1 / 33

PRESENTATION

PRESENTATION. ON SECURE SOCKET LAYER (SSL). Seminartopics.info. CONTENTS. Definition Brief History Services Position of SSL in TCP/IP Communication between layers Working of SSL Details of handshake protocol Details of record protocol Details of alert protocol

emmanuel-parsons
Download Presentation

PRESENTATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRESENTATION ON SECURE SOCKET LAYER (SSL) Seminartopics.info

  2. CONTENTS • Definition • Brief History • Services • Position of SSL in TCP/IP • Communication between layers • Working of SSL • Details of handshake protocol • Details of record protocol • Details of alert protocol • Closing & resuming SSL connections • References

  3. DEFINITION Internet protocol for secure exchange of information between the web browser and the web server Web server Web browser

  4. HISTORY • Developed by Netscape corporation in 1994 • Versions – 2,3,3.1 • Popular version – 3, released in 1995

  5. SERVICES Provides 2 basic security services : 1. Authentication 2. Confidentiality • Logically it provides a secure pipe between the web browser and the web server.

  6. POSITION OF SSL IN TCP/IPPROTOCOL SUITE • Located between the application layer and the transport layer Application layer SSL layer Transport layer Network layer Data link layer Physical layer

  7. COMMUNICATION BETWEEN VARIOUS LAYERS Y x L5 data SH L5 data L5 data Application L5 data SH SSL L5 data H4 Transport L5 data H4 L4 data H3 Network L4 data H3 L3 data H2 L3 data H2 Data link 01010101001101011 Physical 01010101001101011 Transmission medium

  8. HOW SSL WORKS ? Has 3 sub protocols : • Handshake protocol • Record protocol • Alert protocol

  9. 1. THE HANDSHAKE PROTOCOL • First sub protocol used by client and the server to communicate using SSL enabled connections • Consists of series of messages between the client and the server

  10. MESSAGE FORMAT OF HANSHAKEPROTOCOL Has 3 fields : • Type (1 byte) : indicates message types • Length (3 bytes) : indicates the length of message. 3. Content (1 or more byte) : contains the parameters associated with message Type Length Contents 1 or more bytes 1 byte 3 byte

  11. PHASES OF HANDSHAKE PROTOCOL There are 4 phases of handshake protocol : • Establish security capabilities • Server authentication & key exchange • Client authentication & key exchange • Finish 1.Establish security capabilities 2. Server authentication &key exchange 3.Client authentication & key exchange 4.Finish Web browser Web server

  12. Phase 1: Establish security capabilities • Initiate a logical connection & establish the security capabilities • Consists of two messages : client hello & serverhello Web browser Web server Step 1: Client hello Step 2 : Server hello

  13. CLIENT HELLO Consists of following parameters : • Version : indicates the highest version of SSL the client can support • Random : used for actual communication. It consists of 2 sub fields : • 32-bit date-time field that identifies current system date & time on the client computer • 28-byte random number generated by the random number generator software built inside the client computer

  14. CLIENT HELLO CONT. 3. Session id : variable length session identifier It has two values : 3.1. Non zero value : shows that a connection already exists between the client and the server 3.2. Zero value :indicates that the client wants to create a new connection with the server 4. Cipher suite : contains list of cryptographic algorithms supported by client 5. Compression method : contains list of compression algorithms supported by client

  15. SERVER HELLO Contains the same fields as that of client but with different purpose : • Version : identifies the lower of the versions suggested by the client & the highest supported by the server • Random : same structure as that of client • Session id : for non zero value - server uses the same value sent by client For zero value – server creates a new session id & puts it in this field • Cipher suite : contains single cipher suite selected from the list sent by client • Compression method : contains a compression algorithm selected from the list sent by client

  16. PHASE 2 : SERVER AUTHENTICATION & KEY EXCHANGE • Server initiates this phase of SSL handshake • Server is the only sender & the client is the only receiver. This phase contains 4 steps: • Certificate • Server key exchange • Certificate request • Server hello done

  17. 1.CERTIFICATE • Server sends its digital certificate to the client • This helps client to authenticate the server using server’s public key from server’s certificate. 2. SERVER KEY EXCHANGE • Optional step & is used if the sender doesn’t send its digital certificate to the client • Server sends its public key to the client

  18. 3. CERTIFICATE REQUEST • Server can request for the client’s digital signatures • This step is optional because the client authentication in SSL is optional. 4. SERVER HELLO DONE • Indicates the client that its portion of hello message is complete • The client can verify the certificates sent by the server • After sending this message the server waits for the client’s response

  19. PHASE 3: CLIENT AUTHENTICATION & KEY EXCHANGE • The client initiates this phase. • Client is the sender & the server is the receiver. This phase consists of 3 steps: • Certificate • Client key exchange • Certificate verify

  20. 1. CERTIFICATE • Optional step • Performed only if the server had requested for the client’s certificate • If the client sends no certificate instead of a certificate message then its upto server if it still wants to continue. 2. CLIENT KEY EXCHANGE • Allows the client to send information to the server based on the symmetric key • Client creates a 48-byte pre-master secret & encrypts it with the server’s public key & sends this pre-master secret to the server.

  21. 3. CERTIFICATE VERIFY • Necessary only if the server had demanded client authentication • The client combines the pre-master secret with the random numbers exchanged by the client & server after hashing them together.

  22. PHASE 4 : FINISH • Client initiates this phase and the server ends. • This consists of 4 steps: The first two masseges are from client : • Change cipher specs • Finished The server responds back with the two same identical messages 1. Change cipher specs Web browser Web server 2. Finished 3. Change cipher specs 4. Finished

  23. MASTER KEY GENERATION CONCEPT • Based on pre-master secret , both the server and the client create a 48-byte quantity called the master secret • Master key is calculated after computing message digests of pre-master secret, client random & server random. Pre-master secret Client random Server random Message digest algorithm Master secret

  24. SYMMETRIC KEY GENERATIONCONCEPT • Finally symmetric keys to be used by the client & server are generated. Master secret Client random Server random Message digest algorithms Symmetric key

  25. 2. RECORD PROTOCOL Provides 2 services : • Confidentiality : achieved by the secret key defined by handshake protocol • Integrity : shared secret key is used to ensure the message integrity

  26. OPERATION OF RECORD PROTOCOL Application data Fregmentation Compression Addition of MAC Encryption Append header

  27. DETAILS OF THE STEPS • Fregmentation: original message is broken into blocks of size less than or equal to 16,384 bytes • Compression: fregmented blocks are compressed optionally with loss less compression mechanism • Addition of MAC: MAC is calculated for each block using the shared secret key. • Encryption: using the symmetric key the output is encrypted

  28. 5. Append header: header is added to the encrypted block. The header contains the following fields : • Content type(8 bits): specifies the protocol used for processing the record in next higher level • Major version(8 bits): specifies the major version of SSL protocol in use • Minor version(8 bits):specifies the minor version of SSL protocol in use • Compressed length(16 bits): specifies the length of the original plain text block

  29. 3. ALERT PROTOCOL • When either the client or the server detects an error, the detecting party sends an alert message to the other party • For fatal error : SSL connection is immediately closed, session identifiers, secrets & keys are destroyed • For non fatal errors :parties handle the errors & continue

  30. ALERT PROTOCOL MESSAGE FORMAT Alert message contains 2 bytes : • Severity : signifies the type of error. If it is a warning ,this byte contains 1. If it is fatal, this contains 2. • Cause : specifies the actual errors Severity Cause Byte 1 Byte 2

  31. CLOSING AND RESUMING SSL CONNECTIONS • Before ending communication , the client & the server must inform each other • Each party sends a close notify alert to ensure graceful closure • If the SSL connection ends without a close notify alert it cant be resumed • Any SSL connection can’t be reused after 24 hours

  32. REFERENCES • Cryptography and network security by Atul Kahate. • Ahuja, Vijay, Network and internet security • Comer, Douglas, Computer networks and internets. • Kaufman, Charlie, network security • Web refrences.

  33. THANKS

More Related