Executive Director and Endowed Chair

Slides:



Advertisements
Similar presentations
ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Advertisements

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16
Web security: SSL and TLS
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu CONTEXT  Mid to late 90’s  SSL 1.0 never released  SSL 2.0 flawed  SSL 3.0 complete redesign  TLS from Netscape.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Web Security Network Systems Security
Tunneling and Securing TCP Services Nathan Green.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
IT443 – Network Security Administration Instructor: Bo Sheng
CSCI 555 Adv Computer Security
Transport-Level Security
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Visit for more Learning Resources
BINF 711 Amr El Mougy Sherif Ismail
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Cryptography and Network Security Chapter 16
Secure Web Application-SSL
Virtual Private Networks (VPN)
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Chapter 7 WEB Security.
Web Security (TRANSPORT-LEVEL SECURITY)
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Chapter 7 WEB Security.
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

Executive Director and Endowed Chair CS 5323 SSL Secure Sockets Layer Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 10 ravi.utsa@gmail.com www.profsandhu.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Security Protocols © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Hourglass Model TCP/IP TCP RFC 793 Sept. 1981 IPv4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact!

Where to inject security? Internet Security Protocols TCP RFC 793 Sept. 1981 Where to inject security? IPv4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Security Protocols SET,1996 TCP RFC 793 Sept. 1981 SSL,1994 IPv4 RFC 791 Sept. 1981 IPsec, 1998 © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Security Protocols IPsec, 1998 SSL,1994 Largely failed Half successful Dozens of other security protocols Some successes Many failures © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) Client 2-way SSL © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) Client 2-way SSL RSA encryption certificate Client (Browser) Server 2-way SSL RSA signature certificate RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) LESS SECURE Phishing Man-in-the-middle Client (Browser) Server 2-way SSL MORE SECURE Phishing Man-in-the-middle © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) LESS SECURE Phishing Man-in-the-middle MASS DEPLOYMENT Client (Browser) Server 2-way SSL MORE SECURE Phishing Man-in-the-middle MINIMAL DEPLOYMENT © Ravi Sandhu World-Leading Research with Real-World Impact!

The SSL Lesson Client-less trumps client-full Start-ups (SSL) trump committees (IPSEC) © Ravi Sandhu World-Leading Research with Real-World Impact! 11

SSL Details World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact!

SSL layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport Layer Security) TLS 1.0 very close to SSL 3.1 © Ravi Sandhu World-Leading Research with Real-World Impact! 13

SSL application protocol independent does not specify how application protocols add security with SSL how to initiate SSL handshaking how to interpret certificates left to designers of upper layer protocols to figure out © Ravi Sandhu World-Leading Research with Real-World Impact! 14

SSL vs TCP Ports https 443 ssmtp 465 snntp 563 sldap 636 spop3 995 https 443 ssmtp 465 snntp 563 sldap 636 spop3 995 ftp-data 889 ftps 990 imaps 991 telnets 992 ircs 993 © Ravi Sandhu World-Leading Research with Real-World Impact! 15

SSL Services peer entity authentication data confidentiality data authentication and integrity compression/decompression generation/distribution of session keys integrated into protocol security parameter negotiation © Ravi Sandhu World-Leading Research with Real-World Impact! 16

SSL Architecture SSL Record Protocol TCP IP SSL Handshake Protocol SSL Change Cipher Spec Alert HTTP Other Application Protocols © Ravi Sandhu World-Leading Research with Real-World Impact! 17

SSL Architecture Handshake protocol: complicated embodies key exchange & authentication runs in plaintext 10 message types Change Cipher Spec protocol: straightforward single 1 byte message with value 1 could be considered part of handshake protocol transitions from plaintext to encrypted and mac’ed Record protocol: straightforward fragment, compress, MAC, encrypt uses 4 symmetric keys Alert protocol: straightforward 2 byte messages 1 byte alert level- fatal or warning; 1 byte alert code © Ravi Sandhu World-Leading Research with Real-World Impact! 18

SSL Record Protocol 4 symmetric keys Key 1 for MAC Key 2 for encrypt Client (Browser) Server Key 3 for MAC Key 4 for encrypt © Ravi Sandhu World-Leading Research with Real-World Impact! 19

SSL Record Protocol 4 steps by sender (reversed by receiver) Fragmentation Compression MAC Encryption © Ravi Sandhu World-Leading Research with Real-World Impact! 20

SSL Record Protocol each SSL record contains content type: 8 bits, only 4 defined change_cipher_spec alert handshake application_data protocol version number: 8 bits major, 8 bits minor length: max 16K bytes (actually 214+2048) data payload: optionally compressed and encrypted message authentication code (MAC) © Ravi Sandhu World-Leading Research with Real-World Impact! 21

SSL Handshake Protocol initially SSL session has null compression and cipher algorithms both are set by the handshake protocol at beginning of session handshake protocol may be repeated during the session © Ravi Sandhu World-Leading Research with Real-World Impact! 22

SSL Session SSL session negotiated by handshake protocol session ID chosen by server X.509 public-key certificate of peer possibly null compression algorithm cipher spec encryption algorithm message digest algorithm master secret 48 byte shared secret is resumable flag can be used to initiate new connections each session is created with one connection, but additional connections within the session can be further created © Ravi Sandhu World-Leading Research with Real-World Impact! 23

SSL Connection State connection end: client or server client and server random: 32 bytes each keys generated from master secret, client/server random client_write_MAC_secret server_write_MAC_secret client_write_key server_write_key client_write_IV server_write_IV compression state cipher state: initially IV, subsequently next feedback block sequence number: starts at 0, max 264-1 © Ravi Sandhu World-Leading Research with Real-World Impact! 24

SSL Connection State 4 parts to state handshake protocol current read state current write state pending read state pending write state handshake protocol initially current state is empty either pending state can be made current and reinitialized to empty © Ravi Sandhu World-Leading Research with Real-World Impact! 25

SSL Handshake Protocol Type: 1 byte 10 message types defined length: 3 bytes content © Ravi Sandhu World-Leading Research with Real-World Impact! 26

SSL Handshake Protocol Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 27

SSL Handshake Protocol Phase 1: Establish security capabilities Phase 2: Server authentication and key exchange Phase 3: Client authentication and key exchange Phase 4: Finish © Ravi Sandhu World-Leading Research with Real-World Impact! 28

SSL Handshake Protocol these handshake messages must occur in order optional messages can be eliminated 10th message hello_request can be sent anytime from server to client to request client to start handshake protocol to renegotiate session change_cipher_spec is a separate 1 message protocol functionally just like a message in the handshake protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 29

SSL 1-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 30

SSL Handshake Phase 1 Establish security capabilities client hello message 4 byte timestamp, 28 byte random value session ID: non-zero for new connection on existing session zero for new connection on new session client version: highest version cipher_suite list: ordered list key exchange method, encryption method, MAC method compression list: ordered list server hello message 32 byte random value new or reuse version lower of client suggested and highest supported cipher_suite list: single choice compression list: single choice © Ravi Sandhu World-Leading Research with Real-World Impact! 31

SSL 1-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 32

SSL RSA 1-way Handshake Phase 2 Server authentication and key exchange certificate message server’s X.509v3 certificate followed by optional chain of certificates required for RSA server done message ends phase 2, always required © Ravi Sandhu World-Leading Research with Real-World Impact! 33

SSL 1-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 34

SSL 1-way Handshake Phase 3 Client authentication and key exchange client key exchange message client generates 48-byte pre-master secret, encrypts with server’s RSA public key client and server compute 48 byte master secret using 48-byte pre-master secret, ClientHello.random, ServerHello.random client and server compute 4 symmetric keys from master secret Key 1 for MAC Key 2 for encrypt Client (Browser) Server Key 3 for MAC Key 4 for encrypt © Ravi Sandhu World-Leading Research with Real-World Impact! 35

SSL 1-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 36

SSL 1-way RSA Handshake Phase 4 Finish and move to record protocol change cipher spec message not considered part of handshake protocol but in some sense is part of it 1 byte message protected by current state copies pending state to current state Finished message sent under new algorithms and keys content is MAC of all previous messages with master secret and constant “client finished” or “server finished” © Ravi Sandhu World-Leading Research with Real-World Impact! 37

SSL 1-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 38

SSL 2-Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 39

SSL RSA 2-way Handshake Phase 2 Server authentication and key exchange certificate message server’s X.509v3 certificate followed by optional chain of certificates required for RSA certificate request message request a certificate from client specifies Certificate Type and Certificate Authorities server done message ends phase 2, always required © Ravi Sandhu World-Leading Research with Real-World Impact! 40

SSL 2-way Handshake Phase 3 Client authentication and key exchange certificate message client’s X.509v3 certificate followed by optional chain of certificates client key exchange message client generates 48-byte pre-master secret, encrypts with server’s RSA public key certificate verify message signs hash of master secret (established by key exchange) and all handshake messages so far client and server compute 48 byte master secret using 48-byte pre-master secret, ClientHello.random, ServerHello.random client and server compute 4 symmetric keys from master secret © Ravi Sandhu World-Leading Research with Real-World Impact! 41

SSL Alert Protocol 2 byte alert messages 1 byte level fatal or warning alert code © Ravi Sandhu World-Leading Research with Real-World Impact! 42

SSL Alert Messages World-Leading Research with Real-World Impact! © Ravi Sandhu World-Leading Research with Real-World Impact! 43

SSL Alert Messages always fatal unexpected_message bad_record_mac decompression_failure handshake_failure illegal_parameter © Ravi Sandhu World-Leading Research with Real-World Impact! 44

SSL Man-in-the-Middle (MITM) Attack © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way SSL MITM Client Server (Browser) https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

SSL © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way SSL MITM Client (Browser) Server MITM http https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way SSL MITM Client (Browser) Server MITM https https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way SSL MITM Client (Browser) Server MITM https https fake server certificate RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

Server-Side Masquerading Bob Web browser www.host.com Web server 1 way SSL Ultratrust Security Services www.host.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Server-Side Masquerading Bob Web browser www.host.com Web server 1-way SSL 1-way SSL Ultratrust Security Services Mallory’s Web server www.host.com BIMM Corporation www.host.com © Ravi Sandhu World-Leading Research with Real-World Impact!

Server-Side Masquerading Bob Web browser www.host.com Web server 1-way SSL 1-way SSL Ultratrust Security Services BIMM Corporation Mallory’s Web server www.host.com Ultratrust Security Services www.host.com © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way SSL MITM Client (Browser) Server MITM https https fake server certificate RSA encryption certificate RSA signature certificate fake client certificate © Ravi Sandhu World-Leading Research with Real-World Impact!

OpenSSL Heartbleed Attack © Ravi Sandhu World-Leading Research with Real-World Impact!

Heartbeat Protocol: RFC 6520, Feb. 2012 © Ravi Sandhu World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.