Protecting Communication with SSL

Transcription

1 Protecting Communication with SSL Robert Walker SE 4C03 Winter 2005 Last Revised April 4, 2005

2 Table of Conten ts Introduction...2 Secure Sockets Layer...2 Introduction to OpenSSL...2 Programming with OpenSSL...3 Conclusion...4 Appendix A - Initialization Stage...5 Appendix B - Authentication Stage...5 Appendix C - Termination Stage...6 References...7 1

3 Introduction The internet has experienced phenomenal growth in the last decade. Many confidential activities are now being performed via the internet such as banking and shopping. These services require private information to be exchanged, such as credit card numbers and login passwords. As well, it is necessary to authenticate the parties involved in the transaction. Imagine if anyone was free to impersonate you and obtain your bank statements! Many protocols exist today that ensure the identity of the parties communicating as well as their privacy. Most of these protocols are invisible to the application programmer because they are implemented as part of the operating system. SSL (Secure Sockets Layer) takes a different approach by being implemented above the TCP layer.[1] The most common interface to the TCP layer is sockets which is where the name Secure Sockets Layer is derived from. The purpose of this report is not to explain the SSL protocol in detail but rather to enlighten the application programmer to the basics of SSL and its various implementations. An overview of how to add SSL to application programs is also given. For this last section, a knowledge of sockets is assumed. Secure Sockets Layer SSL was developed by Netscape and SSLv2 (the second version) was first deployed in 1995 as part of Netscape Navigator, a popular web browser at the time.[1] Quickly, several variations of SSL appeared, including PCT (Private Communications Technology), TLS (Transport Layer Security) and SSLv3. The purpose of each variant was to fix problems with the original specification of SSL and resulted in compatibility problems. Eventually, SSLv3 became the most widely used variant and will be the focus of this report.[1] As mentioned previously, SSL is implemented above the TCP layer. This means that application programs need to be altered to take advantage of the features that SSL offers. In addition, SSL is only compatible with TCP and cannot be used in conjunction with UDP. The goal of SSL is to provide a reliable, encrypted and integrity- protected communication stream.[1] The reliability is provided by the TCP layer, while SSL adds encryption and integrity- protection. It is important to note that the TCP stream itself is not protected by SSL, only the data that is exchanged. The most common deployment model is to only authenticate the service provider, also known as the server.[2] The consumer, or client, usually confirms their identity by providing a secret password, however SSL does not concern itself with such a procedure. The client verifies the identity of the server by requesting a signed certificate and comparing it to a database of trusted certificates maintained on the client computer. If a match is found, the client can be confident that the desired server is indeed on the other end of the connection. Further communication between the client and server is encrypted to prevent spying and tampering. SSL is quite flexible and can be configured to use a number of different ciphers for encryption and can also require both the client and server to authenticate each other with certificates. SSL also preserves properties from the sockets library such as allowing multiple connections to be derived efficiently from the main connection.[1] Introduction to OpenSSL There are several mature implementations of SSL, including OpenSSL. OpenSSL is an open source, widely available implementation of SSL. OpenSSL supports SSLv2, SSLv3 and TLS, although SSLv3 is most commonly used.[3] The examples included in the report will use OpenSSL and the SSLv3 protocol. Ultimately, the application programmer is responsible for 2

4 adding SSL support. Fortunately, the OpenSSL libraries interact nicely with existing sockets libraries. This following section will give implementation details on the four main phases of an SSL connection: initialization, authentication, data transmission and termination. Program m in g with OpenSSL The first stage in creating an SSL connection is initialization. The major steps in initialization include creating appropriate data structures used in subsequent stages and loading certificates. This is illustrated in figure 1. Figure 1: Initialization Stage The implementation of this stage is quite simple and is shown in Appendix A. At this time, the actions of the client and server diverge. The server will begin listening on a particular port and the client will attempt to connect to the same port. The subsequent stages will assume that the client has initiated a connection to the server. The second stage involves authentication. OpenSSL can be used to require none, one or both parties to verify their identity. The procedure is the same for both client and server so only one perspective will be shown. Figure 2 shows the steps involved in the authentication stage from the perspective of the server. Figure 2: Authentication Stage 3

5 If no problems were encountered verifying the certificate, the client and server can now communicate with each other securely. If verification failed because the certificate was not valid or not trusted, the socket should be immediately closed without further communication. It is possible that a malicious user is impersonating the server or has tampered with the TCP packets being exchanged. The authentication procedure details are shown in Appendix B. The strength of SSL is apparent in the data transmission stage. Those familiar with sockets will have no problem reading and writing data to an SSL connection. The replacements shown below of standard UNIX functions will enable SSL protection. Replace: ssize_t write(int fd, const void *buf, size_t count) With: int SSL_write(SSL *ssl, const void *buf, int num) Replace: ssize_t read(int fd, void *buf, size_t count) With: int SSL_read(SSL *ssl, void *buf, int num) The main difference between the SSL functions and the socket functions is that an SSL* is required instead of a file descriptor. This is obtained during the "Accept SSL Connection" step in the authentication stage (figure 2). When all the data has been exchanged, the connection must be terminated. The disconnection process is not abrupt; the SSL libraries take care to encrypt the request to terminate the connection. This is to foil a malicious user from prematurely ending the connection by sending an appropriately faked TCP packet. Only the verified parties are allowed to terminate the connection. This process is shown in figure 3. Figure 3: Termination Stage The details of the termination stage are shown in Appendix C. At the end of this stage, both the SSL connection and the TCP connection have ended. Conclusion As was shown, SSL is an important protocol in today's internet and the application programmer should be aware of how SSL ensures security, the various implementations of SSL available and how to use SSL libraries in application programs. Adding SSL support is quite simple and can be broken into distinct stages for simplification: initialization, authentication, data transmission and termination. Many of the steps involved in using SSL are similar to socket programming and can be easily integrated into existing applications that use sockets. Using SSL in applications that require communication over the internet will give customers confidence that their privacy is being protected. 4

6 Appendix A - Initialization Stage #include <ssl.h> #define PRIVATE_KEY "myprivkey.pem" #define CERTIFICATE "mycert.pem" #define TRUSTED_CERTS "trustedcerts.pem" SSL_METHOD *method; SSL_CTX *context; /* load supported algorithms */ SSLeay_add_ssl_algorithms(); /* create SSL data structures and specify SSLv3 */ method = SSLv3_client_method(); context = SSL_CTX_new(method); /* load the certificate identifying myself */ SSL_CTX_use_certificate_file(context, CERTIFICATE, SSL_FILETYPE_PEM); /* load the private key identifying myself */ SSL_CTX_use_PrivateKey_file(context, PRIVATE_KEY, SSL_FILETYPE_PEM); /* load file containing a list of trusted certificates */ SSL_CTX_load_verify_locations(context, TRUSTED_CERT, NULL); Appendix B - Authen tica tion Stage #include <unistd.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <ssl.h> typedef struct { int fd; SSL *ssl; ssl_comm_t; /* create a connection between client and server */ static int accept_client(int fd, ssl_comm_t *ssl_comm) { int new_fd; struct sockaddr_in client; socklen_t len = sizeof (struct sockaddr); /* obtain a socket between client and server */ while (((new_fd = accept(fd, (struct sockaddr*)&ssl_comm->conn, &len)) == -1 && errno == EINTR)); return new_fd; 5

7 X509 *server_cert; ssl_comm_t *ssl_comm; /* allocate memory for connection */ if ((ssl_comm = malloc(sizeof *ssl_comm)) == NULL){ return EXIT_FAILURE; /* obtain a socket for communication with a client */ if ((ssl_comm->fd = accept_client(listen_fd, ssl_comm)) == -1){ free(ssl_comm); return EXIT_FAILURE; /* create an SSL connection */ ssl_comm->ssl = SSL_new(context); /* associate the SSL connection with the obtained file descriptor */ SSL_set_fd(ssl_comm->ssl, ssl_comm->fd); /* accept the SSL connection */ if (SSL_accept(ssl_comm->ssl) == -1){ r_close(ssl_comm->fd); SSL_free(ssl_comm->ssl); free(ssl_comm); /* request authenticating certificate */ if ((server_cert = SSL_get_peer_certificate(ssl_con)) == NULL){ return -1; /* check for a matching certificate in the trusted certificates */ if (SSL_get_verify_result(ssl_con)!= X509_V_OK){ return -1; Appendix C - Termina tion Stage #include <unistd.h> #include <ssl.h> /* request that the SSL session be terminated */ SSL_shutdown(ssl_con); /* release memory for the SSL data structures */ SSL_free(ssl_con); SSL_CTX_free(context); /* close the open file descriptor */ r_close(comm_fd); 6

8 References [1] Kaufman et al. Network Security: Private Communication is a Public World. Prentice Hall, [2] Transport Layer Security. Wikipedia. Retrieved from n.wikipedia.org/wiki/secure_sockets_layer on March 29, [3] Welcome to the OpenSSL Project. OpenSSL. Retrieved from on March 29,