TLS, SSL, PKI and a dash of X'509 - PowerPoint PPT Presentation

1 / 40

About This Presentation

Title:

TLS, SSL, PKI and a dash of X'509

Description:

TCP/IP. SSL. HTTP. Web Applications. NNTP. FTP. Telnet. New. Apps. Etc. ... IP Data. TCP Header. Type: TCP. TCP Data. Src. Port. Dst. Port. Seq. Num. Application Data ... – PowerPoint PPT presentation

Number of Views:152

Avg rating:3.0/5.0

Slides: 41

Provided by: bernie84

Category:

more less

Transcript and Presenter's Notes

Title: TLS, SSL, PKI and a dash of X'509

1
Internet Security Soup

TLS, SSL, PKI and a dash of X.509
Adapted from presentations by Jeff Treuhaft
(Netscape) and a presentation by the Tunitas
group

2
Secure Sockets Layer (SSL)

Platform and Application Independent
Operates between application and transport layers

3
TCP over IP
IP Header
IP Data
Src
Dst
TCP Header
TypeTCP
TCP Data
SrcPort
DstPort
SeqNum
Application Data
4
SSL over TCP over IP
IP Header
IP Data
Src
Dst
TCP Header
TypeTCP
TCP Data
SrcPort
DstPort
SeqNum
TLS
TLS Payload
EncryptedApplicationData
5
SSL History
99
95
96
TLS Draft
SSLRef 2.0
SSL v3.0
Initial Design
TLS v1.0
SSL BOF II _at_ IETF
SSL v2.0
SSL BOF _at_ IETF
Independent Implementations Hardware, Toolkits,
Applications
6
Secure Sockets Layer (SSL)

Negotiates and employs essential functions for
secure transactions
Mutual Authentication
Data Encryption
Data Integrity
As simple and transparent as possible

7
Mutual Authentication

Establish trust with intended recipients
Signed Digital Certificates
Server Authenticates to Client
Client Authenticates to Server (optional)

8
Data Encryption

Privacy and confidentiality
Support different algorithms for different
application needs
Privacy
Authentication

9
Data Integrity

Insure no one tampers with data transmissions
intentionally or not
Freshness of transactions to avoid replays

10
SSL 3.0 Layers

Record Layer
Fragmentation
Compression
Message Authentication (MAC)
Encryption

11
SSL 3.0 Layers Cont.

Alert Layer
close errors
message sequence errors
bad MACs
certificate errors

12
SSL 3.0 Layers Cont.

Handshake Layer
All messages are MACd
Message order is absolute
Negotiation messages are created here and handed
to record layer

13
Handshake Hello Sequence
Client
Server
ClientHello
ServerHello Certificate ServerKeyExchange Certific
ateRequest ServerHelloDone
14
Typical Hello Message

ClientHello message
struct
ProtocolVersion client_version
Random random
SessionID session_id
CipherSuite cipher_suiteslt2..216-1gt
CompressionMethod compression_methodslt2..28-1gt
ClientHello

15
Hello Sequence Cont.

Certificate (Server)
chain of X.509.v3 certificates with senders
certificate first
ServerKeyExchange
Anon-DH and temporary RSA
CertificateRequest
ServerHelloDone

16
Handshake Finish Response
Client
Server
Certificate ClientKeyExchange CertificateVerify Ch
angeCipherSpec Finished
ChangeCipherSpec Finished
Application Data
17
Client Key Exchange

Certificate
Client Key Exchange
Encrypted Pre-Master-Secret
using key from server certificate
Pre-Master-Secret
48-byte random
client version

18
Certificate Verify

Uses hash of available messages up to this point
Digitally signed to verify ownership of the
private key for the client certificate

19
ChangeCipherSpec

Sync point for starting to use the negotiated
algorithms and keys
Fresh Session
handshake messages are not encrypted until here
Updated Session
switch to new algorithms and keys here

20
Finished

Both sides encrypt with new info
algorithms, secrets and keys
MD5 hash
Master Secret, SHA(handshakes, sender, master
secret)
SHA hash
Master Secret, MD5(handshakes, sender, master
secret)

21
What are digital certificates?

A credential that identifies a person, resource
or entity
Specifies that a specific public key is owned by
a specific named entity
Generally, ownership of public key implies
exclusive control of related private key
Signature binds the public key to its named
owner (subject)

22
What are digital certificates? (cont)
23
Required Info

Certificate information
Serial Number
Validity Period
Signature algorithm
Authority Information
Unique name of issuer
Subject Information
Unique name of subject
Public key algorithm

Digital Signature created with issuers private
key
24
Optional Info

Standard Extensions
Subject and Issuer Attributes
e.g. altNameExtension Used to further identify
certificate actors
Key Use
e.g. certificateType (s/MIME, SSL. )
Certificate Constraints
e.g. pathLengthConstraint Limits certification
chain, i.e who can use the cert
Policy Extentions
Identify policies of CA used to issue this
certificate

25
Certificate Standards

X.509 Standard
Created to provide credentials for X.500
directory objects
V1 published as part of X.500 directory
recommendations
V3 (1996) added much flexibility
added provisions for extension fields (V3
extensions)
V3 use pretty much universal for Internet
applications
supports mail, c/s, IPsec
alternatives limited to special purposes, e.g PGP
certificates

26
Certificate Standards (cont.)

PKIX IETF standards and drafts
Intended to provide Internet with components
missing from X.509
X.509 rewrite according to IETF specs
Protocols for certificate creation and management
e.g. certificate requests, revocation lists
added profile and policy definitions

27
X.509 Advantages

Defined to support a high degree of
inter-operability
Independent of application, language, platform
vendor
supports wide range of applications and
environments
e.g. interoperability between Japanese issued
certificates stored on a Java ring with Internet
kiosk in a New York library
e.g. SET (secure electronic transactions)
designed to support electronic commerce worldwide

28
X.509 Problems

Significant issues in coding certificates
uses ASN.1 (Abstract Syntax Notation) and BER
requires self describing data
data which includes the format for interpreting
data
very robust but has significant overhead costs
very verbose
parsing issues must parse string before an
awareness of the type of string - with deeply
nested structures this can be very difficult

29
PKI Trust Models

Basic Concepts
Certification Paths
Types
Constraints
Browser / Email Client Support

30
Why Trust?

Advantages of trusting certificates issued by
others
Can extend communications to unknown parties
Fewer certificates for end users and relying
parties
Communities can be served by different CAs
Questions
What is being trusted?
What is the basis for trust?
What are the enforcement mechanisms?

31
Basic Concepts

Fundamental principle of certificate use and
acceptance
The subject is accountable for use of the private
key
How is the principle supported?
CA has responsibility to assure subject - key
binding
Subject has responsibility to guard private key
Notify CA as required if private key compromised
Relying Party Responsibilities
Check certificate validity
Accept restrictions of scope of certificate

32
Basic Obligations Diagram
33
Certificate Verification

Certificate verification requires having issuers
public key( the CAs Signer Certificate)
Bootstrap Problem
Verification mechanisms for signer (CA)
certificates
Self signed using signers own key
Appropriate for rootCA

34
Certificate Verification (cont)

Verification mechanisms for Signer (CA)
certificates
Signed by a CA superior in a hierarchy
Acceptance of the CAs certificate is derived
from acceptance of rootCA
Signed by CA from an independent domain with
cross-certification
Acceptance of one CA derived from acceptance by a
peer CA
Cross-licensing may be reciprocal or one way

35
Certificate Paths Example
36
Certificate Paths Example
37
Certification Path Constraints

Trust is not unbounded
Certificate authority may want to limit signing
capability of certificates that it issues
To limit depth of a certificate chain
To limit CA liability
To distinguish between end user and other
certificates
Limitations are supported by digital certificate
extensions
Trust may not be transitive
US trusts Canada which trusts Cuba but
US does not trust Cuba

38
Browser support