Table of ContentsFig. 2 SSL/TLS Protocol Layer StackRecord Protocol1. Hello Messages2. Server Certification and Key Exchange3. Client Certification and Key Exchange2.2 S-HTTPURL (Uniform Resource Locator) ProtocolUsing the URL protocol we specify the exact site or the hostHTML Protocol [http://www.w3.org/MarkUp/]Fig. 5 – Setup of a S-HTTP session3.1.1 Passive AttacksDictionary AttackReplay AttacksIn S-HTTP each session key is referenced by a key name and t3.2 CLIENT/SERVER SECURITYConfidentialityMessage AuthenticationModes of AuthenticationNon-RepudiationDenial of ServiceWays to avoid CGI attacks:Use of Higher Performance machinesSSL Accelerators [APACHE]SSL Handshake Performance improvement via BatchingSelectionPortabilityRunningCostSecurityServerPerformanceConcurrencyTable 2 – Performance of S-HTTP [REPORT]5. APPLICATIONS/IMPLEMENTATIONS5.1 SSL/TLSApplicationsImplementations5.2 S-HTTP Applications/Implementations6. KEY EXCHANGE6.1 SSL/TLS KEY EXCHANGEGeneration of TLS Master-SecretGeneration of SSL Master-SecretFigure 7 – Generation of Master Secret6.2 S-HTTP KEY EXCHANGEComparison of WWW security Protocols: Secure Sockets Layer (SSL), Transport Layer Security (TLS), & Secure HTTP (S-HTTP) By Ravi Kiran Bhaskar, Sumeet Bhatia & Rajiv PapenjaPage 1 Table of Contents Sec. No. Contents Page No. 1. Introduction 2-4 2. Operation of TLS/SSL and S-HTTP 2.1 SSL/TLS Operation 2.2 S-HTTP Operation 4-8 3. Security Analysis 3.1 Transmission Attacks 3.1.1 Active Attacks 3.1.2 Passive Attacks 3.2 Client-Server Security 8-16 4. Performance 4.1 SSL/TLS 4.2 S-HTTP 16-19 5. Applications/Implementations 5.1 SSL/TLS 5.2 S-HTTP 19-20 6. Key Generation 6.1 SSL/TLS 6.2 S-HTTP 20-22 7. Cost 23 8. Conclusion 23 9. References 24-25Page 2 1. INTRODUCTION In this paper we will be comparing the various World Wide Web security protocols that are being used in the today’s growing Internet. Our work will be mainly concentrated on comparing the three most commonly used security protocols: Secure Socket Layer [SSL] , Transport Layer Security [TLS] and S-HTTP [SHTTP]. The comparisons of these will be made based on security features provided within each protocol and how each protocol handles different types of attacks. Some basic differences regarding the operation of the individual protocols will also be highlighted briefly. We will also be addressing various ways to increase performance and efficiency of each of these protocols. This paper is organized into eight sections. We start with the basic introduction to these protocols in the section 1. In section 2 we briefly discuss the basic of operation of each protocol followed by behaviors of each of these protocols towards different kinds of attacks and how these attacks are prevented by each of these protocols in section 3. In section 4 we will see that how the performance of these protocols can be improved based on the currently available options. We will examine key generation in section 6 and then briefly discuss the cost of implementing these protocols in section 7. Finally we will just mention various implementations of these protocols and highlight the application of each of them. The Secure Sockets Layer (SSL) protocol [SSL], which was originally developed by Netscape, is a set of rules governing server authentication, client authentication, and encrypted communication between servers and clients. SSL is a type of sockets communication that runs above TCP/IP and below higher-level protocols such as HTTP [HTTP] or IMAP and requires no changes to the application layer. It uses the transport layer on behalf of the higher-layer protocols and in the process allows a SSL-enabled server to authenticate itself to a SSL-enabled client and also allow a SSL-enabled client to authenticate a SSL-enabled server, enabling both the machines to establish an encrypted connection. SSL provides connection security and has three properties: The connection is private. The connection is used after an initial handshake to define a secret key. SSL uses symmetric cryptography for data encryption. The peers identity is authenticated using Public Key algorithms (RSA or DSS) To make the connection reliable, message transport includes a message integrity check using a keyed message authentication code (secure hash functions such as SHA or MD5 are used for MAC computation) The TLS 1.0 [TLS] Protocol on the other hand is an IETF effort to propose a standard that is based on the SSL protocol. The purpose of this protocol is to prevent attacks such as eavesdropping and message modification, while providing privacy and data integrity. There are four main goals of this protocol: To be able to establish a secure channel between client and server; To be interoperable with all implementations of TLS (i.e. not dependent on the way a program was written); To be able to incorporate new protocols as they are invented, so there is not a need to define a new protocol; To use CPU time very efficiently, by providing a caching scheme to keep from having to establish connections from scratch. Even though TLS 1.0 is based on SSL 3.0, it is different enough that they can’t communicate with each other without having TLS 1.0 drop down to SSL 3.0.Page 3 The advantage of using SSL/TLS is that they are application layer independent. They will run under many different applications such as HTTP, TELNET, FTP, etc. They are basically transparent to higher-level protocols. For the most part TLS is just an updated version of SSL, but there are some differences that cause SSL and TLS to not be compatible with each other. One of the main differences is the algorithm used to compute the master-secret key (symmetric session key). In SSL, MD5 and SHA-1 are used straight whereas in TLS a pseudo-random function is used to compute the master-secret. This pseudo-random function contains hashing with MD5 and SHA-1 (see section 6 for more details). TLS also has a lot of extra alert codes that aren’t present in SSL. For the added alert codes see [STALL]. The only alert code in SSL that is not in TLS is no certificate. TLS supports all the cipher suites supported by SSL, except for Fortezza. Another major update in TLS is the ability to pad any amount, as long as the result is a multiple of the ciphertext length upto a maximum of 255 bytes. In SSL the only padding allowed is the minimum required to make the ciphertext a multiple
View Full Document
Unlocking...