CSCE 715: Network Systems Security

Similar documents
Secure Socket Layer. Security Threat Classifications

MTAT Applied Cryptography

Transport Layer Security

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Chapter 5. Transport Level Security

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Security Protocols and Infrastructures. Winter Term 2010/2011

Transport Level Security

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Internet security and privacy

SSL/TLS CONT Lecture 9a

Security Protocols and Infrastructures. Winter Term 2015/2016

TRANSPORT-LEVEL SECURITY

CS 356 Internet Security Protocols. Fall 2013

Chapter 4: Securing TCP connections

Security Protocols and Infrastructures

MTAT Applied Cryptography

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted

E-commerce security: SSL/TLS, SET and others. 4.1

Transport Layer Security

Lecture for February 10, 2016

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Introduction to Network Security Missouri S&T University CPE 5420 Application and Transport Layer Security

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

CSCE 715: Network Systems Security

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Chapter 8 Web Security

Lecture: Transport Layer Security (secure Socket Layer)

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

CS669 Network Security

Chapter 12 Security Protocols of the Transport Layer

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Cryptography (Overview)

Overview. SSL Cryptography Overview CHAPTER 1

The SSL Protocol. Version 3.0. Netscape Communications Corporation. Internet Draft March 1996 (Expires 9/96)

TLS Extensions Project IMT Network Security Spring 2004

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

TLS connection management & application support. Giuseppe Bianchi

Transport Layer Security

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Interested in learning more about security? SSL/TLS: What's Under the Hood. Copyright SANS Institute Author Retains Full Rights

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics

Outline. Transport Layer Security (TLS) 1.0. T Cryptosystems. Transport Layer Security (TLS) 1.0 basics

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

Securely Deploying TLS 1.3. September 2017

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Performance Implications of Security Protocols

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

WAP Security. Helsinki University of Technology S Security of Communication Protocols

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Securing Network Communications

Network Working Group Requests for Commments: 2716 Category: Experimental October 1999

TLS 1.2 Protocol Execution Transcript

Coming of Age: A Longitudinal Study of TLS Deployment

Security analysis of DTLS 1.2 implementations

Outline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

AIR FORCE INSTITUTE OF TECHNOLOGY

3GPP TSG SA WG3 Security SA3#33 S May 2004 Beijing, China

Auth. Key Exchange. Dan Boneh

(2½ hours) Total Marks: 75

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

CIS 5373 Systems Security

White Paper for Wacom: Cryptography in the STU-541 Tablet

Request for Comments: 4680 Updates: 4346 September 2006 Category: Standards Track

TLS authentication using ETSI TS and IEEE certificates

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0

SSL/TLS. Pehr Söderman Natsak08/DD2495

Securing IoT applications with Mbed TLS Hannes Tschofenig

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract

CS 161 Computer Security

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Introduction and Overview. Why CSCI 454/554?

C O M P U T E R S E C U R I T Y

Overview of TLS v1.3 What s new, what s removed and what s changed?

Request for Comments: 2712 Category: Standards Track CyberSafe Corporation October 1999

L13. Reviews. Rocky K. C. Chang, April 10, 2015

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Practical Issues with TLS Client Certificate Authentication

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Introduction to Cryptography Lecture 11

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Performance Study of COPS over TLS and IPsec Secure Session

TLS1.2 IS DEAD BE READY FOR TLS1.3

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Request for Comments: Category: Standards Track Independent Consultant J. Mikkelsen Transactionware T. Wright Vodafone April 2006

VPN Overview. VPN Types

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Internet Engineering Task Force (IETF) Request for Comments: ISSN: January 2012

Transcription:

CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina

Web Security Web is now widely used by business, government, and individuals But Internet and Web are vulnerable Have a variety of threats integrity confidentiality denial of service authentication Need to add security mechanisms 03/19/2015 2

Threats on the Web 03/19/2015 3

Security Socket Layer (SSL) Security service at transport layer Originally developed by Netscape SSLv3 was designed with public input Subsequently became Internet standard known as Transport Layer Security (TLS) Use TCP to provide reliable end-to-end service 03/19/2015 4

SSL Services SSL provides Client-server authentication (public-key cryptography) Data traffic confidentiality Message authentication and integrity check SSL does not prevent Traffic analysis TCP implementation oriented attacks 03/19/2015 5

SSL State Information SSL session is stateful SSL protocol must initialize and maintain session state information on either side of the session SSL session can be used for several connections connection state information 03/19/2015 6

SSL Session State Information Session ID: chosen by the server to identify an active or resumable session state Peer certificate: certificate for peer entity (X.509 v. 3) Compression method: algorithm to compress data before encryption Cipher spec: specification of data encryption and MAC algorithms Master secret: 48-byte secret shared between client and server Is resumable: flag that indicates whether the session can be used to initiate new connections 03/19/2015 7

SSL Connection State Information Server and client random: byte sequences that are chosen by server and client for each connection Server write MAC secret: secret used for MAC on data written by server Client write MAC secret: secret used for MAC on data written by client Server write key: key used for data encryption by server and decryption by client Client write key: key used for encryption by client and decryption by server Initialization vector: for CBC block ciphers Sequence number: for both transmitted and received messages, maintained by each party 03/19/2015 8

SSL Protocol Architecture 03/19/2015 9

SSL Protocol SSL has two layers of protocols SSL Record Protocol Layered on top of a connection-oriented and reliable transport layer service Provides message origin authentication, data confidentiality, and data integrity SSL sub-protocols Layered on top of the SSL Record Protocol Provides support for SSL session and connection establishment 03/19/2015 10

SSL Record Protocol Receives data from higher layer protocols Provide two services confidentiality using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption (optional) message integrity using a MAC with shared secret key similar to HMAC but with different padding 03/19/2015 11

SSL Record Protocol Operation 03/19/2015 12

SSL Record Format 03/19/2015 13

SSL Change Cipher Spec Protocol A single message with only one byte 1 Cause pending state to become current, hence updating the cipher suite in use 03/19/2015 14

SSL Alert Protocol Use two-byte message to convey SSL-related alerts to peer entity First byte is severity level warning(1) or fatal(2) Second byte is specific alert Always fatal: unexpected_message, bad_record_mac, decompression_failure, handshake_failure, illegal_parameter Other alerts: close_notify, no_certificate, bad_certificate, unsupported_certificate, certificate_revoked, certificate_expired, certificate_unknown Compressed and encrypted like all SSL data 03/19/2015 15

SSL Handshake Protocol Allow server and client to authenticate each other negotiate encryption and MAC algorithms negotiate cryptographic keys to be used Comprise a series of messages in phases Establish Security Capabilities Server Authentication and Key Exchange Client Authentication and Key Exchange Finish 03/19/2015 16

SSL Handshake Messages 03/19/2015 17

SSL Handshake 1. C S: CLIENTHELLO 2. S C: SERVERHELLO [CERTIFICATE] [SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE 3. C S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH 4. S C: CHANGECIPHERSPEC FINISH 03/19/2015 18

SSL Handshake 1. C S: CLIENTHELLO CLIENTHELLO message is sent by the client When the client wants to establish a TCP connection to the server, When a HELLOREQUEST message is received, or When client wants to renegotiate security parameters of an existing connection Message content: Number of highest SSL understood by the client Client s random structure (32-bit timestamp and 28-byte pseudorandom number) Session ID client wishes to use (ID is empty for new session) List of cipher suites the client supports List of compression methods the client supports 03/19/2015 19

SSL Handshake 2. S C: SERVERHELLO [CERTIFICATE] [SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE Server processes CLIENTHELLO message Server responds to client with SERVERHELLO message: Server version number: lower version of that suggested by the client and the highest supported by the server Server s random structure: 32-bit timestamp and 28-byte pseudorandom number Session ID: corresponding to this connection Cipher suite: selected by the server from client s list Compression method: selected by the server from client s list 03/19/2015 20

SSL Handshake 2. S C: SERVERHELLO [CERTIFICATE] [SERVERKEYEXCHANGE] [CERTIFICATEREQUEST] SERVERHELLODONE Optional messages: CERTIFICATE: } If the server is using certificate-based authentication May contain RSA public key good for key exchange SERVERKEYEXCHANGE: If the client does not have certificate, has certificate that can only be used to verify digital signatures, or uses FORTEZZA token-based key exchange CERTIFICATEREQUEST: Server may request personal certificate to authenticate a client 03/19/2015 21

SSL Handshake 3. C S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH Client processing: Verifies site certification Valid site certification if the server s name matches the host part of the URL the client wants to access Checks security parameters supplied by the SERVERHELLO 03/19/2015 22

SSL Handshake 3. C S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH Client messages: CERTIFICATE If server requested a client authentication, client sends CLIENTKEYEXCHANGE Format depends on the key exchange algorithm selected by the server RSA: 48-byte premaster secret encrypted by the server s public key Diffie-Hellman: public parameters between server and client in SERVERKEYEXCHANGE and CLIENTKEYEXCHANGE messages FORTEZZA: token-based key exchange based on public and private parameters Premaster key is transformed into a 48-byte master secret, stored in the session state 03/19/2015 23

SSL Handshake 3. C S: [CERTIFICATE] CLIENTKEYEXCHANGE [CERTIFICATEVERIFY] CHANGECIPHERSPEC FINISH Client messages: CERTIFICATEVERIFY If client authentication is required Provides explicit verification of the user s identity (personal certificate) CHANGECIPHERSPEC Completes key exchange and cipher specification FINISH Encrypted by the newly negotiated session key Verifies that the keys are properly installed in both sites 03/19/2015 24

SSL Handshake 4. S C: CHANGECIPHERSPEC FINISH Server finishes handshake by sending CHANGECIPHERSPEC and FINISH messages After SSL handshake completes a secure connection is established to send application data encapsulated in SSL Record Protocol 03/19/2015 25

SSL Handshake to Resume Session 1. C S: CLIENTHELLO 2. S C: SERVERHELLO CHANGECIPHERSPEC FINISH 3. C S: CHANGECIPHERSPEC FINISH 03/19/2015 26

Transport Layer Security (TLS) Specified as IETF standard RFC 2246 Similar to SSLv3 but with minor differences in record format version number use HMAC for MAC a pseudo-random function expands secrets has additional alert codes some changes in supported ciphers changes in certificate negotiations changes in use of padding 03/19/2015 27

SSL/TLS vs IPsec SSL/TLS and IPsec are very similar in that they both require negotiation of security parameters and both provide authentication and confidentiality However there are still differences SSL can be used to secure traffic going over TCP, while IPsec can be used to secure traffic going over IP, including UDP SSL requires modifying applications by replacing socket calls with SSL socket calls, but does not require modifying OS; IPsec can be added without modifying applications (although can be modified optionally to provide tailored service), but needs to change the IP stack in OS 03/19/2015 28

SSL/TLS vs IPsec ISAKMP requires both sides to authenticate each other, which is optional in SSL In some cases SSL can be tunneled through a proxy, while IPsec does not allow tunneling through intermediaries IPsec doesn t work with a host behind a router performing network address translation (NAT); SSL has no problem with NAT 03/19/2015 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback