SSL BASICS AND SSL PACKET ANALYSIS USING

WIRESHARK

Presented byMd. Al ImranM.Sc in MISS

CEH, ISO 27001 LA

YOU WILL LEARN Definition of SSL Components of SSL How SSL works Packet capturing and analysis using

Wireshark Concepts about Digital Signature, PKI, Digital

Envelope, Digital Certificate

Prepared by Md. Al Im

ran

2

WHAT IS SSL Secure communication protocol Between client(browser) and server Securing any transmission over TCP HTTPS is an application of SSL We can tell it HTTP over SSL

Prepared by Md. Al Im

ran

3

SSL PROVIDES Confidentiality Authenticity Integrity Non repudiation

Prepared by Md. Al Im

ran

4

COMPONENTS OF SSL 4 components/protocol layer Record layer Change cipherspec protocol Alert protocol Handshake protocol

Prepared by Md. Al Im

ran

5

RECORD LAYERPrepared by M

d. Al Imran

6

RECORD LAYER (CONTD..) Collects all messages from Alert,

ChangeCipherSpec, Handshake and application protocol messages

Format them, formatting provides a header of each message Add Message Authentication Code(MAC) at the

end Five bytes header Protocol message follow the header no longer

that 16384 bytes

Prepared by Md. Al Im

ran

7

RECORD LAYER (CONTD..) Header contains

Protocol definition(1 byte): indicated which higher layer protocol is contained

Version(2 byte): SSL protocol version Length(2 byte): length of higher layer protocol

message

Prepared by Md. Al Im

ran

8

CHANGECIPHERSPEC PROTOCOL Composed of only one message(1 byte) Indicates the beginning of secure

communication

Prepared by Md. Al Im

ran

9

ALERT PROTOCOL Sends errors, problems, warning about the

connection between client and server Layer is formed with two fields

Severity level: 1 means warning, 2 means fatal error

Alert description: Close notify, no certificate, bad certificate,

BadRecordMAC, handshake failure etc

Prepared by Md. Al Im

ran

10

HANDSHAKE PROTOCOL Establish a handshake which begins secure

communication between client and server The following steps shows how handshake is

established

Prepared by Md. Al Im

ran

11

HANDSHAKE PROTOCOL (CONTD..)Prepared by M

d. Al Imran

12

HANDSHAKE PROTOCOL (CONTD..) ClientHello

5 components of the message Version: which SSL version client supports Random number: 32 byte for cryptographic

calculation, with (4 byte)time & date at the last Session ID: empty Cipher suites: exact algorithm(DES, AES,

3DES,RC4,MD5,SHA-1), key size Compression method: compression before

encryption

Prepared by Md. Al Im

ran

13

HANDSHAKE PROTOCOL (CONTD..) ServerHello

Server takes the decision Version: determines SSL version to be used Random number: 32 byte for cryptographic

calculation, with (4 byte)time & date at the last, avoid replay attack

Session ID: specific session ID Cipher suites: selects exact, key size to be used Compression method: select exact compression

method

Prepared by Md. Al Im

ran

14

HANDSHAKE PROTOCOL (CONTD..) ServerkeyExchange

Sends public key information(Digital Certificate) of itself according to selected ciphersuite

ServerHelloDone Has finished negotiation message. Very important for client to move next state

Prepared by Md. Al Im

ran

15

HANDSHAKE PROTOCOL (CONTD..) ClientkeyExchange

Client sends his key information. Premaster-secret encrypted using servers public

key which is called “Digital Envelope” Server and client generate master-secret and

session key based on premaster-secret Prevent Man-in-the-Middle attack Server decrypt it using his private key that

ensures server authentication

Prepared by Md. Al Im

ran

16

HANDSHAKE PROTOCOL (CONTD..) ChangeCipherSpec

Both client and server sends this message Begin using agreed upon security services

Finished Both client and server sends this final message Both ends verify negotiation is successful Encrypted and hashed message(ensures intigrity) Ensures 3 points

Key information Contents of all previous SSL handshake messages

exchanged by the systems A special value indicating whether the sender is a client or

server

Prepared by Md. Al Im

ran

17

CLIENT HELLOPrepared by M

d. Al Imran

18

SERVER HELLOPrepared by M

d. Al Imran

19

SERVER KEY EXCHANGEPrepared by M

d. Al Imran

20

SERVER HELLO DONEPrepared by M

d. Al Imran

21

CLIENT KEY EXCHANGEPrepared by M

d. Al Imran

22

DIGITAL CERTIFICATE It’s a component of PKI Why PKI? Electronic passport Allows client to exchange information

securely over the Internet using PKI Contains public key and identity of the public

key holder Contains serial no., valid duration, version,

algorithm, digital signature of the CA to verify that certificate is real

Provides sender authentication Issued by trusted CA

Prepared by Md. Al Im

ran

23

DIGITAL CERTIFICATEPrepared by M

d. Al Imran

24

DIGITAL CERTIFICATEPrepared by M

d. Al Imran

25

SSL CERTIFICATE OF AMAZON.COM

26

Prepared by Md. Al Im

ran

DIGITAL SIGNATURE Digitally signed document Process of ensuring sender authentication,

message integrity and non-repudiation

Prepared by Md. Al Im

ran

27

DIGITAL SIGNATUREPrepared by M

d. Al Imran

28

DIGITAL ENVELOPE Secure data container Message is encrypted using a secret

key(symmetric encryption) Secret key is encrypted using recipients

public key(public key encryption)

Prepared by Md. Al Im

ran

29

DIGITAL ENVELOPEPrepared by M

d. Al Imran

30

REFERENCES http://www.sans.org/reading-room/whitepape

rs/protocols/ssl-tls-beginners-guide1029 http://imcs.dvfu.ru/lib.int/docs/Web/SSL%20&

%20TLS%20Essentials.%20Securing%20the%20Web.pdf

http://www.technologydwell.com/2012/05/securesockets-layer-ssl-is-internet.html

https://www.youtube.com/watch?v=qps5dsNSIbc

Gmail.com https://ibblportal.islamibankbd.com/

indexLogin.do

Prepared by Md. Al Im

ran

31