tlstut-1226687803766575-8
TRANSCRIPT
-
8/3/2019 tlstut-1226687803766575-8
1/43
An Introduction to SSL/TLS andCertificates
Providing secure communicationover the Internet
-
8/3/2019 tlstut-1226687803766575-8
2/43
2
CertCo Overview
Background
Established in 1996. Bankers Trust spinoff. Privately held.
Mission
CertCo provides secure and cost-effective business solutions thatenable trust institutions to build a worldwide trust infrastructure tosupport high-value, secure electronic commerce.
Expertise
Cryptography, risk management, law, technology and banking. Location
Headquarters: New York City
Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.
-
8/3/2019 tlstut-1226687803766575-8
3/43
3
Outline
Problem: Creating applications whichcan communicate securely over theInternet
TLS: Transport Layer Security (SSL)
Certificates
Related technology: S-HTTP, IPSec, SET,SASL
References
-
8/3/2019 tlstut-1226687803766575-8
4/43
4
Security Issues
Privacy
Anyone can see content
Integrity
Someone might alter content
Authentication Not clear who you are talking with
-
8/3/2019 tlstut-1226687803766575-8
5/43
5
TLS: Transport Layer Security
formerly known asSSL: Secure Sockets Layer
Addresses issues of privacy, integrityand authentication
What is it?
How does it address the issues?
How is it used
-
8/3/2019 tlstut-1226687803766575-8
6/43
6
What is TLS?
Protocol layer
Requires reliable transport layer (e.g.
TCP)
Supports any application protocols
IP
TCPTLS
HTTP Telnet FTP LDAP
-
8/3/2019 tlstut-1226687803766575-8
7/43
7
TLS: Privacy
Encrypt message so it cannot be read
Use conventional cryptography with
shared key DES, 3DES
RC2, RC4
IDEA
A
Message Message
B
$%!@
-
8/3/2019 tlstut-1226687803766575-8
8/43
8
TLS:Key Exchange
Need secure method to exchange secretkey
Use public key encryption for this key pair is used - either one can encrypt
and then the other can decrypt
slower than conventional cryptography share one key, keep the other private
Choices are RSA or Diffie-Hellman
-
8/3/2019 tlstut-1226687803766575-8
9/43
9
TLS: Integrity
Compute fixed-length MessageAuthentication Code (MAC)
Includes hash of message Includes a shared secret
Include sequence number
Transmit MAC with message
-
8/3/2019 tlstut-1226687803766575-8
10/43
10
TLS: Integrity
Receiver creates new MAC
should match transmitted MAC
TLS allows MD5, SHA-1
A B
Message
MAC
MAC
=?
Message
MAC
-
8/3/2019 tlstut-1226687803766575-8
11/43
11
TLS: Authentication
Verify identities of participants
Client authentication is optional
Certificate is used to associate identitywith public key and other attributes
A
Certificate
B
Certificate
-
8/3/2019 tlstut-1226687803766575-8
12/43
12
TLS: Overview
Establish a session
Agree on algorithms
Share secrets
Perform authentication
Transfer application data
Ensure privacy and integrity
-
8/3/2019 tlstut-1226687803766575-8
13/43
13
TLS: Architecture
TLS defines Record Protocol to transferapplication and TLS information
A session is established using aHandshake Protocol
TLS Record Protocol
HandshakeProtocol
AlertProtocol
ChangeCipher Spec
-
8/3/2019 tlstut-1226687803766575-8
14/43
14
TLS: Record Protocol
-
8/3/2019 tlstut-1226687803766575-8
15/43
15
TLS: Handshake
Negotiate Cipher-Suite Algorithms
Symmetric cipher to use
Key exchange method
Message digest function
Establish and share master secret
Optionally authenticate server and/orclient
-
8/3/2019 tlstut-1226687803766575-8
16/43
16
Handshake Phases
Hello messages
Certificate and Key Exchange messages
Change CipherSpec and Finishedmessages
-
8/3/2019 tlstut-1226687803766575-8
17/43
17
TLS: Hello
Client Hello - initiates session
Propose protocol version
Propose cipher suite
Server chooses protocol and suite
Client may request use of cached
session Server chooses whether to honor request
-
8/3/2019 tlstut-1226687803766575-8
18/43
18
TLS: Key Exchange
Server sends certificate containingpublic key (RSA) or Diffie-Hellman
parameters Client sends encrypted pre-master
secret to server using Client Key
Exchange message Master secret calculated
Use random values passed in Client and
Server Hello messages
-
8/3/2019 tlstut-1226687803766575-8
19/43
19
Public Key Certificates
X.509 Certificate associates public keywith identity
Certification Authority (CA) createscertificate
Adheres to policies and verifies identity
Signs certificate
User of Certificate must ensure it isvalid
-
8/3/2019 tlstut-1226687803766575-8
20/43
20
Validating a Certificate
Must recognize accepted CA incertificate chain
One CA may issue certificate for anotherCA
Must verify that certificate has not been
revoked CA publishes Certificate Revocation List
(CRL)
-
8/3/2019 tlstut-1226687803766575-8
21/43
21
X.509: Certificate Content
Version
Serial Number
Signature Algorithm Identifier
Object Identifier (OID) e.g. id-dsa: {iso(1) member-body(2) us(840) x9-57 (10040)x9algorithm(4) 1}
Issuer (CA) X.500 name
Validity Period (Start,End)
Subject X.500 name
Subject Public Key
Algorithm
Value Issuer Unique Id (Version 2
,3)
Subject Unique Id (Version2,3)
Extensions (version 3) optional
CA digital Signature
-
8/3/2019 tlstut-1226687803766575-8
22/43
22
Subject Names
X.500 Distinguished Name (DN)
Associated with node in hierarchical
directory (X.500)
Each node has Relative DistinguishedName (RDN)
Path for parent node
Unique set of attribute/value pairs for thisnode
-
8/3/2019 tlstut-1226687803766575-8
23/43
23
Example Subject Name
Country at Highest Level (e.g. US)
Organization typically at next level (e.g.
CertCo) Individual below (e.g. Common Name
Elizabeth with Id = 1)
DN = { C=US;
O=CertCo;
CN=Elizabeth, ID=1}
-
8/3/2019 tlstut-1226687803766575-8
24/43
24
Version 3 Certificates
Version 3 X.509 Certificates supportalternative name formats as extensions
X.500 names Internet domain names
e-mail addresses
URLs Certificate may include more than one
name
-
8/3/2019 tlstut-1226687803766575-8
25/43
25
Certificate Signature
RSA Signature
Create hash of certificate
Encrypt using CAs private key
Signature verification
Decrypt using CAs public key
Verify hash
-
8/3/2019 tlstut-1226687803766575-8
26/43
26
TLS: ServerKeyExchange
Client
ClientHello
Server
ServerHello Certificate
ServerKeyExchange
-
8/3/2019 tlstut-1226687803766575-8
27/43
27
TLS: Certificate Request
Client
ClientHello
Server
ServerHello Certificate
ServerKeyExchange
CertificateRequest
-
8/3/2019 tlstut-1226687803766575-8
28/43
28
TLS: Client Certificate
Client
ClientHello
ClientCertificate
ClientKeyExchange
Server
ServerHello Certificate
ServerKeyExchange
CertificateRequest
-
8/3/2019 tlstut-1226687803766575-8
29/43
29
TLS: Change Cipher Spec,
FinishedClient
[ChangeCipherSpec]
Finished
Application Data
Server
[ChangeCipherSpec]
Finished
Application Data
-
8/3/2019 tlstut-1226687803766575-8
30/43
30
TLS: Change Cipher
Spec/Finished Change Cipher Spec
Announce switch to negotiated algorithms
and values Finished
Send copy of handshake using new session
Permits validation of handshake
-
8/3/2019 tlstut-1226687803766575-8
31/43
31
TLS: Using a Session
Client
ClientHello (Session #)
[ChangeCipherSpec]
Finished
Application Data
Server
ServerHello (Session #) [ChangeCipherSpec]
Finished
Application Data
-
8/3/2019 tlstut-1226687803766575-8
32/43
32
Changes from SSL 3.0 to TLS
Fortezza removed
Additional Alerts added
Modification to hash calculations
Protocol version 3.1 in ClientHello,ServerHello
-
8/3/2019 tlstut-1226687803766575-8
33/43
33
TLS: HTTP Application
HTTP most common TLS application
https://
Requires TLS-capable web server
Requires TLS-capable web browser
Netscape Navigator
Internet Explorer
Cryptozilla
Netscape Mozilla sources with SSLeay
-
8/3/2019 tlstut-1226687803766575-8
34/43
34
Web Servers
Apache-SSL
Apache mod_ssl
Stronghold
Roxen
iNetStore
-
8/3/2019 tlstut-1226687803766575-8
35/43
35
Other Applications
Telnet
FTP
LDAP
POP
SSLrsh
Commercial Proxies
-
8/3/2019 tlstut-1226687803766575-8
36/43
36
TLS: Implementation
Cryptographic Libraries
RSARef, BSAFE
TLS/SSL packages SSLeay
SSLRef
-
8/3/2019 tlstut-1226687803766575-8
37/43
37
X.509 Certificate Issues
Certificate Administration is complex
Hierarchy of Certification Authorities
Mechanisms for requesting, issuing,revoking certificates
X.500 names are complicated
Description formats are cumbersome(ASN.1)
-
8/3/2019 tlstut-1226687803766575-8
38/43
38
X.509 Alternative: SDSI
SDSI: Simple Distributed SecurityInfrastructure (Rivest, Lampson)
Merging with IETF SPKI: Simple Public-KeyInfrastructure in SDSI 2.0
Eliminate X.500 names - use DNS and text
Everyone is their own CA
Instead of ASN.1 use S-expressions andsimple syntax
Name and Authorization certificates
-
8/3/2019 tlstut-1226687803766575-8
39/43
39
TLS Alternatives
S-HTTP: secure HTTP protocol, shttp://
IPSec: secure IP
SET: Secure Electronic Transaction
Protocol and infrastructure for bank cardpayments
SASL: Simple Authentication andSecurity Layer (RFC 2222)
-
8/3/2019 tlstut-1226687803766575-8
40/43
40
Summary
SSL/TLS addresses the need forsecurity in Internet communications
Privacy - conventional encryption Integrity - Message Authentication Codes
Authentication - X.509 certificates
SSL in use today with web browsersand servers
-
8/3/2019 tlstut-1226687803766575-8
41/43
41
References - 1
Engelschall, Ralph, mod_ssl,
Ford, Warwick, Baum, Michael S. Secure Electronic Commerce,
Prentice Hall 1997. Hirsch, Frederick J. Introduction to SSL and Certificates Using
SSLeay, World Wide Web Journal, Summer 1997,
Hudson, Tim J, Young, Eric A , SSLeay and SSLapps FAQ,
Kaufman, Charlie, Perlman, Radia, Speciner,Mike NetworkSecurity: PRIVATE Communication in a PUBLIC World, PrenticeHall, 1995.
-
8/3/2019 tlstut-1226687803766575-8
42/43
42
References - 2
Rivest, Ron, SDSI,
Stallings, William Cryptography and Network Security: Principlesand Practice, 2nd Edition,Prentice Hall, 1999.
Wagner, David, Schneier, Bruce Analysis of the SSL 3.0Protocol
Internet Drafts and RFCs . Use thekeyword search on TLS or SSL in the Internet Drafts section tofind the TLS Protocol specification and other relevantdocuments.
PKCS standards:
-
8/3/2019 tlstut-1226687803766575-8
43/43
References - 3
Microsoft Security Documents
Netscape Security Documents