An introduction to ssl tls and certificates
1 / 44

An Introduction to SSL/TLS and Certificates - PowerPoint PPT Presentation

  • Uploaded on

An Introduction to SSL/TLS and Certificates. Providing secure communication over the Internet. Frederick J. Hirsch [email protected] CertCo Overview. Background Established in 1996. Banker’s Trust spinoff. Privately held. Mission

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'An Introduction to SSL/TLS and Certificates' - fala

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
An introduction to ssl tls and certificates l.jpg

An Introduction to SSL/TLS and Certificates

Providing secure communication over the Internet

Frederick J. Hirsch

[email protected]

Certco overview l.jpg
CertCo Overview

  • Background

    Established in 1996. Banker’s Trust spinoff. Privately held.

  • Mission

    CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce.

  • Expertise

    Cryptography, risk management, law, technology and banking.

  • Location

    Headquarters: New York City

    Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.

Outline l.jpg

  • Problem: Creating applications which can communicate securely over the Internet

  • TLS: Transport Layer Security (SSL)

  • Certificates

  • Related technology: S-HTTP, IPSec, SET, SASL

  • References

Security issues l.jpg
Security Issues

  • Privacy

    • Anyone can see content

  • Integrity

    • Someone might alter content

  • Authentication

    • Not clear who you are talking with

Tls transport layer security l.jpg
TLS: Transport Layer Security

  • formerly known asSSL: Secure Sockets Layer

  • Addresses issues of privacy, integrity and authentication

    • What is it?

    • How does it address the issues?

    • How is it used

What is tls l.jpg








What is TLS?

  • Protocol layer

  • Requires reliable transport layer (e.g. TCP)

  • Supports any application protocols

Tls privacy l.jpg




$%&#[email protected]


TLS: Privacy

  • Encrypt message so it cannot be read

  • Use conventional cryptography with shared key

    • DES, 3DES

    • RC2, RC4

    • IDEA

Tls key exchange l.jpg
TLS:Key Exchange

  • Need secure method to exchange secret key

  • Use public key encryption for this

    • “key pair” is used - either one can encrypt and then the other can decrypt

    • slower than conventional cryptography

    • share one key, keep the other private

  • Choices are RSA or Diffie-Hellman

Tls integrity l.jpg
TLS: Integrity

  • Compute fixed-length Message Authentication Code (MAC)

    • Includes hash of message

    • Includes a shared secret

    • Include sequence number

  • Transmit MAC with message

Tls integrity10 l.jpg









TLS: Integrity

  • Receiver creates new MAC

    • should match transmitted MAC

  • TLS allows MD5, SHA-1

Tls authentication l.jpg





TLS: Authentication

  • Verify identities of participants

  • Client authentication is optional

  • Certificate is used to associate identity with public key and other attributes

Tls overview l.jpg
TLS: Overview

  • Establish a session

    • Agree on algorithms

    • Share secrets

    • Perform authentication

  • Transfer application data

    • Ensure privacy and integrity

Tls architecture l.jpg

Handshake Protocol


Cipher Spec

Alert Protocol

TLS Record Protocol

TLS: Architecture

  • TLS defines Record Protocol to transfer application and TLS information

  • A session is established using a Handshake Protocol

Tls handshake l.jpg
TLS: Handshake

  • Negotiate Cipher-Suite Algorithms

    • Symmetric cipher to use

    • Key exchange method

    • Message digest function

  • Establish and share master secret

  • Optionally authenticate server and/or client

Handshake phases l.jpg
Handshake Phases

  • Hello messages

  • Certificate and Key Exchange messages

  • Change CipherSpec and Finished messages

Tls hello l.jpg
TLS: Hello

  • Client “Hello” - initiates session

    • Propose protocol version

    • Propose cipher suite

    • Server chooses protocol and suite

  • Client may request use of cached session

    • Server chooses whether to honor request

Tls key exchange18 l.jpg
TLS: Key Exchange

  • Server sends certificate containing public key (RSA) or Diffie-Hellman parameters

  • Client sends encrypted “pre-master” secret to server using Client Key Exchange message

  • Master secret calculated

    • Use random values passed in Client and Server Hello messages

Public key certificates l.jpg
Public Key Certificates

  • X.509 Certificate associates public key with identity

  • Certification Authority (CA) creates certificate

    • Adheres to policies and verifies identity

    • Signs certificate

  • User of Certificate must ensure it is valid

Validating a certificate l.jpg
Validating a Certificate

  • Must recognize accepted CA in certificate chain

    • One CA may issue certificate for another CA

  • Must verify that certificate has not been revoked

    • CA publishes Certificate Revocation List (CRL)

X 509 certificate content l.jpg


Serial Number

Signature Algorithm Identifier

Object Identifier (OID)

e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 1}

Issuer (CA) X.500 name

Validity Period (Start,End)

Subject X.500 name

Subject Public Key



Issuer Unique Id (Version 2 ,3)

Subject Unique Id (Version 2,3)

Extensions (version 3)


CA digital Signature

X.509: Certificate Content

Subject names l.jpg
Subject Names

  • X.500 Distinguished Name (DN)

  • Associated with node in hierarchical directory (X.500)

  • Each node has Relative Distinguished Name (RDN)

    • Path for parent node

    • Unique set of attribute/value pairs for this node

Example subject name l.jpg
Example Subject Name

  • Country at Highest Level (e.g. US)

  • Organization typically at next level (e.g. CertCo)

  • Individual below (e.g. Common Name “Elizabeth” with Id = 1)

    DN = {

    • C=US;

    • O=CertCo;

    • CN=Elizabeth, ID=1}

Version 3 certificates l.jpg
Version 3 Certificates

  • Version 3 X.509 Certificates support alternative name formats as extensions

    • X.500 names

    • Internet domain names

    • e-mail addresses

    • URLs

  • Certificate may include more than one name

Certificate signature l.jpg
Certificate Signature

  • RSA Signature

    • Create hash of certificate

    • Encrypt using CA’s private key

  • Signature verification

    • Decrypt using CA’s public key

    • Verify hash

Tls serverkeyexchange l.jpg







TLS: ServerKeyExchange

Tls certificate request l.jpg








TLS: Certificate Request

Tls client certificate l.jpg










TLS: Client Certificate

Tls change cipher spec finished l.jpg




Application Data




Application Data

TLS: Change Cipher Spec, Finished

Tls change cipher spec finished30 l.jpg
TLS: Change Cipher Spec/Finished

  • Change Cipher Spec

    • Announce switch to negotiated algorithms and values

  • Finished

    • Send copy of handshake using new session

    • Permits validation of handshake

Tls using a session l.jpg


ClientHello (Session #)



Application Data


ServerHello (Session #)



Application Data

TLS: Using a Session

Changes from ssl 3 0 to tls l.jpg
Changes from SSL 3.0 to TLS

  • Fortezza removed

  • Additional Alerts added

  • Modification to hash calculations

  • Protocol version 3.1 in ClientHello, ServerHello

Tls http application l.jpg
TLS: HTTP Application

  • HTTP most common TLS application

    • https://

  • Requires TLS-capable web server

  • Requires TLS-capable web browser

    • Netscape Navigator

    • Internet Explorer

    • Cryptozilla

      • Netscape Mozilla sources with SSLeay

Web servers l.jpg
Web Servers

  • Apache-SSL

  • Apache mod_ssl

  • Stronghold

  • Roxen

  • iNetStore

Other applications l.jpg
Other Applications

  • Telnet

  • FTP

  • LDAP

  • POP

  • SSLrsh

  • Commercial Proxies

Tls implementation l.jpg
TLS: Implementation

  • Cryptographic Libraries

    • RSARef, BSAFE

  • TLS/SSL packages

    • SSLeay

    • SSLRef

X 509 certificate issues l.jpg
X.509 Certificate Issues

  • Certificate Administration is complex

    • Hierarchy of Certification Authorities

    • Mechanisms for requesting, issuing, revoking certificates

  • X.500 names are complicated

  • Description formats are cumbersome (ASN.1)

X 509 alternative sdsi l.jpg
X.509 Alternative: SDSI

  • SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson)

    • Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0

    • Eliminate X.500 names - use DNS and text

    • Everyone is their own CA

    • Instead of ASN.1 use “S-expressions” and simple syntax

    • Name and Authorization certificates

Tls alternatives l.jpg
TLS “Alternatives”

  • S-HTTP: secure HTTP protocol, shttp://

  • IPSec: secure IP

  • SET: Secure Electronic Transaction

    • Protocol and infrastructure for bank card payments

  • SASL: Simple Authentication and Security Layer (RFC 2222)

Summary l.jpg

  • SSL/TLS addresses the need for security in Internet communications

    • Privacy - conventional encryption

    • Integrity - Message Authentication Codes

    • Authentication - X.509 certificates

  • SSL in use today with web browsers and servers

References 1 l.jpg
References - 1

  • Engelschall, Ralph, mod_ssl, <>

  • Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall 1997.

  • Hirsch, Frederick J. “Introduction to SSL and Certificates Using SSLeay”, World Wide Web Journal, Summer 1997, <>

  • Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”, <>

  • Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.

References 2 l.jpg
References - 2

  • Rivest, Ron, SDSI, <>

  • Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition,Prentice Hall, 1999.

  • Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <>

  • Internet Drafts and RFCs <>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents.

  • PKCS standards: <>

References 3 l.jpg
References - 3

  • Microsoft Security Documents <>

  • Netscape Security Documents <>