CS 5323 SSL Secure Sockets Layer Prof Ravi
- Slides: 56
CS 5323 SSL Secure Sockets Layer Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 6 ravi. utsa@gmail. com www. profsandhu. com © Ravi Sandhu World-Leading Research with Real-World Impact! 1
Internet Security Protocols © Ravi Sandhu World-Leading Research with Real-World Impact! 2
Internet Hourglass Model TCP/IP TCP RFC 793 Sept. 1981 IPv 4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact! 3
Internet Security Protocols TCP RFC 793 Sept. 1981 Where to inject security? IPv 4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact! 4
Internet Security Protocols SET, 1996 © Ravi Sandhu TCP RFC 793 Sept. 1981 SSL, 1994 IPv 4 RFC 791 Sept. 1981 IPsec, 1998 World-Leading Research with Real-World Impact! 5
Internet Security Protocols Dozens of other security protocols Some successes Many failures © Ravi Sandhu World-Leading Research with Real-World Impact! Half successful SSL, 1994 IPsec, 1998 Largely failed 6
1 -way vs 2 -way SSL © Ravi Sandhu Client (Browser) 1 -way SSL Client (Browser) 2 -way SSL World-Leading Research with Real-World Impact! Server 7
1 -way vs 2 -way SSL 1 -way SSL Client (Browser) Server RSA encryption certificate 2 -way SSL Client (Browser) RSA signature certificate © Ravi Sandhu Server RSA encryption certificate World-Leading Research with Real-World Impact! 8
1 -way vs 2 -way SSL Client (Browser) 1 -way SSL Server LESS SECURE Phishing Man-in-the-middle Client (Browser) 2 -way SSL Server MORE SECURE Phishing Man-in-the-middle © Ravi Sandhu World-Leading Research with Real-World Impact! 9
1 -way vs 2 -way SSL Client (Browser) 1 -way SSL Server LESS SECURE Phishing Man-in-the-middle MASS DEPLOYMENT Client (Browser) 2 -way SSL Server MORE SECURE Phishing Man-in-the-middle MINIMAL DEPLOYMENT © Ravi Sandhu World-Leading Research with Real-World Impact! 10
The SSL Lesson Ø Client-less trumps client-full Ø Start-ups (SSL) trump committees (IPSEC) © Ravi Sandhu World-Leading Research with Real-World Impact! 11
SSL Details © Ravi Sandhu World-Leading Research with Real-World Impact! 12
SSL Ø Ø layered on top of TCP SSL versions 1. 0, 2. 0, 3. 1 Netscape protocol later refitted as IETF standard TLS (Transport Layer Security) Ø TLS 1. 0 very close to SSL 3. 1 © Ravi Sandhu World-Leading Research with Real-World Impact! 13
SSL Ø application protocol independent Ø does not specify how application protocols add security with SSL v how to initiate SSL handshaking v how to interpret certificates Ø left to designers of upper layer protocols to figure out © Ravi Sandhu World-Leading Research with Real-World Impact! 14
SSL vs TCP Ports © Ravi Sandhu https ssmtp snntp sldap spop 3 443 465 563 636 995 ftp-data ftps imaps telnets ircs World-Leading Research with Real-World Impact! 889 990 991 992 993 15
SSL Services Ø Ø Ø peer entity authentication data confidentiality data authentication and integrity compression/decompression generation/distribution of session keys v integrated into protocol Ø security parameter negotiation © Ravi Sandhu World-Leading Research with Real-World Impact! 16
SSL Architecture SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP Other Application Protocols SSL Record Protocol TCP IP © Ravi Sandhu World-Leading Research with Real-World Impact! 17
SSL Architecture Ø Handshake protocol: complicated v embodies key exchange & authentication v runs in plaintext v 10 message types Ø Change Cipher Spec protocol: straightforward v single 1 byte message with value 1 v could be considered part of handshake protocol v transitions from plaintext to encrypted and mac’ed Ø Record protocol: straightforward v fragment, compress, MAC, encrypt v uses 4 symmetric keys Ø Alert protocol: straightforward v 2 byte messages v 1 byte alert level- fatal or warning; 1 byte alert code © Ravi Sandhu World-Leading Research with Real-World Impact! 18
SSL Record Protocol Ø 4 symmetric keys Client (Browser) Key 1 for MAC Key 2 for encrypt Server Key 3 for MAC Key 4 for encrypt © Ravi Sandhu World-Leading Research with Real-World Impact! 19
SSL Record Protocol Ø 4 steps by sender (reversed by receiver) v v © Ravi Sandhu Fragmentation Compression MAC Encryption World-Leading Research with Real-World Impact! 20
SSL Record Protocol Ø each SSL record contains v content type: 8 bits, only 4 defined § § v v change_cipher_spec alert handshake application_data protocol version number: 8 bits major, 8 bits minor length: max 16 K bytes (actually 214+2048) data payload: optionally compressed and encrypted message authentication code (MAC) © Ravi Sandhu World-Leading Research with Real-World Impact! 21
SSL Handshake Protocol Ø initially SSL session has null compression and cipher algorithms Ø both are set by the handshake protocol at beginning of session Ø handshake protocol may be repeated during the session © Ravi Sandhu World-Leading Research with Real-World Impact! 22
SSL Session Ø SSL session negotiated by handshake protocol v session ID § chosen by server v X. 509 public-key certificate of peer § possibly null v compression algorithm v cipher spec § § encryption algorithm message digest algorithm v master secret § 48 byte shared secret v is resumable flag § § © Ravi Sandhu can be used to initiate new connections each session is created with one connection, but additional connections within the session can be further created World-Leading Research with Real-World Impact! 23
SSL Connection State Ø connection end: client or server Ø client and server random: 32 bytes each Ø keys generated from master secret, client/server random v v v client_write_MAC_secret server_write_MAC_secret client_write_key server_write_key client_write_IV server_write_IV Ø compression state Ø cipher state: initially IV, subsequently next feedback block Ø sequence number: starts at 0, max 264 -1 © Ravi Sandhu World-Leading Research with Real-World Impact! 24
SSL Connection State Ø 4 parts to state v v current read state current write state pending read state pending write state Ø handshake protocol v v initially current state is empty either pending state can be made current and reinitialized to empty © Ravi Sandhu World-Leading Research with Real-World Impact! 25
SSL Handshake Protocol Ø Type: 1 byte v 10 message types defined Ø length: 3 bytes Ø content © Ravi Sandhu World-Leading Research with Real-World Impact! 26
SSL Handshake Protocol Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 27
SSL Handshake Protocol Ø Phase 1: v Establish security capabilities Ø Phase 2: v Server authentication and key exchange Ø Phase 3: v Client authentication and key exchange Ø Phase 4: v Finish © Ravi Sandhu World-Leading Research with Real-World Impact! 28
SSL Handshake Protocol Ø these handshake messages must occur in order Ø optional messages can be eliminated Ø 10 th message v hello_request v can be sent anytime from server to client to request client to start handshake protocol to renegotiate session Ø change_cipher_spec is a separate 1 message protocol v functionally just like a message in the handshake protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 29
SSL 1 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 30
SSL Handshake Phase 1 Ø Ø Establish security capabilities client hello message v v 4 byte timestamp, 28 byte random value session ID: § § v v client version: highest version cipher_suite list: ordered list § v Ø non-zero for new connection on existing session zero for new connection on new session key exchange method, encryption method, MAC method compression list: ordered list server hello message v v 32 byte random value session ID: § v version § v v new or reuse lower of client suggested and highest supported cipher_suite list: single choice compression list: single choice © Ravi Sandhu World-Leading Research with Real-World Impact! 31
SSL 1 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 32
SSL RSA 1 -way Handshake Phase 2 Ø Server authentication and key exchange Ø certificate message v server’s X. 509 v 3 certificate followed by optional chain of certificates v required for RSA Ø server done message v ends phase 2, always required © Ravi Sandhu World-Leading Research with Real-World Impact! 33
SSL 1 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 34
SSL 1 -way Handshake Phase 3 Ø Client authentication and key exchange Ø client key exchange message v client generates 48 -byte pre-master secret, encrypts with server’s RSA public key Ø client and server compute 48 byte master secret v using 48 -byte pre-master secret, Client. Hello. random, Server. Hello. random Ø client and server compute 4 symmetric keys from master secret Client (Browser) Key 1 for MAC Key 2 for encrypt Server Key 3 for MAC Key 4 for encrypt © Ravi Sandhu World-Leading Research with Real-World Impact! 35
SSL 1 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 36
SSL 1 -way RSA Handshake Phase 4 Ø Finish and move to record protocol Ø change cipher spec message v not considered part of handshake protocol but in some sense is part of it v 1 byte message protected by current state v copies pending state to current state Ø Finished message v sent under new algorithms and keys v content is MAC of all previous messages with master secret and constant “client finished” or “server finished” © Ravi Sandhu World-Leading Research with Real-World Impact! 37
SSL 1 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 38
SSL 2 -Way Handshake with RSA Phase 1 Phase 2 Phase 3 Phase 4 Record Protocol © Ravi Sandhu World-Leading Research with Real-World Impact! 39
SSL RSA 2 -way Handshake Phase 2 Ø Server authentication and key exchange Ø certificate message v server’s X. 509 v 3 certificate followed by optional chain of certificates v required for RSA Ø certificate request message v request a certificate from client v specifies Certificate Type and Certificate Authorities Ø server done message v ends phase 2, always required © Ravi Sandhu World-Leading Research with Real-World Impact! 40
SSL 2 -way Handshake Phase 3 Ø Client authentication and key exchange Ø certificate message v client’s X. 509 v 3 certificate followed by optional chain of certificates Ø client key exchange message v client generates 48 -byte pre-master secret, encrypts with server’s RSA public key Ø certificate verify message v signs hash of master secret (established by key exchange) and all handshake messages so far Ø client and server compute 48 byte master secret v using 48 -byte pre-master secret, Client. Hello. random, Server. Hello. random Ø client and server compute 4 symmetric keys from master secret © Ravi Sandhu World-Leading Research with Real-World Impact! 41
SSL Alert Protocol Ø 2 byte alert messages v 1 byte level § fatal or warning v 1 byte § alert code © Ravi Sandhu World-Leading Research with Real-World Impact! 42
SSL Alert Messages © Ravi Sandhu World-Leading Research with Real-World Impact! 43
SSL Alert Messages Ø always fatal v v v © Ravi Sandhu unexpected_message bad_record_mac decompression_failure handshake_failure illegal_parameter World-Leading Research with Real-World Impact! 44
SSL Man-in-the-Middle (MITM) Attack © Ravi Sandhu World-Leading Research with Real-World Impact! 45
1 -way SSL MITM Client (Browser) Server https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact! 46
SSL © Ravi Sandhu World-Leading Research with Real-World Impact! 47
1 -way SSL MITM Client (Browser) MITM http Server https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact! 48
1 -way SSL MITM Client (Browser) MITM https Server https RSA encryption certificate © Ravi Sandhu World-Leading Research with Real-World Impact! 49
1 -way SSL MITM Client (Browser) MITM https Server https fake server certificate © Ravi Sandhu World-Leading Research with Real-World Impact! RSA encryption certificate 50
Server-Side Masquerading Bob Web browser 1 way SSL www. host. com Web server Ultratrust Security Services www. host. com © Ravi Sandhu World-Leading Research with Real-World Impact! 51
Server-Side Masquerading Bob Web browser 1 -way SSL www. host. com Web server 1 -way SSL BIMM Corporation Mallory’s Web server Ultratrust Security Services www. host. com © Ravi Sandhu World-Leading Research with Real-World Impact! 52
Server-Side Masquerading Bob Web browser 1 -way SSL www. host. com Web server 1 -way SSL Ultratrust Security Services BIMM Corporation Mallory’s Web server www. host. com Ultratrust Security Services www. host. com © Ravi Sandhu World-Leading Research with Real-World Impact! 53
1 -way SSL MITM Client (Browser) MITM https Server https fake server certificate RSA signature certificate © Ravi Sandhu RSA encryption certificate fake client certificate World-Leading Research with Real-World Impact! 54
Open. SSL Heartbleed Attack X Not covered in lecture © Ravi Sandhu World-Leading Research with Real-World Impact! 55
Heartbeat Protocol: RFC 6520, Feb. 2012 X Not covered in lecture © Ravi Sandhu World-Leading Research with Real-World Impact! 56
- Secure socket layer and transport layer security
- Secure socket layer and transport layer security
- Secure socket layer and transport layer security
- Secure socket layer and transport layer security
- Secure sockets
- Higher layer ssl protocol
- Ssl osi layer
- Secure socket layer adalah
- Brush border enzymes
- Layer 2 vs layer 3 bitstream
- Presentation layer functions
- Layer 2 e layer 3
- Pigmented layer and neural layer
- Layer-by-layer assembly
- 도나도나 tcp
- Unix network programming stevens
- Cleanroom 380v sockets
- Infini band
- Datacenter fabric
- What are raw sockets
- Tcp ip sockets in c
- Sockets of silver
- R sockets
- Berkeley sockets in computer networks
- D3azeg_clwi -site:youtube.com
- Tcp/ip sockets in java
- Tanenbaum linux
- Berkeley sockets
- Reliable datagram sockets
- Sockets and threads
- Parts of steering wheel
- Ravi credit card
- Kubemeseen ravi
- Ravi agarwal md
- Clark-wilson model
- 4 r's trauma informed care
- Senedin müntehası
- Hadsler
- A gift of chappals lesson plan for teachers
- Ravi zaccharias
- Bruksismi ravi
- Ravi and minu architects
- Indentation gonioscopy
- Ravi sinha iit bombay
- Ravikindlustamata isikute ravi
- Ravi kumar kopparapu
- Perifeerse neuropaatia ravi
- The matrix industry society
- Kumar satish ravi
- Ravi chandra cisco
- Ravi raj sagar
- Ravi vaswani
- Ravi rajapakse
- Kurttummus ravi
- Gmail
- Ere vasli
- Ravi micro