seguridad en sistemas de información francisco rodríguez henríquez ssl/tls: an introduction
TRANSCRIPT
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
SSL/TLS: An Introduction
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS Overview
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
Problem
• Problem: Creating applications which can communicate securely over the Internet
• TLS: Transport Layer Security (SSL)• Certificates• Related technology: S-HTTP, IPSec, SET,
SASL
• References
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
What is SSL/TLS
• SSL (Secure Socket Layer) is an encryption protocol designed by Netscape,
• and TLS (Transport Level Security) is the successor protocol designed by the IETF.
• The protocols are designed to fit between the TCP/IP layer and the application layer(HTTP, SMTP).
• The most common uses of SSL/TLS are HTTP(web) and SMTP(mail), and like PGP, SSL/TLS uses public key cryptography.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS: Overview
• Establish a session – Agree on algorithms– Perform authentication– Share secrets
• Transfer application data– Ensure privacy and integrity
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
What is TLS?
• Protocol layer • Requires reliable transport layer
(e.g. TCP)• Supports any application protocols
IPTCPTLS
HTTP Telnet FTP LDAP
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
Changes from SSL 3.0 to TLS
• Additional Alerts added• Modification to hash calculations• Protocol version 3.1 in ClientHello,
ServerHello
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS: HTTP Application
• HTTP most common TLS application– https://
• Requires TLS-capable web server• Requires TLS-capable web browser
– Netscape Navigator– Internet Explorer– Cryptozilla
• Netscape Mozilla sources with SSLeay
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS Architecture
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS: Record Protocol
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS Handshake Protocol
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS Handshake: Three Goals
1. Negotiate Cipher-Suite Algorithms– Symmetric cipher to use– Key exchange method– Message digest function
2. Optionally authenticate server and/or client
3. Establish and share master secret
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
Handshake Phases
• Hello messages• Certificate and Key Exchange
messages• Change CipherSpec and Finished
messages
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
TLS: Hello
• Client “Hello” - initiates session– Propose protocol version– Propose cipher suite– Server chooses protocol and suite
• Client may request use of cached session– Server chooses whether to honor
request
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez
References
• http://www.openssl.org/
• http://www.openssl.org/docs/
• http://httpd.apache.org/docs-2.0/ssl/
• Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall, 1999.
• Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” <http://www.counterpane.com/ssl.html>
• Internet Drafts and RFCs <http://www.ietf.org/>.