7/26/2019 Presentation on Secure Socket Layer
1/47
Secure Socket Layer (S
7/26/2019 Presentation on Secure Socket Layer
2/47
INTRODUCTION
7/26/2019 Presentation on Secure Socket Layer
3/47
Position of SSL in TCP/IP Protocol Suite
7/26/2019 Presentation on Secure Socket Layer
4/47
Position of SSL(Continue)
Alication Layer Data is asse! to SSL Layer
SSL Layer Perfor"s encrytion on t#e !ata recei$e! fro
layer% an! also a!!s its o&n encrytion infor"ation #
SSL 'ea!er
SSL Layer at recei$ers en! re"o$es t#e SSL 'ea!er%
encryte! !ata an! i$es lain*te+t !ata ,ack to t#e
layer-
Only Alication Data is encryte! ,y SSL-
7/26/2019 Presentation on Secure Socket Layer
5/47
.uestion
Can SSL be positioned below data-link Layer?
It would lead to problems.
If SSL encrypted all the lower layer headers, evand physical addresses of the computers would
encrypted , and become unreadable.
7/26/2019 Presentation on Secure Socket Layer
6/47
Ser$ices Pro$i!e! y SSL
7/26/2019 Presentation on Secure Socket Layer
7/47
Ser$ices Pro$i!e! y SSL
1. Fragmentation
SSL divides the data into blocks of !
1. Compression Lossless Compression method "ptional
#. $ntity %uthentication %uthenticate both client and server
#. &essa'e Inte'rity reserves inte'rity usin' keyed-hash functions to create &%C
7/26/2019 Presentation on Secure Socket Layer
8/47
Ser$ices
(. Confidentiality"ri'inal data and &%C are encrypted usin' symmetric-key crypto'raph
). *ramin'+eader is added to encrypted payloadayload passed to transport layer
7/26/2019 Presentation on Secure Socket Layer
9/47
0ey 1+c#ane Alorit#"s
7/26/2019 Presentation on Secure Socket Layer
10/47
0ey 1+c#ane Alorit#"s
T#ese are t#e "et#o!s re2uire! for e+c#anin keys ,e
client an! ser$er
Why these methods are required?
3or e+c#anin aut#enticate! an! con4!ential "essaecrytora#ic secrets are re2uire!
To create t#ese secrets% one re*"aster secret "ust ,e To esta,lis# re*"aster secret t#ese are re2uire!
7/26/2019 Presentation on Secure Socket Layer
11/47
0ey 1+c#ane Alorit#"s
1. Null o key echan'e
2. RSA re-master secret is / byte random number Created by client $ncrypted with server0s public key Server needs to send its 1S% encryption2decryption certificate
7/26/2019 Presentation on Secure Socket Layer
12/47
3. Anonymous Diffie Hellman
Simplest and most unsecure method4sin' 5iffie +ellman protocol+alf keys are sent in plaintetIt is called %nonymous because neither party is known to the
other&an in the middle attack
7/26/2019 Presentation on Secure Socket Layer
13/47
4. Ephemeral Diffie-Hellman$ach party sends 5iffie-+ellman key si'ned by its private key.
1eceiver verify the si'nature usin' public key of the sender.ublic keys for the verification are echan'ed usin' either 1S% or 5
si'nature certificates
7/26/2019 Presentation on Secure Socket Layer
14/47
. Fi!e" Diffie-Hellman
o key echan'e messa'es are passed in this method, only certificate
echan'ed.$ach entity create half key and insert it into a certificate verified by C%6wo parties do not directly echan'e the half keys, C% sends the half k
1S% or 5SS special certificates
7/26/2019 Presentation on Secure Socket Layer
15/47
1ncrytion/Decrytion Alorit#"s
7/26/2019 Presentation on Secure Socket Layer
16/47
1ncrytion/Decrytion Alorit#"s
7/26/2019 Presentation on Secure Socket Layer
17/47
'as# Alorit#"s
# l i #
7/26/2019 Presentation on Secure Socket Layer
18/47
'as# Alorit#"s
7/26/2019 Presentation on Secure Socket Layer
19/47
Ci#er Suite
Ci # S it
7/26/2019 Presentation on Secure Socket Layer
20/47
Ci#er Suite
6he combination of key echan'e, hash and encryption al'orithms def
cipher suite for each SSL session.
*ormat7
Cipher Suite7
SSL89ey $chan'e ðod8:I6+8 $ncryption25ecryption %l'o8+as
7/26/2019 Presentation on Secure Socket Layer
21/47
7/26/2019 Presentation on Secure Socket Layer
22/47
Co"ression Alorit#"s
Co"ression Alorit#"s
7/26/2019 Presentation on Secure Socket Layer
23/47
Co"ression Alorit#"s
Compression is optional
o specific compression al'orithm is defined for SSLv3 5efault compression method is 4LL System can use whatever compression al'orithm it desires
7/26/2019 Presentation on Secure Socket Layer
24/47
Crytora#ic Para"eter 6eneratio
7/26/2019 Presentation on Secure Socket Layer
25/47
Steps7
#.$chan'e two random numbers
!.$chan'e re-master Secret3.Create /-;yte &aster Secret
.&aster Secret is used to create variable len'th 9ey material.
(.$tract ) different keys
7r! ste
7/26/2019 Presentation on Secure Socket Layer
26/47
7r! ste
8t# ste
7/26/2019 Presentation on Secure Socket Layer
27/47
8t# ste
9t# Ste
7/26/2019 Presentation on Secure Socket Layer
28/47
9t# Ste
7/26/2019 Presentation on Secure Socket Layer
29/47
3our Protocols
3our SSL Protocols
7/26/2019 Presentation on Secure Socket Layer
30/47
3our SSL Protocols
6he 1ecord rotocol is the carrier. It carries messa'es from three other protocols as well as the
from the application layer.
7/26/2019 Presentation on Secure Socket Layer
31/47
'an!s#ake Protocol
7/26/2019 Presentation on Secure Socket Layer
32/47
T#e 'an!s#ake Protocol uses "essaesTo neotiate t#e ci#er suite
To aut#enticate t#e ser$er to t#e client
To aut#enticate t#e client to t#e Ser$er
To e+c#ane infor"ation for ,uil!in t#e crytora#ic secre
'an!s#ake Protocol consists of 8 #ases
P#ase :; 1sta,lis#in Security Caa,ility
7/26/2019 Presentation on Secure Socket Layer
33/47
P#ase :; 1sta,lis#in Security Caa,ility
T#e client an! ser$er announce t#eir security caa,ilitiet#ose t#at are con$enient for ,ot#.
P#ase
7/26/2019 Presentation on Secure Socket Layer
34/47
y
T#e Ser$er aut#enticates itself if nee!e!-
7/26/2019 Presentation on Secure Socket Layer
35/47
P#ase 7; Client 0ey 1+c#ane an! Aut#entication
7/26/2019 Presentation on Secure Socket Layer
36/47
y
T#is #ase is use! to aut#enticate client-
7/26/2019 Presentation on Secure Socket Layer
37/47
P#ase 8; 3inali=in an! 3inis#in
7/26/2019 Presentation on Secure Socket Layer
38/47
6he client and server send messa'es to chan'e cipher specificat
finish the handshakin' protocol.
7/26/2019 Presentation on Secure Socket Layer
39/47
C#aneCi#erSec Protoc
7/26/2019 Presentation on Secure Socket Layer
40/47
'an!s#ake Protocol;:- Neotiation of ci#er Suite
ritin
7/26/2019 Presentation on Secure Socket Layer
41/47
7/26/2019 Presentation on Secure Socket Layer
42/47
Alert Protocol
7/26/2019 Presentation on Secure Socket Layer
43/47
SSL uses t#e Alert Protocol for reortin errors an! a,nor
con!itions-
7/26/2019 Presentation on Secure Socket Layer
44/47
Recor! Protocol
7/26/2019 Presentation on Secure Socket Layer
45/47
Carries "essaes fro" uer layer
?essae is fra"ente! an! otionally co"resse!
?AC is a!!e! to co"resse! "essae usin neotiate! alorit#"
1ncrytion is !one-
SSL #ea!er is a!!e!
7/26/2019 Presentation on Secure Socket Layer
46/47
7/26/2019 Presentation on Secure Socket Layer
47/47
T#anks