CMSC 414 Computer and Network Security Lecture 26 - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

CMSC 414 Computer and Network Security Lecture 26

Description:

SSL runs on top of TCP, in a user-level process. Recall, does not ... Using TCP rather than UDP simplifies things. Recall, this opens a potential DoS attack ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 15
Provided by: jka9
Learn more at: http://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 26


1
CMSC 414Computer (and Network) SecurityLecture
26
  • Jonathan Katz

2
SSL/TLS
3
Brief history
  • SSLv2 deployed in Netscape 1.1 (1995)
  • Microsoft improved upon it
  • Netscape deployed SSLv3
  • Most commonly deployed
  • IETF introduced TLS
  • Similar, but incompatible
  • Here, we just say SSL!

4
Broad overview
  • SSL runs on top of TCP, in a user-level process
  • Recall, does not require changes to the OS
  • Using TCP rather than UDP simplifies things
  • Recall, this opens a potential DoS attack

5
Basic protocol flow
  • Alice (client) sends hello, supported crypto,
    and nonce RA
  • Bob (server) sends a certificate, selects crypto,
    and sends nonce RB
  • Alice encrypts S with Bobs public key
  • Alice/Bob derive key(s) from RA, RB, S
  • Must be careful about which encryption scheme is
    used!

6
Basic flow, continued
  • They each authenticate the initial handshake
    using the shared key(s)
  • The keys are used to encrypt/authenticate all
    subsequent communication
  • Separate keys shared for encryption and
    authentication in each direction
  • Also for IVs (but this is a flaw!)
  • Sequence numbers used to prevent replay

7
Note
  • As described, SSL only provides one-way
    authentication (server-to-client)
  • Not generally common for clients to have public
    keys
  • Can do mutual authentication over SSL using,
    e.g., a password
  • SSL also allows for clients to have public keys

8
Session resumption
  • Because it was designed with http traffic in
    mind, one session can be used to derive many
    secure connections
  • Server assigns a session_id and stores that along
    with the session key
  • Connection keys can be derived from the session
    key (assumes the client remembers it) and fresh
    nonces
  • Can always re-derive a session key (expensive!)

9
Some attacks (and fixes)
  • Man-in-the-middle can downgrade the acceptable
    crypto in Alices first message
  • One of the problems with negotiating crypto
  • Fixed by authenticating handshake phase
  • An adversary could also close a connection early
    (TCP close_connection_request was not
    integrity-protected)
  • Fixed by adding finish message which is
    authenticated

10
PGP
11
Overview
  • There are many schemes for secure email
  • PGP is popular for a number of reasons
  • one of which is its PKI model (i.e., the web of
    trust)

12
Overview
  • PGP provides for both encryption and digital
    signatures
  • Encryption
  • Standard techniques
  • Multiple recipients handled efficiently
  • Signatures
  • Again, standard techniques

13
Web of trust
  • Anarchy model
  • User defined level of trust in any signature /
    principal
  • Can be simplified somewhat if the user chooses to
    do so

14
Summary of course
Write a Comment
User Comments (0)
About PowerShow.com