1. SSL (Secure Socket Layer)
transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard known as TLS (Transport Layer Security)
uses TCP to provide a reliable end-to-end service
SSL has two layers of protocols
SSL probably most widely used Web security mechanism. Its implemented at the Transport layer; cf IPSec at Network layer; or various Application layer mechanisms eg. S/MIME & SET (later).

2. SSL Architecture
Stallings Fig 17-2.

3. SSL Architecture SSL session an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
SSL connection
- Is a transport that provides suitable type of service
a transient, peer-to-peer, communications link
associated with 1 SSL session

4. Session State-Parameters
Session identifiers- Arbitrary byte sequence chosen by server
Peer certificate-X.509V3 certificate of peer.
Compression method-algorithm to compress data prior to encryption.
Cipher spec-bulk data encryption algorithm and hash algorithm.
Master secret- 48 byte secret b/w client and server.
Is resumable- flag indicating whether session can be used to initiate new connections.

5. Connection state-Parameters
Server and client random-byte sequence for each connection.
Server write MAC secret-key used in MAC operation on data sent by server.
Client Write MAC secret-secret-key used in MAC operation.
Server write key-Conventional encryption key for encrypting data by server
Client write key-key-Conventional encryption key for encrypting data by client.
Initialization vectors
Sequence numbers

6. SSL Record Protocol-Services
confidentiality
using symmetric encryption with a shared secret key defined by Handshake Protocol
IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
message is compressed before encryption
message integrity
using a MAC with shared secret key
similar to HMAC but with different padding
SSL Record Protocol defines these two services for SSL connections.

7. SSL Record Protocol Services Confidentiality – symmetric encryption
Message Integrity – MAC
Application data
fragment
compress
fragment
MAC
Content type
Version
Compressed length
Encrypted
SSL record
header
Encrypted 7

8. MAC calculation done by
Hash(MAC-write-secret|| pad-2||
hash(MAC-write-secret|| pad-1||
seq-num||SSLcompressed.type||
SSLcompressed.length||
SSLcompressed.fragment))

9. MAC-write-secret shared secret key
Hash MD5 or SHA-1
Pad-1 byte 0x36 repeated 48 times for MD5
Pad-2 byte 0x5c repeated 48 times for MD5
Seq-num sequence number for this message
SSLCompressed.type higher level protocol used to process this fragment
SSLCompressed.length length of compressed fragment
SSLCompressed.fragment compressed fragment

10. Final step of SSL record protocol processing is to prepend header, consisting of fields:
Content type (8 bits) -higher layer protocol used to process the enclosed fragment.
Major version (8 bits)-SSLv3, value is 3
Minor version (8 bits)-SSLv3, value is 0
Compressed length-16 bits

11. SSL Change Cipher Spec Protocol
one of 3 SSL specific protocols which use the SSL Record protocol
a single message
causes pending state to become current
hence updating the cipher suite in use

12. SSL Alert Protocol conveys SSL-related alerts to peer entity severity
warning or fatal( SSL immediately terminates the connection)
specific alert that are always fatal
unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter
close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
compressed & encrypted like all SSL data

14. Handshake Protocol Function Message format
Server and client authenticate each other
Negotiate encryption, MAC algorithm, and cryptographic keys
Message format
Type: one of the 10 messages
Hello_request; client_hello; server_hello;etc..
Length
Content: parameters 14

15. SSL Handshake Protocol
allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish

16. Stallings Fig 17-6.

17. PHASE-1 Establish security capabilities
Used to initiate a logical connection and to establish security capabilities that will be associated with it.
Client sends client- hello message with parameters:
Version – highest SSL version understood by client.
Random- 32 bit timestamp and 28byte random number.
Session ID- Non zero value( new connection on existing session.
- Zero value (new connection on new session.
CipherSuite- all cryptographic algorithms, key exchange
Compression method

18. Server-Hello message:
After sending client-hello message, client waits for server-hello message which is same as that of client-hello message.
Cipher Suite : parameters include key exchange method
( conventional encryption keys and MAC keys are exchanged)
Key exchange methods:
RSA
Fixed Diffie Hellman
Ephemeral Diffie-hellman
Anonymous Diffie-Hellman

19. PHASE-2 Server authentication and key exchange
Server sends certificate-X.509
Server key exchange message is sent for following:
1. Anonymous Diffie-Hellman( prime number and primitive root and server’s public Diffie-Hellman key)
2. Ephemeral Diffie-Hellman (3 parameters plus signature of those parameters)
3. RSA key exchange- Client cannot simply send secret key encrypted with server’s public key. Server must create RSA public/private key pair and use server-key –exchange message to send the public key

20. Certificate-request message includes certificate type and certificate-authorities.
Certificate types:
1. RSA, signature only
2. DSS, signature only
3. RSA for fixed Diffie-Hellman
4. RSA for Ephemeral diffie-Hellman
5. DSS for fixed Diffie-Hellman
6. DSS for Ephemeral diffie-Hellman
Server sends server-done message (no parameters)

21. PHASE-3- Client authentication and key exchange
If server has requested certificate, client sends certificate . If no suitable certificate available, client sends no-certificate alert.
Client-key-exchange message is sent based on
RSA: client generates 48 byte pre-master secret and encrypts with public key from server certificate.
Ephemeral Diffie-Hellman-client’s public Diffie-Hellman parameters are sent.
Fixed Diffie-Hellman
Client sends Certificate-verify message to provide explicit verification of a client certificate.

22. PHASE-4-FINISH This phase completes setting up of secure connection.
Client sends change-cipher-spec message
Client sends finished message.
Finished message is concatenation of 2 hash values.
MD5(master-secret||pad2||MD5(handshake-message||sender||master-secret||pad1))
SHA(master-secret||pad2||SHA(handshake-message||sender||master-secret||pad1))
Server sends change-cipher-spec message to client.
Server sends finished message to client.