Unit 9 ssl and tls

Prof. Chintan Patel Information Security

MEFGI , RAJKOT Unit - 9

• ”Client Server Application Running on Internet and TCP/IP Intranet”

• Web is unprotected to attack on the web server over theinternet.

• Web is serving as a platform for many business transaction.

Reputation and Money can be lost if servers are destroyed.

• Web browser is easy to use , web content is easy to develope ,

• web server is easy to manage but

Complexity of underlying S/W hides defects in system.

• Untrained users are common user of web based services.

Integrity Modification of data

Loss of information Cryptographic checksum

Confidentiality Theft of data from client and server

Loss of information and privacy

•Encryption•Web proxies

Denial of services•Flooding on M/C•Killing original Threats

Preventing user from work

Difficult to prevent

Authentication Data forgery Belief that false information is valid

Cryptographic techniques like Digital signature

• 1. Use of IPSec.

Transparent to end user and application

Only Selected traffic can flow

• 2. Above the TCP

Secure socket layer (SSL)/ Transport layer security(TLS)

Can be embedded in specific packages like Netscape of Microsoft browsers

Can be provided as a part of basic protocol used.

• 3. Application Layer

Security services are embedded within an application.

Security service can be tailored for specific needs of an application.

Example: Secure Electronic Transaction (SET).

Secure Socket Layer (SSL)

• Implements three cryptographic assurances:

1. Authentication.

2. Confidentiality.

3. Message integrity.

> Also provides secure key exchange between a

browser (client) and server.

> Provides security parameters negotiation.

> Does not offer non-repudiation.

• “Peer to peer connection Associated with Onesession”

• Parameters for connection state :

Server and Client Random : Byte Sequence.

Server write MAC secret : Secret key in MAC operation by server.

Client write MAC secret : Secret key in MAC Operation by client.

Server write key : key used by server to encrypt and used by clientto decrypt.

Client write key : key used by client to encrypt and used by serverto decrypt.

Initialization vector : Set by SSL Handshake protocol

Sequence number: for transmitted and received message for eachconnection.

“Association Between client and server which is created bySSL Handshake protocol and used to avoid the expensivenegotiation of new security parameters for eachconnection”

Parameter for Session state :

Session Identifier : An arbitrary byte sequence chosen by server toidentify an active or resumable session state.

Peer Certificate : X509.V3 Certificate for peer.

Compression Method : Algo. Used for compress data.

Cipher spec : Specifies bulk Data encryption algorithm and Hashalgorithm. Also defines hash_size.

Master secret : 48 byte secret value shared by client and server.

Is resumable : flag to indicate whether session can be used to initiate newconnections.

• Provides two services for SSL Connection :

1. Confidentiality : Hand shake protocol defines shared secret key whichis used for encryption of SSL Payloads.

2. Integrity : Hand shake protocol also defines shared secret key used tofor MAC.

• Hash(MAC_write_secret || pad_2 || hash(MAC_write_secret || pad_1 || seq_num || SSLCompressed.type || SSLCompressed.length || SSLCompressed.fragement))

• MAC_write_secret : shared secret key.

• Hash : MD5 or SHA

• SSLCompressed.type : higher level protocol used to process fragment.

• SSLCompressed.length : length of compressed fragment.

• SSLCompressed.fragment : Compressed fragment.

• Used for to cause the pending state to be copied into current state , whichupdates the cipher suite to be used on this connection

• “Used to convey SSL related alert to the peer entity”

•

• Different types of Alerts :

• unexpected_message : In appropriate message

• bad_record_mac : Incorrect MAC

• decompress_failure : unable to decompress or invalid decompress o/p

• handshake_failure : unable to establish proper connection

• close_notify : notify the receiver that sender will not send any moremessages on this connection.

• no_certificate : no appropriate certificate is found

• bad_certificate : contain the signature that did not verify

• unsupported_certificate: type of received certificate is not supported.

• certificate_expired : A certificate has expired

• The same record format as the SSL record format.

• Defined in RFC 2246.

• Similar to SSLv3.

• Differences:

version number

For current version of TLS, the major version is 3 and minor version is 1.

message authentication code

TLS differs in actual algorithm and scope of the MAC calculation.

• HMACk (M) = H[(K+ XOR opad)||H[(K+ XOR ipad)||M]]

• H = MD5 0r SHA 1

• M = Message

• K+ = Padded secret key, for MD5 , Its 512 bits

• Ipad = 36 in hexadecimal repeated 64 times..

• Opad = 5C in hexadecimal repeated 64 times

• HMAC Field in TLC consists of

HMAC_hash(MAC_write_secret, seq_num || TLSCompressed.type || TLSCompressed.version || TLSCompressed.length || TLSCompressed.fragment)

• decryption_failed : A cipher text decrypted is invalid.

• record_overflow : payload with length more than2^14+2048.

• unknown_ca = could not match with known or trustedCA.

• accesss_denied = after verification sender decide notto proceed further.

• decode_error = A message could not be decoded.

• protocol_version : Not supporting attached protocolversion

• internal_error = internal error not related with peer.

Thank You…………..

• Next lecture : SET