Secure Sockets Layer
|
|
|
- Emery O’Neal’
- 6 years ago
- Views:
Transcription
1 Secure Sockets Layer Tomáš Majer Fakulta riadenia a informatiky Žilinská univerzita v Žiline tomas.majer@fri.uniza.sk 14. december 2010
2 História SSL Secure Sockets Layer (SSL): Kryptografický protokol vytvorený firmou Netscape. SSLv1 nikdy nebola zverejnená. SSLv2 bola zverejnená v roku 1995, ale obsahovala bezpečnostné diery. SSLv3 bola zverejnená v roku Transport Layer Security (TLS) Vytvorený spoločnosťou The Internet Society ( TLSv1.0 bol zverejnený v RFC 2246 v januári TLSv1.1 bol zverejnený v RFC 4346 v apríli TLSv1.2 bol zverejnený v RFC 5246 v auguste Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 2/30
3 Ciele SSL SSL je bezpečnostný protokol, ktorý umožňuje privátnu komunikáciu cez internet. Protokol umožňuje klient/server aplikáciám komunikovať tak, aby prenášané údaje nemohli byť odpočúvané, pozmeňované a falšované. 1 SSL pomocou kryptografie zabezpečuje: 1. utajenie, 2. autentifikáciu, 3. integritu, 4. neopakovateľnosť prenášaných údajov. 1 This document specifies Version 3.0 of the Secure Sockets Layer (SSL V3.0) protocol, a security protocol that provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 3/30
4 Fragmentácia prenášaných dát SSL funguje nad TCP/IP 2 protokolom, t.j. ochranu prenášaných údajov proti (náhodným, neúmyselným) chybám pri prenose zabezpečuje TCP/IP vrstva. Údaje medzi komunikujúcimi stranami sa vymieňajú vo fragmentoch, pričom jeden fragment nemôže obsahovať viac ako 16 KB dát. Vytvorený fragment sa postupne komprimuje, doplní o MAC 3 a zašifruje. Fragment môže obsahovať údaje: okamžitá zmena spôsobu šifrovania (change_cipher_spec), upozornenie (alert), dohodnutie pravidiel (handshake), údaje aplikácie (application_data). 2 Transport Control Protocol/Internet Protocol 3 Message Authentification Code Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 4/30
5 SSLPlainText ContentType type; ProtocolVersion version; uint16 length; opaque fragment[sslplaintext.length]; } SSLPlaintext; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 5/30
6 SSLCompressed ContentType type; ProtocolVersion version; uint16 length; opaque fragment[sslcompressed.length]; } SSLCompressed; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 6/30
7 SSLCiphertext ContentType type; ProtocolVersion version; uint16 length; select (CipherSpec.cipher_type) { case stream: GenericStreamCipher; case block: GenericBlockCipher; } fragment; } SSLCiphertext; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 7/30
8 GenericStreamCipher stream-ciphered opaque content[sslcompressed.length]; opaque MAC[CipherSpec.hash_size]; } GenericStreamCipher; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 8/30
9 GenericBlockCipher block-ciphered opaque content[sslcompressed.length]; opaque MAC[CipherSpec.hash_size]; uint8 padding[genericblockcipher.padding_length]; uint8 padding_length; } GenericBlockCipher; Blokové šifry sa používajú v CBC 4 móde. 4 Cipher-Block Chaining Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 9/30
10 Cipher-Block Chaining Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 10/30
11 Výpočet MAC hash(mac_write_secret + pad_2 + hash(mac_write_secret + pad_1 + seq_num + SSLCompressed.type + SSLCompressed.length + SSLCompressed.fragment)); pad_1 Znak 6 (ASCII 0x36) opakovaný 48 krát pre MD5 alebo 40 krát pre SHA. pad_2 Znak \ (ASCII 0x5C) opakovaný 48 krát pre MD5 alebo 40 krát pre SHA. Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 11/30
12 Parametre sedenia session identifier identifikátor sedenia peer certificate certifikát druhej strany compression method dohodnutý komprimačný algoritmus cipher spec dohodnutý spôsob šifrovania a overovania správ master secret dohodnuté zdieľané tajomstvo is resumable príznak, či je možné použiť dohodnuté parametre sedenia pre ďalšie pripojenia Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 12/30
13 Parametre pripojenia server random client random náhodné čísla generované serverom a klientom pri nadviazaní spojenia server write MAC client write MAC tajomstvá pre vytváranie MAC server write key client write key tajné kľúče symetrického šifrovacieho algoritmu Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 13/30
14 Parametre pripojenia server initialization vector client initialization vector inicializačné vektory pre blokovú šifru (v CBC móde) server sequence number client sequence number počty odoslaných správ Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 14/30
15 Generovanie tajných kľúčov master_secret = MD5(pre_master_secret + SHA( A + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA( BB + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA( CCC + pre_master_secret + ClientHello.random + ServerHello.random)); Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 15/30
16 Generovanie tajných kľúčov key_block = MD5(master_secret + SHA( A + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA( BB + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA( CCC + master_secret + ServerHello.random + ClientHello.random)) + MD5(master_secret + SHA( DDDD + master_secret + ServerHello.random + ClientHello.random)) + MD5(...) client_write_mac_secret[cipherspec.hash_size] server_write_mac_secret[cipherspec.hash_size] client_write_key[cipherspec.key_material] server_write_key[cipherspec.key_material] client_write_iv[cipherspec.iv_size] server_write_iv[cipherspec.iv_size] Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 16/30
17 Handshake protokol Client ClientHello > Certificate* ClientKeyExchange CertificateVerify* (ChangeCipherSpec) Finished > Server ServerHello Certificate* ServerKeyExchange* CertificateRequest* < ServerHelloDone (ChangeCipherSpec) < Finished Application Data < > Application Data Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 17/30
18 Handshake protokol HandshakeType msg_type; uint24 length; select (HandshakeType) { case hello_request: HelloRequest; case client_hello: ClientHello; case server_hello: ServerHello; case certificate: Certificate; case server_key_exchange: ServerKeyExchange; case certificate_request: CertificateRequest; case server_hello_done: ServerHelloDone; case certificate_verify: CertificateVerify; case client_key_exchange: ClientKeyExchange; case finished: } body; } Handshake; Finished; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 18/30
19 ClientHello ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2ˆ16-1>; CompressionMethod compression_methods<1..2ˆ8-1>; } ClientHello; uint32 gmt_unix_time; opaque random_bytes[28]; } Random; opaque SessionID<0..32>; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 19/30
20 ServerHello ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; } ServerHello; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 20/30
21 Certificate opaque ASN.1Cert<1..2ˆ24-1>; ASN.1Cert certificate_list<1..2ˆ24-1>; } Certificate; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 21/30
22 ServerKeyExchange select (KeyExchangeAlgorithm) { case diffie_hellman: ServerDHParams params; Signature signed_params; case rsa: ServerRSAParams params; Signature signed_params; case fortezza_kea: ServerFortezzaParams params; }; } ServerKeyExchange; enum { rsa, diffie_hellman, fortezza_kea } KeyExchangeAlgorithm; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 22/30
23 ServerKeyExchange opaque rsa_modulus<1..2ˆ16-1>; opaque rsa_exponent<1..2ˆ16-1>; } ServerRSAParams; opaque dh_p<1..2ˆ16-1>; opaque dh_g<1..2ˆ16-1>; opaque dh_ys<1..2ˆ16-1>; } ServerDHParams; /* Ephemeral DH parameters */ Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 23/30
24 ServerKeyExchange digitally-signed select(signaturealgorithm) { case anonymous: }; case rsa: opaque md5_hash[16]; opaque sha_hash[20]; case dsa: opaque sha_hash[20]; }; } Signature; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 24/30
25 CertificateRequest ClientCertificateType certificate_types<1..2ˆ8-1>; DistinguishedName certificate_authorities<3..2ˆ16-1>; } CertificateRequest; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 25/30
26 ServerHelloDone } ServerHelloDone; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 26/30
27 ClientKeyExchange select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case diffie_hellman: ClientDiffieHellmanPublic; case fortezza_kea: FortezzaKeys; } exchange_keys; } ClientKeyExchange; ProtocolVersion client_version; opaque random[46]; } PreMasterSecret; select (PublicValueEncoding) { case implicit: struct ; case explicit: opaque dh_yc<1..2ˆ16-1>; } dh_public; } ClientDiffieHellmanPublic; Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 27/30
28 CertificateVerify Signature signature; } CertificateVerify; CertificateVerify.signature.md5_hash MD5(master_secret + pad_2 + MD5(handshake_messages + master_secret + pad_1)); Certificate.signature.sha_hash SHA(master_secret + pad_2 + SHA(handshake_messages + master_secret + pad_1)); Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 28/30
29 Finished enum { client(0x434c4e54), server(0x ) } Sender; opaque md5_hash[16]; opaque sha_hash[20]; } Finished; md5_hash = MD5(master_secret + pad2 + MD5(handshake_messages + Sender + master_secret + pad1)); sha_hash = SHA(master_secret + pad2 + SHA(handshake_messages + Sender + master_secret + pad1)); Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 29/30
30 Koniec Ďakujem za pozornosť. Tomáš Majer, FRI ŽU v Žiline Secure Sockets Layer 30/30
The SSL Protocol. Version 3.0. Netscape Communications Corporation. Internet Draft March 1996 (Expires 9/96)
Internet Draft March 1996 (Expires 9/96) Alan O. Freier, Netscape Communications Philip Karlton, Netscape Communications Paul C. Kocher, Independent Consultant The SSL Protocol Version 3.0 SSL Version
Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics
T 110.5211 Cryptosystems RFC 2246: Transport Layer Security 1.0 Comparison to IPsec 16.10.2008 Transport Layer Security (TLS) 1.0 basics Kaufman et al: Chapters 18 / 19 Stallings: Chapters 16 / 17.2 T
Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics
T-110.5211 Cryptosystems RFC 2246: Transport Layer Security 1.0 IPsec Outline Transport Layer Security (TLS) 1.0 basics TLS 1.0 specification (RFC 2246) walk-through IPSec and (short) comparison of TLS
Secure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
TRANSPORT-LEVEL SECURITY
CHAPTER TRANSPORT-LEVEL SECURITY 5.1 Web Security Considerations Web Security Threats Web Traffic Security Approaches 5.2 Secure Socket Layer and Transport Layer Security SSL Architecture SSL Record Protocol
Security Protocols and Infrastructures. Winter Term 2010/2011
Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2 Contents Overview Record Protocol
Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University
Chapter 7 WEB Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. Web Security Considerations 2. Secure Socket Layer
Security Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 8: The Transport Layer Security Protocol (TLS) December 4, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Overview
Security Protocols and Infrastructures. Winter Term 2015/2016
Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 8: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents
Chapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
Transport Layer Security
Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
Chapter 5. Transport Level Security
Chapter 5 Transport Level Security Bhargavi H Goswami Assistant Professor Sunshine Group of Institutes Rajkot, Gujarat, India. Email: bhargavigoswami@gmail.com Topic List 1. Web Security Considerations
CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
Introduction to Information Security
Introduction to Information Security Lecture 7: Network Security 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction 2. Virtual
Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption
MTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
Chapter 12 Security Protocols of the Transport Layer
Chapter 12 Security Protocols of the Transport Layer Secure Socket Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) [NetSec], WS 2009/2010 12.1 Scope of Transport Layer Security Protocols
Transport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange
Chapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
Internet Engineering Task Force (IETF) Request for Comments: ISSN: January 2012
Internet Engineering Task Force (IETF) E. Rescorla Request for Comments: 6347 RTFM, Inc. Obsoletes: 4347 N. Modadugu Category: Standards Track Google, Inc. ISSN: 2070-1721 January 2012 Abstract Datagram
Request for Comments: 2712 Category: Standards Track CyberSafe Corporation October 1999
Network Working Group Request for Comments: 2712 Category: Standards Track A. Medvinsky Excite M. Hur CyberSafe Corporation October 1999 Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)
SSL/TLS CONT Lecture 9a
SSL/TLS CONT Lecture 9a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 11, 2017 Source of some slides: University of Twente 2 HANDSHAKE PROTOCOL: KEY EXCHANGE AND AUTHENTICATION
Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2
Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses
TLS authentication using ETSI TS and IEEE certificates
TLS authentication using ETSI TS 103 097 and IEEE 1609.2 certificates IETF meeting 93 Prague TLS WG session Wednesday, July 22, 2015 Objective & Motivations Objective: enable C/S authentication using C-ITS*
Internet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
CS669 Network Security
UNIT IV SECURITY PRACTICE Authentication applications Kerberos Kerberos Encryption Techniques PGP Radix64 IP Security Architecture Payload Key management Web security requirements SSL TLS SET Authentication
MTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the
TLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel
Security Protocols Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel 1 Case Study: Host Access The first systems used telnet
Request for Comments: 4347 Category: Standards Track Stanford University April 2006
Network Working Group Request for Comments: 4347 Category: Standards Track E. Rescorla RTFM, Inc. N. Modadugu Stanford University April 2006 Datagram Transport Layer Security Status of This Memo This document
18739A: Foundations of Security and Privacy. SSL/TLS Analysis. Anupam Datta. CMU Fall
18739A: Foundations of Security and Privacy SSL/TLS Analysis Anupam Datta CMU Fall 2007-08 Overview Introduction to the SSL / TLS protocol Widely deployed, real-world security protocol Protocol analysis
Network Working Group Requests for Commments: 2716 Category: Experimental October 1999
Network Working Group Requests for Commments: 2716 Category: Experimental B. Aboba D. Simon Microsoft October 1999 Status of this Memo PPP EAP TLS Authentication Protocol This memo defines an Experimental
Request for Comments: 4680 Updates: 4346 September 2006 Category: Standards Track
Network Working Group S. Santesson Request for Comments: 4680 Microsoft Updates: 4346 September 2006 Category: Standards Track Status of This Memo TLS Handshake Message for Supplemental Data This document
Internet Engineering Task Force. Intended status: Standards Track. December 26, 2018
Internet Engineering Task Force Internet-Draft Intended status: Standards Track Expires: June 29, 2019 H. Wang, Ed. Y. Yang X. Kang Huawei International Pte. Ltd. December 26, 2018 Using Identity as Raw
CS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL
IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43
0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link
The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
Security analysis of DTLS 1.2 implementations
Bachelor thesis Computing Science Radboud University Security analysis of DTLS 1.2 implementations Author: Niels van Drueten s4496604 First supervisor/assessor: dr.ir. Joeri de Ruiter joeri@cs.ru.nl Second
Request for Comments: Category: Standards Track Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone April 2006
Network Working Group Request for Comments: 4366 Obsoletes: 3546 Updates: 4346 Category: Standards Track S. Blake-Wilson BCI M. Nystrom RSA Security D. Hopwood Independent Consultant J. Mikkelsen Transactionware
Securing IoT applications with Mbed TLS Hannes Tschofenig
Securing IoT applications with Mbed TLS Hannes Tschofenig Part#2: Public Key-based authentication March 2018 Munich Agenda For Part #2 of the webinar we are moving from Pre-Shared Secrets (PSKs) to certificated-based
Overview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
TLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
Request for Comments: Siemens December Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
Network Working Group Request for Comments: 4279 Category: Standards Track P. Eronen, Ed. Nokia H. Tschofenig, Ed. Siemens December 2005 Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) Status
Cryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
One Year of SSL Internet Measurement ACSAC 2012
One Year of SSL Internet Measurement ACSAC 2012 Olivier Levillain, Arnaud Ébalard, Benjamin Morin and Hervé Debar ANSSI / Télécom SudParis December 5th 2012 Outline 1 SSL/TLS: a brief tour 2 Methodology
Performance Implications of Security Protocols
Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference
Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
Coming of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE
Outline 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE 2 Securing Real-time Communications 0 In a real-time protocol, two parties negotiate
WAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
(Continue) Cryptography + (Back to) Software Security
CSE 484 / CSE M 584 (Winter 2013) (Continue) Cryptography + (Back to) Software Security Tadayoshi Kohno Thanks to Vitaly Shmatikov, Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell,
Request for Comments: D. Hopwood Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone June 2003
Network Working Group Request for Comments: 3546 Updates: 2246 Category: Standards Track S. Blake-Wilson BCI M. Nystrom RSA Security D. Hopwood Independent Consultant J. Mikkelsen Transactionware T. Wright
Transport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 1 Transport Layer Security The most important crypto protocol HTTP, SMTP, IMAP 2 2 Secure Sockets Layer (SSL), SSLv2 SSLv3 Trasnsport
TLS/sRTP Voice Recording AddPac Technology
Secure IP Telephony Solution (TLS/SRTP Protocol) TLS/sRTP Voice Recording AddPac Technology 2015, Sales and Marketing www.addpac.com Contents Secure IP Telephony Service Diagram Secure VoIP Protocol &
ON THE SECURITY OF TLS RENEGOTIATION
ON THE SECURITY OF TLS RENEGOTIATION 2012/11/02 QUT Douglas Stebila European Network of Excellence in Cryptology II (ECRYPT II) Australian Technology Network German Academic Exchange Service (ATN-DAAD)
MatrixDTLS Developer s Guide
MatrixDTLS Developer s Guide Electronic versions are uncontrolled unless directly accessed from the QA Document Control system. Printed version are uncontrolled except when stamped with VALID COPY in red.
History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0
PRESENTED BY: History SSL developed by Netscape SSLv1.0 Never released SSLv2.0 1995 SSLv3.0 1996 Moved governance to the IETF and renamed TLS TLSv1.0 1999 TLSv1.1 2006 TLSv1.2 2008 TLSv1.3 2018 TLS 1.3
Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
CS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that
Network Working Group Request for Comments: Category: Standards Track April 2006
Network Working Group Request for Comments: 4346 Obsoletes: 2246 Category: Standards Track T. Dierks Independent E. Rescorla RTFM, Inc. April 2006 Status of This Memo The Transport Layer Security (TLS)
Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
SSL Time-Diagram. Second Variant: Generation of an Ephemeral Diffie-Hellman Key
http://www.tech-invite.com SSL Time-Diagram Second Variant: Generation of an Ephemeral Diffie-Hellman Key This document provides a detailed description of the sequence of first exchanges between an SSL
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 5
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 5 Secure Socket Layer (SSL)/ Transport Layer Security (TLS) Acknowledgments This course
Auth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
From wired internet to ubiquitous wireless internet
WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is
Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract
Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani Stanford University daswani@cs.stanford.edu Abstract This paper analyzes the cryptographic operation time that is required
Lecture: Transport Layer Security (secure Socket Layer)
Lecture: Transport Layer Security (secure Socket Layer) Recommended reading: Stephen Thomas, SSS and TLS essentials, Wiley, 2000 Very old and in some parts obsolete, but very well written Lecture s twofold
TLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
SSL/TLS. *Slides borrowed from Vitaly Shmatikov. slide 1
SSL/TLS *Slides borrowed from Vitaly Shmatikov slide 1 Reading Kaufman. Chapters 15.1-7 and 19. slide 2 What Is SSL/TLS? Secure Sockets Layer and Transport Layer Security protocols Same protocol design,
E-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
Practical Issues with TLS Client Certificate Authentication
Practical Issues with TLS Client Certificate Authentication Arnis Parsovs February 26, 2014 1 / 10 Motivation 2 / 10 Motivation Problems with password authentication: 2 / 10 Motivation Problems with password
Expires: October 31, 2012 May Transport Layer Security (TLS) Next Protocol Negotiation Extension draft-agl-tls-nextprotoneg-04
Network Working Group A. Langley Internet-Draft Google Inc Expires: October 31, 2012 May 2012 Transport Layer Security (TLS) Next Protocol Negotiation Extension draft-agl-tls-nextprotoneg-04 Abstract This
Transport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
TLS Extensions Project IMT Network Security Spring 2004
TLS Extensions Project IMT4101 - Network Security Spring 2004 Ole Martin Dahl [ole.dahl@hig.no] Torkjel Søndrol [torkjel.soendrol@hig.no] Fredrik Skarderud [fredrik.skarderud@hig.no] Ole Kasper Olsen [ole.olsen@hig.no]
ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted
UNDERSTANDING by Simson L. Garfinkel S ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted information over the Internet. Developed by Netscape Communications Corp., SSL was
Securely Deploying TLS 1.3. September 2017
Securely Deploying TLS 1.3 September 2017 Agenda Why TLS 1.3? Zero Round Trip Time (0-RTT) requests Forward secrecy Resumption key management Why TLS 1.3? Speed TLS impacts latency, not thoroughput Protocol
Internet Engineering Task Force (IETF) Google Inc. M. Ray Microsoft Corp. September 2015
Internet Engineering Task Force (IETF) Request for Comments: 7627 Updates: 5246 Category: Standards Track ISSN: 2070-1721 K. Bhargavan, Ed. A. Delignat-Lavaud A. Pironti Inria Paris-Rocquencourt A. Langley
Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security
Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
TLS 1.3. Eric Rescorla Mozilla IETF 92 TLS 1
TLS 1.3 Eric Rescorla Mozilla ekr@rtfm.com IETF 92 TLS 1 Changes since -03 draft-05 Prohibit SSL negotiation for backwards compatibility. Fix which MS is used for exporters. draft-04 Modify key computations
Web Security. Sreekanth Malladi Modifying slides originally prepared by Vitaly Shmatikov, UT Austin. 11/18/2008 INFS 754: Fall 2006 slide 1
Web Security Sreekanth Malladi Modifying slides originally prepared by Vitaly Shmatikov, UT Austin 11/18/2008 INFS 754: Fall 2006 slide 1 World Wide Web - Review How was it established? Can anyone start
SSL/TLS. Pehr Söderman Natsak08/DD2495
SSL/TLS Pehr Söderman Pehrs@kth.se Natsak08/DD2495 1 Historical problems No general purpose security wrapper Kerberos doesn't cut it! Each protocol has it's own security layer SNMP, Ktelnet Or none at
Expires: September 10, 2015 Inria Paris-Rocquencourt A. Langley Google Inc. M. Ray Microsoft Corp. March 9, 2015
Network Working Group Internet-Draft Expires: September 10, 2015 K. Bhargavan A. Delignat-Lavaud A. Pironti Inria Paris-Rocquencourt A. Langley Google Inc. M. Ray Microsoft Corp. March 9, 2015 Transport
AIR FORCE INSTITUTE OF TECHNOLOGY
i DETECTING MAN-IN-THE-MIDDLE ATTACKS AGAINST TRANSPORT LAYER SECURITY CONNECTIONS WITH TIMING ANALYSIS THESIS Lauren M. Wagoner, Civilian, USAF AFIT/GCO/ENG/11-16 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY
Securing Network Communications
Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise
Using SRP for TLS Authentication
Using SRP for TLS Authentication Internet Draft Transport Layer Security Working Group D. Taylor Forge Research Pty Ltd Expires: March 5, 2003 September 4, 2002 Using SRP for TLS Authentication draft-ietf-tls-srp-03
C O M P U T E R S E C U R I T Y
NIST Special Publication 800-52 Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations C. Michael Chernick, Charles Edington III, Matthew J. Fanto, Rob Rosenthal C O M P
Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography
Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Key Management The first key in a new connection or association is always delivered via a courier Once you have a key, you
SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
Overview of TLS v1.3 What s new, what s removed and what s changed?
Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.
Category: Standards Track October 2006
Network Working Group Request for Comments: 4681 Updates: 4346 Category: Standards Track S. Santesson A. Medvinsky J. Ball Microsoft October 2006 TLS User Mapping Extension Status of This Memo This document
Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls