• No results found

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

N/A
N/A
Protected

Academic year: 2021

Share "3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol"

Copied!
9
0
0

Loading.... (view fulltext now)

Full text

(1)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 1 Chapter 3.2: Transport Layer – SSL/TLS

3.2: Transport Layer: SSL/TLS

• Secure Socket Layer (SSL)

• Transport Layer Security (TLS) Protocol

Chapter 2: Security Techniques Background

Chapter 3: Security on Network and Transport Layer

• Network Layer: IPSec

• Transport Layer: SSL/TLS Chapter 4: Security on

the Application Layer

Chapter 5: Security Concepts for Networks

(2)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 2 Chapter 3.2: Transport Layer – SSL/TLS

Secure Socket Layer (SSL)

SSL, initially developed by Netscape, provides authentication, data integrity, and privacy between two applications (not complete hosts as in IPSec)

• SSL is located on top of TCP/IP and has become a de-facto standard for security- sensitive applications over intranets or the Internet

• Most widely used as secure transport layer for HTTP traffic, e.g. e-commerce

• Version 3.1 of SSL is known as TLS

• Special port numbers are assigned to applications which use SSL, e.g. https = 443, telnets = 992

SSL comprises four mechanisms:

• SSL Handshake Protocol (authentication, negotiates an encryption algorithm and cryptographic keys)

• SSL Record Protocol (data encryption and compression)

• SSL Change Cipher Spec (signal the begin of encryption)

• SSL Alert Protocol (reaction to error situations)

(3)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 3 Chapter 3.2: Transport Layer – SSL/TLS

Handshake Protocol

Responsible for “secure session establishment” between two applications.

Session means:

• Association between a client and a server

• Can comprise several connections

• Definition of encryption and compression algorithms for these connections

• Contains a “master secret” for all connections (from which keys for the connections are generated)

The handshake protocol has the following tasks:

1.) Negotiation of an encryption algorithm 2.) Mutual authentication

3.) Key exchange

(4)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 4 Chapter 3.2: Transport Layer – SSL/TLS

Session Establishment

Alice

client_hello, ciphersuites, RA

certificate, cipher suite, RB

{S}B

, hash of K and the handshake messages

keyed hash of thehandshake messages

Bob

Hello message of Alice, including:

• A set of possible encryption and compression algorithms (start of negotiation)

• A random number R

A

Answer message of Bob, including:

• Certificate of Bob (authentication, often RSA)

• Chosen algorithms (end of negotiation, often 3DES)

• A random number R

B

Alice chooses a random number S, computes a master secret K = f(S, R

A

, R

B

) and sends to Bob:

• S encrypted with Bob’s public key

• A hash (MD5) of K the messages before to proof

knowing K and K corresponds to the handshake

Bob responds with a hash of the messages before,

encrypted with a key generated from K, R

A

, and R

B

(5)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 5 Chapter 3.2: Transport Layer – SSL/TLS

Session Keys and Change Cipher Spec

K, R

A

, and R

B

are used to generate 6 keys:

• Two keys for encryption

• Two keys for integrity

• Two keys as initalization vector

The two keys are used to treat both communication directions different, e.g. for encryption:

• Alice does encryption with her so-called write key and decryption with her read key

• Bob also has a write and a read key, but his write key is Alice’s read key and vice versa

• Same for integrity

At the end of handshake:

• Together with the last message, Bob sends a change cipher spec

• Only one byte, signaling that all following messages now are encrypted with the

mechanism/keys from the handshake phase

(6)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 6 Chapter 3.2: Transport Layer – SSL/TLS

Record Protocol

Responsible for encryption and

compression of all messages following the change cipher spec as follows:

1. Break down data to be transferred in block of fixed length

2. Compression

3. Append a Message Authentication Code (MAC) computed with the integrity key 4. Encryption using the encryption key

5. Add SSL header which contains:

• Content Type (e.g. HTTPS)

• Protocol Version Number

• Length,

• Sequence Number

(7)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 7 Chapter 3.2: Transport Layer – SSL/TLS

Alert Protocol

Only needed in case of errors – defines error messages and actions to be taken Level 1: Warning

• No special actions defined

• Maybe displayed to the user Level 2: Fatal

• Connection will be closed

• No more connections are opened within the current session

• Examples are

 unexpected message

 bad record MAC

 decryption/decompression failure

 handshake failure

(8)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 8 Chapter 3.2: Transport Layer – SSL/TLS

Transport Layer Security (TLS)

TLS in basic version is SSLv3.1 with some additions:

• Addition of Kerberos Cipher Suites

• Upgrading to TLS Within HTTP/1.1 to change to encryption within an existing TCP connection

• HTTP Over TLS for separating secure and unsecure traffic

• Addition of AES

• Addition of new alert messages

(9)

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

Page 9 Chapter 3.2: Transport Layer – SSL/TLS

Comparison IPSec and SSL

Interaction with the user (e.g. acceptance of certificates)

Implemented transparently for the user

Management by application or user Central management

Independent of certain mechanisms (encryption, compression, hash...) Transport Layer Network Layer

Can be automated

SSL IPSec

Conclusion: it is impossible to state that one mechanism is better than the other – they are thought for different scenarios

Variety of security mechanisms necessary in the Internet!

References

Related documents

15-O-1378 (1) - AN ORDINANCE BY THE PUBLIC SAFETY & LEGAL ADMINISTRATION COMMITTEE AUTHORIZING THE MAYOR OR HIS DESIGNEE TO ACCEPT A GRANT FROM THE HOMELAND SECURITY

Cisco SSL Encryption Utility Enable Transport Layer Security (TLS)

So, the objective of this research is to forecast tourism demand in Macedonia in terms of international tourist arrivals by introducing the ARIMA models.. In

The analysis does not lead to clear-cut conclusions, but indicates that the research of particular cases is warranted. The analysis thus far might suggest that two types of

Giám sát có thể được định nghĩa như là việc theo dõi tài nguyên và thiết bị trong hệ thống máy tính, cũng như hệ thống mạng để thu thập được các

McCormick Place is proud to provide industry-leading, high quality wired and wireless internet services to meet the information needs of show managers, exhibitors,

In die lig van Stricker se navorsing wat in meer detail in hoofstuk 5 bespreek sal word en Ikram se stelling dat die tempels die kosmos voorgestel het (sien 4.2), blyk dit egter

Y, por último, la relativa desvirtuación de las comedias de Miguel Mihura también se debe a la elección de una estre- lla mediática como Elsa Pataky, cuyos rasgos de una belleza