Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Slide 72Slide 73Slide 74Slide 75Slide 7617.1Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.Chapter 17Security at the Transport Layer:SSL and TLS17.2Objectives❏ To discuss the need for security services at the transport layer of the Internet model❏ To discuss the general architecture of SSL❏ To discuss the general architecture of TLS❏ To compare and contrast SSL and TLSChapter 1717.3Figure 17.1 Location of SSL and TLS in the Internet model17 Continued17.417-1 SSL ARCHITECTURE17-1 SSL ARCHITECTURESSL is designed to provide security and compression SSL is designed to provide security and compression services to data generated from the application layer. services to data generated from the application layer. 17.1.1 Services17.1.2 Key Exchange Algorithms17.1.3 Encryption/Decryption Alogrithms17.1.4 Hash Algorithms17.1.5 Cipher Suite17.1.6 Compression Algorithms17.1.7 Crypography Parameter Generation17.1.8 Session and ConnectionsTopics discussed in this section:Topics discussed in this section:17.517.1.1 Services FragmentationCompressionMessage IntegrityConfidentialityFraming17.617.1.2 Key Exchange Algorithms Figure 17.2 Key-exchange methods17.7Null17.1.2 Continued There is no key exchange in this method. No pre-There is no key exchange in this method. No pre-master secret is established between the client and the master secret is established between the client and the server.server.Both client and server need to know the value of the pre-master secret.Note17.8RSA17.1.2 Continued Figure 17.3 RSA key exchange; server public key17.9Anonymous Diffie-Hellman17.1.2 Continued Figure 17.4 Anonymous Diffie-Hellman key exchange17.10Ephemeral Diffie-Hellman key exchange17.1.2 Continued Figure 17.5 Ephemeral Diffie-Hellman key exchange17.11Fixed Diffie-Hellman17.1.2 Continued Another solution is the fixed Diffie-Hellman method. Another solution is the fixed Diffie-Hellman method. All entities in a group can prepare fixed Diffie-All entities in a group can prepare fixed Diffie-Hellman parameters (g and p). Hellman parameters (g and p). FortezzaFortezza is a registered trademark of the U.S. National Fortezza is a registered trademark of the U.S. National Security Agency (NSA). It is a family of security Security Agency (NSA). It is a family of security protocols developed for the Defense Department. protocols developed for the Defense Department.17.12Figure 17.6 Encryption/decryption algorithms17.1.3 Encryption/Decryption Algorithms17.1317.1.3 Continued The NULL category simply defines the lack of an The NULL category simply defines the lack of an encryption/decryption algorithm.encryption/decryption algorithm.NULLTwo RC algorithms are defined in stream mode.Two RC algorithms are defined in stream mode.One RC algorithm is defined in block mode.One RC algorithm is defined in block mode.All DES algorithms are defined in block mode.All DES algorithms are defined in block mode.Stream RCBlock RCDES17.1417.1.3 Continued The IDEA algorithm defined in block mode is The IDEA algorithm defined in block mode is IDEA_CBC, with a 128-bit key.IDEA_CBC, with a 128-bit key.The one Fortezza algorithm defined in block mode is The one Fortezza algorithm defined in block mode is FORTEZZA_CBC.FORTEZZA_CBC.IDEAFortezza17.15Figure 17.7 Hash algorithms for message integrity17.1.4 Hash Algorithm17.1617.1.4 Continued The two parties may decline to use an algorithm. In The two parties may decline to use an algorithm. In this case, there is no hash function and the message is this case, there is no hash function and the message is not authenticated.not authenticated.NULLThe two parties may choose MD5 as the hash The two parties may choose MD5 as the hash algorithm. In this case, a 128-key MD5 hash algorithm. In this case, a 128-key MD5 hash algorithm is used.algorithm is used.The two parties may choose SHA as the hash The two parties may choose SHA as the hash algorithm. In this case, a 160-bit SHA-1 hash algorithm. In this case, a 160-bit SHA-1 hash algorithm is used.algorithm is used.MD5SHA-117.1717.1.5 Cipher SuiteThe combination of key exchange, hash, and The combination of key exchange, hash, and encryption algorithms defines a cipher suite for each encryption algorithms defines a cipher suite for each SSL session. SSL session.17.1817.1.5 ContinuedTable 17.1 SSL cipher suite list17.1917.1.6 Compression AlgorithmsCompression is optional in SSLv3. No specific Compression is optional in SSLv3. No specific compression algorithm is defined for SSLv3. compression algorithm is defined for SSLv3. Therefore, the default compression method is NULL. Therefore, the default compression method is NULL.17.2017.1.7 Cryptographic Parameter GenerationFigure 17.8 Calculation of master secret from pre-master secret17.21Figure 17.9 Calculation of key material from master secret17.1.7 Continued17.22Figure 17.10 Extractions of cryptographic secrets from key material17.1.7 Continued17.2317.1.8 Sessions and ConnectionsIn a session, one party has the role of a client and the other the role of a server; in a connection, both parties have equal roles, they are peers.Note17.2417.1.8 ContinuedFigure 17.11 A session and connections17.2517.1.8 ContinuedSession StateTable 17.2 Session state parameters17.2617.1.8 ContinuedConnection StateTable 17.3 Connection state parameters17.2717.1.8 ContinuedThe client and the server have six different cryptography secrets: three read secretsand three write secrets.The read secrets for the client are the same as the write secrets for the server and vice versa.Note17.2817-2 Four Protocols17-2 Four ProtocolsWe have discussed the idea of