SlideShare une entreprise Scribd logo

ssl

Télécharger en tant que PPTX, PDF
V
vivek lohiya
1  sur  28
SSL / TLS Internet Security Protocols
© Novell, Inc. All rights reserved.2 What is it used for?  Designed to provide communication security over the Internet  Authentication, Data Integrity, Confidentiality  Prevents Eavesdropping, tampering & message forgery  Application protocol independent ( POP3, IMAP, SMTP, FTP)  Virtual Private Network (SSL VPN)  Public key infrastructure(PKI)
© Novell, Inc. All rights reserved.3 Cryptography Heads up!!! 1. Symmetric Key Cryptography 2. Asymmetric Key Cryptography a.k.a. Public Key Cryptography
© Novell, Inc. All rights reserved.4 Symmetric Key Cryptography
© Novell, Inc. All rights reserved.5 Public Key Cryptography
© Novell, Inc. All rights reserved.6 History & Development Secure Network Programming (1993) SSL 1.0, 2.0 and 3.0 (1995-96) TLS 1.0(1999) TLS 1.1(2006) TLS 1.2(2008) TLS 1.3(Draft Oct. 2014)
© Novell, Inc. All rights reserved.7 SSL/TLS Architecture Handshake protocol Change Cipher spec Alert Application Protocol Record TCP/IP
© Novell, Inc. All rights reserved.8 Basic TLS Handshake TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Server Hello Server chooses TLS version, Session IDs, Cipher, compression method Server Certificate (Optional) Server Key Exchange (Optional) Servers public key if certificate not available Client certificate request (Optional) Server Hello Done Client Certificate (Optional) Client KeyExchange PreMasterSecret or public key, or nothing encrypted using server’s public key Client Certificate verify (Optional) client will start using the new session keys for hashing and encrypting messages Change CipherSpec Server Finished Encrypted Application Data Change CipherSpec & Client Finished
© Novell, Inc. All rights reserved.9 Resumed TLS Handshake  Public key operations (e.g., RSA) are relatively expensive in terms of computational power.  TLS provides a secure shortcut in the handshake mechanism to avoid these operations: resumed sessions.  Resumed sessions are implemented using session IDs or session tickets.  Apart from the performance benefit, resumed sessions can also be used for single sign-on.  Session ID and Session tickets are used for resumed TLS handshake.
© Novell, Inc. All rights reserved.10 Resumed TLS Handshake (Cont.) TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Older Session ID / Session Ticket Server Hello With Old / New session ID Change CipherSpec & Client Finished client will start using the new /old session keys for hashing and encrypting messages Encrypted Application Data Change CipherSpec Server Finished containing a hash and MAC over the previous handshake messages
© Novell, Inc. All rights reserved.11 Session ID & Session tickets Session ID:- The client associates this session id with the server's IP address and TCP port, so that when the client connects again to that server, it can use the session id to shortcut the handshake. In the server, the session id maps to the cryptographic parameters previously negotiated, specifically the "master secret". Both sides must have the same "master secret" or the resumed handshake will fail. Session Tickets:- When using session tickets, the TLS server stores its session-specific state in a session ticket and sends the session ticket to the TLS client for storing. The client resumes a TLS session by sending the session ticket to the server, and the server resumes the TLS session according to the session-specific state in the ticket. The session ticket is encrypted and authenticated by the server, and the server verifies its validity before using its contents.
© Novell, Inc. All rights reserved.12 TLS Record Protocol  The TLS Record Protocol is a layered protocol.  The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result.  Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.  Following four protocol clients uses it: the handshake protocol, the alert protocol, the change cipher spec protocol, and the application data protocol
© Novell, Inc. All rights reserved.13 TLS Record Protocol(Cont.) TLS Record Header
© Novell, Inc. All rights reserved.14 Connection States  A TLS connection state is the operating environment of the TLS Record Protocol  There are always four connection states outstanding: the current read and write states, and the pending read and write states  All records are processed under the current read and write states.  The security parameters for the pending states can be set by the TLS Handshake Protocol, and the Change Cipher Spec can selectively make either of the pending states current
© Novell, Inc. All rights reserved.15 Message Authentication Code  TLS record layer uses Keyed-Hash MAC(HMAC) for authentication and integrity check of messages.  HMAC employs an iterative cryptographic hash function in combination with a premaster secret key as follows: H(secret XOR opad, H(secret XOR ipad, message))  HMAC produces a fixed length message digest which may not be sufficiently long. To remedy this successive concatenation of HMAC with different values is done as follows: P_hash(secret, seed) = H(secret, A(1) + seed) + H(secret, A(2) + seed) + H (secret, A(3) + seed) + ... where + indicates concatenation. A() is defined as: A(0) = seed = ClientHello.random + ServerHello.random A(i) = H (secret, A(i-1)) Secret = premaster secret
© Novell, Inc. All rights reserved.16 Master Key Generation:-  The master secret is calculated using PRF: master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) [0..47]; where + indicates concatenation.  TLS's PRF is created by applying P_hash to the secret as: PRF(secret, label, seed) = P_<hash>(secret, label, + seed) where + indicates concatenation.  The master secret is always exactly 48 bytes in length.  The Length of the premaster secret will vary depending on key exchange method.
© Novell, Inc. All rights reserved.17 TLS communication steps 1. Handshake and cipher suite negotiation 2. Authentication of parties 3. Key-related information exchange 4. Application data exchange The steps that make up TLS are divided into two protocols that together provide connection security: TLS Handshaking Protocols — (steps 1 – 3) Application Data Protocol — (step 4)
© Novell, Inc. All rights reserved.18 TLS Handshaking Protocols  It is responsible for the authentication and key exchange necessary to establish or resume secure sessions  When establishing a secure session, the Handshaking Protocol manages the following: • Cipher suite negotiation • Authentication of the server and optionally, the client • Session key information exchange.  It includes “The Handshake Protocol”, “The Alert Protocol” & “Change Cipher Spec Protocol”
© Novell, Inc. All rights reserved.19 TLS Handshake Protocol The Handshake Protocol is responsible for negotiating a session, which consists of the following items:-  Session Identifier:- An arbitrary byte sequence chosen by the server to identify an active or resume-able session state.  Peer Certificate:- X509v3 certificate of the peer. This element of the state may be null.  Compression Method:- The algorithm used to compress data prior to encryption.  Cipher Spec:- Specifies the pseudorandom function (PRF) used to generate keying material, the bulk data encryption algorithm (such as null, AES, etc.) and the MAC algorithm (such as MD5 HMAC-SHA1). It also defines cryptographic attributes such as the mac_length.  Master Secret:- 48-byte secret shared between the client and server.  is resumable:- A flag indicating whether the session can be used to initiate new connections.
© Novell, Inc. All rights reserved.20 Change Cipher Spec Protocol  The change cipher spec protocol exists to signal transitions in ciphering strategies.  The ChangeCipherSpec message is sent by both the client and the server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.
© Novell, Inc. All rights reserved.21 Alert Protocol  Alert messages convey the severity of the message (warning or fatal) and a description of the alert.  There are two alert levels in TLS 1. Fatal:- immediate termination of the connection 2. Warning:- other connections corresponding to the session may continue, but the session identifier MUST be invalidated, preventing the failed session from being used to establish new connections  For complete list of alert messages use RFC5246 Note :- alert messages are encrypted and compressed, as specified by the current connection state.
© Novell, Inc. All rights reserved.22 Application Data Protocol  Application data messages are carried by the record layer and are fragmented, compressed, and encrypted based on the current connection state. The messages are treated as transparent data to the record layer.
© Novell, Inc. All rights reserved.23 TLS Record Content Type:- This field identifies the Record Layer Protocol Type contained in this Record.
© Novell, Inc. All rights reserved.24 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
© Novell, Inc. All rights reserved.25 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client. Length:- The length of Protocol message(s), MAC and Padding, not to exceed 214 bytes (16 KiB).
© Novell, Inc. All rights reserved.26 TLS Record(Cont.) Protocol message(s):- One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection. MAC and Padding:- A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. No MAC or Padding can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.
© Novell, Inc. All rights reserved.27 References:- • http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS _record • rfc2246, rfc5246, rfc4346 • http://msdn.microsoft.com/en- us/library/windows/desktop/aa380516%28v=vs.85%29.as px • https://www.cs.bham.ac.uk/~mdr/teaching/modules06/net sec/lectures/tls/tls.html • http://lasr.cs.ucla.edu/vahab/resources/notes_on_tls.pdf
© Novell, Inc. All rights reserved.28 Corporate Headquarters 1800 South, Novell Place Provo, Utah 84606 801.861.7000 (Worldwide) 800.453.1267 (Toll-free) Join us on: www.novell.com

Recommandé

security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 

Recommandé

security in transport layer ssl
security in transport layer ssl security in transport layer ssl
security in transport layer sslSTUDENT
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1Ram Dutt Shukla
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSDr Anjan Krishnamurthy
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Fit project
Fit projectFit project
Fit projectajay raghavender
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)Vishal Kumar
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
Unit 6
Unit 6Unit 6
Unit 6Vinod Kumar Gorrepati
 
Transportsec
TransportsecTransportsec
TransportsecBogdan Korniyenko
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL? Shehzad Imran
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...Pefkoula Stagia
 
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015Games for Health Finland
 

Contenu connexe

Tendances

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)Vishal Kumar
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 

Tendances (20)

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Fit project
Fit projectFit project
Fit project
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Unit 6
Unit 6Unit 6
Unit 6
 
Transportsec
TransportsecTransportsec
Transportsec
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 

En vedette

Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...Pefkoula Stagia
 
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015Games for Health Finland
 
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب WomenAntiCoup
 
Yx yoyo series you are only young once
Yx yoyo series you are only young onceYx yoyo series you are only young once
Yx yoyo series you are only young onceJose Ramos
 
Literacy in the content area for week four blog
Literacy in the content area for week four blogLiteracy in the content area for week four blog
Literacy in the content area for week four blogChris Lewis
 
Characteristics of Intelligent Behavior
Characteristics of Intelligent BehaviorCharacteristics of Intelligent Behavior
Characteristics of Intelligent Behaviorldenney65
 
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !WomenAntiCoup
 
Jem Smith CV PDF
Jem Smith CV PDFJem Smith CV PDF
Jem Smith CV PDFJem16
 
TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1Jose Ramos
 
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONESPORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONESAlex Gonzales
 
Run to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 mediaRun to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 mediaJose Ramos
 
Camera shots and what makes a good photo
Camera shots and what makes a good photoCamera shots and what makes a good photo
Camera shots and what makes a good photoSuther98
 
Ten Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are MakingTen Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are Makingdesigns.codes
 

En vedette (20)

Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
 
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015
 
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
 
Yx yoyo series you are only young once
Yx yoyo series you are only young onceYx yoyo series you are only young once
Yx yoyo series you are only young once
 
Literacy in the content area for week four blog
Literacy in the content area for week four blogLiteracy in the content area for week four blog
Literacy in the content area for week four blog
 
Presentation1
Presentation1Presentation1
Presentation1
 
Avatar power point
Avatar power pointAvatar power point
Avatar power point
 
Characteristics of Intelligent Behavior
Characteristics of Intelligent BehaviorCharacteristics of Intelligent Behavior
Characteristics of Intelligent Behavior
 
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
 
тема 6
тема 6тема 6
тема 6
 
тема 8
тема 8тема 8
тема 8
 
Jem Smith CV PDF
Jem Smith CV PDFJem Smith CV PDF
Jem Smith CV PDF
 
TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1
 
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONESPORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
 
тема 4
тема 4тема 4
тема 4
 
Run to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 mediaRun to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 media
 
Welcome
WelcomeWelcome
Welcome
 
Camera shots and what makes a good photo
Camera shots and what makes a good photoCamera shots and what makes a good photo
Camera shots and what makes a good photo
 
30 ideas to Innovate the Workplace
30 ideas to Innovate the Workplace30 ideas to Innovate the Workplace
30 ideas to Innovate the Workplace
 
Ten Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are MakingTen Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are Making
 

Similaire à ssl

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket LayerDr.Florence Dayana
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 

Similaire à ssl (20)

Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
SSL.pptx
SSL.pptxSSL.pptx
SSL.pptx
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Lec 3.pptx
Lec 3.pptxLec 3.pptx
Lec 3.pptx
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket Layer
 
SIP over TLS
SIP over TLSSIP over TLS
SIP over TLS
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Web Security
Web SecurityWeb Security
Web Security
 
ssl
sslssl
ssl
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 

ssl

  • 1. SSL / TLS Internet Security Protocols
  • 2. © Novell, Inc. All rights reserved.2 What is it used for?  Designed to provide communication security over the Internet  Authentication, Data Integrity, Confidentiality  Prevents Eavesdropping, tampering & message forgery  Application protocol independent ( POP3, IMAP, SMTP, FTP)  Virtual Private Network (SSL VPN)  Public key infrastructure(PKI)
  • 3. © Novell, Inc. All rights reserved.3 Cryptography Heads up!!! 1. Symmetric Key Cryptography 2. Asymmetric Key Cryptography a.k.a. Public Key Cryptography
  • 4. © Novell, Inc. All rights reserved.4 Symmetric Key Cryptography
  • 5. © Novell, Inc. All rights reserved.5 Public Key Cryptography
  • 6. © Novell, Inc. All rights reserved.6 History & Development Secure Network Programming (1993) SSL 1.0, 2.0 and 3.0 (1995-96) TLS 1.0(1999) TLS 1.1(2006) TLS 1.2(2008) TLS 1.3(Draft Oct. 2014)
  • 7. © Novell, Inc. All rights reserved.7 SSL/TLS Architecture Handshake protocol Change Cipher spec Alert Application Protocol Record TCP/IP
  • 8. © Novell, Inc. All rights reserved.8 Basic TLS Handshake TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Server Hello Server chooses TLS version, Session IDs, Cipher, compression method Server Certificate (Optional) Server Key Exchange (Optional) Servers public key if certificate not available Client certificate request (Optional) Server Hello Done Client Certificate (Optional) Client KeyExchange PreMasterSecret or public key, or nothing encrypted using server’s public key Client Certificate verify (Optional) client will start using the new session keys for hashing and encrypting messages Change CipherSpec Server Finished Encrypted Application Data Change CipherSpec & Client Finished
  • 9. © Novell, Inc. All rights reserved.9 Resumed TLS Handshake  Public key operations (e.g., RSA) are relatively expensive in terms of computational power.  TLS provides a secure shortcut in the handshake mechanism to avoid these operations: resumed sessions.  Resumed sessions are implemented using session IDs or session tickets.  Apart from the performance benefit, resumed sessions can also be used for single sign-on.  Session ID and Session tickets are used for resumed TLS handshake.
  • 10. © Novell, Inc. All rights reserved.10 Resumed TLS Handshake (Cont.) TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Older Session ID / Session Ticket Server Hello With Old / New session ID Change CipherSpec & Client Finished client will start using the new /old session keys for hashing and encrypting messages Encrypted Application Data Change CipherSpec Server Finished containing a hash and MAC over the previous handshake messages
  • 11. © Novell, Inc. All rights reserved.11 Session ID & Session tickets Session ID:- The client associates this session id with the server's IP address and TCP port, so that when the client connects again to that server, it can use the session id to shortcut the handshake. In the server, the session id maps to the cryptographic parameters previously negotiated, specifically the "master secret". Both sides must have the same "master secret" or the resumed handshake will fail. Session Tickets:- When using session tickets, the TLS server stores its session-specific state in a session ticket and sends the session ticket to the TLS client for storing. The client resumes a TLS session by sending the session ticket to the server, and the server resumes the TLS session according to the session-specific state in the ticket. The session ticket is encrypted and authenticated by the server, and the server verifies its validity before using its contents.
  • 12. © Novell, Inc. All rights reserved.12 TLS Record Protocol  The TLS Record Protocol is a layered protocol.  The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result.  Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.  Following four protocol clients uses it: the handshake protocol, the alert protocol, the change cipher spec protocol, and the application data protocol
  • 13. © Novell, Inc. All rights reserved.13 TLS Record Protocol(Cont.) TLS Record Header
  • 14. © Novell, Inc. All rights reserved.14 Connection States  A TLS connection state is the operating environment of the TLS Record Protocol  There are always four connection states outstanding: the current read and write states, and the pending read and write states  All records are processed under the current read and write states.  The security parameters for the pending states can be set by the TLS Handshake Protocol, and the Change Cipher Spec can selectively make either of the pending states current
  • 15. © Novell, Inc. All rights reserved.15 Message Authentication Code  TLS record layer uses Keyed-Hash MAC(HMAC) for authentication and integrity check of messages.  HMAC employs an iterative cryptographic hash function in combination with a premaster secret key as follows: H(secret XOR opad, H(secret XOR ipad, message))  HMAC produces a fixed length message digest which may not be sufficiently long. To remedy this successive concatenation of HMAC with different values is done as follows: P_hash(secret, seed) = H(secret, A(1) + seed) + H(secret, A(2) + seed) + H (secret, A(3) + seed) + ... where + indicates concatenation. A() is defined as: A(0) = seed = ClientHello.random + ServerHello.random A(i) = H (secret, A(i-1)) Secret = premaster secret
  • 16. © Novell, Inc. All rights reserved.16 Master Key Generation:-  The master secret is calculated using PRF: master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) [0..47]; where + indicates concatenation.  TLS's PRF is created by applying P_hash to the secret as: PRF(secret, label, seed) = P_<hash>(secret, label, + seed) where + indicates concatenation.  The master secret is always exactly 48 bytes in length.  The Length of the premaster secret will vary depending on key exchange method.
  • 17. © Novell, Inc. All rights reserved.17 TLS communication steps 1. Handshake and cipher suite negotiation 2. Authentication of parties 3. Key-related information exchange 4. Application data exchange The steps that make up TLS are divided into two protocols that together provide connection security: TLS Handshaking Protocols — (steps 1 – 3) Application Data Protocol — (step 4)
  • 18. © Novell, Inc. All rights reserved.18 TLS Handshaking Protocols  It is responsible for the authentication and key exchange necessary to establish or resume secure sessions  When establishing a secure session, the Handshaking Protocol manages the following: • Cipher suite negotiation • Authentication of the server and optionally, the client • Session key information exchange.  It includes “The Handshake Protocol”, “The Alert Protocol” & “Change Cipher Spec Protocol”
  • 19. © Novell, Inc. All rights reserved.19 TLS Handshake Protocol The Handshake Protocol is responsible for negotiating a session, which consists of the following items:-  Session Identifier:- An arbitrary byte sequence chosen by the server to identify an active or resume-able session state.  Peer Certificate:- X509v3 certificate of the peer. This element of the state may be null.  Compression Method:- The algorithm used to compress data prior to encryption.  Cipher Spec:- Specifies the pseudorandom function (PRF) used to generate keying material, the bulk data encryption algorithm (such as null, AES, etc.) and the MAC algorithm (such as MD5 HMAC-SHA1). It also defines cryptographic attributes such as the mac_length.  Master Secret:- 48-byte secret shared between the client and server.  is resumable:- A flag indicating whether the session can be used to initiate new connections.
  • 20. © Novell, Inc. All rights reserved.20 Change Cipher Spec Protocol  The change cipher spec protocol exists to signal transitions in ciphering strategies.  The ChangeCipherSpec message is sent by both the client and the server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.
  • 21. © Novell, Inc. All rights reserved.21 Alert Protocol  Alert messages convey the severity of the message (warning or fatal) and a description of the alert.  There are two alert levels in TLS 1. Fatal:- immediate termination of the connection 2. Warning:- other connections corresponding to the session may continue, but the session identifier MUST be invalidated, preventing the failed session from being used to establish new connections  For complete list of alert messages use RFC5246 Note :- alert messages are encrypted and compressed, as specified by the current connection state.
  • 22. © Novell, Inc. All rights reserved.22 Application Data Protocol  Application data messages are carried by the record layer and are fragmented, compressed, and encrypted based on the current connection state. The messages are treated as transparent data to the record layer.
  • 23. © Novell, Inc. All rights reserved.23 TLS Record Content Type:- This field identifies the Record Layer Protocol Type contained in this Record.
  • 24. © Novell, Inc. All rights reserved.24 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
  • 25. © Novell, Inc. All rights reserved.25 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client. Length:- The length of Protocol message(s), MAC and Padding, not to exceed 214 bytes (16 KiB).
  • 26. © Novell, Inc. All rights reserved.26 TLS Record(Cont.) Protocol message(s):- One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection. MAC and Padding:- A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. No MAC or Padding can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.
  • 27. © Novell, Inc. All rights reserved.27 References:- • http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS _record • rfc2246, rfc5246, rfc4346 • http://msdn.microsoft.com/en- us/library/windows/desktop/aa380516%28v=vs.85%29.as px • https://www.cs.bham.ac.uk/~mdr/teaching/modules06/net sec/lectures/tls/tls.html • http://lasr.cs.ucla.edu/vahab/resources/notes_on_tls.pdf
  • 28. © Novell, Inc. All rights reserved.28 Corporate Headquarters 1800 South, Novell Place Provo, Utah 84606 801.861.7000 (Worldwide) 800.453.1267 (Toll-free) Join us on: www.novell.com