CSC 474/574 Dr. Peng Ning 1Computer ScienceCSC 474/574Information Systems SecurityTopic 5.6 Transport Layer SecurityCSC 474/574 Dr. Peng Ning 2Computer ScienceTransport Layer Security Protocols• Secure Socket Layer (SSL)– Originally developed to secure http– Version 3 was developed with public review– Application independent• Can be used for any application protocol• Examples: telnet, pop3, imap, ftp, etc.• Transport Layer Security (TLS)– TLS 1.0 very close to SSL 3.1– Backward compatible with SSL v3.CSC 474/574 Dr. Peng Ning 3Computer ScienceIPTCPSSL Record ProtocolHTTP and otherprotocolsSSL AlertProtocolSSL ChangeCipher SpecProtocolSSLHandshakeProtocolSSL Protocol StackSSL Architecture• A two-layered protocol.• Rely on TCP for a reliable communication.CSC 474/574 Dr. Peng Ning 4Computer ScienceSSL Services• Peer entity and data authentication• Data confidentiality• Data integrity• Compression/decompression• Generation/distribution of session keys– Integrated to protocol– A different approach from IPSec• Security parameter negotiation.CSC 474/574 Dr. Peng Ning 5Computer ScienceSSL Connection and Session• Each SSL session can be used for multiple SSLconnections.• SSL Session– An association between a client and a server.– Created by handshake protocol.– Are used to avoid negotiation of new security parametersfor each connection.• SSL Connection– A connection is a transport that provides a suitable type ofservice.– Peer-to-peer, transient– Each connection is associate with one session.CSC 474/574 Dr. Peng Ning 6Computer ScienceSSL Session• We can view an SSL session as an SSL securityassociation.• A SSL session consists of– Session ID– X.509 public-key certificate of peer (could be null)– Compression algorithm– Cipher spec:• Encryption algorithm, message digest algorithm, etc.– Master secret: 48 byte secret shared between the client andserver– Is reusableCSC 474/574 Dr. Peng Ning 7Computer ScienceSSL Connection• An SSL Connection consists of– Server and client random– Server write MAC secret– Client write MAC secret– Server write key– Client write key– Server IV– Client IV– Sequence numberCSC 474/574 Dr. Peng Ning 8Computer ScienceSSL Record Protocol• Four steps by sender (reversed by receiver)– Fragmentation• 214 bytes– Compression (optional)– MAC– EncryptionCSC 474/574 Dr. Peng Ning 9Computer ScienceSSL Record Protocol OperationCSC 474/574 Dr. Peng Ning 10Computer ScienceSSL Record FormatCSC 474/574 Dr. Peng Ning 11Computer ScienceSSL Record Protocol Payload≥≥CSC 474/574 Dr. Peng Ning 12Computer ScienceHandshake Protocol• Initially SSL session has null compression andencryption algorithm.• Both are set by the handshake protocol at thebeginning of session.• Handshake protocol may be repeated during thesession.• Four phases– Establish Security Capabilities– Server Authentication and Key Exchange– Client Authentication and Key Exchange– FinishCSC 474/574 Dr. Peng Ning 13Computer SciencePhase 1. Establish Security CapabilitiesClient ServerClient_hello*Server_hello*Message marked by * are mandatory; Other messages are optional.CSC 474/574 Dr. Peng Ning 14Computer SciencePhase 1 (Cont’d)• Client_hello– Version: The highest SSL version understood bythe client– Random: 4-byte timestamp + 28-byte randomnumber.– Session ID: zero for new session, non-zero for aprevious session– CipherSuite: list of supported algorithms– Compression Method: list of supportedcompression methodsCSC 474/574 Dr. Peng Ning 15Computer SciencePhase 1 (Cont’d)• Server_hello– Version: min (client_hello version, highest versionsupported by the server)– Random: 4-byte timestamp + 28-byte randomnumber.• Generated by the server– Session ID:– CipherSuite: selected from the client’s list by theserver– Compression method: selected from the client’slist by the serverCSC 474/574 Dr. Peng Ning 16Computer ScienceClient ServerCertificateServer_key_exchangeCertificate_requestServer_done*Phase 2: Server Authentication and KeyExchangeCertificate is almost always used.CSC 474/574 Dr. Peng Ning 17Computer ScienceCertificate message• Required for any agreed-on key exchangemethod except for anonymous Diffie-Hellman.– Anonymous D-H• Problem?• Contains one or a chain of X.509 certificates.CSC 474/574 Dr. Peng Ning 18Computer ScienceServer_key_exchange message• Not required if– The server has sent a certificate with fixed D-Hparameters, or– RSA key exchange is to be used.• Needed for– Anonymous D-H– Ephemeral D-H– RSA key exchange, in which the server is usingRSA but has a signature-only RSA key.– FortezzaCSC 474/574 Dr. Peng Ning 19Computer ScienceCertificate_request message• Request a certificate from the client• Two parameters– Certificate_type• RSA, signature only• DSS, signature only• …– Certificate_authoritiesCSC 474/574 Dr. Peng Ning 20Computer ScienceServer_done message• Indicate the end of server hello and associatedmessages.CSC 474/574 Dr. Peng Ning 21Computer SciencePhase 3. Client Authentication and Key ExchangeClient ServerCertificateclient_key_exchange*certificate_verifyCSC 474/574 Dr. Peng Ning 22Computer SciencePhase 3. Client Authentication and KeyExchange• Certificate– One or a chain of certificates.• Client_key_exchange– RSA: encrypted pre-master secret with the server’s publickey.– D-H: client’s public key.• Certificate_verify– Only sent following any client certificate that has signingcapability– Proves the client is the valid owner of the certificate.CSC 474/574 Dr. Peng Ning 23Computer SciencePhase 4. FinishClient ServerChange_cipher_spec*Finished*Change_cipher_spec*Finished*CSC 474/574 Dr. Peng Ning 24Computer ScienceMaster Secret Creation• The master secret is a one-time 48-byte value.– Pre-master secret: by RSA or D-H– Master secret is computed from the pre-mastersecret, client random and server random.CSC 474/574 Dr. Peng Ning 25Computer ScienceGeneration of Cryptographic Parameters• Generated from the master secret, clientrandom, and server random.– Client write MAC secret– Server write MAC secret– Client write key– Server write key– Client write IV– Server write IVCSC 474/574 Dr. Peng Ning 26Computer ScienceChange Cipher Spec Protocol• Session State– Current state• The session state in effect– Pending state• The session being negotiated.• Change Cipher Spec