Secure Socket Layer

1
Secure Socket Layer

• Kevin Burns (coordinator) Paul Meisinger Rick
  Bassett Fred Dryfus Eddie Davis

2
Secure Sockets Layer (SSL)

• SSL is
• A communications security protocol
• Originally defined by Netscape
• Broadly adopted, implemented, used
• Inspiration for new protocol variants
• Defines Internet Communications Security for now

3
Motivation

• The common case
• Single originator, single recipient
• Application protocol on network bytestreams
• Sockets, Connections, Transport Layer
• Application security requirements
• Confidentiality
• Peer authentication
• Reliable Connection

4
Secure Sockets Layer

• Platform and Application Independent
• Operates between application and transport layers

5
SSL Encryption

• SSL employs the combination of two encryption
  technologies
• DES - encrypt the information transmitted through
  the internet
• RSA - encrypt the key for the DES encryption for
  that session

6
Brief History - Netscape

• 7/94 Initial Protocol Design v1.0
• 12/94 SSL v2.0 - First Product Ships
• 4/95 SSLRef 2.0 - Reference Implementation
• 1995 Many international independent
  implementations
• 7/95 SSL BOF_at_ IETF
• 11/95 SSL v3.0

7
Independent Implementations

• Current specifications are always available from
  the IETF ftp archive and Netscape home page.
• Independent implementations (SSLeay from
  Australia --SSL toolkit / SSL products from
  MarketNet U.K.) exemplify the nature of SSL and
  demonstrate its openness on all fronts.

8
Secure Sockets Layer

• Negotiates and employs essential functions for
  secure transactions
• Mutual Authentication
• Data Encryption
• Data Integrity
• As simple and transparent as possible

9
Mutual Authentication

• Establish trust with intended recipients
• Signed Digital Certificates
• Server Authenticates to Client
• Client Authenticates to Server (optional)

10
Data Encryption

• Privacy and confidentiality
• Support different algorithms for different
  application needs
• Privacy
• Authentication

11
Data Integrity

• Insure no one tampers with data transmissions
  intentionally or not
• Freshness of transactions to avoid replays

12
SSL 2.0 --gt SSL 3.0

• Reduce number of roundtrips
• Server Chooses Ciphers/Compression
• Support more complete Key Exchange and Cipher
  algorithms
• Re-negotiate ciphers from current spec
• Separate Authentication and Encryption keys

13
SSL 3.0

• Complete protocol design
• Ongoing Analysis of attacks
• reduce the level of negotiated security
• truncation
• Extend functionality to support broader range of
  applications

14
SSL Layers

• Record Layer
• Alert Layer
• Handshake Layer

15
SSL 3.0 Layers

• Record Layer
• Fragmentation
• Compression
• Message Authentication (MAC)
• Encryption

16
SSL 3.0 Layers

• Alert Layer
• close errors
• message sequence errors
• bad MACs
• certificate errors

17
SSL 3.0 Layers

• Handshake Layer
• All messages are MACd
• Message order is absolute
• Negotiation messages are created here and handed
  to record layer

18
Handshake Hello Sequence
19
Typical Hello Msg

• struct
• ProtocolVersion client_version
• Random random
• SessionID session_id
• CipherSuite cipher_suiteslt2..216-1gt
• CompressionMethod compression_methodslt2..28-1gt
• ClientHello

20
Hello Sequence Cont.

• Certificate (Server)
• chain of X.509.v3 certificates with senders
  certificate first
• ServerKeyExchange
• Anon-DH and temporary RSA
• CertificateRequest
• ServerHelloDone

21
Handshake Finish Response
22
Client Key Exchange

• Certificate
• Client Key Exchange
• Encrypted Pre-Master-Secret
• using key from server certificate
• Pre-Master-Secret
• 48-byte random
• client version

23
Certificate Verify

• Uses hash of available messages up to this point
• Digitally signed to verify ownership of the
  private key for the client certificate

24
ChangeCipherSpec

• Sync point for starting to use the negotiated
  algorithms and keys
• Fresh Session
• handshake messages are not encrypted until here
• Updated Session
• switch to new algorithms and keys here

25
Finished

• Both sides encrypt with new info
• algorithms, secrets and keys
• MD5 hash
• Master Secret, SHA(handshakes, sender, master
  secret)
• SHA hash
• Master Secret, MD5(handshakes, sender, master
  secret)

26
Strengths

• Application protocol independent
• Large browser deployment

27
Weaknesses

• Requires modifications to the proxy protocol,
  because the current WWW proxy protocol does not
  allow an SSL client to open a secure tunnel
  through the proxy.
• People do not know what is secure and what is
  not.
• US - 128-bit key
• US Exportable - 40-bit keys (NSA reqt.)

28
Examples

• Intranet Subscription
• access valuable data
• confidentially or else no value
• Client must authenticate before value is
  disclosed
• map into access control at server

29
Examples

• Remote system administration
• secure Telnet
• provides secure channel to enable remote access
• allows keys to be changed often

30
Future

• Infrastructure
• CA Services, CA products
• Applications
• use SSL across multiple applications
• Content
• valuable services offered
• OpenSSL (open source)
• TLS Transport Layer Security

31
More SSL

• Internet Draft
• ftp//ietf.cnri.reston.va.us/internet-drafts/draft
  -freier-ssl-version3-00.txt
• Mailing list
• ssl-talk_at_netscape.com
• http//webpage.pace.edu/kb88530w/