SSL BASICS AND SSL PACKET ANALYSIS USING
WIRESHARK
Presented byMd. Al ImranM.Sc in MISS
CEH, ISO 27001 LA
YOU WILL LEARN Definition of SSL Components of SSL How SSL works Packet capturing and analysis using
Wireshark Concepts about Digital Signature, PKI, Digital
Envelope, Digital Certificate
Prepared by Md. Al Im
ran
2
WHAT IS SSL Secure communication protocol Between client(browser) and server Securing any transmission over TCP HTTPS is an application of SSL We can tell it HTTP over SSL
Prepared by Md. Al Im
ran
3
SSL PROVIDES Confidentiality Authenticity Integrity Non repudiation
Prepared by Md. Al Im
ran
4
COMPONENTS OF SSL 4 components/protocol layer Record layer Change cipherspec protocol Alert protocol Handshake protocol
Prepared by Md. Al Im
ran
5
RECORD LAYERPrepared by M
d. Al Imran
6
RECORD LAYER (CONTD..) Collects all messages from Alert,
ChangeCipherSpec, Handshake and application protocol messages
Format them, formatting provides a header of each message Add Message Authentication Code(MAC) at the
end Five bytes header Protocol message follow the header no longer
that 16384 bytes
Prepared by Md. Al Im
ran
7
RECORD LAYER (CONTD..) Header contains
Protocol definition(1 byte): indicated which higher layer protocol is contained
Version(2 byte): SSL protocol version Length(2 byte): length of higher layer protocol
message
Prepared by Md. Al Im
ran
8
CHANGECIPHERSPEC PROTOCOL Composed of only one message(1 byte) Indicates the beginning of secure
communication
Prepared by Md. Al Im
ran
9
ALERT PROTOCOL Sends errors, problems, warning about the
connection between client and server Layer is formed with two fields
Severity level: 1 means warning, 2 means fatal error
Alert description: Close notify, no certificate, bad certificate,
BadRecordMAC, handshake failure etc
Prepared by Md. Al Im
ran
10
HANDSHAKE PROTOCOL Establish a handshake which begins secure
communication between client and server The following steps shows how handshake is
established
Prepared by Md. Al Im
ran
11
HANDSHAKE PROTOCOL (CONTD..)Prepared by M
d. Al Imran
12
HANDSHAKE PROTOCOL (CONTD..) ClientHello
5 components of the message Version: which SSL version client supports Random number: 32 byte for cryptographic
calculation, with (4 byte)time & date at the last Session ID: empty Cipher suites: exact algorithm(DES, AES,
3DES,RC4,MD5,SHA-1), key size Compression method: compression before
encryption
Prepared by Md. Al Im
ran
13
HANDSHAKE PROTOCOL (CONTD..) ServerHello
Server takes the decision Version: determines SSL version to be used Random number: 32 byte for cryptographic
calculation, with (4 byte)time & date at the last, avoid replay attack
Session ID: specific session ID Cipher suites: selects exact, key size to be used Compression method: select exact compression
method
Prepared by Md. Al Im
ran
14
HANDSHAKE PROTOCOL (CONTD..) ServerkeyExchange
Sends public key information(Digital Certificate) of itself according to selected ciphersuite
ServerHelloDone Has finished negotiation message. Very important for client to move next state
Prepared by Md. Al Im
ran
15
HANDSHAKE PROTOCOL (CONTD..) ClientkeyExchange
Client sends his key information. Premaster-secret encrypted using servers public
key which is called “Digital Envelope” Server and client generate master-secret and
session key based on premaster-secret Prevent Man-in-the-Middle attack Server decrypt it using his private key that
ensures server authentication
Prepared by Md. Al Im
ran
16
HANDSHAKE PROTOCOL (CONTD..) ChangeCipherSpec
Both client and server sends this message Begin using agreed upon security services
Finished Both client and server sends this final message Both ends verify negotiation is successful Encrypted and hashed message(ensures intigrity) Ensures 3 points
Key information Contents of all previous SSL handshake messages
exchanged by the systems A special value indicating whether the sender is a client or
server
Prepared by Md. Al Im
ran
17
CLIENT HELLOPrepared by M
d. Al Imran
18
SERVER HELLOPrepared by M
d. Al Imran
19
SERVER KEY EXCHANGEPrepared by M
d. Al Imran
20
SERVER HELLO DONEPrepared by M
d. Al Imran
21
CLIENT KEY EXCHANGEPrepared by M
d. Al Imran
22
DIGITAL CERTIFICATE It’s a component of PKI Why PKI? Electronic passport Allows client to exchange information
securely over the Internet using PKI Contains public key and identity of the public
key holder Contains serial no., valid duration, version,
algorithm, digital signature of the CA to verify that certificate is real
Provides sender authentication Issued by trusted CA
Prepared by Md. Al Im
ran
23
DIGITAL CERTIFICATEPrepared by M
d. Al Imran
24
DIGITAL CERTIFICATEPrepared by M
d. Al Imran
25
SSL CERTIFICATE OF AMAZON.COM
26
Prepared by Md. Al Im
ran
DIGITAL SIGNATURE Digitally signed document Process of ensuring sender authentication,
message integrity and non-repudiation
Prepared by Md. Al Im
ran
27
DIGITAL SIGNATUREPrepared by M
d. Al Imran
28
DIGITAL ENVELOPE Secure data container Message is encrypted using a secret
key(symmetric encryption) Secret key is encrypted using recipients
public key(public key encryption)
Prepared by Md. Al Im
ran
29
DIGITAL ENVELOPEPrepared by M
d. Al Imran
30
REFERENCES http://www.sans.org/reading-room/whitepape
rs/protocols/ssl-tls-beginners-guide1029 http://imcs.dvfu.ru/lib.int/docs/Web/SSL%20&
%20TLS%20Essentials.%20Securing%20the%20Web.pdf
http://www.technologydwell.com/2012/05/securesockets-layer-ssl-is-internet.html
https://www.youtube.com/watch?v=qps5dsNSIbc
Gmail.com https://ibblportal.islamibankbd.com/
indexLogin.do
Prepared by Md. Al Im
ran
31