Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Slides:



Advertisements
Similar presentations
ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Advertisements

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Cryptography and Network Security Chapter 16
CSC 474 Information Systems Security
Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Tunneling and Securing TCP Services Nathan Green.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
Executive Director and Endowed Chair
IT443 – Network Security Administration Instructor: Bo Sheng
Cryptography and Network Security
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Visit for more Learning Resources
BINF 711 Amr El Mougy Sherif Ismail
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
Cryptography and Network Security
Cryptography and Network Security Chapter 16
Secure Web Application-SSL
Cryptography and Network Security
SSL (Secure Socket Layer)
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security

Computer Science CSC 474Dr. Peng Ning2 Transport Layer Security Protocols Secure Socket Layer (SSL) –Originally developed to secure http –Version 3 was developed with public review –Application independent Can be used for any application protocol Examples: telnet, pop3, imap, ftp, etc. Transport Layer Security (TLS) –TLS 1.0 very close to SSL 3.1 –Backward compatible with SSL v3.

Computer Science CSC 474Dr. Peng Ning3 SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP and other protocols SSL Record Protocol TCP IP SSL Protocol Stack SSL Architecture A two-layered protocol. Rely on TCP for a reliable communication.

Computer Science CSC 474Dr. Peng Ning4 SSL Services Peer entity and data authentication Data confidentiality Data integrity Compression/decompression Generation/distribution of session keys –Integrated to protocol –A different approach from IPSec Security parameter negotiation.

Computer Science CSC 474Dr. Peng Ning5 SSL Connection and Session Each SSL session can be used for multiple SSL connections. SSL Session –An association between a client and a server. –Created by handshake protocol. –Are used to avoid negotiation of new security parameters for each connection. SSL Connection –A connection is a transport that provides a suitable type of service. –Peer-to-peer, transient –Each connection is associate with one session.

Computer Science CSC 474Dr. Peng Ning6 SSL Session We can view an SSL session as an SSL security association. A SSL session consists of –Session ID –X.509 public-key certificate of peer (could be null) –Compression algorithm –Cipher spec: Encryption algorithm, message digest algorithm, etc. –Master secret: 48 byte secret shared between the client and server –Is reusable

Computer Science CSC 474Dr. Peng Ning7 SSL Connection An SSL Connection consists of –Server and client random –Server write MAC secret –Client write MAC secret –Server write key –Client write key –Server IV –Client IV –Sequence number

Computer Science CSC 474Dr. Peng Ning8 SSL Record Protocol Four steps by sender (reversed by receiver) –Fragmentation 2 14 bytes –Compression (optional) –MAC –Encryption

Computer Science CSC 474Dr. Peng Ning9 SSL Record Protocol Operation

Computer Science CSC 474Dr. Peng Ning10 SSL Record Format

Computer Science CSC 474Dr. Peng Ning11 SSL Record Protocol Payload

Computer Science CSC 474Dr. Peng Ning12 Handshake Protocol Initially SSL session has null compression and encryption algorithm. Both are set by the handshake protocol at the beginning of session. Handshake protocol may be repeated during the session. Four phases –Establish Security Capabilities –Server Authentication and Key Exchange –Client Authentication and Key Exchange –Finish

Computer Science CSC 474Dr. Peng Ning13 Phase 1. Establish Security Capabilities ClientServer Client_hello* Server_hello* Message marked by * are mandatory; Other messages are optional.

Computer Science CSC 474Dr. Peng Ning14 Phase 1 (Contd) Client_hello –Version: The highest SSL version understood by the client –Random: 4-byte timestamp + 28-byte random number. –Session ID: zero for new session, non-zero for a previous session –CipherSuite: list of supported algorithms –Compression Method: list of supported compression methods

Computer Science CSC 474Dr. Peng Ning15 Phase 1 (Contd) Server_hello –Version: min (client_hello version, highest version supported by the server) –Random: 4-byte timestamp + 28-byte random number. Generated by the server –Session ID: –CipherSuite: selected from the clients list by the server –Compression method: selected from the clients list by the server

Computer Science CSC 474Dr. Peng Ning16 ClientServer Certificate Server_key_exchange Certificate_request Server_done* Phase 2: Server Authentication and Key Exchange Certificate is almost always used.

Computer Science CSC 474Dr. Peng Ning17 Certificate message Required for any agreed-on key exchange method except for anonymous Diffie-Hellman. –Anonymous D-H Problem? Contains one or a chain of X.509 certificates.

Computer Science CSC 474Dr. Peng Ning18 Server_key_exchange message Not required if –The server has sent a certificate with fixed D-H parameters, or –RSA key exchange is to be used. Needed for –Anonymous D-H –Ephemeral D-H –RSA key exchange, in which the server is using RSA but has a signature-only RSA key. –Fortezza

Computer Science CSC 474Dr. Peng Ning19 Certificate_request message Request a certificate from the client Two parameters –Certificate_type RSA, signature only DSS, signature only … –Certificate_authorities

Computer Science CSC 474Dr. Peng Ning20 Server_done message Indicate the end of server hello and associated messages.

Computer Science CSC 474Dr. Peng Ning21 Phase 3. Client Authentication and Key Exchange ClientServer Certificate client_key_exchange* certificate_verify

Computer Science CSC 474Dr. Peng Ning22 Phase 3. Client Authentication and Key Exchange Certificate –One or a chain of certificates. Client_key_exchange –RSA: encrypted pre-master secret with the servers public key. –D-H: clients public key. Certificate_verify –Only sent following any client certificate that has signing capability –Proves the client is the valid owner of the certificate.

Computer Science CSC 474Dr. Peng Ning23 Phase 4. Finish ClientServer Change_cipher_spec* Finished* Change_cipher_spec* Finished*

Computer Science CSC 474Dr. Peng Ning24 Master Secret Creation The master secret is a one-time 48-byte value. –Pre-master secret: by RSA or D-H –Master secret is computed from the pre-master secret, client random and server random.

Computer Science CSC 474Dr. Peng Ning25 Generation of Cryptographic Parameters Generated from the master secret, client random, and server random. –Client write MAC secret –Server write MAC secret –Client write key –Server write key –Client write IV –Server write IV

Computer Science CSC 474Dr. Peng Ning26 Change Cipher Spec Protocol Session State –Current state The session state in effect –Pending state The session being negotiated. Change Cipher Spec Protocol –Cause the pending state to be copied into the current state.

Computer Science CSC 474Dr. Peng Ning27 Alert Protocol Convey SSL related alerts to the peer. Compressed and encrypted. Two types of alerts –Fatal SSL immediately terminates the connection. Examples –Unexpected message –Bad_record_mac –Warning Examples –Close_notify –No_certificate

Computer Science CSC 474Dr. Peng Ning28 Application Ports Used with SSL https443 smtps465 nntps563 ldaps636 pop3s995 ftp-datas889 ftps990 imaps991

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.