Web Security (TRANSPORT-LEVEL SECURITY) Secure Socket Layer Transport Layer Security
Web Security ◆ Secure Socket Layer (SSL) provides security services between TCP and applications that use TCP. The Internet standard version is called Transport Layer Service (TLS). ◆ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code. ◆ SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.
Web Security Threats
Web Traffic Security Approaches
1. SECURE SOCKET LAYER Two important SSL concepts are the SSL session and the SSL connection, which are defined in the specification as follows. • Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer-to-peer relationships. The connections are transient. Every connection is associated with one session. • Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters which can be shared among multiple connections
session state A session state is defined by the following parameters. • Session identifier • Peer certificate • Compression method • Cipher spec • Master secret • Is resumable
connection state A connection state is defined by the following parameters. Server and client random Server write MAC secret Client write MAC secret Server write key Client write key Initialization vectors Sequence numbers
SSL Architecture
SSL Record Protocol The SSL Record Protocol provides two services for SSL connections: • Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. • Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC).
SSL Record Protocol Operation
SSL Record Protocol header • Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment. • Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3. • Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0. • Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed fragment if compression is used)
SSL Record Format
SSL Record Protocol Payload
Alert Protocol Messages • unexpected_message • bad_record_mac • decompression_failure • handshake_failure • illegal_parameter • close_notify • no_certificate • bad_certificate • unsupported_certificate • certificate_revoked • certificate_expired • certificate_unknown:
Handshake Protocol
2. TRANSPORT LAYER SECURITY Version Number Message Authentication Code Pseudorandom Function Alert Codes Cipher Suites Client Certificate Types Cryptographic Computations Padding
Pseudorandom Function
Alert Codes record_overflow unknown_ca access_denied decode_error protocol_version insufficient_security unsupported_extension internal_error decrypt_error