security at the transport layer lecture 6. information and nework security2 ssl/tls n ssl was...

Security at the Transport LayerSecurity at the Transport Layer

Lecture 6Lecture 6

Information and Nework Security 2

SSL/TLSSSL/TLS

SSL was developed by Phil Karlton & SSL was developed by Phil Karlton & Netscape. Netscape. The standards community wanted their own The standards community wanted their own

version free from any patents/restrictionsversion free from any patents/restrictions Thus was born TLS, which is very similar to Thus was born TLS, which is very similar to

SSLSSL IETF changed the name to avoid showing bias – IETF changed the name to avoid showing bias –

and add a few thingsand add a few things E.g: TLS defines additional alert codesE.g: TLS defines additional alert codes TLS MAC covers compression version field in addition TLS MAC covers compression version field in addition

to what SSL MAC coversto what SSL MAC covers TLS v1.0 TLS v1.0 is very similar tois very similar to SSL v3.1 SSL v3.1


SSLSSL

TCP/IP

SSL/TLSSSL/TLS

HTTP NNTP FTP TelnetOtherApps

Etc.


Digital certificates and the CADigital certificates and the CA

Public key cryptography avoids the problem of key Public key cryptography avoids the problem of key distributions but it has its weakness: distributions but it has its weakness: the public key is the public key is public and anyone can forge a public key announcementpublic and anyone can forge a public key announcement

Solution: public-key certificate:Solution: public-key certificate: <a public key and user ID of the key owner>, the whole thing, <a public key and user ID of the key owner>, the whole thing,

is signed by a trusted third party (TTP)is signed by a trusted third party (TTP) The TTP is a The TTP is a certificate authoritycertificate authority ( (CACA)) A user can present her public key to the CA in a secure A user can present her public key to the CA in a secure

manner and obtain a certificatemanner and obtain a certificate The user can then publish her public keyThe user can then publish her public key Anyone needs this user’s public key can obtain the Anyone needs this user’s public key can obtain the

certificate and verify that it is valid by the way of the attached certificate and verify that it is valid by the way of the attached trusted signature trusted signature


Client/Server Mutual Authentication

Establish trust with intended Establish trust with intended recipientsrecipients

Signed Digital CertificatesSigned Digital CertificatesServer authenticates Client (optional)Server authenticates Client (optional)Client authenticates ServerClient authenticates Server


Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)

SSL is designed to run in user-level process SSL is designed to run in user-level process – no need to change the OS (not like IPSec – no need to change the OS (not like IPSec that runs in superuser-level process)that runs in superuser-level process)

SSL uses TCP only (not UDP), hence it is SSL uses TCP only (not UDP), hence it is simple and it does not have to worry about simple and it does not have to worry about timing out and retransmitting lost data (TCP timing out and retransmitting lost data (TCP does that for SSL)does that for SSL)

Applications based on TCP needs to change Applications based on TCP needs to change (even minimum) to work with SSL(even minimum) to work with SSL


Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)

The primary goal of the SSL Protocol The primary goal of the SSL Protocol isis To provide privacy and reliability To provide privacy and reliability

between two communicating applications.between two communicating applications. Allows client/server applications to Allows client/server applications to

communicate in a way that is designed to communicate in a way that is designed to prevent eavesdropping, tampering, or prevent eavesdropping, tampering, or message forgery (message forgery (Many applications at Many applications at

Application Layer are based on client/server modelApplication Layer are based on client/server model))


SSL – Secure Client/Server CommunicationSSL – Secure Client/Server Communication

SSL Server authentication allows SSL Server authentication allows clients to confirm a server’s identityclients to confirm a server’s identity

SSL client authentication allows server SSL client authentication allows server to confirm a client’s identity (to confirm a client’s identity (optionaloptional))

SSL provides confidentiality and SSL provides confidentiality and integrityintegritySent information is encryptedSent information is encryptedIntegrity check is carried out to detect Integrity check is carried out to detect

tamperingtampering


SSL – Secure Client/Server CommunicationSSL – Secure Client/Server Communication

To allow Secure To allow Secure Client/Server Client/Server Communication to happen using SSLCommunication to happen using SSL::The peer's identity can be authenticated using The peer's identity can be authenticated using

certificates [basically using asymmetric (private certificates [basically using asymmetric (private key cryptography like DES), and public key, key cryptography like DES), and public key, cryptography (e.g., RSA, DSS, etc.)].cryptography (e.g., RSA, DSS, etc.)].

Encryption is used after an initial handshake to Encryption is used after an initial handshake to define a secret key. Secret key cryptography is define a secret key. Secret key cryptography is used for data encryption (e.g., DES, RC4, etc.)used for data encryption (e.g., DES, RC4, etc.)

Integrity check is done using a keyed MAC: Integrity check is done using a keyed MAC: Secure hash functions (e.g., SHA, MD5, etc.) are Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.used for MAC computations.


SSL Main FunctionsSSL Main Functions

Negotiates and employs essential Negotiates and employs essential functions for secure transactionsfunctions for secure transactionsMutual AuthenticationMutual AuthenticationData EncryptionData EncryptionData IntegrityData Integrity


SSL StructureSSL Structure

ChangeCipher Alert Handshake

Record Layer

TCP/IP

}SSL/TLS

Application Layer (http – imap – etc)


Cipher SuiteCipher Suite

For public-key, secret key encryption and certificate verification we needpublic-key algorithmSecret key encryption algorithmmessage digest (hash) algorithm (MD5, SHA-1, etc)

This collection is called a cipher suite SSL supports many different cipher suites Client and server must decide on which one

to use The client offers a choice; the server picks

one


SSL ProtocolsSSL Protocols

SSL consists of two protocol layers (The Record Layer and its above layer which consists of ChangeCipherSpec protocol , Alert protocol and Handshake protocol.)

The SSL record protocol:The SSL record protocol: takes an application message to be transmitted,takes an application message to be transmitted, fragments the data into manageable blocks,fragments the data into manageable blocks, optionally compresses the data, optionally compresses the data, applies MAC, applies MAC, encrypts, encrypts, adds a header and transmits the resulting unit in adds a header and transmits the resulting unit in

TCP segmentTCP segment


SSL Other ProtocolsSSL Other Protocols

The Handshake protocol negotiates all options of the session (most important) The handshake protocol involves using SSL record The handshake protocol involves using SSL record

protocol to exchange a series of messages between an protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled clientSSL-enabled server and an SSL-enabled client

The ChangeCipherSpec protocol indicates the channel is ready for secure communications

The Alert protocol indicates errors or other caution conditions have occurred in the connection


The The CChangecipherspechangecipherspec StructureStructure

The change cipher spec message is sent byThe change cipher spec message is sent byboth the client and server to notify theboth the client and server to notify thereceiving party that subsequent records willreceiving party that subsequent records willbe protected under the newly negotiatedbe protected under the newly negotiatedCipherSpec and keysCipherSpec and keys

struct { struct { enum { change_cipher_spec(1), (255) } type; enum { change_cipher_spec(1), (255) } type;

} ChangeCipherSpec;} ChangeCipherSpec;


Alert Message StructureAlert Message Structure

The Alert protocol specifies and conveys the status of transmitted messages

struct { struct {

AlertLevel level; AlertLevel level;

AlertDescription description; AlertDescription description;

} Alert; } Alert;


Handshake ProtocolHandshake Protocol

The TLS Handshake Protocol involves the following The TLS Handshake Protocol involves the following steps: steps: Exchange hello messages to agree on algorithms, Exchange hello messages to agree on algorithms,

exchange random values, and check for session exchange random values, and check for session resumption. resumption.

Exchange the necessary cryptographic parameters to Exchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret.allow the client and server to agree on a premaster secret.

Exchange certificates and cryptographic information to Exchange certificates and cryptographic information to allow the client and server to authenticate themselves. allow the client and server to authenticate themselves.

Generate a master secret from the premaster secret and Generate a master secret from the premaster secret and exchanged random values.exchanged random values.

Provide security parameters to the record layer.Provide security parameters to the record layer. Allow the client and server to verify that their peer has Allow the client and server to verify that their peer has

calculated the same security parameters and that the calculated the same security parameters and that the handshake occurred without tampering by an attacker. handshake occurred without tampering by an attacker.


ClientHello Message StructureClientHello Message Structure

struct {struct { ProtocolVersion client_version;ProtocolVersion client_version; Random random;Random random; SessionID session_id;SessionID session_id; CipherSuite cipher_suites;CipherSuite cipher_suites; CompressionMethod_list compression_methods; CompressionMethod_list compression_methods; } ClientHello;} ClientHello;


ServerHello Message StructureServerHello Message Structure

struct {struct { ProtocolVersion server_version;ProtocolVersion server_version; Random random;Random random; SessionID session_id;SessionID session_id; CipherSuite cipher_suite;CipherSuite cipher_suite; CompressionMethod_list compression_method;CompressionMethod_list compression_method; } ServerHello;} ServerHello;


Message Flow of full HandshakeMessage Flow of full Handshake

Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data

* Indicates optional or situation-dependent messages that are not always sent. Borrowed from rft2246


Client/Server Client/Server

Server

new thread s1to serve client1

new thread s2 to serve client2

main thread

client1

client2

message

message


Client/Server Socket ConnectionClient/Server Socket Connection

Client A

Server

Original socket

Newly returned socket

#1

Client B

#2

Newly returned socket

accept


Client/Server with TCP and Socket Client/Server with TCP and Socket

Client must contact server server process must first be

running server must have created

socket (door) that welcomes client’s contact

Client contacts server by: creating client-local TCP

socket specifying IP address, port

number of server process

When client creates socket: client TCP establishes connection to server TCP

When contacted by client, server TCP creates new socket for server process to communicate with client– allows server to talk with multiple clients


TCP socket programming flowTCP socket programming flow

ServerClient socket()

listen()

accept()

read()

bind()

Block until connection from client

Process requests

write()

read()

close()

socket()

write()

connect()

read()

close()

well-known port

Connection establishmentTCP three-way handshake

Data (request)

Data (reply)

End-of-file notification


SSL Applications – Simple DemoSSL Applications – Simple Demo

/*We can use SSL to build secure Internet application The purpose of this simple program is to show you how to connect to a secure website using SSL and Java Secure Socket Extension */

//TestSSL.java classpublic class TestSSL { public static void main(String [] args) { try { new java.net.URL("https://" + args[0] + "/").getContent(); } catch (Exception exception) { exception.printStackTrace();} } }/* you can compile this application on sng: javac TestSSL.javaAnd run it with the security option (load HTTPS protocol handler) : java –Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol –Djavax.net.debug=ssl TestSSL sng.its.monash.edu.au*/


SSL-based Client (skeleton)SSL-based Client (skeleton)

import javax.net.ssl.*;import javax.net.ssl.*; public class SecureChatClient {public class SecureChatClient { SSLSocket socket;SSLSocket socket; public SecureChatClient() {public SecureChatClient() { try {try {

SSLSocketFactory sslFact =SSLSocketFactory sslFact =(SSLSocketFactory)SSLSocketFactory.getDefault(); (SSLSocketFactory)SSLSocketFactory.getDefault();

socket = (SSLSocket)sslFact.createSocket(“serverhost",5002);socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); /* more code for input/ouput *//* more code for input/ouput */ }} }}

public static void main(String[] args) {public static void main(String[] args) {new SecureChatClient();new SecureChatClient();

} }} }


SSL-based Server (skeleton)SSL-based Server (skeleton)

import javax.net.ssl.*;import javax.net.ssl.*; import java.security.*;import java.security.*;public class SecureChatServer {public class SecureChatServer {SSLServerSocket ssocket;SSLServerSocket ssocket; SSLSocket clientSocket;SSLSocket clientSocket;public SecureChatServer() {public SecureChatServer() { Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs",System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");"com.sun.net.ssl.internal.www.protocol"); try { try { SSLServerSocketFactory sslSrvFact = SSLServerSocketFactory sslSrvFact =

(SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); ssocket = ssocket =

(SSLServerSocket)sslSrvFact.createServerSocket(5002);(SSLServerSocket)sslSrvFact.createServerSocket(5002);clientSocket = (SSLSocket)ssocket.accept();clientSocket = (SSLSocket)ssocket.accept();

… …} }} } public static void main(String[] args) {public static void main(String[] args) {

new SecureChatServer();new SecureChatServer(); }}}}


SSL/TLS and IPSecSSL/TLS and IPSec

SSL/TLS is useful for building Secure Network and SSL/TLS is useful for building Secure Network and Internet ApplicationsInternet Applications

Both IPSec and SSL are useful for building VPNBoth IPSec and SSL are useful for building VPN SSL/TLS can be used to provide peer entity SSL/TLS can be used to provide peer entity

authentication such as authentication between authentication such as authentication between client and server of Client/Server software client and server of Client/Server software applications. IPSec is used to provide security applications. IPSec is used to provide security between hosts and networksbetween hosts and networks

IPSec can be used to enhance the security of the IPSec can be used to enhance the security of the whole network when used with firewalls or routers. whole network when used with firewalls or routers. SSL/TLS is designed to provide security mainly for SSL/TLS is designed to provide security mainly for Client/Server applicationsClient/Server applications

security at the transport layer lecture 6. information and nework security2 ssl/tls n ssl was...

Documents

ssl slide

ssl n applications

ssl mac

ssl protocol

ssl v3

ssl ietf

nework security2 ssltls

publickey certificate