1 / 31

Secure Socket Layer (SSL)

Secure Socket Layer (SSL). LDAP. DNS. NFS. PING. TELNET. IMAP. UDP. ICMP. TCP/IP Protocol Stack. Application Layer. HTTP. Transport Layer. TCP. Network Layer. IP. Physical Layer. IP packet. IP (Internet Protocol) has IP address (32 bits, network + host portions)

neville-stephens
Télécharger la présentation

Secure Socket Layer (SSL)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Socket Layer (SSL)

  2. LDAP DNS NFS PING TELNET IMAP UDP ICMP TCP/IP Protocol Stack Application Layer HTTP Transport Layer TCP Network Layer IP Physical Layer IP packet

  3. IP (Internet Protocol) has IP address (32 bits, network + host portions) ICMP (Internet Control Message Protocol) control IP traffic TCP (Transmission Control Protocol) implements virtual circuit for reliable connection-oriented comm. UDP (User Datagram Protocol) implements connectionless comm. HTTP -- for WWW LDAP – directory access IMAP – access email over Internet TELNET -- for remote login DNS -- translates names into IP addresses NFS -- network file system, for sharing files among systems PING -- checks other machines Protocols

  4. Let us find out the routers when we shop on-line • When we connect from USCUpstate computers to http://www.amazon.com/ via IE or Netscape, our packets have a long trip to get there:

  5. Such IP Tracing is available on sites like http://visualroute.visualware.com and http://samspade.org/

  6. HTTP SSL TCP IP IP packet Location of SSL Application Layer Transport Layer Network Layer Physical Layer

  7. Application Layer Transport Layer Network Layer Data link Layer SSL v.s. IPSec and others IKE (ISAKMP/Oakley in IPSec), S/MIME, Kerberos, Proxies, SET, PGP App SSL, TLS, SOCKS TCP AH, ESP (in IPSec), Packet filtering, IP Tunneling (L2TP, PPTP, L2F), CHAP (challenge handshake protocol) PAP (password auth. protocol), MS-CHAP Network driver

  8. X.509 public key certificate

  9. Flow of actions in SSL • Authenticate the server to the client. • Allow the client and server to select the cryptographic algorithms they both support. • Optionally authenticate the client to the server. • Use public-key encryption to generate shared secrets. • Establish an encrypted SSL connection.

  10. Capabilities of SSL • To establish an encrypted, not necessarily authenticated, communication channel between a client and a server. • To authenticate the server, and establish an secure channel (the case of RSA). • To authenticate the server, and establish an secure channel (general case, incl RSA). • To authenticate the server AND the client, and establish an authenticated secure channel. Less preferred preferred

  11. (1) ClientHello ServerHello, ServerKeyExchange, ServerHelloDone (2) ClientKeyExchange, ChangeCipherSpec, Finished (3) ChangeCipherSpec, Finished (4) Establish encrypted, but unauthenticated, channel (Browser) Client (Web) Server

  12. 4 moves & 9 messages in SSL

  13. 1. ClientHello (C  S) • Version • Identifies the highest version of the SSL protocol that the client can support • RandonNumber • 32-bit random number used to seed the cryptographic computation • Session ID • Identifies a specific SSL session • CipherSuites • A list of cryptographic parameters/schemes that the client can support • CompressionMethods • Identifies data compression methods that the client can support

  14. 2. ServerHello (C  S) • Version • Identifies the highest version of the SSL protocol to be used for this communication • RandonNumber • 32-bit random number used to seed the cryptographic computation • Session ID • Identifies a specific SSL session • CipherSuites • The cryptographic parameters/schemes to be used • CompressionMethods • The data compression methods to be used

  15. 3. ServerKeyExchange (C  S) • Contains the (public) key information • Exact format depends on the particular public key algorithm selected • Not encrypted !

  16. 4. ServerHelloDone (C  S) • Contains no information, other than that it’s done !

  17. 5. ClientKeyExchange (C  S) • Client tells the server key information for symmetric ciphers to be used • Encrypted using the server’s public key !

  18. 6 & 8. ChangeCipherSpec (C  S & C  S) • After the message #5, a preliminary SSL negotiation is complete, and both parties are ready to use security services negotiated • These 2 messages are to explicitly indicate that security services should now be invoked • In other words, to activate the options

  19. 7 & 9. Finished • To authenticate • Key information • Contents of all previous SSL handshake messages exchanged between the 2 parties • A special value to indicate whether the sender is a client or a server

  20. (1) ClientHello ServerHello, Certificate, ServerKeyExchange, ServerHelloDone (2) ClientKeyExchange, ChangeCipherSpec, Finished (3) ChangeCipherSpec, Finished (4) Establish encrypted channel, with server being authenticated (Browser) Client (Web) Server

  21. Certificate message from server • Contains a certificate chain beginning with the server’s public key certificate and ending with the root certificate authority’s certificate • The client browser usually has well known CA certificates preloaded • The certificate contains Internet domain name of the server which must be verified by the client

  22. Advantages • Separating encryption from authentication • Applicable to not only RSA but also other digital signature-only schemes such as DSS • Preferred to the previous technique which did NOT separate encryption from authentication • (ServerKeyExchange is signed using the server’s private key, for the client to verify using the server’s matching public key !)

  23. (1) ClientHello ServerHello, Certificate, CertificateRequest, ServerHelloDone (2) Certificate, ClientKeyExchange, CertificateVerify, ChangeCipherSpec, Finished (3) ChangeCipherSpec, Finished (4) Establish encrypted channel, with mutual authentication (Browser) Client (Web) Server

  24. CertificateRequest (C  S) • CertificateTypes • A list of certificate types acceptable to the server • DistinguishedNames • A list of distinguished names of certificate authorities acceptable to the server (X.500 names) • (the server MUST authenticate itself, ie, must have “Certificate” from S to C)

  25. Certificate (C  S) • The client’s public key is used for signature verification only, not for encryption • If the client does not have a certificate, it sends a “NoCertificateAlert”

  26. CertificateVerify (C  S) • The client signs • Key information • Contents of all previous SSL handshake messages exchanged between them • The server verifies the identify of the client using its public key

  27. Cryptographic algorithms supported by SSL v3.0 • Public key encryption/key-distribution • RSA, Diffie-Hellman • Digital signature • RSA, DSS • Symmetric ciphers • RC2, RC4, DES, 3DES, IDEA, FORTEZZA • 1-Way hash • MD5, SHA

  28. HTTP LDAP IMAP FTP SSL TCP IP IP packet Securing other applicationsusing SSL …

  29. HTTP Appli- cation Alert Change Cipher Hand- shake TCP Record Layer Components of SSL SSL

  30. References for SSL • SSL http://home.netscape.com/eng/ssl3/ • Open source for SSL developers http://www.openssl.org/

More Related