1 / 26

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing. Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org. Outline. Announcement Midterm#1: March 20 th , 4-6pm (moved from March 27 th )

splunkett
Download Presentation

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EEC 693/793Special Topics in Electrical EngineeringSecure and Dependable Computing Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org

  2. Outline • Announcement • Midterm#1: March 20th, 4-6pm (moved from March 27th) • Secure Socket Layer • Pretty Good Privacy EEC693: Secure & Dependable Computing

  3. SSL: The Secure Sockets Layer • SSL (Secure Sockets Layer): a security package for secure communication over Internet • Introduced in 1995, Netscape Communications Corp • SSL builds a secure connection between two sockets, including • Parameter negotiation between client and server • Mutual authentication of client and server • Secret communication • Data integrity protection EEC693: Secure & Dependable Computing

  4. Secure Sockets Layer Documentation • The SSL Protocol version 3.0 Internet Draft:http://home.netscape.com/eng/ssl3/ssl-toc.html • The TLS Protocol version 1.0 Internet Draft: http://www.ietf.org/rfc/rfc2246.txt • "HTTP Over TLS" Information RFC: http://www.ietf.org/rfc/rfc2818.txt • SSL and TLS: Designing and Building Secure Systems by Eric Rescorla. Addison Wesley Professional, 2000 • Analysis of the SSL 3.0 Protocol, by David Wagner and Bruce Schneier, http://www.schneier.com/paper-ssl-revised.pdf EEC693: Secure & Dependable Computing

  5. SSL: The Secure Sockets Layer • HTTPS (Secure HTTP): HTTP over SSL • Sometimes it is available at a new port (443) instead of the standard port (80) • Layers (and protocols) for home user using HTTPS EEC693: Secure & Dependable Computing

  6. SSL: The Secure Sockets Layer • SSL consists of two main subprotocols: • handshake protocol • record protocol • SSL supports multiple cryptographic algorithms • The strongest one uses triple DES with three separate keys for encryption and SHA-1 for message integrity • For ordinary e-commerce applications, RC4 is used with a 128-bit key for encryption and MD5 is used for message authentication EEC693: Secure & Dependable Computing

  7. SSL: The Secure Sockets Layer Application software SSL Change Cipher Spec Protocol Application Data SSL Handshake Protocol SSL Alert Protocol SSL Record Layer Protocol TCP EEC693: Secure & Dependable Computing

  8. SSL HandshakeProtocol ClientKeyEx EEC693: Secure & Dependable Computing

  9. SSL HandshakeProtocol • Message #1: Client hello • SSL version; Random structure (timestamp and nonce); Session id; CipherSuites; Compression methods • Message #2: Server hello • SSL version*; Random structure (timestamp and nonce); Session id; CipherSuite*; Compression method* * selection based on client’s preference by the server EEC693: Secure & Dependable Computing

  10. SSL HandshakeProtocol • Message #3: Server certificate (server key exchange message would be sent if there is no certificate) • Message #4: Server hello done • To indicate the end of the server hello and associated messages EEC693: Secure & Dependable Computing

  11. SSL HandshakeProtocol • Message #5: ClientKeyExchange - RSA encrypted premaster secret message • 48-byte long (version number and random bytes), encrypted using server’s public key EEC693: Secure & Dependable Computing

  12. SSL HandshakeProtocol • Message #6&8: Change cipher spec • Sent by both client and server to notify receiving party that subsequent records will be protected under the new CipherSpec and keys • The client sends a change cipher spec message following handshake key exchange and certificate verifymessages (if any) • The server sends one after successfully processing the key exchange message it received from the client EEC693: Secure & Dependable Computing

  13. SSL HandshakeProtocol • The Change cipher spec message is an independent SSL Protocol content type, and is not actually an SSL handshake message • This is designed as a performance improvement • This message cannot be combined with the finished message (change cipher spec is unencrypted [or encrypted using the previous session key] and the finished message is encrypted using the new session key) EEC693: Secure & Dependable Computing

  14. SSL HandshakeProtocol • Message #7&9: Finished • Sent immediately after a change cipher specsmsg • The finished message is the first protected with the just-negotiated algorithms, keys, and secrets • No acknowledgment of the finished message is required; parties may begin sending confidential data immediately after sending the finished message EEC693: Secure & Dependable Computing

  15. SSL HandshakeProtocol Output Server Random Pre-master Secret Client Random Master Secret Key Block Server Write Client Write Server IV Clint MAC Server MAC Client IV EEC693: Secure & Dependable Computing

  16. SSL HandshakeProtocol Output • Master secret: computed based on the premaster secret and the nonces proposed by the client and the servermaster_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random)); • Session keys, MAC secrets, and IVs: the master secret is used as an entropy source, and the random values provide unencrypted salt material and IVs for exportable ciphers EEC693: Secure & Dependable Computing

  17. SSL HandshakeProtocol Output • To generate the key material, computekey_block = MD5(master_secret + SHA('A' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA('BB' + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA('CCC' + master_secret + ServerHello.random + ClientHello.random)) + [...];until enough output has been generated EEC693: Secure & Dependable Computing

  18. SSL HandshakeProtocol Output • Then the key_block is partitioned as follows:client_write_MAC_secret[CipherSpec.hash_size] server_write_MAC_secret[CipherSpec.hash_size] client_write_key[CipherSpec.key_material] server_write_key[CipherSPec.key_material] client_write_IV[CipherSpec.IV_size] /* non-export ciphers */server_write_IV[CipherSpec.IV_size]/* non-export ciphers */ EEC693: Secure & Dependable Computing

  19. SSL Record Protocol • MAC = hash(MAC_write_secret + pad_2 + hash(MAC_write_secret + pad_1 + seq_num + length + content)); <= 16 KB each Why? EEC693: Secure & Dependable Computing

  20. SSL and TLS • In 1996, Netscape Communications Corp. turned SSL over to IETF for standardization. The result was TLS (Transport Layer Security) • It is described in RFC 2246 • The changes made to SSL were relatively small, but just enough that SSL version 3 and TLS cannot interoperate • The TLS version is also known as SSL version 3.1 EEC693: Secure & Dependable Computing

  21. E-Mail Security • PGP– Pretty Good Privacy • PEM – Privacy Enhanced Mail • S/MIME EEC693: Secure & Dependable Computing

  22. PGP – Pretty Good Privacy • PGP (Pretty Good Privacy): e-mail security package that provides privacy, authentication, digital signatures, and compression, all in an easy-to-use form • Created by Zimmermann, released in 1991 • Zimmermann is a privacy advocate whose motto is: If privacy is outlawed, only outlaws will have privacy • The complete package, including all the source code, is distributed free of charge via the Internet • Due to its quality, price (zero), and easy availability on UNIX, Linux, Windows, and Mac OS platforms, it is widely used today EEC693: Secure & Dependable Computing

  23. PGP – Pretty Good Privacy • PGP encrypts data by using a block cipher called IDEA (International Data Encryption Algorithm) • It has been patented and OpenPGP has stopped using it • Key management uses RSA • Data integrity uses MD5 • Compression uses the ZIP program, which uses the Ziv-Lempel algorithm (Ziv and Lempel, 1977) • Compression saves bandwidth • It also wipes out the frequency information contained in the plaintext. In effect, it converts the plaintext into junk EEC693: Secure & Dependable Computing

  24. PGP – Pretty Good Privacy • PGP in operation for sending a message EEC693: Secure & Dependable Computing

  25. PGP – Pretty Good Privacy • Alice sends an email P to Bob using PGP: • Both Alice and Bob have private (DX) and public (EX) RSA keys. Assume that each one knows the other's public key • PGP first hashes Alice’s message, P, using MD5, and then encrypts the resulting hash using her private RSA key, DA • The encrypted hash and the original message are concatenated into a single message, P1, and compressed using the ZIP program, the output of this step is P1.Z EEC693: Secure & Dependable Computing

  26. PGP – Pretty Good Privacy • Next, PGP prompts Alice for some random input. Both the content and the typing speed are used to generate a 128-bit IDEA message key, KM • KMis now used to encrypt P1.Z with IDEA in cipher feedback mode • In addition, KMis encrypted with Bob's public key, EB. These two components are then concatenated and converted to base64 EEC693: Secure & Dependable Computing

More Related