secure socket layer l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Socket Layer PowerPoint Presentation
Download Presentation
Secure Socket Layer

Loading in 2 Seconds...

play fullscreen
1 / 43

Secure Socket Layer - PowerPoint PPT Presentation


  • 387 Views
  • Uploaded on

Secure Socket Layer Originally by Yu Yang and Lilly Wang Modified by T. A. Yang Agenda SSL Basics WTLS SSL Facts SSL was first developed by Netscape in 1994 and became an internet standard in 1996 ( RFC 2246 – TLS V1.0)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Socket Layer' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure socket layer

Secure Socket Layer

Originally by Yu Yang and Lilly Wang

Modified by T. A. Yang

agenda

Agenda

SSL Basics

WTLS

ssl facts

SSL Facts

SSL was first developed by Netscape in 1994 and became an internet standard in 1996 ( RFC 2246 – TLS V1.0)

SSL is a cryptographic protocol to secure network across a connection-oriented layer

Any program using TCP can be modified to use SSL connection

ssl facts4

SSL Facts

SSL connection uses a dedicated TCP/IP socket (e.g. port 443 for https)

SSL is flexible in choice of which symmetric encryption, message digest, and authentication can be used

SSL provides built-in data compression

ssl usage

SSL Usage

Authenticate the server to the client

Allow the client and the server to select cryptographic algorithms, or ciphers, that they both support

Optionally authenticate the client to the server

Use public key encryption techniques to generate a shared secret

Establish an encrypted SSL connection

secure socket layer6

HTTPS

FTPS

SMTPS

Application layer

Transport layer

TCP/IP layer

Secure Socket Layer

SSL is a secure protocol which runs above TCP/IP and allows users to encrypt data and to securely authenticate a server’s (or a vendor’s) identity

SECURE SOCKET LAYER

ssl handshake

SSL Handshake

SSL handshake verifies the server and allows the client and the server to agree on an encryption set before any data is sent out

ssl handshake12

Server

Public key

Private key

Client request

Client

Public key

SSL Handshake

ssl session key

Server

Pre-Master

Pre-Master

Public key

Private key

Client

Session key

SSL Session Key

Session key

Public key

Pre-Master

secure data on network

Server

Session key

Data

Public key

Private key

Client

Session key

Session key

Data

Data

Data

Data

Secure Data on Network

man in the middle attack

Server

Session key

Session key

Public key

Public key

Public key

Public key

Private key

Pre-master

Private key

Public key

Pre-master

Hacker

Pre-master

Client

Public key

Pre-master

Man-in-the-Middle Attack

key exchange and certificate

Server

Public key

Private key

SSL version number supported by the client(v2, v3)

Ciphers supported by the client (DES, RC2, RC4)

Client Random Number

SSL version number picked by the server (v2, v3)

Ciphers picked by the server (DES, RC2, RC4)

Server Random Number

Certificate

Client

Public key

Key exchange and certificate

verify certificate

Server

Public key

Private key

Client request

Certificate

Certificate

Client

Public key

Verify Certificate

Certificate is Good and Valid

Server/vendor has been verified and authenticated

Client has vendor’s public key and can now encrypt pre-master to send to server/vendor

Valid

Checking

ssl handshake19

The TLS Handshake Protocol involves the following steps:

    • Exchange hello messages to agree on algorithms, exchange random values, and check for session resumption.
    • Exchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret.
    • Exchange certificates and cryptographic information to allow the client and server to authenticate themselves.
    • Generate a master secret from the premaster secret and exchanged random values.
    • Provide security parameters to the record layer.
    • Allow the client and server to verify that their peer has calculated the same security parameters and that the handshake occurred without tampering by an attacker.

SSL Handshake

ssl handshake20

1. Client hello

SSL Handshake

2. Server hello

Present Server Certificate

*Request Client Certificate

Server Key Exchange

Server

Client

3. Client Finish

*Present Client Certificate

Client Key Exchange

*Certificate Verify

Change Cipher Spec

4. Server Finish

Change Cipher Spec

Application Data

client hello

Client Hello

Sent by the client

When first connecting to a server

In response to a hello request or on its own

Contains

32 bytes random number created by a secure random number generator

Protocol version

Session ID

A list of supported ciphers

A list of compression methods

server hello

Server Hello

Sent as response if client hello is accepted

If not, a handshake failure alert is sent

Contains

32 bytes random number created by a secure random number generator

Protocol version

Session ID

Cipher suite chosen

Compression method selected

server certificates

Server Certificates

Immediately following the server hello, the server sends its certificate

Generally an X.509.v3 certificate

Server sends server hello done message, indicating that the hello-message phase of the handshake is complete

client certificate optional

Client Certificate (optional)

Client only sends a certificate upon the receipt of a certificate request

Sends after receiving server hello done

If the client does not have a suitable certificate, it sends a certificate message with no certificates.

Server will respond with a fatal handshake failure if a client certificate is necessary

key exchange

Key Exchange

Client sends 48-bytes pre-master, encrypted using server’s public key, to the server

Both server and client use the pre-master to generate the master secret

The same session key is generated on both client and server side using the master secret

final steps

Final Steps

Client sends change_cipher_spec

Client sends finished message

Server sends change_cipher_spec

Server sends finished message

record layer

Record Layer

Compression and decompression

A MAC is applied to each record using the MAC algorithm defined in the current cipher spec

Encryption occurs after compression

May need fragmentation

alert layer

Alert Layer

Explain severity of the message and a description

fatal

Immediate termination

Other connections in session may continue

Session ID invalidated to prevent failed session to open new sessions

Alerts are compressed same as other data

change cipher spec protocol

Change Cipher Spec Protocol

Notify the other party to use the new cipher suite

Before the Finished message

comparison of ssl v2 0 and v3 0

Comparison of SSL V2.0 and V3.0

SSL 2.0 is vulnerable to “man-in-the-middle” attack.The hello messagecan be modified to use 40 bits encryption.

SSL 3.0 defends against this attack by having the last handshake message include a hash of all the previous handshake message

comparison of ssl v2 0 and v3 035

Comparison of SSL V2.0 and V3.0

SSL 2.0 uses a weak MAC construction

In SSL 3.0, the Message Authentication Hash uses a full 128 bits of key material for Export cipher+, while SSL 2.0 uses only 40 bits

+ See http://en.wikipedia.org/wiki/Export_of_cryptography

comparison of ssl v2 0 and v3 036

Comparison of SSL V2.0 and V3.0

SSL 2.0 only allows a handshake at the beginning of the connection. In 3.0, the client can initiate a handshake routine any time

SSL 3.0 allows server and client to send chains of certificate

SSL 3.0 has a generalized key exchange protocol. It allows Diffie-Hellman and Fortezza key exchange

SSL 3.0 allows for record compression and decompression

problem free

Problem Free?

Side channel attack – discovered by Swiss Federal Institute of Technology in Lausanne

http://www.newsfactor.com/perl/story/20843.html

Information leak in encrypted connections. Vulnerable openssl versions do not perform a MAC computation if an incorrect block cipher padding is used. An active attacker who can insert data into an existing encrypted connection is then able to measure time differences between the error messages the server sends. This information can make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext.

wtls facts

WTLS Facts

Mainly used to secure data transport between wireless device and gateway

Built on top of datagram (UDP) instead of TCP

WTLS provides full, optimized and abbreviated handshake to reduce roundtrips in high-latency networks

wtls facts41

WTLS Facts

WTLS uses different format of certificates, mainly WTLS certificate, X509v1 and 968. It also supports additional cipher suites, such as RC5, short hashes, ECC, etc;

WTLS provides built-in key-refresh mechanism for renegotiation;

WTLS can also set session resumable to continue on a previous session.

reference

Reference

[1] http://www.faqs.org/faqs/computer-security/ssl-talk faq/

[2] http://www.pcwebopedia.com/TERM/S/SSL.htm

[3]http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

[4] http://www.ece.wpi.edu/~sunar/ee578/SSL.ppt