Transport Layer Security

Similar documents
The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CSCE 715: Network Systems Security

Transport Level Security

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Secure Socket Layer. Security Threat Classifications

Internet security and privacy

Chapter 4: Securing TCP connections

CS 356 Internet Security Protocols. Fall 2013

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Security Protocols and Infrastructures. Winter Term 2010/2011

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

E-commerce security: SSL/TLS, SET and others. 4.1

Transport Layer Security

Chapter 8 Web Security

Chapter 12 Security Protocols of the Transport Layer

Chapter 5. Transport Level Security

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

Secure Remote Access: SSH & HTTPS

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Security Protocols and Infrastructures. Winter Term 2015/2016

The Secure Shell (SSH) Protocol

Cryptography (Overview)

Overview. SSL Cryptography Overview CHAPTER 1

Security Protocols and Infrastructures

TRANSPORT-LEVEL SECURITY

MTAT Applied Cryptography

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Performance Implications of Security Protocols

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

WAP Security. Helsinki University of Technology S Security of Communication Protocols

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

MTAT Applied Cryptography

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

But where'd that extra "s" come from, and what does it mean?

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Network Encryption 3 4/20/17

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

CSE543 Computer and Network Security Module: Network Security

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

OpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12

Information Security CS 526

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Auth. Key Exchange. Dan Boneh

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

CPSC 467: Cryptography and Computer Security

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

(2½ hours) Total Marks: 75

Cryptography and Network Security

Network Working Group Requests for Commments: 2716 Category: Experimental October 1999

Chapter 6: Security of higher layers. (network security)

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

CIS 5373 Systems Security

SSL/TLS CONT Lecture 9a

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Findings for

Securing Network Communications

Coming of Age: A Longitudinal Study of TLS Deployment

SSL/TLS. Pehr Söderman Natsak08/DD2495

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

Presented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis

Authenticated Encryption in TLS

TLS Extensions Project IMT Network Security Spring 2004

Transport Layer Security

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

Datasäkerhetsmetoder föreläsning 7

Managing SSL certificates in the ServerView Suite

Understanding Traffic Decryption

TLS 1.2 Protocol Execution Transcript

CS321: Computer Networks FTP, TELNET, SSH

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Introduction and Overview. Why CSCI 454/554?

CS669 Network Security

David Wetherall, with some slides from Radia Perlman s security lectures.

TLS1.2 IS DEAD BE READY FOR TLS1.3

AIT 682: Network and Systems Security

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

BCA III Network security and Cryptography Examination-2016 Model Paper 1

CSCE 715: Network Systems Security

Overview of TLS v1.3 What s new, what s removed and what s changed?

Lecture 10: Communications Security

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Security analysis of DTLS 1.2 implementations

TLS/sRTP Voice Recording AddPac Technology

Introduction to Cryptography Lecture 11

Network Security: IPsec. Tuomas Aura

Transcription:

CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

Web Security Considerations Web is client/server application over Internet Internet is 2-way, unlike traditional publishing Many businesses depend on web Underlying software is very complex browsers, web servers easy to use, configure however, software hide many security flaws Attack on web servers can harm other computers within organization Many users don t know enough to handle risks 2

Web Security Threats 3

Web Security Approaches IPSec Transparent to applications General purpose Filtering capability SSL/TLS Part of protocol, thus, transparent to applications or embedded into packages (e.g. browsers) Kerberos, S/MIME/PGP Embedded into packages Can be tailored to specific application needs 4

Secure Socket Layer (SSL) Originated by Netscape (SSLv3) Transport Layer Security developed by IETF TLS = SSLv3.1, backward compatible v3 Discussion is mainly for SSLv3 5

SSL Architecture Designed to work with TCP Provide end-to-end reliable service Two layers of protocols SSL record protocol provide services to upper protocols SSL Handshake, Change Cipher Spec, Alert used in management of SSL exchanges HTTP can operate on top of SSL 6

SSL Architecture 7

SSL Connections and Sessions Connection peer-to-peer relationship, transport layer transient associated with one session Session association between client, server created by Handshake Protocol define set of cryptographic security parameters parameters shared by multiple connections avoid negotiating new parameters/connection 8

Session State Parameters Session identifier Peer certificate X.509v3 certificate of the peer Compression method Cipher spec encryption algorithm (e.g. AES), hash (MD5) Master secret key shared between client, server Is resumable 9

Connection State Parameters Server and client random Server MAC secret Client MAC secret Server write key Client write key Initialization vector IV used with CBC mode Sequence numbers secret keys used in MAC operations secret encryption keys 10

SSL Record Protocol Provides two services to SSL connections confidentiality: encryption of SSL payloads message integrity: using MAC Steps fragmentation: to blocks of 2 14 bytes compression: optional MAC: of compressed data, secret key used encryption: symmetric block or stream cipher prepending header 11

SSL Record Protocol 12

SSL Record Format header 13

SSL Record Protocol Payload 14

Change Cipher Spec Protocol Consists of single message change_cipher_spec single byte, value = 1 Cause pending state to be copied to current updates cipher suite to be used on connection 15

Alert Protocol Convey SSL related alerts to peer entity Alert messages compressed, encrypted Consists of 2 bytes First byte take values warning (1), fatal (2) Fatal SSL terminates connection other connections in same session continue no new connections allowed Second byte contains code of specific alert 16

Handshake Protocol Most complex part of SSL Allows server and client to authenticate each other negotiate algorithms, keys used (crypt, MAC) Used before any application data transmitted Consists of 4 phases 17

18

Phase 1: Establish Security Capabilities Initiate logical connection Establish associated security capabilities client_hello message version: highest supported SSL version CipherSuite: list of supported crypt algorithms in decreasing order of preference server_hello message version: highest supported by both client, server CipherSuite: selected suite from proposed list 19

Phase 2: Server Authentication and Key Exchange certificate message server sends its X.509 certificate or chain certificate_key_exchange message parameters for key exchange required by some algorithms (no shared key) certificate_request message list of acceptable certificate authorities server_done message indicate end of server hello messages 20

Phase 3: Client Authentication and Key Exchange Client verifies server certificate is valid Check that parameters are acceptable certificate_message sent if server requested certificate client_key_exchange message parameters for key exchange certificate_verify message optional, for some certificate types 21

Phase 4: Finish Completes setting up secure connection change_cipher_spec message sent using Change Cipher Spec protocol finished message sent with established algorithms, keys verifies key exchange, auth were successful 22

TLS Differences From SSL Version number MAC algorithm and scope of calculation Pseudorandom function Alert codes: one unsupported, many added Client certificate types: some unsupported Hash calculation for messages certificate_verify finished 23

HTTPS HTTP over SSL/TLS Secure comm between web server and browser Supported by all modern web browsers Use depends on web server 24

HTTPS 25

HTTPS 26

Encrypted Elements URL of requested document Contents of the document Contents of browser filled forms Cookies (both sides) HTTP headers 27

Secure Shell (SSH) Protocol for secure network communications Relatively simple and inexpensive Initially focused on remote login (TELNET) Later: general client/server capability file transfer email X tunneling One of most pervasive encryption applications 28

Secure Shell (SSH) 29

SSH Protocols 30

Transport Layer Protocol (TLP) Server uses public key for authentication Server host key used during key exchange Client must know server s public key local database [hostname : key] no centrally administered infrastructure database can be large central CA: client only knows CA root key simpler maintenance host key must be centrally certified 31

Packet Exchanges Supported algorithms for key exchange encryption MAC compression see Table 16.3 Uses Diffie-Hellman Why use key exchange when we have public key? 32

Packet Formation compression decided during...? why padding? initialized to 0 incremented for each packet MAC not encrypted 33

User Authentication Protocol Authentication methods publickey C S: E(PRC, M).. where M contains PUC S checks PUC is acceptable, then verifies signature password plaintext password (protected by TLP encryption) hostbased SSH server verifies client s host believes host when it authenticates user 34

Connection Protocol Runs on top of SSH Transport Layer Protocol Assume secure auth connection (tunnel) in use Tunnel multiplex multiple logical channels Channel used for each type of communication e.g. terminal session flow controlled using window mechanism 35

Connection Protocol 36

Channel Types session remote execution of a program program: shell, file transfer, email, x11 app run at server but displayed at client desktop forwarded-tcpip remote port forwarding direct-tcpip local port forwarding 37

Port Forwarding One of the most useful features of SSH Ability to secure any insecure TCP connection Also known as SSH Tunnel Two types local forwarding remote forwarding 38

Local Forwarding Source: www.tectia.com/manuals/guardian-admin/30/scb_ssh_channel_types.html 39

Remote Forwarding Source: www.tectia.com/manuals/guardian-admin/30/scb_ssh_channel_types.html 40

Additional References About SSL/TLS SSL/TLS Protocol overview Implementing Web Site Client Authentication Using Digital IDs Secure Sockets Layer (SSL) Protocol SSH Public-Key Authentication HOWTO Supported SSH channel types SSH Port Forwarding Local VS Remote 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback