Lehrstuhl für Informatik 4
Kommunikation und verteilte Systeme
Page 1 Chapter 3.2: Transport Layer – SSL/TLS
3.2: Transport Layer: SSL/TLS
• Secure Socket Layer (SSL)
• Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background
Chapter 3: Security on Network and Transport Layer
• Network Layer: IPSec
• Transport Layer: SSL/TLS Chapter 4: Security on
the Application Layer
Chapter 5: Security Concepts for Networks
Lehrstuhl für Informatik 4
Kommunikation und verteilte Systeme
Page 2 Chapter 3.2: Transport Layer – SSL/TLS
Secure Socket Layer (SSL)
SSL, initially developed by Netscape, provides authentication, data integrity, and privacy between two applications (not complete hosts as in IPSec)
• SSL is located on top of TCP/IP and has become a de-facto standard for security- sensitive applications over intranets or the Internet
• Most widely used as secure transport layer for HTTP traffic, e.g. e-commerce
• Version 3.1 of SSL is known as TLS
• Special port numbers are assigned to applications which use SSL, e.g. https = 443, telnets = 992
SSL comprises four mechanisms:
• SSL Handshake Protocol (authentication, negotiates an encryption algorithm and cryptographic keys)
• SSL Record Protocol (data encryption and compression)
• SSL Change Cipher Spec (signal the begin of encryption)
• SSL Alert Protocol (reaction to error situations)
Lehrstuhl für Informatik 4
Kommunikation und verteilte Systeme
Page 3 Chapter 3.2: Transport Layer – SSL/TLS
Handshake Protocol
Responsible for “secure session establishment” between two applications.
Session means:
• Association between a client and a server
• Can comprise several connections
• Definition of encryption and compression algorithms for these connections
• Contains a “master secret” for all connections (from which keys for the connections are generated)
The handshake protocol has the following tasks:
1.) Negotiation of an encryption algorithm 2.) Mutual authentication
3.) Key exchange
Lehrstuhl für Informatik 4
Kommunikation und verteilte Systeme
Page 4 Chapter 3.2: Transport Layer – SSL/TLS
Session Establishment
Alice
client_hello, ciphersuites, RA
certificate, cipher suite, RB
{S}B
, hash of K and the handshake messages
keyed hash of thehandshake messages