Secure Socket Layer

1
Secure Socket Layer

• SSL and TLS

2
SSL Protocol

• Peer negotiation for algorithm support
• Public key encryption -based key exchange and
  certificate-based authentication
• Symmetric cipher -based traffic encryption

3
TLS,SSL,HTTPS
Transport Layer Security, Secure Socket Layer
4
SSL

• Each browser is configured with a root CA
• https connects to a different port (443 instead
  of 80)
• When a session is initiated, server and client
  agree on security capabilities. (most clients
  are 40 bit encryption, but 128 bit encryption is
  available on many strong servers
• The server is authenticated by the certificate
  authority
• Using the server public key from the CA, the
  client sends a DES key to the server
• The DES key is used to encrypt the session

5
How it Works

• The client sends and receives several handshake
  structures
• It sends a ClientHello message specifying the
  list of cipher suites, compression methods and
  the highest protocol version it supports. It also
  sends random bytes which will be used later
• Then it receives a ServerHello, in which the
  server chooses the connection parameters from the
  choices offered by the client earlier.
• When the connection parameters are known, the
  client and server exchange certificates
  (depending on the selected public key cipher).
  These certificates are currently X.509, but there
  is also a draft specifying the use of OpenPGP
  based certificates.
• The server can request a certificate from the
  client, so that the connection can be mutually
  authenticated.
• The client and server negotiate a common secret
  called the "master secret", possibly using the
  result of a Diffie-Hellman exchange, or simply
  encrypting a secret with a public key that is
  decrypted with the peer's private key. All other
  key data is derived from this "master secret"
  (and the client- and server-generated random
  values), which is passed through a carefully
  designed "pseudorandom function".

6
Certificates
CA
Certified Entity
Register with CA, send client Public Key
Albert Levi
Albert Levi
CA-Publickey and Certificate with RSA(client
Public Key,CA-privatekey)
Certificate
Verifier Decrypt senders public key using
CA-publickey
Albert Levi
7
Hierarchical PKI Example
RSA(UserPubK,CAPriK) RSA(CAPubK.UCAPriK) RSA(UCAPu
bK,RootCAPriK)
8
How does this impact web apps

• No changes should be necessary, just include the
  https URL
• You will have to set up your server to perform
  the handshake, but it probably already has the
  capabilities
• Performance will suffer, the initial handshake is
  expensive
• Web servers must have a certificate for each IP
  address they serve

9
Common Mistakes

• Put the login form on an unencrypted http page,
  but send the data to a https cgi script
• A man in the middle can spoof the page, then
  replace the https URL with a server he controls
• The user will have no UI clues that would allow
  him to know that the submit button goes to a
  secure site
• If the login page is https, then a
  man-in-the-middle cant read and spoof the form as
  easily

10
Common Mistakes

• Mixing secure and insecure data
• The users learn to ignore the this form contains
  secure and insecure data very quickly
• The user has no way of knowing which parts are
  being sent securely

11
Another Encryption ExamplePrivacy Enhanced Mail
(PEM)
12
PEM message integrity and authentication
mE(MD5(m),privatesender)
13
PEM Certificates