Professional Documents
Culture Documents
Lecture 9
SSL"
Objectives"
Introduction to the design of network security
protocols, based on the Internet security
protocols SSL/TLS.
2"
SSL/TLS Overview"
SSL = Secure Sockets Layer.
unreleased v1, flawed but useful v2, good v3.
TLS = Transport Layer Security [RFC 2246]
TLS1.0 = SSL3.0 with minor tweaks (see later)
SSL/TLS provides security at TCP layer.
Uses TCP to provide reliable end-to-end transport.
Usually a thin layer between TCP and HTTP.
Applications need to be aware of SSL/TLS..
Widely used in Web browsers and servers to support
secure e-commerce over HTTP.
4"
7"
8"
9"
client
server
M4: ChangeCipherSpec,
ServerFinished
10"
M1: ClientHello
Client initiates connection.
Sends client version number.
3.1 for TLS.
Sends ClientNonce.
28 random bytes plus 4 bytes of time.
11"
M2: ServerHello,
Finally, ServerHelloDone.
12"
M3: ClientKeyExchange,
ClientKeyExchange contains encryption of
pre_master_secret under servers public key.
ChangeCipherSpec indicates that client is updating cipher suite to
be used on this session.
Sent using SSL Change Cipher Spec. Protocol.
13"
M4: ChangeCipherSpec,
ChangeCipherSpec indicates that server is
updating cipher suite to be used on this session.
Sent using SSL Change Cipher Spec. Protocol.
14"
2.
3.
No!
15"
SSL/TLS Applications"
Secure e-commerce using SSL/TLS.
Client authentication not needed until client
decides to buy something.
SSL provides secure channel for sending credit
card information.
Client authenticated using credit card information,
merchant bears (most of) risk.
Widely deployed (de-facto standard).
16"
19
20
21
23
24
Alert Protocol"
The Alert Protocol is used to convey SSL-related
alerts to the peer entity.
Alert messages are compressed and encrypted,
as specified by the current state.
Each message consists of two bytes.
The first byte takes the value warning(1) or fatal(2)
The second byte contains a code that indicates the
specific alert.
Alert Protocol"
Some fatal alerts
bad_record_mac
decompression_failure
handshake_failure
illegal_parameter
unexpected_message
Other alerts
no_certificate
unsupported_certificate:
certificate_revoked:
certificate_expired
26
27
Generation of Cryptographic
Parameters"
CipherSpecs
require a client write MAC secret,
a server write MAC secret,
a client write key,
a server write key,
a client write IV
Summary"
SSL two layered popular protocol for Websecurity
Session and Connection
Handshake, Record, Alert protocols
29"