Secure Socket Layer SSL

1
Secure Socket Layer (SSL)
2
TCP/IP Protocol Stack
Application Layer
HTTP
Transport Layer
TCP
Network Layer
IP
Physical Layer
IP packet
3
Protocols

• IP (Internet Protocol)
• has IP address (32 bits, network host portions)
• ICMP (Internet Control Message Protocol)
• control IP traffic
• TCP (Transmission Control Protocol)
• implements virtual circuit for reliable
  connection-oriented comm.
• UDP (User Datagram Protocol)
• implements connectionless comm.

• HTTP -- for WWW
• LDAP directory access
• IMAP access email over Internet
• TELNET -- for remote login
• DNS -- translates names into IP addresses
• NFS -- network file system, for sharing files
  among systems
• PING -- checks other machines

4
Let us find out the routers when we shop on-line

• When we connect from USCUpstate computers to
  http//www.amazon.com/ via IE or Netscape, our
  packets have a long trip to get there

5
(No Transcript)
6
Such IP Tracing is available on sites like
http//visualroute.visualware.com and
http//samspade.org/
7
Location of SSL
Application Layer
Transport Layer
Network Layer
Physical Layer
8
SSL v.s. IPSec and others
IKE (ISAKMP/Oakley in IPSec), S/MIME, Kerberos,
Proxies, SET, PGP
App
SSL, TLS, SOCKS
TCP
AH, ESP (in IPSec), Packet filtering,
IP
Tunneling (L2TP, PPTP, L2F), CHAP (challenge
handshake protocol) PAP (password auth.
protocol), MS-CHAP
Network driver
9
X.509 public key certificate
10
Flow of actions in SSL

• Authenticate the server to the client.
• Allow the client and server to select the
  cryptographic algorithms they both support.
• Optionally authenticate the client to the server.
  
• Use public-key encryption to generate shared
  secrets.
• Establish an encrypted SSL connection.

11
Capabilities of SSL

• To establish an encrypted, not necessarily
  authenticated, communication channel between a
  client and a server.
• To authenticate the server, and establish an
  secure channel (the case of RSA).
• To authenticate the server, and establish an
  secure channel (general case, incl RSA).
• To authenticate the server AND the client, and
  establish an authenticated secure channel.

Less preferred
preferred
12
Establish encrypted, but unauthenticated, channel
(Browser) Client
(Web) Server
13
4 moves 9 messages in SSL
14
1. ClientHello (C ? S)

• Version
• Identifies the highest version of the SSL
  protocol that the client can support
• RandonNumber
• 32-bit random number used to seed the
  cryptographic computation
• Session ID
• Identifies a specific SSL session
• CipherSuites
• A list of cryptographic parameters/schemes that
  the client can support
• CompressionMethods
• Identifies data compression methods that the
  client can support

15
2. ServerHello (C ? S)

• Version
• Identifies the highest version of the SSL
  protocol to be used for this communication
• RandonNumber
• 32-bit random number used to seed the
  cryptographic computation
• Session ID
• Identifies a specific SSL session
• CipherSuites
• The cryptographic parameters/schemes to be used
• CompressionMethods
• The data compression methods to be used

16
3. ServerKeyExchange (C ? S)

• Contains the (public) key information
• Exact format depends on the particular public key
  algorithm selected
• Not encrypted !

17
4. ServerHelloDone (C ? S)

• Contains no information, other than that its
  done !

18
5. ClientKeyExchange (C ? S)

• Client tells the server key information for
  symmetric ciphers to be used
• Encrypted using the servers public key !

19
6 8. ChangeCipherSpec (C ? S C ? S)

• After the message 5, a preliminary SSL
  negotiation is complete, and both parties are
  ready to use security services negotiated
• These 2 messages are to explicitly indicate that
  security services should now be invoked
• In other words, to activate the options

20
7 9. Finished

• To authenticate
• Key information
• Contents of all previous SSL handshake messages
  exchanged between the 2 parties
• A special value to indicate whether the sender is
  a client or a server

21
Establish encrypted channel, with server being
authenticated
(Browser) Client
(Web) Server
22
Certificate message from server

• Contains a certificate chain beginning with the
  servers public key certificate and ending with
  the root certificate authoritys certificate
• The client browser usually has well known CA
  certificates preloaded
• The certificate contains Internet domain name of
  the server which must be verified by the client

23
Advantages

• Separating encryption from authentication
• Applicable to not only RSA but also other digital
  signature-only schemes such as DSS
• Preferred to the previous technique which did NOT
  separate encryption from authentication
• (ServerKeyExchange is signed using the servers
  private key, for the client to verify using the
  servers matching public key !)

24
Establish encrypted channel, with mutual
authentication
(Browser) Client
(Web) Server
25
CertificateRequest (C ? S)

• CertificateTypes
• A list of certificate types acceptable to the
  server
• DistinguishedNames
• A list of distinguished names of certificate
  authorities acceptable to the server (X.500
  names)
• (the server MUST authenticate itself, ie, must
  have Certificate from S to C)

26
Certificate (C ? S)

• The clients public key is used for signature
  verification only, not for encryption
• If the client does not have a certificate, it
  sends a NoCertificateAlert

27
CertificateVerify (C ? S)

• The client signs
• Key information
• Contents of all previous SSL handshake messages
  exchanged between them
• The server verifies the identify of the client
  using its public key

28
Cryptographic algorithms supported by SSL v3.0

• Public key encryption/key-distribution
• RSA, Diffie-Hellman
• Digital signature
• RSA, DSS
• Symmetric ciphers
• RC2, RC4, DES, 3DES, IDEA, FORTEZZA
• 1-Way hash
• MD5, SHA

29
Securing other applicationsusing SSL

30
Components of SSL
SSL
31
References for SSL

• SSL http//home.netscape.com/eng/ssl3/
• Open source for SSL developers http//www.openssl.
  org/