A1256656640MfGZV - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

A1256656640MfGZV

Description:

The client resumes the previously negotiated TLS session by sending the session ID. ... This mechanism is used for resuming the sessions. ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 35
Provided by: nee44
Category:

less

Transcript and Presenter's Notes

Title: A1256656640MfGZV


1
Transport Layer Security (TLS)
Team Techno Gautami Parulkar Hariharan
Venkataraman Jigar Patel karthik
gottiparthy Neeraj Sharma
2
Presentation Agenda
  • Introduction
  • TLS Protocol Stack
  • TLS Handshake
  • Improvement
  • Demo

3
TLS
  • Cryptographic protocol to provide secure
    communications on the internet
  • Similar to SSL with slight differences
  • Preventions of eavesdropping, tampering, and
    message forgery
  • Current approved version of TLS is 1.1

4
TLS Protocol Stack
1
2
3
5
TLS Record Protocol
Data
Encrypted Data MAC
Record header
6
Full TLS Handshake
7
Limitations of TLS
  • Time consuming Handshake messages during
    connection establishment.
  • Limitation of the session caching period at the
    servers cache.
  • Access security threat (web jacking).
  • Time consuming and expensive RSA private key
    decryption.
  • Denial of Service Attacks (DoS).

8
Limitations condt
  • Denial of Service Attacks (DoS).

9
Counter Measures
  • Resume Handshake Mechanism
  • The client resumes the previously negotiated TLS
    session by sending the session ID.
  • The server stores the session for certain period
    of time before evicting the session (aborting the
    session) causing the client to perform the full
    Handshake.
  • Amazons servers evict the session every 2mins
    .As a result the clients had to perform full
    handshake even tough the client wanted to resume
    the session

10
  • Eric Rescorla,Dan Boneh,Hovav Shacham
    proposed two mechanism.
  • 1. Fast Track Handshake Message.
  • 2. Client side session caching.
  • Fast Track Handshake Message
  • The ordinary TLS handshake mechanism follows
  • 1) negotiating the session parameters
  • 2) authentication of the server and optionally
    the client.
  • 3) Establishing the shared cryptographic secret
     

11
Ordinary TLS Handshake
  • The ordinary TLS handshake follows
  • negotiating the session parameters
  • authentication of the server and optionally the
    client.
  • Establishing the shared cryptographic secret

12
Fast Track Handshake
  • Specifically used for short lived TLS session ,no
    resumption done.
  • The peers have not communicated at all.
  • The client and the server well established
    session got expired in the middle.
  • Eg. Amazon clients placed multiple requests in
    the 2min window of the servers cache.

13
Fast Track HS condt.
  • The Fast track clients store the long-lived
    server information such as the server certificate
    and the preferred cipher suite.
  • The HS parameters are called the determining
    Parameters.
  • The long-lived parameters do not change unless
    the configuration of either the client or the
    server changes.

14
Handshake Parameters
  • 1st Category
  • The servers certificate chain
  •   The servers Diffie-Hellman group, if any and
  •   Whether client authentication is required if
    so,
  •    Acceptable client certificate types and
  •     Acceptable certificate authorities.
  • 2nd Category
  • The preferred clientserver cipher suite and
  • The preferred clientserver compression method

15
Fast Handshake Diagram
16
Description
  • The clientHelloFT message must include the
    fast-track hash function with the Hash of
    determining parameters.
  • Once the client validates the server certificate
    ,it is not required to again revalidate it.
  • Verification of the SHA-1 hash of the determining
    parameters is required.

17
  • The server uses the information of clientHello
    msg and its own configuration to form a version
    of determining parameters.
  • These determining parameters are exchanged using
    the cryptographic hash and for more security
    handshake MAC is included in the finished
    message.
  • The 3 msg Server Certificate,Certificate Request,
    Server Hello done are not included in the Fast
    Track Handshake.

18
Performance Table
19
Details
  • The first cipher suite, called TLS RSA WITH 3DES
    EDE CBC SHA in RFC 2246 (and called
    DES-CBC3-SHA in OpenSSL), uses RSA for key
    exchange. It does not require a ServerKeyExchange
    message to be sent.
  • The second cipher suite, TLS DHE RSAWITH 3DES
    EDE CBC SHA (EDH-RSA-DES-CBC3-SHA in OpenSSL),
    employs EDH for key exchange, with RSA
    authentication .

20
Advantages Disadvantages
  • Advantages
  • It implements 3 flows instead of 4 flows.
  • It saves bandwidth and time , improves network
    traffic.
  • Disadvantages
  • Does not support RSA key exchange.
  • Though the 3 msg are not included in the HS ,they
    do not involve any significant computational
    intensive operations.

21
Client Side Caching
  • To reduce the overload of session caching on the
    server, the client is forced to store the session
    information in its cache.
  • This mechanism is used for resuming the sessions.
  • The cached data sent to client is encrypted by
    symmetric cipher key called the enc-key.

22
Client side caching condt.
  • The integrity is still not guaranteed ,server
    uses MAC with the fixed server key called
    mac-key.
  • A token is formed using enc-key and mac-key.
  • Token enc-key cache data mac
  • Mac mac-key cache data

23
  • The Authentication Token retains all the
    information about the session .Only that the
    master key has to be shared.
  • This token is included in the session ID .
  • Problem
  • The session Id is 32 bytes but the master secret
    in the token is 48 bytes, cannot fit in the ID.
  • The server provides the session ID in the server
    Hello message, which is transmitted before it
    knows the master secret.

24
  • To overcome this problem the normal zero length
    session ID is sent in the server hello message.
  • Then the extended session ID message is sent
    containing the authentication token is sent
    immediately before the change cipher spec
    message.

25
Connection Establishment

26
  • During the connection establishment the client
    signals the server about its capability of CSSC
    using the client side cache capable extension in
    the client Hello.
  • If the server wants to request it sends a client
    side cache capable request extension.
  • For the resumption of the session the client send
    the authentication token, if it is less than 256
    bytes, it is placed in the session ID.

27
Disadvantage
  • The session can become invalid due to expiration,
    improper closer and error. Authentication tokens
    are self-authenticating and hence it is difficult
    to invalidate the session easily, if an error is
    found .
  • Solution To invalidate the session is to have a
    blacklist consisting of sessions that have been
    invalidated but may not have been expired.

28
Performance Improvement by Re-balancing
  • Clients send simultaneous requests flooding the
    server causing it to crash or result in Denial of
    Service.
  • DoS attacks cause the server to deny service to
    legitimate clients.
  • The server consumes a lot of CPU processing time
    to perform the costly computation like decrypting
    key.

29
  • Solution to this problem is Load Distribution
    where the client performs more work and the
    server performs commensurately less work.
  • A mechanism called the Client Aided RSA speeds up
    the processing by the factor of 11 to 19.

30
  • The server can encrypt the session key thus
    shifting the decryption burden to the client. But
    for this the server has to authenticate the
    client and if the server cannot verify it will
    lead to DOS attacks.
  • The server needs to verify all the certificate
    chain. Therefore, the Client Aided RSA is used.

31
(No Transcript)
32
CA-RSA

33
Attacks on TLS
  • Denial of Service is an incident in which a user
    or organization is deprived of the services of a
    resource they would normally expect to have.
  • Man in the middle (MITM) is an attack in which an
    attacker is able to read, insert and modify at
    will, messages between the two communicating
    peers.

34
Conclusion
  • SSL / TLS is the most widely deployed security
    protocol, standard
  • Easy to implement, deploy and use
  • Widely available, flexible, supports many
    scenarios
  • Mature cryptographic design
Write a Comment
User Comments (0)
About PowerShow.com