Security Protocols and Infrastructures. Winter Term 2010/2011

Size: px
Start display at page:

Download "Security Protocols and Infrastructures. Winter Term 2010/2011"

Transcription

1 Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol

2 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2

3 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 3

4 History Netscape introduced Secure Sockets Layer Protocol (SSL): SSLv1: Never released for use in public applications 1995: SSLv2 (full of flaws) 1996: SSLv3 IETF adopted SSL as an internet standard: 1999: TLS 1.0 as RFC2246 (TLS 1.0 = SSL 3.1) 2006: TLS 1.1 as RFC : TLS 1.2 as RFC5246 TLS 1.1 and 1.2 are not widespread 4

5 SSL vs. TLS Browsers typically support SSLv3 and TLS 1.0 Major changes in TLS 1.2: Pseudo random function (PRF) is only based on one hash function (SHA-256 recommended) TLS 1.1: PRF is based on MD5 and SHA-1 Cipher Suites containing AES integrated in TLS standard TLS and SSLv3 are not interoperable Usage of different hash based MACs 5

6 What is TLS? Quote from (accessed ): Quote from TLS 1.2: Das Transport Layer Security (TLS), bzw. sein Vorgängername Secure Sockets Layer (SSL), ist ein hybrides Verschlüsselungsprotokoll zur sicheren Datenübertragung im Internet. Abstract: [...] The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Differences? 6

7 Security Goals and Attacks Security goals which may be achieved using TLS: Authenticity Integrity Confidentiality TLS (if properly implemented and utilised) avoids: Eavesdropping (e.g. a sniffer) Spoofing attacks (e.g. simple phishing) Man-in-the-middle-attacks (e.g. sophisticated phishing) Session Hijacking Replay attacks 7

8 TLS Layers in the Simplified OSI model Application Level Protocols (HTTP, FTP, POP, SMTP, SNMP) Handshake Protocol Change Cipher Spec Protocol Alert Protocol Application Data Protocol TLS Record Protocol TCP IP 8

9 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 9

10 TLS Sub Protocols: Layer 1 = TLS Record Protocol Receives data from TLS layer 2 Tasks: Fragmentation of data into chunks of at most 214 bytes Compression of each chunk using the current compression function (often no compression is used) Protection (encryption, MAC) of each chunk using the current security parameters TLS record: Record header + protected chunk TLS records are passed down to TCP layer RFCs extending TLS allow UDP, too 10

11 Fragmentation: Data type TLSPlaintext struct { uint8 major; uint8 minor; } ProtocolVersion; (3, 0) = SSLv3 (3, 1) = TLS 1.0 (3, 2) = TLS 1.1 (3, 3) = TLS 1.2 enum { change_cipher_spec(20), alert(21), handshake(22), application_data(23), (255) } ContentType; struct { ContentType type; ProtocolVersion version; uint16 length; // at most 2^14 opaque fragment[tlsplaintext.length]; // data } TLSPlaintext; 11

12 Compression: Data type TLSCompressed struct { ContentType type; // same as TLSPlaintext.type ProtocolVersion version;//same as TLSPlaintext.version uint16 length; opaque fragment[tlscompressed.length]; } TLSCompressed; Remarks: fragment is the compression of the whole TLSPlaintext (including its header) Often no compression is used: CompressionMethod.null 12

13 Record Payload Protection TLSCompressed TLSCiphertext MAC: TLSCiphertext comprises a MAC and encryption Computed over the whole TLSCompressed structure Includes a sequence number to detect missing records and to avoid replay attacks Is based on a hash function as given in the Cipher Suite Encryption: Whole TLSCompressed structure + MAC is encrypted Encryption algorithm as given in the Cipher Suite 13

14 TLS Record Protocol: Overview Data of TLS Layer 2 m1 Fragmentation with header 1 Compression with header 2 HMAC Encryption with final header 3 1 m2 m3... mt m1 2 2 MAC 3 2 MAC 14

15 Security state of the record layer 3 keys for the clients to protect records: client_write_mac_key client_write_key client_write_iv (if a symmetric block cipher is used, e.g. AES) 3 keys for the server to protect records: server_write_mac_key server_write_key server_write_iv (if a symmetric block cipher is used) Write vs. read state: client_write_key is used by server to decrypt (=read) records 15

16 Key calculation and initial state Keys are calculated using a pseudo random function (PRF) PRF is based on iterated hashing 'Short' input may produce output of arbitrary length Input of the PRF for key calculation: Master secret (which is derived from premaster secret) A random number chosen by the client A random number chosen by the server A fixed string 'key expansion' The key lengths are defined in the cipher suite Initial state: No record protection 16

17 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 17

18 TLS Cipher Suites Client and server 'negotiate' a Cipher Suite for their TLS session within the Handshake protocol: Client proposes a sequence of Cipher Suites Server decides, which Cipher Suite is actually used Negotiated parameters are used directly after a ChangeCipherSpec record 18

19 Structure of TLS Cipher Suites TLS_<ke_alg>_WITH_<cipher>_<mac> ke_alg: Algorithm(s) for key exchange and authentication cipher: Symmetric encryption algorithm used to encrypt the TLS records mac: Hash algorithm to compute HMAC to protect integrity and authenticity of TLS records Client forces server authentication by proposing appropriate Cipher Suite 19

20 Sample Key Exchange Algorithms (1/2) RSA: Key Exchange via RSA encryption: Implicit authentication based on a server Finished message: Server proves possession of private RSA key Server decrypts encrypted PMS and computes MS Server derives session keys from MS Server's certificate MUST fit: Client chooses randomly the PMS Client encrypts PMS using the server's public RSA key Public key is RSA keyencipherment bit set within its KeyUsage extension 20

21 Sample Key Exchange Algorithms (2/2) DHE_RSA: Key Exchange via ephemeral Diffie-Hellman (DH): Server chooses randomly his public key dh_ys Client chooses randomly his public key dh_yc PMS is derived from the ephemeral DH parameters Authentication: Server signs his ephemeral DH parameters (dh_p, dh_g, dh_ys) using his private RSA key Server's certificate MUST fit: Server appoints ephemeral DH domain parameters (i.e. prime number dh_p and generator dh_g) Public key is RSA digitalsignature bit set within KeyUsage extension 21

22 Sample Ciphers and MACs cipher = AES_256_CBC Symmetric block cipher AES is used to encrypt TLS records Key length of AES key is 256 bit Encryption mode is CBC (Cipher Block Chaining) mac = SHA256 Hash function SHA-256 is used to compute HMACs of TLS records 22

23 Encoding of TLS Cipher Suites Encoding within 2 bytes references: Client and server must be able to recognise the Cipher Suites by means of the 2 bytes Examples from RFC 5246: TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D TLS_RSA_WITH_RC4_128_SHA 0x0005 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A 23

24 TLS Cipher Suites from outside RFC 5246 (1/2) RFC 4132 (July 2005): Addition of Camellia Cipher Suites to Transport Layer Security Camellia properties: 128 bit blocks, allows 128, 192, and 256 bit keys Approved e.g. by EU NESSIE-project Examples: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x

25 TLS Cipher Suites from outside RFC 5246 (2/2) RFC 4492 (May 2006): Elliptic Curve Cryptography (ECC) Cipher Suites for TLS Examples: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC00A 0xC013 RFC 5289 (August 2008): TLS Elliptic Curve Cipher Suites with SHA-256/384 [ ] Examples: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 25

26 Default Cipher Suites in Firefox

27 Handshake Firefox kunde.comdirect.de 27

28 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 28

29 TLS Sub Protocols: Layer 2 TLS Handshaking Protocols: Change Cipher Spec Protocol: Indicates to change from current security state to just negotiated parameters Alert Protocol: 'Throw Exceptions' Handshake Protocol: TLS Application Data Protocol: Negotiation of cryptographic parameters Authentication (optional) Receives data from Application Layer and passes it to the TLS Record Layer Wording: Handshaking Protocols vs. Handshake Protocol 29

30 Change Cipher Spec Protocol (1/2) Aim: Signaling transitions of security parameters ChangeCipherSpec record is sent within Handshake Protocol Sending means that subsequent records will be protected using the newly negotiated write keys by the sending party Receiver sets pending read security state to active read security state A Finished message is sent afterwards to verify the new active security state Type definition: struct { enum { change_cipher_spec(1), (255) } type; } ChangeCipherSpec; 30

31 Change Cipher Spec Protocol (2/2) 31

32 Alert Protocol (1/2) Aim: Signaling severity level and description of alert Alert level (1 byte): Warning (=1) or fatal (=2) Sample alert descriptions (1 byte): bad_record_mac record_overflow bad_certificate unknown_ca decrypt_error = 20 = 22 = 42 = 48 = 51 Type definition: struct { AlertLevel level; // 1 byte AlertDescription description; // 1 byte } Alert; 32

33 Alert Protocol (2/2) 33

34 Aims of Handshake Protocol 'Negotiation' of security parameters: Methods for key exchange and authentication Symmetric encryption algorithm and hash algorithm for MACs Further 'negotiation': Compression method, SSL/TLS version for session Resume a session (optional) Authentication (optional): None Only server Both server and client 34

35 TLS-Handshake: Overview from RFC 5246 Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 35

36 TLS-Handshake: ClientHello Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 36

37 Fields of Client Hello Message (1/2) ClientHello.client_version: Client-preferred TLS version ClientHello.random: Client-generated 32 byte pseudo random number Bytes 0-3: Current client time encoded as 32 Bit UNIX time Bytes 4-31: 28 byte pseudo random number ClientHello.session_id: Empty: New session or new security parameters requested Non-empty: SessionID to resume 37

38 Fields of Client Hello Message (2/2) ClientHello.cipher_suites: An ordered list of client-preferred cipher suites Favourite choice first Each cipher suite encoded within 2 bytes ClientHello.compression_methods: An ordered list of client-preferred compression methods Typically null (i.e. no compression used) Extensions: Optional requests for extended functionality Defined outside of TLS 1.0 and TLS 1.1 (e.g. RFC 4366) 38

39 TLS-Handshake: ServerHello Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 39

40 Fields of Server Hello Message (1/2) ServerHello.server_version: TLS version used for this TLS session Highest version supported by both client and server Chosen by the server ServerHello.random: Server-generated 32 byte pseudo random number Bytes 0-3: Current server time encoded as 32 Bit UNIX time Bytes 4-31: 28 byte pseudo random number ServerHello.session_id: Session ID of this TLS session as defined by the server 40

41 Fields of Server Hello Message (2/2) ServerHello.cipher_suite: Single cipher suite selected by the server MUST appear in the ClientHello.cipher_suites array ServerHello.compression_method: Single compression method selected by the server MUST appear in ClientHello.compression_methods Extensions: List of extensions Extension MUST be offered by the client 41

42 TLS-Handshake: Certificate Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 42

43 Server Certificate (1/2) Server MUST send this message, if selected cipher suite requires server authentication Client avoids anonymous connection by proposing appropriate cipher suites Server Certificate message comprises certificate chain: First certificate MUST be the server certificate Second certificate MUST be CA certificate issuing server certificate Root CA certificate MAY be omitted (client must verify trusted public key of root CA out of band) 43

44 Server Certificate (2/2) Certificate type MUST be X.509v3 Server's certificate MUST be in conformance with key exchange method as defined by the cipher suite: RSA: Key Exchange via RSA-encryption DHE_DSS: Key Exchange via ephemeral Diffie-Hellman DHE_RSA: Key Exchange via ephemeral Diffie-Hellman Server signs his ephemaral DH public key using DSA Server certificate certifies server's public DSA key Server signs his ephemaral DH public key using RSA Server certificate certifies server's public RSA key 44

45 TLS-Handshake: Further Server Messages Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 45

46 ServerKeyExchange Aim: Typical examples of key exchange methods: Sent by the server, if ServerCertificate message does not contain enough information for key exchange (i.e. PMS) DHE_DSS or DHE_RSA Contents: Ephemeral server DH parameters Server generated signature over server DH parameters ServerKeyExchange method not allowed, if key exchange method is RSA 46

47 CertificateRequest and ServerHelloDone CertificateRequest: Non-anonymous server requests client authentication Two fields: CertificateRequest.certificate_types : List of certificate types the client may offer (e.g. rsa_sign, dss_sign) CertificateRequest.certificate_authorities : CAs accepted by the server ServerHelloDone: Indicates the end of ServerHello and associated messages Server waits for client response afterwards 47

48 TLS-Handshake: Further Client Messages Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 48

49 Client Certificate Only sent, if server requests client authentication First message sent by the client after ServerHelloDone Client sends his certificate chain: Client's public key MUST match the requested certificate type One issuer in the chain MUST be present in the server's list If no (appropriate) client certificate is available: Client sends an empty certificate chain Server MAY continue anyway Client's public key is later used for verifying the client signature of the CertificateVerify message 49

50 Client Key Exchange (1/2) Always sent by the client Aim: Setting of premaster secret (PMS) Key exchange via RSA: Direct transmission of PMS Premaster secret is 48 bytes long: First 2 bytes are the newest TLS version proposed by client Client generates 46 additional random bytes Client encrypts PMS using the server's public key from the ServerCertificate message Inclusion of client TLS version shall prevent rollback attacks 50

51 Client Key Exchange (2/2) Key exchange via DHE_RSA or DHE_DSS: Premaster secret is computed via Diffie-Hellman Client sends his public value dh_yc to the server within the ClientKeyExchange message PMS is computed as usual: Client makes use of dh_ys and his private client DH key Server makes use of dh_yc and his private server DH key The signature algorithm used for authentication is irrelevant for computing the PMS 51

52 Certificate Verify Only sent if: Client authentication is required Client's public key within the ClientCertificate has signing capabilities I.e. all client certificate types except static DH certificates (these certificate types are not common) Aim: Client provides credential for client authentication Credential is a client generated signature over all handshake messages Starting with ClientHello Ending before CertificateVerify 52

53 TLS-Handshake: Final Messages Client Server ClientHello ----> <---Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished Application Data ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone ----> <---<---> [ChangeCipherSpec] Finished Application Data * means optional or situational 53

54 Finished (1/2) Always sent immediately after a change cipher spec message Aims: Key exchange was successful Authentication was successful Contents: Pseudo random function invoked with Master Secret A string 'client finished' (client) or 'server finished' (server) Hash of all handshake messages 54

55 Finished (2/2) Record layer protects Finished message by the newly negotiated algorithms and keys Recipients MUST verify the correctness using the new read security state After a successful Finished message application data may be exchanged 55

56 Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 56

Security Protocols and Infrastructures. Winter Term 2015/2016

Security Protocols and Infrastructures. Winter Term 2015/2016 Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 8: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents

More information

Security Protocols and Infrastructures

Security Protocols and Infrastructures Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 8: The Transport Layer Security Protocol (TLS) December 4, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Overview

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

Transport Layer Security

Transport Layer Security Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure

More information

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone

More information

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics T 110.5211 Cryptosystems RFC 2246: Transport Layer Security 1.0 Comparison to IPsec 16.10.2008 Transport Layer Security (TLS) 1.0 basics Kaufman et al: Chapters 18 / 19 Stallings: Chapters 16 / 17.2 T

More information

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2. P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and

More information

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics T-110.5211 Cryptosystems RFC 2246: Transport Layer Security 1.0 IPsec Outline Transport Layer Security (TLS) 1.0 basics TLS 1.0 specification (RFC 2246) walk-through IPSec and (short) comparison of TLS

More information

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University Chapter 7 WEB Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. Web Security Considerations 2. Secure Socket Layer

More information

Chapter 12 Security Protocols of the Transport Layer

Chapter 12 Security Protocols of the Transport Layer Chapter 12 Security Protocols of the Transport Layer Secure Socket Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) [NetSec], WS 2009/2010 12.1 Scope of Transport Layer Security Protocols

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange

More information

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2 Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014 Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption

More information

Chapter 5. Transport Level Security

Chapter 5. Transport Level Security Chapter 5 Transport Level Security Bhargavi H Goswami Assistant Professor Sunshine Group of Institutes Rajkot, Gujarat, India. Email: bhargavigoswami@gmail.com Topic List 1. Web Security Considerations

More information

Internet security and privacy

Internet security and privacy Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed

More information

TLS 1.2 Protocol Execution Transcript

TLS 1.2 Protocol Execution Transcript Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

SSL/TLS CONT Lecture 9a

SSL/TLS CONT Lecture 9a SSL/TLS CONT Lecture 9a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 11, 2017 Source of some slides: University of Twente 2 HANDSHAKE PROTOCOL: KEY EXCHANGE AND AUTHENTICATION

More information

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

TLS. RFC2246: The TLS Protocol. (c) A. Mariën - TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect

More information

TRANSPORT-LEVEL SECURITY

TRANSPORT-LEVEL SECURITY CHAPTER TRANSPORT-LEVEL SECURITY 5.1 Web Security Considerations Web Security Threats Web Traffic Security Approaches 5.2 Secure Socket Layer and Transport Layer Security SSL Architecture SSL Record Protocol

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL

More information

Chapter 8 Web Security

Chapter 8 Web Security Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client

More information

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel Security Protocols Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel 1 Case Study: Host Access The first systems used telnet

More information

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

CS 356 Internet Security Protocols. Fall 2013

CS 356 Internet Security Protocols. Fall 2013 CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5

More information

TLS authentication using ETSI TS and IEEE certificates

TLS authentication using ETSI TS and IEEE certificates TLS authentication using ETSI TS 103 097 and IEEE 1609.2 certificates IETF meeting 93 Prague TLS WG session Wednesday, July 22, 2015 Objective & Motivations Objective: enable C/S authentication using C-ITS*

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality

More information

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X

More information

Introduction to Cryptography Lecture 11

Introduction to Cryptography Lecture 11 Introduction to Cryptography Lecture 11 Factoring, computing discrete logs SSL / TLS Benny Pinkas page 1 1 Integer factorization The RSA and Rabin cryptosystems use a modulus N and are insecure if it is

More information

The SSL Protocol. Version 3.0. Netscape Communications Corporation. Internet Draft March 1996 (Expires 9/96)

The SSL Protocol. Version 3.0. Netscape Communications Corporation. Internet Draft March 1996 (Expires 9/96) Internet Draft March 1996 (Expires 9/96) Alan O. Freier, Netscape Communications Philip Karlton, Netscape Communications Paul C. Kocher, Independent Consultant The SSL Protocol Version 3.0 SSL Version

More information

Auth. Key Exchange. Dan Boneh

Auth. Key Exchange. Dan Boneh Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key

More information

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43 0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link

More information

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer

More information

SSL Time-Diagram. Second Variant: Generation of an Ephemeral Diffie-Hellman Key

SSL Time-Diagram. Second Variant: Generation of an Ephemeral Diffie-Hellman Key http://www.tech-invite.com SSL Time-Diagram Second Variant: Generation of an Ephemeral Diffie-Hellman Key This document provides a detailed description of the sequence of first exchanges between an SSL

More information

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

Security analysis of DTLS 1.2 implementations

Security analysis of DTLS 1.2 implementations Bachelor thesis Computing Science Radboud University Security analysis of DTLS 1.2 implementations Author: Niels van Drueten s4496604 First supervisor/assessor: dr.ir. Joeri de Ruiter joeri@cs.ru.nl Second

More information

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent

More information

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 5

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 5 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 5 Secure Socket Layer (SSL)/ Transport Layer Security (TLS) Acknowledgments This course

More information

TLS Extensions Project IMT Network Security Spring 2004

TLS Extensions Project IMT Network Security Spring 2004 TLS Extensions Project IMT4101 - Network Security Spring 2004 Ole Martin Dahl [ole.dahl@hig.no] Torkjel Søndrol [torkjel.soendrol@hig.no] Fredrik Skarderud [fredrik.skarderud@hig.no] Ole Kasper Olsen [ole.olsen@hig.no]

More information

Securing IoT applications with Mbed TLS Hannes Tschofenig

Securing IoT applications with Mbed TLS Hannes Tschofenig Securing IoT applications with Mbed TLS Hannes Tschofenig Part#2: Public Key-based authentication March 2018 Munich Agenda For Part #2 of the webinar we are moving from Pre-Shared Secrets (PSKs) to certificated-based

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that

More information

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol

More information

IBM Education Assistance for z/os V2R1

IBM Education Assistance for z/os V2R1 IBM Education Assistance for z/os V2R1 Items: TLS V1.2 Suite B RFC 5280 Certificate Validation Element/Component: Cryptographic Services - System SSL Material is current as of June 2013 Agenda Trademarks

More information

Requirements from the. Functional Package for Transport Layer Security (TLS)

Requirements from the. Functional Package for Transport Layer Security (TLS) Requirements from the Functional Package for Transport Layer Security (TLS) Version: 1.0 2018-12-17 National Information Assurance Partnership Revision History Version Date Comment Introduction Purpose.

More information

Lecture: Transport Layer Security (secure Socket Layer)

Lecture: Transport Layer Security (secure Socket Layer) Lecture: Transport Layer Security (secure Socket Layer) Recommended reading: Stephen Thomas, SSS and TLS essentials, Wiley, 2000 Very old and in some parts obsolete, but very well written Lecture s twofold

More information

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted UNDERSTANDING by Simson L. Garfinkel S ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted information over the Internet. Developed by Netscape Communications Corp., SSL was

More information

Interested in learning more about security? SSL/TLS: What's Under the Hood. Copyright SANS Institute Author Retains Full Rights

Interested in learning more about security? SSL/TLS: What's Under the Hood. Copyright SANS Institute Author Retains Full Rights Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. SSL/TLS:

More information

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS) Internet Engineering Task Force (IETF) M. Salter Request for Comments: 6460 National Security Agency Obsoletes: 5430 R. Housley Category: Informational Vigil Security ISSN: 2070-1721 January 2012 Abstract

More information

Transport Layer Security

Transport Layer Security Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols

More information

CIS 5373 Systems Security

CIS 5373 Systems Security CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate

More information

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani Stanford University daswani@cs.stanford.edu Abstract This paper analyzes the cryptographic operation time that is required

More information

Coming of Age: A Longitudinal Study of TLS Deployment

Coming of Age: A Longitudinal Study of TLS Deployment Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,

More information

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

AIR FORCE INSTITUTE OF TECHNOLOGY

AIR FORCE INSTITUTE OF TECHNOLOGY i DETECTING MAN-IN-THE-MIDDLE ATTACKS AGAINST TRANSPORT LAYER SECURITY CONNECTIONS WITH TIMING ANALYSIS THESIS Lauren M. Wagoner, Civilian, USAF AFIT/GCO/ENG/11-16 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY

More information

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0 PRESENTED BY: History SSL developed by Netscape SSLv1.0 Never released SSLv2.0 1995 SSLv3.0 1996 Moved governance to the IETF and renamed TLS TLSv1.0 1999 TLSv1.1 2006 TLSv1.2 2008 TLSv1.3 2018 TLS 1.3

More information

White Paper for Wacom: Cryptography in the STU-541 Tablet

White Paper for Wacom: Cryptography in the STU-541 Tablet Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

Request for Comments: Category: Standards Track Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone April 2006

Request for Comments: Category: Standards Track Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone April 2006 Network Working Group Request for Comments: 4366 Obsoletes: 3546 Updates: 4346 Category: Standards Track S. Blake-Wilson BCI M. Nystrom RSA Security D. Hopwood Independent Consultant J. Mikkelsen Transactionware

More information

But where'd that extra "s" come from, and what does it mean?

But where'd that extra s come from, and what does it mean? SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying

More information

Understanding Traffic Decryption

Understanding Traffic Decryption The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake

More information

Internet Engineering Task Force. Intended status: Standards Track. December 26, 2018

Internet Engineering Task Force. Intended status: Standards Track. December 26, 2018 Internet Engineering Task Force Internet-Draft Intended status: Standards Track Expires: June 29, 2019 H. Wang, Ed. Y. Yang X. Kang Huawei International Pte. Ltd. December 26, 2018 Using Identity as Raw

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

ON THE SECURITY OF TLS RENEGOTIATION

ON THE SECURITY OF TLS RENEGOTIATION ON THE SECURITY OF TLS RENEGOTIATION 2012/11/02 QUT Douglas Stebila European Network of Excellence in Cryptology II (ECRYPT II) Australian Technology Network German Academic Exchange Service (ATN-DAAD)

More information

C O M P U T E R S E C U R I T Y

C O M P U T E R S E C U R I T Y NIST Special Publication 800-52 Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations C. Michael Chernick, Charles Edington III, Matthew J. Fanto, Rob Rosenthal C O M P

More information

Securing Internet Communication: TLS

Securing Internet Communication: TLS Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

More information

Request for Comments: 2712 Category: Standards Track CyberSafe Corporation October 1999

Request for Comments: 2712 Category: Standards Track CyberSafe Corporation October 1999 Network Working Group Request for Comments: 2712 Category: Standards Track A. Medvinsky Excite M. Hur CyberSafe Corporation October 1999 Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)

More information

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE Outline 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE 2 Securing Real-time Communications 0 In a real-time protocol, two parties negotiate

More information

Managing SSL certificates in the ServerView Suite

Managing SSL certificates in the ServerView Suite Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition August 201/ Comments Suggestions Corrections The

More information

Overview of TLS v1.3 What s new, what s removed and what s changed?

Overview of TLS v1.3 What s new, what s removed and what s changed? Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.

More information

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec

More information

CS669 Network Security

CS669 Network Security UNIT IV SECURITY PRACTICE Authentication applications Kerberos Kerberos Encryption Techniques PGP Radix64 IP Security Architecture Payload Key management Web security requirements SSL TLS SET Authentication

More information

TLS/sRTP Voice Recording AddPac Technology

TLS/sRTP Voice Recording AddPac Technology Secure IP Telephony Solution (TLS/SRTP Protocol) TLS/sRTP Voice Recording AddPac Technology 2015, Sales and Marketing www.addpac.com Contents Secure IP Telephony Service Diagram Secure VoIP Protocol &

More information

Network Working Group Request for Comments: Category: Standards Track April 2006

Network Working Group Request for Comments: Category: Standards Track April 2006 Network Working Group Request for Comments: 4346 Obsoletes: 2246 Category: Standards Track T. Dierks Independent E. Rescorla RTFM, Inc. April 2006 Status of This Memo The Transport Layer Security (TLS)

More information

One Year of SSL Internet Measurement ACSAC 2012

One Year of SSL Internet Measurement ACSAC 2012 One Year of SSL Internet Measurement ACSAC 2012 Olivier Levillain, Arnaud Ébalard, Benjamin Morin and Hervé Debar ANSSI / Télécom SudParis December 5th 2012 Outline 1 SSL/TLS: a brief tour 2 Methodology

More information

Securely Deploying TLS 1.3. September 2017

Securely Deploying TLS 1.3. September 2017 Securely Deploying TLS 1.3 September 2017 Agenda Why TLS 1.3? Zero Round Trip Time (0-RTT) requests Forward secrecy Resumption key management Why TLS 1.3? Speed TLS impacts latency, not thoroughput Protocol

More information

Crypto meets Web Security: Certificates and SSL/TLS

Crypto meets Web Security: Certificates and SSL/TLS CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,

More information

Internet Engineering Task Force (IETF) Category: Standards Track. A. Langley Google Inc. E. Stephan Orange July 2014

Internet Engineering Task Force (IETF) Category: Standards Track. A. Langley Google Inc. E. Stephan Orange July 2014 Internet Engineering Task Force (IETF) Request for Comments: 7301 Category: Standards Track ISSN: 2070-1721 S. Friedl Cisco Systems, Inc. A. Popov Microsoft Corp. A. Langley Google Inc. E. Stephan Orange

More information

(Continue) Cryptography + (Back to) Software Security

(Continue) Cryptography + (Back to) Software Security CSE 484 / CSE M 584 (Winter 2013) (Continue) Cryptography + (Back to) Software Security Tadayoshi Kohno Thanks to Vitaly Shmatikov, Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell,

More information

Lecture for February 10, 2016

Lecture for February 10, 2016 Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt Bishop Slide #1 Supporting Crypto All parts of SSL use them Initial phase: public key system exchanges keys

More information

Securing Network Communications

Securing Network Communications Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise

More information

Network Working Group Requests for Commments: 2716 Category: Experimental October 1999

Network Working Group Requests for Commments: 2716 Category: Experimental October 1999 Network Working Group Requests for Commments: 2716 Category: Experimental B. Aboba D. Simon Microsoft October 1999 Status of this Memo PPP EAP TLS Authentication Protocol This memo defines an Experimental

More information

The OpenSSH Protocol under the Hood

The OpenSSH Protocol under the Hood The OpenSSH Protocol under the Hood Girish Venkatachalam Abstract The nitty-gritty details as to what OpenSSH is and why it is ubiquitous. Is there a program more commonly used in day-to-day Linux computing

More information

SSL/TLS. Pehr Söderman Natsak08/DD2495

SSL/TLS. Pehr Söderman Natsak08/DD2495 SSL/TLS Pehr Söderman Pehrs@kth.se Natsak08/DD2495 1 Historical problems No general purpose security wrapper Kerberos doesn't cut it! Each protocol has it's own security layer SNMP, Ktelnet Or none at

More information

Practical Issues with TLS Client Certificate Authentication

Practical Issues with TLS Client Certificate Authentication Practical Issues with TLS Client Certificate Authentication Arnis Parsovs February 26, 2014 1 / 10 Motivation 2 / 10 Motivation Problems with password authentication: 2 / 10 Motivation Problems with password

More information

Introduction to Cryptography Lecture 11

Introduction to Cryptography Lecture 11 Introduction to Cryptography Lecture 11 Benny Pinkas page 1 Certification Authorities (CA) A method to bootstrap trust Start by trusting a single party and knowing its public key Use this to establish

More information