secure socket layer
TRANSCRIPT
Secure Socket Layer&
Transport Layer Security
Secure Socket Layer(SSL)
What is SSL?
Cont…
O Transport layer security service.
O Originally developed by Netscape.
O Version 3 designed with public input
O Subsequently became Internet standard
known as TLS (Transport Layer Security).
O Uses TCP to provide a reliable end-to-end
service.
O SSL has two layers of protocols.
Where SSL Fits?
HTTP SMTP POP3
80 25 110
HTTPS SSMTP SPOP3
443 465 995
Secure Sockets
Layer
Transport
Network
Link
Uses Public Key Scheme
O Each client-server pair uses
O 2 public keys
O One for client (browser)
O Created when browser is installed on clientmachine.
O One for server (http server)
O Created when server is installed on serverhardware.
O 2 private keys
O One for client browser
O One for server (http server)
SSL Architecture
SSL Architecture
O SSL session
O An association between client & server
O Created by the Handshake Protocol
O Define a set of cryptographic parameters
O May be shared by multiple SSLconnections
SSL Record Protocol
OConfidentialityO Using symmetric encryption with a shared
secret key defined by Handshake Protocol
O IDEA, RC2-40, DES-40, DES, 3DES,Fortezza, RC4-40, RC4-128
O Message is compressed before encryption
Omessage integrityO Using a MAC (Message Authentication
Code) created using a shared secret keyand a short message
SSL Change Cipher Spec Protocol
O One of 3 SSL specific protocols which use
the SSL Record protocol
O A single message
O Causes pending state to become current
O Hence updating the cipher suite in use
SSL Alert Protocol
O Conveys SSL-related alerts to peer entity
O SeverityO Warning or fatal
O Specific alertO Unexpected message, bad record mac,
decompression failure, handshake failure, illegalparameter
O Close notify, no certificate, bad certificate,unsupported certificate, certificate revoked,certificate expired, certificate unknown
O Compressed & encrypted like all SSL data
SSL Handshake Protocol
OAllows server & client to:O Authenticate each other
O To negotiate encryption & MAC algorithms
O To negotiate cryptographic keys to be used
OComprises a series of messages in phasesO Establish Security Capabilities
O Server Authentication and Key Exchange
O Client Authentication and Key Exchange
O Finish
Cont…
Transport Layer Security
(TLS)
What is TLS?
O The Transport Layer Security (TLS)
protocol is the IETF standard version of
the SSL protocol. The two are very similar,
with slight differences.
Cont…
O IETF standard RFC 2246 similar to SSLv3 with minor differencesO In record format version number
O Uses HMAC for MAC
O A pseudo-random function expands secrets
O Based on HMAC using SHA-1 or MD5
O Has additional alert codes
O Some changes in supported ciphers
O Changes in certificate types & negotiations
O Changes in crypto computations & padding
Version
O The first difference is the version number
(major and minor). The current version of
SSL is 3.0; the current version of TLS is
1.0. In other words, SSLv3.0 is compatible
with TLSv1.0.
Cipher Suite
O Another minor difference between SSL
and TLS is the lack of support for the
Fortezza method. TLS does not support
Fortezza for key exchange or for
encryption/decryption.
Generation of Cryptographic SecretsData Expansion Function
Cont…Master Secret Generation
Cont…Key Material Generation
TLS Layers
O TLS is composed of two layers: the TLSRecord Protocol and the .
O TLS Handshake Protocol. The TLS RecordProtocol provides connection security withsome encryption method such as the DataEncryption Standard (DES).
O The TLS Record Protocol can also be usedwithout encryption.
O The TLS Handshake Protocol allows theserver and client to authenticate each otherand to negotiate an encryption algorithm andcryptographic keys before data is exchanged.
Handshake ProtocolHash for certificate verification in TLS
Message TypeThis field identifies the Handshake message type.
Message Types
Code Description
0 HelloRequest
1 ClientHello
2 ServerHello
11 Certificate
12 ServerKeyExchange
13 CertificateRequest
14 ServerHelloDone
15 CertificateVerify
16 ClientKeyExchange
20 Finished
Hash for finished message in TLS
Alert Protocol
O TLS supports all of the alerts defined in
SSL except for NoCertificate. TLS also
adds some new ones to the list. Table
shows the full list of alerts supported by
TLS.
DescriptionThis field identifies which type of alert is being sent.
Alert description types
Code Description Level types Note
0 Close notify warning/fatal
10 Unexpected message fatal
20 Bad record MAC fatal
Possibly a bad SSL
implementation, or payload has
been tampered with e.g. FTP
firewall rule on FTPS server.
21 Decryption failed fatal TLS only, reserved
22 Record overflow fatal TLS only
30 Decompression failure fatal
40 Handshake failure fatal
41 No certificate warning/fatal SSL 3.0 only, reserved
42 Bad certificate warning/fatal
43 Unsupported certificate warning/fatal
E.g. certificate has only Server
authentication usage enabled and
is presented as a client certificate
