SSL Protect your users, start with yourself

SSL

Protect your users,

start with yourself

Overview

Introduction

Cryptographic algorithms

Secure Socket Layer

Introduction



Danger zone

✔ Eavesdropping ✔ IP spoofing ✔ Connection hijacking ✔ Tampering 

Countermeasures

✔ Data encryption ✔ Authentication

✔ Data integrity checks

Overview

Introduction

Cryptographic algorithms

Secure Socket Layer

Cryptographic Algorithms



Symmetric key encryption



Public key encryption



Hash functions



Message Authentication Codes



Digital Signatures

Symmetric key encryption

Sender (Alice) abc Encryption algoritm Shared key #%! Receiver (Bob) abc Shared key #%!

Symmetric key encryption



Pro's

✔ Fast



Con's

✔ Key must remain

secret

✔ Key exchange ✔ Key length

Symmetric key encryption



Common algorithms

✔ 3DES (112 bits)

✔ AES (>128 bits): Rijndael algorithm

− Developed at K.U.Leuven − Encryption standard in USA

Symmetric key encryption



Commands

✔ Encryptie

✔ Decryptie

$ openssl enc -aes-128-cbc -e -salt -in text.txt -out encryptedText.bin

Public key encryption

Sender (Alice) abc Encryption algoritm #%! Receiver (Bob) abc Public key Bob

#%!

Public key encryption



Pro's

✔ Privacy ✔ Key distribution 

Con's

✔ Slow ✔ Key length Performance

Public key encryption



Common algorithms

✔ RSA (> 1024 bits, 2048 bits recommended) ✔ DSA

Public key encryption



Commands

✔ Generate private key ✔ Generate public key ✔ Encrypt

✔ Decrypt

$ openssl genrsa -out rsaprivatekey.pem -passout pass:kulsysmn -aes-128-cbc 2048

$ openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in text.txt -out encryptedText.txt

$ openssl rsa -in rsaprivatekey.pem -passin pass:kulsysmn -pubout -out rsapublickey.pem

$ openssl rsautl -decrypt -inkey rsaprivatekey.pem -in encryptedText.txt -out text.txt

Hash functions

Sender (Alice)

abc Hash function Message digest A

Receiver (Bob)

Hash functions



Pro's

✔ Irreversible ✔ Small size 

Con's

✔ No authentication

Hash functions



Common algorithms

✔ MD5 (128 bit) ✔ SHA1 (160 bit) ✔ RIPEMD-160 

Usage

✔ Password storage ✔ Integrity checks

Hash functions



Commands

✔ Md5 ✔ sha1 $ openssl dgst -md5 text.txt MD5(text.txt)= ff3a4d858e65920dc67e9ef2977d4b8a

$ openssl dgst -sha1 text.txt

Sender (Alice)

Message Authentication Codes

abc

Hash function MAC A Shared key

Receiver (Bob)

abc

Message Authentication Codes



Pro's

✔ Fast

✔ Authentication



Con's

✔ Key must remain

secret

✔ Key exchange ✔ Key length

Digital signatures

abc Hash function Signature A Private key Alice

Public key Alice Sender (Alice)

Digital signatures



Pro's

✔ Authentication



Con's

✔ Very slow

First hash, then sign (eg eID)

Digital signatures

abc _{Hash function Signature A}

Private key Alice

Message digest Hash function

600Mb

Digital signatures



Common algorithms

✔ RSA ✔ DSA 

Usage

✔ Authentication ✔ Integrity checks ✔ Software distributions

Overview

Introduction

Cryptographic algorithms

Secure Socket Layer

Secure Socket Layer



Situation



Handshake protocol



Trust

Situation

SSL



SSL

✔ Protocol independent

(eg: HTTP, POP3, IMAP, LDAP,...)

✔ SSL v3 = TLS v1

(Transport Layer Security)

Handshake protocol



4 phases

1.Establish security capabilities

2.Server Authentication and key exchange 3.Client Authentication and key exchange 4.Finish

Establish security capabilities

Client Server Client Hello Server Hello  Client Hello ✔ Highest SSL Version ✔ Supported algorithms ✔ Session ID (resume?)  Server Hello ✔ Selected SSL Version ✔ Selected algorithms ✔ Assigned session ID

Server Authentication and key exchange

Client Server

Certificate

Server hello done

 Certificate

✔ Certificate (+ chain)

 Server hello done

✔ Optionally request for client certificate

Client Authentication and key exchange

Client Server Certificate Certificate verify  Certificate ✔ Certificate (+ chain)  Certificate verify

Finish

 Client Finish

✔ Digest of previous commands

 Server Finish

✔ Digest of previous commands

 Symmetric key Client Server Client Finish Server Finish Symmetric key Encrypted data

Trust



It's all about trust...

✔ Certificate Authority (CA) ✔ Certificate chain

Certificate Authority

Certificate Authority Server Client CSR CSR CSR _sign Client hello Server hello

Certificate chain

Root Certificate Authority A

(selfsigned) Certificate Authority B Certificate Authority C

signs signs

Server

Certificate chain

Certificate revocation



Private key compromised



Two possibilities

✔ Certificate Revocation List (CRL)

Certificate Revocation List

Certificate Authority Server Client CRL CRL CRL

Certificate Revocation List



Pro's

✔ Safe ✔ Offline 

Con's

✔ Compromised CA ✔ Latency ✔ Scaling − ΔCRL − LDAP

Certificate Revocation List

Certificate Authority Server Client LDAP LDAP lookup

Online Certificate Status Protocol

Certificate Authority Server Client OCSP responder - good - revoked - unknown

Online Certificate Status Protocol



Pro's

✔ Multiple CA ✔ Revoke CA 

Con's

✔ DoS ✔ Man-in-the-middle ✔ Latency ✔ Offline

Overview

Introduction

Cryptographic algorithms

Secure Socket Layer

Certificate signing service



BelNet SCS project

✔ Free service for educational institutions

(Not commercial!)

✔ Signed with “Cybertrust Educational CA”

− Root certificate “GTE Cybertrust Global root”

trusted in most browsers

✔ Server certificates (no personal certificates) ✔ Max 3 years

Certificate signing service

K.U.Leuven Proxy https://certificates.kuleuven.be Cybertrust Educational CA CSR CSR approve Formal confirmation

https://certificates.kuleuven.be



HOWTO create CSR

✔ OpenSSL (un*x or windows) ✔ IIS

✔ Java keytool



Required attributes

✔ C, O, CN

https://certificates.kuleuven.be



Multiple CN

✔ Server with multiple hosts ✔ Works in most browsers

References

 http://certificates.kuleuven.be  http://certificates.belnet.be  http://www.securityfocus.com/infocus/1818  http://nl.wikipedia.org/wiki/Advanced_Encryption_Standard  http://eid.belgium.be  http://www.openvalidation.org  Network security with openSSL