Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Similar documents
WAP Security. Helsinki University of Technology S Security of Communication Protocols

MTAT Applied Cryptography

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

TLS1.2 IS DEAD BE READY FOR TLS1.3

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0

E-commerce security: SSL/TLS, SET and others. 4.1

CSCE 715: Network Systems Security

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Understanding Traffic Decryption

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Alice in Cyber world

Transport Level Security

Security Protocols and Infrastructures. Winter Term 2010/2011

Chapter 8 Web Security

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Transport Layer Security

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Transport Layer Security

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

TLS 1.1 Security fixes and TLS extensions RFC4346

Security Protocols and Infrastructures. Winter Term 2015/2016

Overview of TLS v1.3 What s new, what s removed and what s changed?

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

State of TLS usage current and future. Dave Thompson

Requirements from the. Functional Package for Transport Layer Security (TLS)

Internet security and privacy

Preventing Attackers From Using Verifiers: A-PAKE With PK-Id

Displaying SSL Configuration Information and Statistics

White Paper for Wacom: Cryptography in the STU-541 Tablet

Chapter 4: Securing TCP connections

Overview. SSL Cryptography Overview CHAPTER 1

Securely Deploying TLS 1.3. September 2017

Understanding Traffic Decryption

Security Protocols and Infrastructures

Coming of Age: A Longitudinal Study of TLS Deployment

Securing Internet Communication: TLS

Digital Certificates Demystified

BIG-IP System: SSL Administration. Version

Overview of TLS v1.3. What s new, what s removed and what s changed?

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

Cipher Suite Configuration Mode Commands

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Securing IoT applications with Mbed TLS Hannes Tschofenig

(2½ hours) Total Marks: 75

Auth. Key Exchange. Dan Boneh

But where'd that extra "s" come from, and what does it mean?

Cryptographic Concepts

BIG-IP System: SSL Administration. Version

Noise Protocol Framework. Trevor Perrin

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

SSL/TLS CONT Lecture 9a

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Verifying Real-World Security Protocols from finding attacks to proving security theorems

C O M P U T E R S E C U R I T Y

Information Security CS 526

SharkFest 17 Europe. 20 QUIC Dissection. Using Wireshark to Understand QUIC Quickly. Megumi Takeshita. ikeriri network service

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

SSL Time-Diagram. Second Variant: Generation of an Ephemeral Diffie-Hellman Key

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Cryptography and Network Security

Secure Socket Layer. Security Threat Classifications

Computer Security: Principles and Practice

MTAT Applied Cryptography

How to Configure SSL Interception in the Firewall

Comparison Studies between Pre-Shared and Public Key Exchange Mechanisms for Transport Layer Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Ref:

Introducing Hardware Security Modules to Embedded Systems

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Encryption 2. Tom Chothia Computer Security: Lecture 3

Introduction and Overview. Why CSCI 454/554?

CS November 2018

Secure Internet Communication

Proving who you are. Passwords and TLS

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

One Year of SSL Internet Measurement ACSAC 2012

PROVING WHO YOU ARE TLS & THE PKI

Chapter 12 Security Protocols of the Transport Layer

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

HTTPS is Fast and Hassle-free with Cloudflare

Presented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

What s new in TLS 1.3 (and OpenSSL as a result) Rich Salz

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Transport Layer Security

SSL Visibility and Troubleshooting

for Compound Authentication

Configuring SSL. SSL Overview CHAPTER

TLS 1.2 Protocol Execution Transcript

Internet Engineering Task Force (IETF) Request for Comments: 7192 Category: Standards Track April 2014 ISSN:

Lecture 10: Communications Security

Authentication Handshakes

Transcription:

Last Updated: Oct 31, 2017

Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic primitives are used and why? Understand session resumption Understand the limitations of TLS

SSLv1 (1994) Netscape unreleased PCT (1995) Microsoft SSLv2 (1994) Netscape First release STLP (1996) Microsoft SSLv3 (1995) Netscape WTLS (1998) WAP Forum TLS 1.0 (1997-1999) IETF (aka SSLv3.1) Source: SSL and TLS, Rescorla TLS 1.1 (2006) TLS 1.2 (2008)

SSL Record Protocol Operation Source: Network Security Essentials (Stallings)

SSL Record Format Source: Network Security Essentials (Stallings)

Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Client Key Exchange [Pre-master secret encrypted with server public key] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

Client Mutual Authentication Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate chain of X.509 Certs Server Hello Done Certificate Client Key Exchange [Pre-master secret encrypted with server public key] Certificate Verify Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

Client Server Client Hello [Random_client, Cipher Suites *, SessionID] Server Hello [Random_server, Cipher Suites +, SessionID] Server Certificate [chain of X.509 Certs] Server Key Exchange [signed DH info] Random_client, Random_server, g, p, server DH param Server Hello Done Client Key Exchange [client DH public param] Change Cipher Spec Finished [Encrypted Running Hash] Change Cipher Spec Finished [Encrypted Running Hash]

RSA Client generates pre-master secret Sends to server encrypted with servers public key DHE DH shared key is the pre-master secret Pre-master secret and random values used to compute master secret Master secret and random values used to compute key block material Key block contains 4 or 6 keys Two keys for AES, 2 keys for MAC, 2 keys (IV) for block cipher mode if needed

In vanilla RSA, the premaster secret is encrypted with the server s public key If the server s private key is compromised all past and future sessions are also compromised Majority of TLS uses vanilla RSA Alternatives Ephemeral Diffie-Hellman (DHE-RSA) Elliptic curve variation is faster (ECDHE)

Using an ephemeral key Even if the server s private key is later compromised, past sessions cannot be decrypted, even if captured and stored by a third party

https://blog.cloudflare.com/tls-1-3- overview-and-q-and-a/ Reduced round trips in the handshake Certificates are encrypted Quick session resumption

How many shared keys are derived between a client and a server that establish a TLS session? How does the server prove ownership of its private key? How does the client prove ownership of its private key when client authentication is (rarely) used? What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption?

How many shared keys are derived between a client and a server that establish a TLS session? Each side generates 4-6 keys How does the server prove ownership of its private key? Implicitly by decrypting the pre-master secret and finishing handshake How does the client prove ownership of its private key when client authentication is (rarely) used? Send digital signature to the server What is the pre-master secret? Who creates it? How is it securely transmitted? What is session resumption? How does it differ from a regular SSL handshake? When do the client and server start encrypting traffic using symmetric encryption? Finished message

Certificate Authority system TLS Proxies TLS Inspection Proxies, Middleboxes Other approaches Pinning (TOFU) Notaries (Crowd) DANE (DNS-based)

Source: Network Security Essentials (Stallings)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback