  • Engelschall, Ralph, mod_ssl, <http://www.engelschall.com/sw/mod_ssl>

  • Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall 1997.

  • Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, <http://www.fjhirsch.com/wwwj/>

  • Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”, <http://www.psy.uq.oz.au/~ftp/Crypto/>

  • Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.


References 2 l.jpg
References - 2

  • Rivest, Ron, SDSI, <http://theory.lcs.mit.edu/~cis/sdsi.html>

  • Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition,Prentice Hall, 1999.

  • Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <http://www.counterpane.com/ssl.html>

  • Internet Drafts and RFCs <http://www.ietf.org/>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents.

  • PKCS standards: <http://www.rsa.com/rsalabs/pubs/PKCS/>


References 3 l.jpg
References - 3

  • Microsoft Security Documents <http://www.microsoft.com/workshop/security/contents.htm>

  • Netscape Security Documents <http://www.netscape.com/eng/security/>



ad