secure sockets layer (ssl) protocol by steven giovenco
TRANSCRIPT
Secure Sockets Secure Sockets Layer (SSL) Layer (SSL)
ProtocolProtocolby Steven Giovencoby Steven Giovenco
OverviewOverview
HistoryHistory SSLSSL SSL RolesSSL Roles Protocol StackProtocol Stack The 4 ProtocolsThe 4 Protocols The Record LayerThe Record Layer Message Message
Authentication Authentication CodeCode
HandshakingHandshaking HandshakingHandshaking ChangeCipherSpec ChangeCipherSpec
ProtocolProtocol More HandshakingMore Handshaking Alert and Alert and
Application Application ProtocolsProtocols
Benefits and Benefits and DrawbacksDrawbacks
HistoryHistory
Need for secure web communicationNeed for secure web communication NetscapeNetscape
Worried especially about credit card Worried especially about credit card transaction over the webtransaction over the web
Also worried about ease of Also worried about ease of implementation since they wanted this implementation since they wanted this to be industry-standard, not proprietaryto be industry-standard, not proprietary
SSLv1 - 1994SSLv1 - 1994
SSLv2SSLv2
SSLv2 also released in 1994SSLv2 also released in 1994 SSLv1 wasn’t widely implementedSSLv1 wasn’t widely implemented
Rules for establishing secure connectionRules for establishing secure connection Rules for public key encryptionRules for public key encryption Optional certificate-based authentication Optional certificate-based authentication
for servers and even clientsfor servers and even clients FlexibleFlexible
No specifically required encryption, No specifically required encryption, compression, or key generation algorithmcompression, or key generation algorithm
SSL RolesSSL Roles
Two rolesTwo roles ClientClient
Initiates communication, lists possibilities Initiates communication, lists possibilities for choicesfor choices
ServerServer Listens for client connections, chooses from Listens for client connections, chooses from
possibilities sent from clientspossibilities sent from clients
Both roles simply add Secure Both roles simply add Secure Sockets Layer to protocol stackSockets Layer to protocol stack
SSL and the Protocol SSL and the Protocol StackStack
SSL between Transmission Control SSL between Transmission Control Protocol (TCP) layer and Application layerProtocol (TCP) layer and Application layer
Actually 2 layersActually 2 layers RecordRecord Secure ApplicationSecure Application
Can run under any protocol that relies on Can run under any protocol that relies on TCP, including HTTP, LDAP, POP3, FTPTCP, including HTTP, LDAP, POP3, FTP
The Four Upper Layer The Four Upper Layer ProtocolsProtocols
Handshaking ProtocolHandshaking Protocol Establish communication variablesEstablish communication variables
ChangeCipherSpec ProtocolChangeCipherSpec Protocol Alert to a change in communication Alert to a change in communication
variablesvariables Alert ProtocolAlert Protocol
Messages important to SSL connectionsMessages important to SSL connections Application Encryption ProtocolApplication Encryption Protocol
Encrypt/Decrypt application dataEncrypt/Decrypt application data
Record LayerRecord Layer
Frames and encrypts upper level data Frames and encrypts upper level data into one protocol for transport into one protocol for transport through TCPthrough TCP
5 byte frame5 byte frame 11stst byte protocol indicator byte protocol indicator 22ndnd byte is major version of SSL byte is major version of SSL 33rdrd byte is minor version of SSL byte is minor version of SSL Last two bytes indicate length of data Last two bytes indicate length of data
inside frame, up to 2inside frame, up to 21414
Message Authentication Code (MAC)Message Authentication Code (MAC)
Message Authentication Message Authentication CodeCode
MAC secures connection in two waysMAC secures connection in two ways Ensure Client and Server are using Ensure Client and Server are using
same encryption and compression same encryption and compression methodsmethods
Ensure messages sent were received Ensure messages sent were received without error or interferencewithout error or interference
Both sides compute MACs to match Both sides compute MACs to match themthem
No match = error or attackNo match = error or attack
Handshaking MessagesHandshaking Messages ClientHelloClientHello ServerHelloServerHello *Certificate*Certificate ServerKeyExchangServerKeyExchang
ee *CertificateRequest*CertificateRequest ServerHelloDoneServerHelloDone *Certificate*Certificate *CertificateVerify*CertificateVerify ClientKeyExchangeClientKeyExchange ChangeCipherSpecChangeCipherSpec FinishedFinished
*=optional
The Process BeginsThe Process Begins
Client Sends ClientHelloClient Sends ClientHello Highest SSL version supportedHighest SSL version supported 32-byte random number32-byte random number SessionIDSessionID List of supported encryption methodsList of supported encryption methods List of supported compression methodsList of supported compression methods
The Server RespondsThe Server Responds
Server Sends ServerHelloServer Sends ServerHello SSL version that will be usedSSL version that will be used 32-byte random number32-byte random number SessionIDSessionID Encryption method that will be usedEncryption method that will be used Compression method that will be usedCompression method that will be used
Server AuthenticationServer Authentication
To authenticate Server, Server To authenticate Server, Server sends Certificatesends Certificate Server’s public key certificateServer’s public key certificate Issuing authority’s root certificateIssuing authority’s root certificate
When Client receives Certificate, it When Client receives Certificate, it decides whether or not to trust decides whether or not to trust ServerServer This is the only step that might involve This is the only step that might involve
User if User never specified whether or User if User never specified whether or not to trust issuing authority beforenot to trust issuing authority before
Still Shaking HandsStill Shaking Hands
Server Sends ServerKeyExchangeServer Sends ServerKeyExchange Any information necessary for public Any information necessary for public
key encryption systemkey encryption system If Sever wishes Client to be If Sever wishes Client to be
authenticated, Server sends authenticated, Server sends CertificateRequest messageCertificateRequest message The client would respond to this with a The client would respond to this with a
Certificate message encrypted with Certificate message encrypted with Server’s public keyServer’s public key
Server sends ServerHelloDoneServer sends ServerHelloDone
Client RespondsClient Responds
Client sends ClientKeyExchangeClient sends ClientKeyExchange Information necessary for public key Information necessary for public key
encryption systemencryption system Encrypted with Server’s public keyEncrypted with Server’s public key
Compute secret keys using Key Compute secret keys using Key Derivation Function such as Diffie-Derivation Function such as Diffie-HellmanHellman
If Client is being authenticated, If Client is being authenticated, Client sends CertificateVerifyClient sends CertificateVerify Digest of previous messages encrypted Digest of previous messages encrypted
with Client’s private keywith Client’s private key
ChangeCipherSpec ChangeCipherSpec ProtocolProtocol
Special protocol with only one Special protocol with only one messagemessage
When Client processes encryption When Client processes encryption information, it sends information, it sends ChangeCipherSpec messageChangeCipherSpec message Signals all following messages will be Signals all following messages will be
encryptedencrypted ChangeCipherSpec is always ChangeCipherSpec is always
followed by Finished messagefollowed by Finished message
The End of the The End of the BeginningBeginning
Upon receipt of ChangeCipherSpec, Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec Server sends its own ChangeCipherSpec and Finished messagesand Finished messages
After both Client and Server receive After both Client and Server receive Finish messages, Handshaking phase is Finish messages, Handshaking phase is overover
All following communication is encryptedAll following communication is encrypted Encryption and compression methods Encryption and compression methods
can be changed with new can be changed with new ChangeCipherSpec messagesChangeCipherSpec messages
Alert and Application Alert and Application ProtocolsProtocols
Alert protocol always two byte messageAlert protocol always two byte message First byte indicates severity of messageFirst byte indicates severity of message
Warning or FatalWarning or Fatal A Fatal alert will terminate the connectionA Fatal alert will terminate the connection
Second byte indicate preset error codeSecond byte indicate preset error code Secure connection end alert not always usedSecure connection end alert not always used
Application Protocol is HTTP, POP3, Application Protocol is HTTP, POP3, SMTP, or whatever application is being SMTP, or whatever application is being usedused Simply give a datagram to the Record LayerSimply give a datagram to the Record Layer
BenefitsBenefits
Ease of implementationEase of implementation For network application developersFor network application developers
As easy as implementing unsecured SocketsAs easy as implementing unsecured Sockets For network implementation developersFor network implementation developers
Simply add layer to established network Simply add layer to established network protocol stackprotocol stack
For UsersFor Users Only need to authorize certificatesOnly need to authorize certificates
DrawbacksDrawbacks
More bandwidth neededMore bandwidth needed SlowerSlower Needs a dedicated port – 443 for Needs a dedicated port – 443 for
HTTPSHTTPS Assumes reliable transport for Assumes reliable transport for
underlying transport protocolunderlying transport protocol No UDPNo UDP Implications for streaming media, VoIPImplications for streaming media, VoIP
SummarySummary
Need for secure communicationNeed for secure communication Netscape issues SSL specNetscape issues SSL spec The 4 SSL protocolsThe 4 SSL protocols Message Authentication CodeMessage Authentication Code HandshakingHandshaking Alert and Application messagesAlert and Application messages Benefits and DrawbacksBenefits and Drawbacks
ReferencesReferences Rescorla, Eric. Rescorla, Eric. SSL and TLSSSL and TLS. Boston: Addison-Wesley, . Boston: Addison-Wesley,
20012001 “ “Secure Sockets Layer.” Secure Sockets Layer.” Netscape NetworkNetscape Network. 2004. . 2004.
Netscape Communications Corporation. 2 Nov 2004 Netscape Communications Corporation. 2 Nov 2004 <http://wp.netscape.com/security/techbriefs/ssl.html><http://wp.netscape.com/security/techbriefs/ssl.html>
“ “Secure Socket Layer.” Secure Socket Layer.” WindowSecurity.comWindowSecurity.com. 22 July . 22 July 2004. WindowSecurity.com. 2 Nov 2004 2004. WindowSecurity.com. 2 Nov 2004 <http://www.windowsecurity.com/articles/<http://www.windowsecurity.com/articles/Secure_Socket_Layer.html>Secure_Socket_Layer.html>
Thomas, Stephen A. Thomas, Stephen A. SSL and TLS EssentialsSSL and TLS Essentials. New . New York: Wiley Computer York: Wiley Computer Publishing, 2000Publishing, 2000
““Transport Layer Security.” Transport Layer Security.” Wikipedia the Free Wikipedia the Free EncyclopediaEncyclopedia. 1 Nov 2004. Wikipedia. 2 Nov 2004 . 1 Nov 2004. Wikipedia. 2 Nov 2004 <http://en.wikipedia.org/wiki/Transport_Layer_Securit<http://en.wikipedia.org/wiki/Transport_Layer_Security>y>