Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography CSS 329 Lecture 13:SSL.

Published byAlyson Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography CSS 329 Lecture 13:SSL."— Presentation transcript:

1 Cryptography CSS 329 Lecture 13:SSL

2 Lecture Outline • SSL/TLS

3 NETWORK PROTOCOLS

4 Before Securing a Protocol…
• Understand what is does • Define what are the security goals • Define what is the attacker model • Understand/examine the environment in which the protocol will be used

5 OSI/ISO Model

6 Internet Protocol - IP • IP is the current delivery protocol on the Internet, between hosts. • IP provides ‘best effort’, unreliable delivery of packets. • There are two versions: – IPv4 is the current routing protocol on the Internet – IPv6, a newer version, still not totally embraced by the community

7 Transport Protocols • Provides communication between processes running on hosts • The most common transport protocols are UDP and TCP. • OS provides support for developing applications on top of UDP and TCP.

8 Establishing a ``Secure Channel’’
• Services provides: confidentiality, integrity and authentication • At what level in the stack? • What are advantages disadvantages based on the level • Two protocols: SSL (TLS) and IPSec

9 Providing Security

10 SSL and TLS History • SSL was originated by Netscape
• SSLv3 was designed with public comment and made available, known as TLS • An working group was formed within IETF

11 What is Transport Layer Security
• Protocol that allows to establish an end-to-end secure channel, providing: confidentiality, integrity and authentication • Defines how the characteristics of the channel are negotiated: key establishment, encryption cipher, authentication mechanism • Requires reliable end-to-end protocol, so it runs on top of TCP • It can be used by other session protocols (such as HTTPS) • Several implementations: for example SSLeay, open source implementation (

12 TLS (cont.) • Confidentiality: Achieved by encryption using DES, 3DES, RC2, RC4, IDEA. • Integrity: Achieved by computing a MAC and send it with the message; MD5, SHA1. • Key exchange: relies on public key encryption for this.

13 TLS: Protocol Architecture

14 Session and Connection
– association between a client and a server; – created by the Handshake Protocol; – defines secure cryptographic parameters that can be shared by multiple connections. • Connection: – end-to-end reliable secure communication; – every connection is associated with a session.

15 Session • Session identifier: generated by the server to identify an active or resumable session. • Peer certificate: X 509v3 certificate. • Compression method: algorithm used to compress the data before encryption. • Cipher spec: encryption and hash algorithm, including hash size. • Master secret: 48 byte secret shared between the client and server. • Is resumable: indicates if the session can be used to initiate new connections.

16 Connection • Server and client random: chosen for each connection.
• Server write MAC secret: shared key used to compute MAC on data sent by the server. • Client write MAC secret: same as above for the client • Server write key: shared key used by encryption when server sends data. • Client write key: same as above for the client. • Initialization vector: initialization vectors required by encryption. • Sequence numbers: both server and client maintains such a counter to prevent replay, cycle is

17 TLS: SSL Record Protocol
• Provides confidentiality and message integrity using shared keys established by the Handshake Protocol

18 TLS: SSL Record Protocol
• Fragments have size • Compression done such that expansion is not more than 1024 bytes (for small messages, compression might expand data because of alignments. • Currently in TLS no compression scheme specified. • The maximum packet size id bytes (1024 from compression, 1024 from HMAC). • TLS uses the HMAC standard for integrity and authentication.

19 TLS: Change Cipher Spec Protocol
• One message of one byte containing value 1 • When this message is sent the pending state is copied in the current state

20 SSL Record Packet • Header:
– Content type: what protocol will process the packet (change cipher spec, alert, handshake, application data) – Major Version: 3 (for TLS) – Minor Version: 0 (for TLS) – Compressed length: max is

21 Alert Protocol • Used to send TLS related alerts to peers
• Alert messages are compressed and encrypted • Message: two bytes, one defines fatal/warnings, other defines the code of alert • Fatal errors: decryption_failed, record_overflow, unknown_ca, access_denied, decode_error, export_restriction, protocol_version, insufficient_security, internal_error • Other errors: decrypt_error, user_cancelled, no_renegotiation

22 TLS: Handshake Protocol
• Negotiate Cipher-Suite Algorithms – Symmetric cipher to use – Key exchange method – Message digest function • Establish the shared master secret • Optionally authenticate server and/or client

23 Handshake Protocol

24 Handshake Protocol: Hello
• Client_hello_message has the following parameters: – Version – Random: timestamp + 28-bytes random – Session ID – CipherSuite: cipher algorithms supported by the client, first is key exchange – Compression method • Server responds with the same • Client may request use of cached session – Server chooses whether to accept or not

25 Handshake Protocol: Key Exchange
• Supported key exchange methods: – RSA: shared key encrypted with RSA public key – Fixed Diffie-Hellman; public parameters provided in a certificate – Ephemeral Diffie-Hellman: the best; Diffie-Hellman with temporary secret key, messages signed using RSA or DSS – Anonymous Diffie-Hellman: vulnerable to man-in-the-middle

26 TLS: Authentication • Verify identities of participants
• Client authentication is optional • Certificate is used to associate identity with public key and other attributes

27 TLS: Change Cipher Spec/Finished
• Change Cipher Spec completes the setup of the connections. • Announce switch to negotiated algorithms and values • The client sends a message under the new algorithms, allows verification of that the handshake was successful.

Download ppt "Cryptography CSS 329 Lecture 13:SSL."

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Similar presentations

Ads by Google