Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

PPT - fjhirsch

advertisement 
An Introduction to SSL/TLS and
Certificates
Providing secure communication
over the Internet
Frederick J. Hirsch
fjh@fjhirsch.com
CertCo Overview
• Background
Established in 1996. Banker’s Trust spinoff. Privately held.
• Mission
CertCo provides secure and cost-effective business solutions that
enable trust institutions to build a worldwide trust infrastructure to
support high-value, secure electronic commerce.
• Expertise
Cryptography, risk management, law, technology and banking.
• Location
Headquarters: New York City
Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.
2
Outline
• Problem: Creating applications which
can communicate securely over the
Internet
• TLS: Transport Layer Security (SSL)
• Certificates
• Related technology: S-HTTP, IPSec, SET,
SASL
• References
3
Security Issues
• Privacy
– Anyone can see content
• Integrity
– Someone might alter content
• Authentication
– Not clear who you are talking with
4
TLS: Transport Layer Security
• formerly known as
SSL: Secure Sockets Layer
• Addresses issues of privacy, integrity
and authentication
– What is it?
– How does it address the issues?
– How is it used
5
What is TLS?
• Protocol layer
• Requires reliable transport layer (e.g.
TCP)
• Supports any application protocols
HTTP
Telnet
TLS
TCP
IP
FTP
LDAP
6
TLS: Privacy
• Encrypt message so it cannot be read
• Use conventional cryptography with
shared key
– DES, 3DES
– RC2, RC4
– IDEA
A
Message
$%&#!@
B
Message
7
TLS:Key Exchange
• Need secure method to exchange secret
key
• Use public key encryption for this
– “key pair” is used - either one can encrypt
and then the other can decrypt
– slower than conventional cryptography
– share one key, keep the other private
• Choices are RSA or Diffie-Hellman
8
TLS: Integrity
• Compute fixed-length Message
Authentication Code (MAC)
– Includes hash of message
– Includes a shared secret
– Include sequence number
• Transmit MAC with message
9
TLS: Integrity
• Receiver creates new MAC
– should match transmitted MAC
• TLS allows MD5, SHA-1
A
Message
MAC
B
Message’
MAC’
MAC
=?
10
TLS: Authentication
• Verify identities of participants
• Client authentication is optional
• Certificate is used to associate identity
with public key and other attributes
A
Certificate
B
Certificate
11
TLS: Overview
• Establish a session
– Agree on algorithms
– Share secrets
– Perform authentication
• Transfer application data
– Ensure privacy and integrity
12
TLS: Architecture
• TLS defines Record Protocol to transfer
application and TLS information
• A session is established using a
Handshake Protocol
Handshake
Protocol
Change
Cipher Spec
Alert
Protocol
TLS Record Protocol
13
TLS: Record Protocol
14
TLS: Handshake
• Negotiate Cipher-Suite Algorithms
– Symmetric cipher to use
– Key exchange method
– Message digest function
• Establish and share master secret
• Optionally authenticate server and/or
client
15
Handshake Phases
• Hello messages
• Certificate and Key Exchange messages
• Change CipherSpec and Finished
messages
16
TLS: Hello
• Client “Hello” - initiates session
– Propose protocol version
– Propose cipher suite
– Server chooses protocol and suite
• Client may request use of cached
session
– Server chooses whether to honor request
17
TLS: Key Exchange
• Server sends certificate containing
public key (RSA) or Diffie-Hellman
parameters
• Client sends encrypted “pre-master”
secret to server using Client Key
Exchange message
• Master secret calculated
– Use random values passed in Client and
Server Hello messages
18
Public Key Certificates
• X.509 Certificate associates public key
with identity
• Certification Authority (CA) creates
certificate
– Adheres to policies and verifies identity
– Signs certificate
• User of Certificate must ensure it is
valid
19
Validating a Certificate
• Must recognize accepted CA in
certificate chain
– One CA may issue certificate for another
CA
• Must verify that certificate has not been
revoked
– CA publishes Certificate Revocation List
(CRL)
20
X.509: Certificate Content
• Version
• Serial Number
• Signature Algorithm Identifier
– Object Identifier (OID)
– e.g. id-dsa: {iso(1) memberbody(2) us(840) x9-57 (10040)
x9algorithm(4) 1}
• Issuer (CA) X.500 name
• Validity Period (Start,End)
• Subject X.500 name
• Subject Public Key
– Algorithm
– Value
• Issuer Unique Id (Version 2
,3)
• Subject Unique Id (Version
2,3)
• Extensions (version 3)
– optional
• CA digital Signature
21
Subject Names
• X.500 Distinguished Name (DN)
• Associated with node in hierarchical
directory (X.500)
• Each node has Relative Distinguished
Name (RDN)
– Path for parent node
– Unique set of attribute/value pairs for this
node
22
Example Subject Name
• Country at Highest Level (e.g. US)
• Organization typically at next level (e.g.
CertCo)
• Individual below (e.g. Common Name
“Elizabeth” with Id = 1)
DN = {
• C=US;
• O=CertCo;
• CN=Elizabeth, ID=1}
23
Version 3 Certificates
• Version 3 X.509 Certificates support
alternative name formats as extensions
–
–
–
–
X.500 names
Internet domain names
e-mail addresses
URLs
• Certificate may include more than one
name
24
Certificate Signature
• RSA Signature
– Create hash of certificate
– Encrypt using CA’s private key
• Signature verification
– Decrypt using CA’s public key
– Verify hash
25
TLS: ServerKeyExchange
Client
Server
 ClientHello
 ServerHello
 Certificate
 ServerKeyExchange
26
TLS: Certificate Request
Client
Server
 ClientHello




ServerHello
Certificate
ServerKeyExchange
CertificateRequest
27
TLS: Client Certificate
Client
Server
 ClientHello




ServerHello
Certificate
ServerKeyExchange
CertificateRequest
 ClientCertificate
 ClientKeyExchange
28
TLS: Change Cipher Spec,
Finished
Client
Server
 [ChangeCipherSpec]
 Finished
 [ChangeCipherSpec]
 Finished
 Application Data
 Application Data
29
TLS: Change Cipher
Spec/Finished
• Change Cipher Spec
– Announce switch to negotiated algorithms
and values
• Finished
– Send copy of handshake using new session
– Permits validation of handshake
30
TLS: Using a Session
Client
Server
 ClientHello (Session #)
 ServerHello (Session #)
 [ChangeCipherSpec]
 Finished
 [ChangeCipherSpec]
 Finished
 Application Data
 Application Data
31
Changes from SSL 3.0 to TLS
• Fortezza removed
• Additional Alerts added
• Modification to hash calculations
• Protocol version 3.1 in ClientHello,
ServerHello
32
TLS: HTTP Application
• HTTP most common TLS application
– https://
• Requires TLS-capable web server
• Requires TLS-capable web browser
– Netscape Navigator
– Internet Explorer
– Cryptozilla
• Netscape Mozilla sources with SSLeay
33
Web Servers
• Apache-SSL
• Apache mod_ssl
• Stronghold
• Roxen
• iNetStore
34
Other Applications
• Telnet
• FTP
• LDAP
• POP
• SSLrsh
• Commercial Proxies
35
TLS: Implementation
• Cryptographic Libraries
– RSARef, BSAFE
• TLS/SSL packages
– SSLeay
– SSLRef
36
X.509 Certificate Issues
• Certificate Administration is complex
– Hierarchy of Certification Authorities
– Mechanisms for requesting, issuing,
revoking certificates
• X.500 names are complicated
• Description formats are cumbersome
(ASN.1)
37
X.509 Alternative: SDSI
– SDSI: Simple Distributed Security
Infrastructure (Rivest, Lampson)
• Merging with IETF SPKI: Simple Public-Key
Infrastructure in SDSI 2.0
• Eliminate X.500 names - use DNS and text
• Everyone is their own CA
• Instead of ASN.1 use “S-expressions” and
simple syntax
• Name and Authorization certificates
38
TLS “Alternatives”
• S-HTTP: secure HTTP protocol, shttp://
• IPSec: secure IP
• SET: Secure Electronic Transaction
– Protocol and infrastructure for bank card
payments
• SASL: Simple Authentication and
Security Layer (RFC 2222)
39
Summary
• SSL/TLS addresses the need for
security in Internet communications
– Privacy - conventional encryption
– Integrity - Message Authentication Codes
– Authentication - X.509 certificates
• SSL in use today with web browsers
and servers
40
References - 1
• Engelschall, Ralph, mod_ssl,
<http://www.engelschall.com/sw/mod_ssl>
• Ford, Warwick, Baum, Michael S. Secure Electronic Commerce,
Prentice Hall 1997.
• Hirsch, Frederick J. “Introduction to SSL and Certificates Using
SSLeay”, World Wide Web Journal, Summer 1997,
<http://www.fjhirsch.com/wwwj/>
• Hudson, Tim J, Young, Eric A , “SSLeay and SSLapps FAQ”,
<http://www.psy.uq.oz.au/~ftp/Crypto/>
• Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network
Security: PRIVATE Communication in a PUBLIC World, Prentice
Hall, 1995.
41
References - 2
• Rivest, Ron, SDSI, <http://theory.lcs.mit.edu/~cis/sdsi.html>
• Stallings, William Cryptography and Network Security: Principles
and Practice, 2nd Edition, Prentice Hall, 1999.
• Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0
Protocol” <http://www.counterpane.com/ssl.html>
• Internet Drafts and RFCs <http://www.ietf.org/>. Use the
keyword search on TLS or SSL in the Internet Drafts section to
find the TLS Protocol specification and other relevant
documents.
• PKCS standards:
<http://www.rsa.com/rsalabs/pubs/PKCS/>
42
References - 3
• Microsoft Security Documents
<http://www.microsoft.com/workshop/security/contents.htm
>
• Netscape Security Documents
<http://www.netscape.com/eng/security/>
43
http://www.fjhirsch.com/~fhirsch/SSL/
44
Related documents
How to Decrypt Lync communication using
How to Decrypt Lync communication using
here. - Training for Learning and Serving
here. - Training for Learning and Serving
Employing Web Authentication and Encryption Technologies
Employing Web Authentication and Encryption Technologies
(SSL) and/or Transport Layer Security (TLS)
(SSL) and/or Transport Layer Security (TLS)
DESIGN PREPARATION CHECKLIST
DESIGN PREPARATION CHECKLIST
TLS 1.2, NIST SP 800-56A
TLS 1.2, NIST SP 800-56A
note Commentsv3 - W3C Public Mailing List Archives
note Commentsv3 - W3C Public Mailing List Archives
Download
advertisement