1. 1
Cryptography and SSL/TLS Overview
What is SSL/TLS and Why Use It?
© 2005 Britestream

2. © 2005 Britestream 2
Glenn Haley
Sr. Product Line Manager
ghaley@britestream.com

3. 3
Agenda
• Cryptography Basics
• Security Protocols Examples
• SSL/TLS Overview
• SSL Protocol
• Reference Books
© 2005 Britestream

4. 4
Two Types of Cryptography
Symmetric Key
– Two parties share a common secret (the key)
– Same key used to encrypt/decrypt data
– Cryptographic strength controlled by
• Algorithm used (e.g., AES, DES, 3DES, ARC4)
• Key length (e.g., 128-bit vs 256-bit)
Asymmetric Key
– Two keys exist, a public key and a private key
– Data encrypted with public key can only be decrypted with
private key (and vice-versa)
– RSA is most popular asymmetric key algorithm, and the
main one used by SSL/TLS
© 2005 Britestream

5. 5
Crypto Pros and Cons
Symmetric crypto is fast, but has a problem:
– How do the two parties agree on a shared secret?
– Without permitting an eavesdropper to learn it?
Asymmetric crypto has no key distribution problem
– Public key can be known by anyone
– Private key never shared
But Asymmetric crypto has its own problems
– Much slower (factor of 100) than symmetric crypto
– Everything depends on secrecy of private key
– Other party must authenticate validity of public key
© 2005 Britestream

6. 6
• Data Confidentiality
– Data can’t be read by intruder (encryption)
– Implemented with Symmetric Key Encryption
• End Point Authentication
– Data/peer origin authentication (message authentication)
– Implemented with Public Key Encryption
• User Authentication/Access Control
– Client authentication to server (passwords, message authentication)
– Implemented with passwords, hashing, or Public Key Encryption
• Data Integrity
– Data hasn’t been modified (message authentication)
• Non-Repudiation
– Preventing denial of participation (PKI and digital signatures)
• Verification
– Validating that the sender is accurate and trusted (PKI and digital
signatures)
Security Definitions and Goals
© 2005 Britestream

7. 7
Certificates and Identity
Digital Signature ensures data remains same since signed
– Special case of message integrity code
– Generated only by one participant
– Proves that the data was generated by the owner of a certain key
Digital certificate is signed with a PK digital signature
– Issued by a trusted Certificate Authority (CA)
– States specified public key belongs to someone or something with
a specified name
– Uses standard format (X.509)
– Contains credentials, including public key; signed by issuing CA’s
private key but included as part of Certificate
– Can be validated by receiver using issued CA’s public key
– Enables recipient to trust the public key contained in the certificate
PKI (Public Key Infrastructure)
– The framework to deploy, manage, scale Public key cryptography
and related security techniques to provide IT security services
© 2005 Britestream

8. 8
ICMP, IPSec, IP
PPTP, L2TP(IPSec)
SSL, TLS
HTTPS, FTPS, SET
Layers of
Security in
the ISO Stack
Application
Presentation
Network
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5
Layer 6
Layer 7
Session
Transport
Data Link
Physical
LLC
MAC
Protocol Examples
IKE
HTML
© 2005 Britestream

9. 9
What is SSL?
• Data Encryption in Transit
– Does Not Protect Data on Client
– Does Not Protect Data on Server
• Server Authentication with Certificate
– Signed by Certificate Authority
• Optional: Client Authentication with Certificate
• Uses Standard Cryptographic Technology
– RSA for Handshake and Authentication
– RC4, DES, 3DES, AES for Encryption
– SHA-1, MD5 for Message Integrity
© 2005 Britestream

10. 10
A Quick Tour of SSL/TLS
SSL/TLS Commonalities
– RSA for PK, use of DES, ARC4 for SK
SSL (Secure Sockets Layer)
– Developed by Netscape for secure browsing
– Submitted to IETF as RFC 1825 MAC in 1996; not approved!
– Rapidly became a de facto standard; built into all web browsers
– SSL version 3.0 is only version still in widespread use
• Major security holes in prior versions
TLS (Transport Layer Security)
– TLS is the standardized version of SSL
– Corrects a few subtle security flaws in SSL
• Added DH and DSS for PK; added 3DES for SK; use of HMAC
– IETF reworked SSL into the TLS standard
• TLS 1.0 (SSL version 3.1) defined by RFC 2246 in 1999
• TLS 1.1 (SSL version 3.2) currently in “final call”
© 2005 Britestream

11. 11
Purpose of SSL/TLS
• Created as a secure protocol to
secure communications channel
between computers over an
unsecured network
• Applications are secured
– FTP becomes FTPS
– HTTP becomes HTTPS
Application
TCP
IP
Application TCP Port Secured TCP Port
FTP - Data 20 989
FTP - Control 21 990
HTTP 80 443
Normal
Application Application
with SSL
Application
SSL/TLS
TCP
IP
© 2005 Britestream

12. 12
• Features
– Security for all applications between client and server
• Browsing (HTTP) - most common application
• Mail (SMTP)
• File transfers (FTP)
• Remote User (TELNET)
– Provides two interlocking technologies
• Handshake & protected record transfers
– Security occurs at client & server
– SSL & TLS embedded in applications
• Benefits
– Security already built-in to browsers
– Operation invisible to user
– Standards based protocol defined by IETF
SSL/TLS Features and Benefits
© 2005 Britestream

13. 13
Attack avoidance
• Man-in-the-Middle
• Message Relaying
• Message Tampering
Network
Edge
Mobile
Device
laptops
desktops WAN/
Internet
Web / E-Commerce
ERP / CRM
Email
Database Apps
Protect data in transit on both
sides of the network edge.
Inherent Security Advantages of SSL/TLS
© 2005 Britestream

14. 14
Protection Against Snooping
• Minimize risk of snooping with Britestream SSL/TLS
between the client and host
– Traffic between the host is encrypted.
– Britestream’s 100% SSL offload makes this possible without the
need to add additional servers or hosts
– SSL / TLS is an industry standard – available in every browser
Mobile
Device
laptops
desktops
Edge Router
Web / E-Commerce
ERP / CRM
Email
Database Apps
VPN
Firewall
NAT
Proxy / ALG
Security Policy
Enforcer
Load Balancer
Intrusion
Det./Prev.
Application
Accelerator
WAN/
Internet
Inherent SSL/TLS Advantages
© 2005 Britestream

15. 15
HTTP vs. SSL (HTTPS) Protocol
• Significant increase in network usage with SSL
• Each transaction requires more processing power
Request (Port 443)
Server Public Key
Client Server
Session Key
Encrypted Data Transfer
Encryption
Decryption
Secure Transaction:
Client Server
Request (Port 80)
Data Transfer
Insecure Transaction:
© 2005 Britestream

16. 16
Basic SSL/TLS Protocol
The SSL/TLS Handshake
– Negotiate the symmetric crypto algorithm to be used
– Exchange random values for key generation
– Client authenticates server certificate
– Use asymmetric crypto to solve the key distribution problem
• secure exchange of shared secret required for symmetric crypto
– Verify handshake
– Server authenticates client certificate (optional)
Application Data Exchange
– Following the handshake, application data is encrypted/decrypted
using negotiated symmetric algorithm and key
– Transfers data between client & server as records
© 2005 Britestream

17. 17
• Link Management (Establishing a connection)
– Setup and tear down communications connections
• Key Management (SSL Handshake)
– Key generation/exchange of symmetric (session) key using
public key encryption
– Exchange policies, algorithms, and keys
– Verify message and sender’s identity (Digital Signature)
using public key encryption
• Encryption (SSL Protected Records)
– Encrypt payload using symmetric key
– Authenticate payload using keyed hash (a.k.a. MAC)
Typical SSL Session
© 2005 Britestream

18. 18
ChangeCipher
RECORD LAYER
TCP
Alert HandShake Application
HTTP
Secure
Sockets
Layer
• ChangeCipherSpec Protocol - Very simple, only 1 message
• Alert Protocol - Used to signal error or caution conditions
• Handshake Protocol - Used to negotiate SSL sessions
• Each of the above protocols uses messages to communicate
• The Record Layer protocol accepts all messages and formats /
frames them before passing them on to a transport layer protocol
such as TCP
SSL’s Component Protocols
© 2005 Britestream

19. 19
TLS (SSL v3.0) Record Format
Protocols
– 0x14 – ChangeCipherSpec
– 0x15 – Alert
– 0x16 – Handshake
– 0x17 – ApplicationData
Version (Major/Minor)
– 0x0300 – SSL v3
– 0x0301 – TLS 1.0
– 0x0302 – TLS 1.1
Length
– Length of payload fragment
– Payload byte count
Payload
– Content varies by protocol
– Payload of all records following
MAC
– Message Authentication Code
– SHA or MD5; HMAC (TLS)
PAD
– Padding is added prior to
encryption in order to fill block
sizes
Protocol
Type
Version Length Payload MAC PAD
PAD
Length
Authentication2
Encryption3
Compression (optional)1
© 2005 Britestream

20. 20
Client Server
ClientHello
ServerHello
Certificate
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished
ChangeCipherSpec
Finished
SSL Initial (Normal) Handshake
Server chooses cryptographic parameters to use for the
session.
Client encrypts a session key with the servers public key and
sends the result to the server.
Client tells server to begin using agreed upon security services.
Client is done sending messages 5 and 6. From this point
forward all messages from the client will be encrypted with the
agreed upon encryption and authentication algorithms.
Server tells client to begin using agreed upon security services.
Server is done sending messages 7 and 8. From this point
forward all messages from the server will be encrypted with the
agreed upon encryption and authentication algorithms.
Client proposes PK algorithm and key sizes that may be used.1
2
Server sends public key information to client.3
Server is done sending messages 2 and 3.4
5
6
7
8
9
© 2005 Britestream

21. 21
SSL Initial Handshake Details
• Initial Handshakes are used to create new SSL sessions
• Typical message content and length
© 2005 Britestream

22. 22
SSL Resume Handshake
ClientHello
ServerHello
ChangeCipherSpec
Finished
ChangeCipherSpec
Finished
Client Server
Client is done sending messages 5. From this point forward all
messages from the client will be encrypted using the master
secret previously agreed upon during initial handshake.
Client proposes PK algorithm and key sizes that may be used.1
Server retrieves initial cryptographic parameters from the SSL
initial handshake and uses them for the session.2
Client tells server to use previously agreed security services.5
6
Server tells client to begin using agreed upon security services.3
Server is done sending messages 2 and 3. From this point
forward all messages from the server will be sent using the
encryption and authentication algorithms previously agreed
upon during initial handshake.
4
© 2005 Britestream

23. 23
Resume Handshake Details
• Resume Handshakes enable SSL sessions “re-use”
• 6 Messages in a resume handshake
• Fast - no PK requirements in a resume handshake !
• Client proposes same Session ID
• Server has the option to accept a resume handshake
• Typical message content and length
© 2005 Britestream

24. 24
Securing Web Pages with HTTPS
Open TCP
Connection #1
SSL Session
Establishment and
Certif. Exchange
Key Exchange and
Cipher Negotiation
GET and RESPONSE
#1
GET and RESPONSE
#5
GET and RESPONSE
#9
CLOSE
CONNECTION
Open TCP
Connection #2
SSL Session
Establishment
(including previous
Session Identifier)
GET and RESPONSE
#2
GET and RESPONSE
#6
GET and RESPONSE
#10
CLOSE
CONNECTION
Open TCP
Connection #3
SSL Session
Establishment
(including previous
Session Identifier)
GET and RESPONSE
#3
GET and RESPONSE
#7
GET and RESPONSE
#11
CLOSE
CONNECTION
Open TCP
Connection #4
SSL Session
Establishment
(including previous
Session Identifier)
GET and RESPONSE
#4
GET and RESPONSE
#8
GET and RESPONSE
#12
CLOSE
CONNECTION
Normal Handshake
Resume
Handshake
Resume
Handshake
Resume
Handshake
© 2005 Britestream

25. 25
Clearly a Need for SSL Hardware Offload!
• SSL is a computationally
intensive task
• Example: A Pentium III
(1GHz) server capable of
supporting up to 7000
connections/sec without
SSL can support less
than 400 connections/sec
with SSL
© 2005 Britestream

26. 26
Security and SSL Related Books
• Cryptography and Network Security, by William
Stallings, Prentice-Hall; 2nd edition (1999); ISBN: 0-
13-869017-0
• SSL and TLS, Designing and Building Secure
Systems, by Eric Rescorla, Addison-Wesley
Professional; 1st edition (October 13, 2000); ISBN: 0-
201-61598-3 (Chinese Translation 7508310934)
• Network Security with OpenSSL, by John Viega et.
al.; O'Reilly; 1st edition (June 15, 2002); ISBN: 0-
596-00270-X
© 2005 Britestream

27. 27
Questions and Answers
The End
© 2005 Britestream