An Introduction to SSL/TLS and Certificates - PowerPoint PPT Presentation

About This Presentation
Title:

An Introduction to SSL/TLS and Certificates

Description:

Title: RSA Conference Subject: Show - Introductory Slides Author: Joyce Fai Last modified by: Frederick Hirsch Created Date: 1/10/1998 4:28:32 PM Document ... – PowerPoint PPT presentation

Number of Views:327
Avg rating:3.0/5.0
Slides: 45
Provided by: Joyce184
Category:

less

Transcript and Presenter's Notes

Title: An Introduction to SSL/TLS and Certificates


1
An Introduction to SSL/TLS and Certificates
  • Providing secure communication over the Internet

Frederick J. Hirsch fjh_at_fjhirsch.com
2
CertCo Overview
  • Background
  • Established in 1996. Bankers Trust spinoff.
    Privately held.
  • Mission
  • CertCo provides secure and cost-effective
    business solutions that enable trust institutions
    to build a worldwide trust infrastructure to
    support high-value, secure electronic commerce.
  • Expertise
  • Cryptography, risk management, law, technology
    and banking.
  • Location
  • Headquarters New York City
  • Regional Offices Cambridge (MA), Washington,
    DC, United Kingdom.

3
Outline
  • Problem Creating applications which can
    communicate securely over the Internet
  • TLS Transport Layer Security (SSL)
  • Certificates
  • Related technology S-HTTP, IPSec, SET, SASL
  • References

4
Security Issues
  • Privacy
  • Anyone can see content
  • Integrity
  • Someone might alter content
  • Authentication
  • Not clear who you are talking with

5
TLS Transport Layer Security
  • formerly known as SSL Secure Sockets Layer
  • Addresses issues of privacy, integrity and
    authentication
  • What is it?
  • How does it address the issues?
  • How is it used

6
What is TLS?
  • Protocol layer
  • Requires reliable transport layer (e.g. TCP)
  • Supports any application protocols

7
TLS Privacy
  • Encrypt message so it cannot be read
  • Use conventional cryptography with shared key
  • DES, 3DES
  • RC2, RC4
  • IDEA

8
TLSKey Exchange
  • Need secure method to exchange secret key
  • Use public key encryption for this
  • key pair is used - either one can encrypt and
    then the other can decrypt
  • slower than conventional cryptography
  • share one key, keep the other private
  • Choices are RSA or Diffie-Hellman

9
TLS Integrity
  • Compute fixed-length Message Authentication Code
    (MAC)
  • Includes hash of message
  • Includes a shared secret
  • Include sequence number
  • Transmit MAC with message

10
TLS Integrity
  • Receiver creates new MAC
  • should match transmitted MAC
  • TLS allows MD5, SHA-1

11
TLS Authentication
  • Verify identities of participants
  • Client authentication is optional
  • Certificate is used to associate identity with
    public key and other attributes

12
TLS Overview
  • Establish a session
  • Agree on algorithms
  • Share secrets
  • Perform authentication
  • Transfer application data
  • Ensure privacy and integrity

13
TLS Architecture
  • TLS defines Record Protocol to transfer
    application and TLS information
  • A session is established using a Handshake
    Protocol

14
TLS Record Protocol
15
TLS Handshake
  • Negotiate Cipher-Suite Algorithms
  • Symmetric cipher to use
  • Key exchange method
  • Message digest function
  • Establish and share master secret
  • Optionally authenticate server and/or client

16
Handshake Phases
  • Hello messages
  • Certificate and Key Exchange messages
  • Change CipherSpec and Finished messages

17
TLS Hello
  • Client Hello - initiates session
  • Propose protocol version
  • Propose cipher suite
  • Server chooses protocol and suite
  • Client may request use of cached session
  • Server chooses whether to honor request

18
TLS Key Exchange
  • Server sends certificate containing public key
    (RSA) or Diffie-Hellman parameters
  • Client sends encrypted pre-master secret to
    server using Client Key Exchange message
  • Master secret calculated
  • Use random values passed in Client and Server
    Hello messages

19
Public Key Certificates
  • X.509 Certificate associates public key with
    identity
  • Certification Authority (CA) creates certificate
  • Adheres to policies and verifies identity
  • Signs certificate
  • User of Certificate must ensure it is valid

20
Validating a Certificate
  • Must recognize accepted CA in certificate chain
  • One CA may issue certificate for another CA
  • Must verify that certificate has not been revoked
  • CA publishes Certificate Revocation List (CRL)

21
X.509 Certificate Content
  • Version
  • Serial Number
  • Signature Algorithm Identifier
  • Object Identifier (OID)
  • e.g. id-dsa iso(1) member-body(2) us(840) x9-57
    (10040) x9algorithm(4) 1
  • Issuer (CA) X.500 name
  • Validity Period (Start,End)
  • Subject X.500 name
  • Subject Public Key
  • Algorithm
  • Value
  • Issuer Unique Id (Version 2 ,3)
  • Subject Unique Id (Version 2,3)
  • Extensions (version 3)
  • optional
  • CA digital Signature

22
Subject Names
  • X.500 Distinguished Name (DN)
  • Associated with node in hierarchical directory
    (X.500)
  • Each node has Relative Distinguished Name (RDN)
  • Path for parent node
  • Unique set of attribute/value pairs for this node

23
Example Subject Name
  • Country at Highest Level (e.g. US)
  • Organization typically at next level (e.g.
    CertCo)
  • Individual below (e.g. Common Name Elizabeth
    with Id 1)
  • DN
  • CUS
  • OCertCo
  • CNElizabeth, ID1

24
Version 3 Certificates
  • Version 3 X.509 Certificates support alternative
    name formats as extensions
  • X.500 names
  • Internet domain names
  • e-mail addresses
  • URLs
  • Certificate may include more than one name

25
Certificate Signature
  • RSA Signature
  • Create hash of certificate
  • Encrypt using CAs private key
  • Signature verification
  • Decrypt using CAs public key
  • Verify hash

26
TLS ServerKeyExchange
  • Client
  • ClientHello
  • Server
  • ServerHello
  • Certificate
  • ServerKeyExchange

27
TLS Certificate Request
  • Client
  • ClientHello
  • Server
  • ServerHello
  • Certificate
  • ServerKeyExchange
  • CertificateRequest

28
TLS Client Certificate
  • Client
  • ClientHello
  • ClientCertificate
  • ClientKeyExchange
  • Server
  • ServerHello
  • Certificate
  • ServerKeyExchange
  • CertificateRequest

29
TLS Change Cipher Spec, Finished
  • Client
  • ChangeCipherSpec
  • Finished
  • Application Data
  • Server
  • ChangeCipherSpec
  • Finished
  • Application Data

30
TLS Change Cipher Spec/Finished
  • Change Cipher Spec
  • Announce switch to negotiated algorithms and
    values
  • Finished
  • Send copy of handshake using new session
  • Permits validation of handshake

31
TLS Using a Session
  • Client
  • ClientHello (Session )
  • ChangeCipherSpec
  • Finished
  • Application Data
  • Server
  • ServerHello (Session )
  • ChangeCipherSpec
  • Finished
  • Application Data

32
Changes from SSL 3.0 to TLS
  • Fortezza removed
  • Additional Alerts added
  • Modification to hash calculations
  • Protocol version 3.1 in ClientHello, ServerHello

33
TLS HTTP Application
  • HTTP most common TLS application
  • https//
  • Requires TLS-capable web server
  • Requires TLS-capable web browser
  • Netscape Navigator
  • Internet Explorer
  • Cryptozilla
  • Netscape Mozilla sources with SSLeay

34
Web Servers
  • Apache-SSL
  • Apache mod_ssl
  • Stronghold
  • Roxen
  • iNetStore

35
Other Applications
  • Telnet
  • FTP
  • LDAP
  • POP
  • SSLrsh
  • Commercial Proxies

36
TLS Implementation
  • Cryptographic Libraries
  • RSARef, BSAFE
  • TLS/SSL packages
  • SSLeay
  • SSLRef

37
X.509 Certificate Issues
  • Certificate Administration is complex
  • Hierarchy of Certification Authorities
  • Mechanisms for requesting, issuing, revoking
    certificates
  • X.500 names are complicated
  • Description formats are cumbersome (ASN.1)

38
X.509 Alternative SDSI
  • SDSI Simple Distributed Security Infrastructure
    (Rivest, Lampson)
  • Merging with IETF SPKI Simple Public-Key
    Infrastructure in SDSI 2.0
  • Eliminate X.500 names - use DNS and text
  • Everyone is their own CA
  • Instead of ASN.1 use S-expressions and simple
    syntax
  • Name and Authorization certificates

39
TLS Alternatives
  • S-HTTP secure HTTP protocol, shttp//
  • IPSec secure IP
  • SET Secure Electronic Transaction
  • Protocol and infrastructure for bank card
    payments
  • SASL Simple Authentication and Security Layer
    (RFC 2222)

40
Summary
  • SSL/TLS addresses the need for security in
    Internet communications
  • Privacy - conventional encryption
  • Integrity - Message Authentication Codes
  • Authentication - X.509 certificates
  • SSL in use today with web browsers and servers

41
References - 1
  • Engelschall, Ralph, mod_ssl, lthttp//www.engelscha
    ll.com/sw/mod_sslgt
  • Ford, Warwick, Baum, Michael S. Secure Electronic
    Commerce, Prentice Hall 1997.
  • Hirsch, Frederick J. Introduction to SSL and
    Certificates Using SSLeay, World Wide Web
    Journal, Summer 1997, lthttp//www.fjhirsch.com/www
    j/gt
  • Hudson, Tim J, Young, Eric A , SSLeay and
    SSLapps FAQ, lthttp//www.psy.uq.oz.au/ftp/Crypto
    /gt
  • Kaufman, Charlie, Perlman, Radia, Speciner,Mike
    Network Security PRIVATE Communication in a
    PUBLIC World, Prentice Hall, 1995.

42
References - 2
  • Rivest, Ron, SDSI, lthttp//theory.lcs.mit.edu/cis
    /sdsi.htmlgt
  • Stallings, William Cryptography and Network
    Security Principles and Practice, 2nd Edition,
    Prentice Hall, 1999.
  • Wagner, David, Schneier, Bruce Analysis of the
    SSL 3.0 Protocol lthttp//www.counterpane.com/ssl.
    htmlgt
  • Internet Drafts and RFCs lthttp//www.ietf.org/gt.
    Use the keyword search on TLS or SSL in the
    Internet Drafts section to find the TLS Protocol
    specification and other relevant documents.
  • PKCS standards lthttp//www.rsa.com/rsalabs/pubs/P
    KCS/gt

43
References - 3
  • Microsoft Security Documents lthttp//www.microsoft
    .com/workshop/security/contents.htmgt
  • Netscape Security Documents lthttp//www.netscape.c
    om/eng/security/gt

44
http//www.fjhirsch.com/fhirsch/SSL/
Write a Comment
User Comments (0)
About PowerShow.com