Presentation is loading. Please wait.

Presentation is loading. Please wait.

December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.

Published byPeregrine Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information."— Presentation transcript:

1 December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information Technology

2 December 2006Prof. Reuven Aviv, SSL2 WEB Security with SSL/TLS Introduction – Risks and counter measures Secure Socket Layer (SSL) architectu SSL Record Protocol SSL Handshake Protocol In Closing: What does the SSL Really Protect? Appendix: Usage of SSL and Certificates in Win2K/IIS Why the Web Service is special?

3 December 2006Prof. Reuven Aviv, SSL3 Web Security risks & counter-measures Corrupt server or browser data – done by Trojans, ActiveX, Applets Corrupt data in transit and session hijacking –Cryptographic checksum, Encryption –web proxy (later lecture) Denial of Service: flooding server, DNS attacks –Network Mitigation procedures Impersonation of users, and programs –signatures

4 December 2006Prof. Reuven Aviv, SSL4 Approaches to network Security Advantages and Disadvantages?

5 SECURE SOCKET LAYER (SSL) December 2006Prof. Reuven Aviv, SSL5

6 December 2006Prof. Reuven Aviv, SSL6 SSL (Secure Socket Layer) & TLS SSL: Netscape, later Microsoft –SSL 3.0 Submitted to IETF IRTF  TLS: Transport Layer Security – essentially SSLv3.1 Free Implementations: SSLRef, OpenSSL SSL support included in Microsoft IIS & IE What methods are used for: Privacy, Integrity, Authentication, Non-Repudiation?

7 December 2006Prof. Reuven Aviv, SSL7 SSL Protocol Architecture SSL Record Protocol: transmission of blocks of data (records) between applications (e.g. HTTP) What are the purpose of the SSL Handshake & Alert protocols?

8 SSL Record Protocol December 2006Prof. Reuven Aviv, SSL8

9 December 2006Prof. Reuven Aviv, SSL9 SSL Record Protocol: Services Encryption/Decryption of payloads (HTTP, …) –conventional encryption algorithms (DES…) Message integrity using MAC How the MAC is constructed? hash of (message + secret) secrets as agreed by a Handshake Protocol

10 December 2006Prof. Reuven Aviv, SSL10 SSL Record Protocol Operation What’s in the header?

11 December 2006Prof. Reuven Aviv, SSL11 SSL Record Format What is to be agreed by client/server during handshake?

12 SSL Handshake Protocol December 2006Prof. Reuven Aviv, SSL12

13 December 2006Prof. Reuven Aviv, SSL13 What is to be agreed: Cipher Suit Key Exchange algorithm: method to be used to create SSL Pre-Master Secret (1 of 4. e.g. D.H) Specifications of Encryption/Hash algorithms Encryption: from RC4, or 3DES,… –Cipher Type: Stream or Block MAC Algorithm: HMAC-MD5 / HMAC-SHA-1 –IV size, Hash size, …

14 December 2006Prof. Reuven Aviv, SSL14 SSL: 6 Secrets two keys for encryption ; Two values of Initial Values (for encryption); Two secrets for MAC Procedure for derivation of secrets Pre_Master_Secret --> Master Secret --> Secrets –48 Bytes PMS: one time value 4 methods for deriving PMS Who calculates PMS / Master / Secrets?

15 December 2006Prof. Reuven Aviv, SSL15 PMS derivation methods [1] RSA Method: Client creates PMS (random) send PMS to server encrypted by Server’s RSA public key –Client needs Server’s Public Key Certificate

16 December 2006Prof. Reuven Aviv, SSL16 PMS derivation methods [2] Anonymous Diffie Hellman –q,  agreed by two sides –Public keys (Y) are exchanged –PMS (calculated by both parties) = Y X (modq) –No exchange of Authenticating Certificates [3] Fixed Diffie Hellman –Server is authenticated by its D.H. certificate (inc D.H. public key). Rest is Anonymous D.H. Disadvantage relative to RSA method?

17 December 2006Prof. Reuven Aviv, SSL17 PMS derivation methods [4] Authenticated Diffie Hellman: –Most secure way - both parties are authenticated –D.H. public keys are exchanged by messages – signed by senders’ private RSA or DSS keys –PMS is created by both parties Signing keys (RSA or DSS) keys are presented via Certificates, themselves signed by CAs

18 December 2006Prof. Reuven Aviv, SSL18 Handshake Protocol: full scenario

19 December 2006Prof. Reuven Aviv, SSL19 1. Hello Phase

20 December 2006Prof. Reuven Aviv, SSL20 Hello messages: Establishing Security Capabilities Client sends ClientHello (1) –ProtocolVersion (3.1 for TLS 1.0) –timestamp + random_num1 What are the purpose of these? Session ID What is the purpose of this? Lists of Algorithms & Compression methods supported by client

21 December 2006Prof. Reuven Aviv, SSL21 Hello messages: Establishing Security Capabilities Server sends ServerHello (2) Protocol Version, Timestamp, random num2 –Session ID: new value (or, if updating, old) –Selected Cipher-Suite, compression method Is the PMS Derivation method determined at this stage?

22 December 2006Prof. Reuven Aviv, SSL22 2. Server Authentication & Key exchange Certificate (3): one (or more) X.509 certificate Certificate present public key, that will be used for encrypting secrets and/or signing Server client These are optional. Who determines if these Messages are sent?

23 December 2006Prof. Reuven Aviv, SSL23 Server Key_exchange_Message (4) Sent from the Server to provide its public key –Not needed in RSA [1] method (public key of Server was already sent by Certificate (3)) – not needed in fixed D.H [3] method why? What is the content of this message? The Diffie Hellman public key (Y) Message required in the Anonymous D.H. [2] –Message not signed Why not?

24 December 2006Prof. Reuven Aviv, SSL24 Server Key_exchange_Message (4) Message required in the Ephemeral D.H [4] –Message signed by what? by RSA or DSS private key What is the signature? encrypted hash of D.H. parameters and the rand. in the Hello messages why? K RSA {hash(Cl.Hello.rand|| Ser.Hello.rand || D.H. parameters)}

25 December 2006Prof. Reuven Aviv, SSL25 End of Phase 2: Server In all methods except Anonymous D.H. [2] –Server sends Ceritificate_Request (5) requesting Client to provide its Certificate(s) List of acceptable certificates & CAs Server sends ServerDone (6) message What will the client do?

26 December 2006Prof. Reuven Aviv, SSL26 End of Phase 2: Client Client Checks the acceptability of parameters in ServerHello (selected algorithms & PMS method) Client checks receipt of the required certificates Client checks the validity of received certificates How?

27 December 2006Prof. Reuven Aviv, SSL27 Phase 3: Client Authentication & Key Exchange What’s in Client_key_Exchange (8)? CertificateVerify (9): a signed hash of previous messages. What is the purpose of this? Client Server

28 December 2006Prof. Reuven Aviv, SSL28 ClientKeyExchange (8): Required Content depends on method of key generation: RSA [1]: Client sends a random 48-byte PMS, encrypted with the certified Server’s public key Authenticated or Anonymous D.H. [4], [2]: –Client sends its public D.H. key (Y) Fixed D.H. (3): null, (Client’s public D.H. sent in previous message, Certificate (7)) –In all D.H. methods [2], [3], [4] both Client and Server now calculate PMS

29 December 2006Prof. Reuven Aviv, SSL29 Certificate_Verify (9) Sent by Client – if previously sent a Certificate with signing capabilities –i.e. Not Certificate with D.H. parameters Purpose: Authenticating the client - proving that the client knows its private key What should be in this message? Specific agreed info, signed by the client –Alternative to challenge response

30 December 2006Prof. Reuven Aviv, SSL30 Certificate_Verify (cont’d) Hash of collected shared knowledge –K Client {hash(Master_Secret || pad2 || hash (handshake_messages||Master_Secret||pad1))} Signed by Client Private key cannot be done by one who stole the Client certificate why?

31 December 2006Prof. Reuven Aviv, SSL31 4. Finish phase ChangeCipherSpec: –Let’s start using agreed Cipher-Suite Finished: hash of master secret, & other info –Using the agreed upon Cipher Suit

32 December 2006Prof. Reuven Aviv, SSL32 In closing: What does SSL really protect? It protects data in transit, mitigates attacks like MIM, Replay, and in general makes other attacks difficult to perform It does not solve the hard problems of E- Commerce: –DOS Attacks –Application Layer Attacks on the client and servers. (BO) By which credit cards may be stolen

33 December 2006Prof. Reuven Aviv, SSL33 Appendix Configuring SSL & Certificates in Win2K Internet Information Server (IIS)

34 December 2006Prof. Reuven Aviv, SSL34 Selecting the Web Server to be configured Tool: mmc

35 December 2006Prof. Reuven Aviv, SSL35 Web Server Properties: Certificate (SSL)

36 December 2006Prof. Reuven Aviv, SSL36 Web Server certificate

37 December 2006Prof. Reuven Aviv, SSL37 Configuring “Secure Communication” (SSL)

38 December 2006Prof. Reuven Aviv, SSL38 Web Server: Client Authentication Methods

39 December 2006Prof. Reuven Aviv, SSL39 IIS: Client (Browser) Authentication Anonymous: No authentication Basic: domain password sent in the clear Digest: challenge response –Challenge (from IIS): Workstation ID, domain/realm, time –Response: Thumbprint (hash with password) –Server needs to know password Integrated Windows Authentication –Browser obtains and sends Kerberos ticket Certificate based authentication

40 December 2006Prof. Reuven Aviv, SSL40 Web Server Certificate Trust List

41 December 2006Prof. Reuven Aviv, SSL41 IIS Access Control Mapping Client Certificates to accounts –Define subjects’ rights of access to www pages

42 December 2006Prof. Reuven Aviv, SSL42 Controlling Authentication for certain pages Selecting the page

43 December 2006Prof. Reuven Aviv, SSL43 Authentication methods for this page

44 December 2006Prof. Reuven Aviv, SSL44 Accessing the page

Download ppt "December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

Similar presentations

Ads by Google