2. Outline
Concepts
• What is SSL/TLS?
• Security Provided by SSL/TLS
• Cipher Suite
How it works?
• Handshaking procedure
• Record protocol
Application
3. What is SSL/TLS?
Transport Layer Security (TLS) and its predecessor, Secure
Sockets Layer (SSL), are cryptographic protocols that
provide security for communications over networks such as
the Internet.
TLS and SSL encrypt the segments of network connections
at the Transport Layer end-to-end.
—Wikipedia
4. Where does SSL/TLS works?
• FTP, HTTP, IMAP, IRC , POP3, SMTP, SSH
Application • DNS, Telnet, SSL/TLS*, etc.
Transport • TCP, UDP, DCCP, SCTP, IL, RUDP, RSVP
• IP (v4, v6)
Internet • ICMP, IGMP, ICMPv6
Link • ARP, RARP, OSPF, IS-IS, NDP
*Note: Protocols don’t have to fit in this reference model in order to be accepted as a standard.
From the application protocol point of view, SSL/TLS belongs to a lower layer, although
the TCP/IP model is too coarse to show it.
5. A Bit of History
Secure Sockets Layer (SSL)
• Developed by Netscape Corporation
• Versions 1, 2, and 3 (released in 1996)
Transport Layer Security (TLS)
• Successor of SSL
• IETF standards track protocol, based on SSL 3.0
• Last updated in RFC 5246 (2008)
6. What Security is Provided?
By providing:
• Endpoint Authentication
• Unilateral or Bilateral
• Communication Confidentiality
For preventing:
• Eavesdropping
• Tampering
• Message Forgery
7. How Security is Provided?
Symmetric-key
Eavesdropping Encryption
Cryptography
Cryptographic
Tampering Message Digest
Hash
Message Authentication
Public-key
& Digital
Forgery signature
Cryptography
8. How Security is Provided?
A simplified case (Unilateral Authentication)
Key Exchange
Symmetric key Symmetric key
M E || C D H
MAC
H E D Compare
Public key Private key
Asymmetric Key-Gen
9. Cipher Suite
A suite of algorithms are needed for SSL/TLS connections
• Bulk encryption algorithm
• Message stream encryption algorithm
• Message authentication code (MAC) algorithm
• Cryptographic hash function
• Asymmetric key algorithms
• Key exchange algorithm
• Pseudorandom function (PRF)
10. Cipher Suite (cont.)
Common Cipher Suite algorithms:
• Bulk encryption algorithm
• RC4, Triple DES, AES, IDEA, DES, Camellia
• Message authentication code (MAC) algorithm
• Authentication by RSA, DSA, ECDSA
• Hashing by MD5, SHA
• Key exchange algorithm
• RSA, Diffie-Hellman, ECDH, SRP, PSK
• Pseudorandom function (PRF)
11. Enhanced Security Measures
The server certificate is digitally signed by a certificate
authority(CA)
• The client accepts the server certificate if the CA is trusted
Sequence number are used for preventing replay attacks
Finishing handshake sends a hash of all exchanged
handshake messages
etc.
13. Handshaking
The client(Alice) and server(Bob) must agree on various
parameters to establish the connection
• Alice request a secure connections and presents a list of CipherSuites
• Bob picks the strongest supported CipherSuite
• Bob sends back his digital certificate
• Including the certificate authority and his public key
• By encrypting using the server’s public key, Alice send a random
number to Bob securely
• Alice and Bob generate key material from the random number
• Secure connection established
14. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. ClientHello Hdshk.
CipherSuites
CA's digital signature
List of trusted CAs List of
CipherSuites
Server private key
Public keys of trusted CAs
Server public key
During During
Hdshk. Hdshk.
List of Alice’s CipherSuites
Alice request a secure connections and presents a
list of CipherSuites.
15. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. ServerHello Hdshk.
CipherSuites
CA's digital signature
List of trusted CAs Chosen
CipherSuite Server private key
Public keys of trusted CAs Server public key
During During Selected CipherSuite
Hdshk. Selected CipherSuite Hdshk.
Alice saves the selected CipherSuite. Bob picks the strongest supported
CipherSuite.
16. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. Certificate Hdshk.
CipherSuites
CA's digital signature
List of trusted CAs Bob’s Digital
Certificate
Server private key
Public keys of trusted
CAs Server public key
During Selected CipherSuite ServerHelloDone During
Hdshk. Hdshk.
Selected CipherSuite
Server public key
Alice tries to confirm Bob’s digital certificate by CA’s Bob sends back his digital certificate, signed by CA
signature. Alice may contact CA if needed. with Bob’s public key.
17. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. ClientKeyExchange Hdshk.
CipherSuites
Encrypted CA's digital signature
List of trusted CAs random
number (RN) Server private key
Public keys of trusted CAs
Server public key
During Selected CipherSuite During Selected CipherSuite
Hdshk. Hdshk.
Server public key
Random number (RN)
Random number (RN)
If Bob’s certificate is accepted, Alice generates and Bob decrypts the message using his private key and
sends a random number using the server’s public key. saves RN.
18. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. CipherSuites Hdshk.
CA's digital signature
List of trusted CAs
Server private key
Public keys of trusted CAs
Server public key
During Selected CipherSuite During Selected CipherSuite
Hdshk. Hdshk.
Connection Keys Connection Keys
Alice and Bob generate their key material from RN
(depending on the selected CipherSuite).
19. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. ChangeCipherSpec Hdshk.
CipherSuites
CA's digital signature
List of trusted CAs
Finished
Server private key
Public keys of trusted CAs Authenticated Server public key
and encrypted
During message During
Selected CipherSuite Selected CipherSuite
Hdshk. Hdshk.
MAC
Connection Keys Connection Keys
Alice sends ChangeCipherSpec and an Bob decrypts and verify the message using his
authenticated and encrypted Finished message. connection keys.
20. Simple Handshaking Case
ALICE (CLIENT) BOB (SERVER)
Before List of supported Before List of supported CipherSuites
Hdshk. ChangeCipherSpec Hdshk.
CipherSuites
CA's digital signature
List of trusted CAs
Finished
Server private key
Public keys of trusted CAs Authenticated Server public key
and encrypted
During message During
Selected CipherSuite Selected CipherSuite
Hdshk. Hdshk.
MAC
Connection Keys Connection Keys
Alice decrypts and verify the message using her If Alice’s message is verified, Bob sends
connection keys. The secure connection is established. ChangeCipherSpec and another Finished message.
24. Application of SSL/TLS
On top of the Transport Layer protocols
• Primarily with TCP
• Datagram Transport Layer Security(DTLS) for UDP
Encapsulating the application protocols
• HTTP (HTTPS)
for securing WWW traffic
• FTP (FTPS),
SMTP, NNTP, etc.
25. Implementations of SSL/TLS
SSL and TLS have been widely implemented
• Open source software projects
• OpenSSL, NSS, or GnuTLS
• Microsoft Windows
• Part of its Secure Channel
• Browsers
• Apple Safari
• Mozilla Firefox (2+)
• Internet Explorer, etc.