Security at the Transport LayerSecurity at the Transport Layer
Lecture 6Lecture 6
Information and Nework Security 2
SSL/TLSSSL/TLS
SSL was developed by Phil Karlton & SSL was developed by Phil Karlton & Netscape. Netscape. The standards community wanted their own The standards community wanted their own
version free from any patents/restrictionsversion free from any patents/restrictions Thus was born TLS, which is very similar to Thus was born TLS, which is very similar to
SSLSSL IETF changed the name to avoid showing bias – IETF changed the name to avoid showing bias –
and add a few thingsand add a few things E.g: TLS defines additional alert codesE.g: TLS defines additional alert codes TLS MAC covers compression version field in addition TLS MAC covers compression version field in addition
to what SSL MAC coversto what SSL MAC covers TLS v1.0 TLS v1.0 is very similar tois very similar to SSL v3.1 SSL v3.1
Information and Nework Security 3
SSLSSL
TCP/IP
SSL/TLSSSL/TLS
HTTP NNTP FTP TelnetOtherApps
Etc.
Information and Nework Security 4
Digital certificates and the CADigital certificates and the CA
Public key cryptography avoids the problem of key Public key cryptography avoids the problem of key distributions but it has its weakness: distributions but it has its weakness: the public key is the public key is public and anyone can forge a public key announcementpublic and anyone can forge a public key announcement
Solution: public-key certificate:Solution: public-key certificate: <a public key and user ID of the key owner>, the whole thing, <a public key and user ID of the key owner>, the whole thing,
is signed by a trusted third party (TTP)is signed by a trusted third party (TTP) The TTP is a The TTP is a certificate authoritycertificate authority ( (CACA)) A user can present her public key to the CA in a secure A user can present her public key to the CA in a secure
manner and obtain a certificatemanner and obtain a certificate The user can then publish her public keyThe user can then publish her public key Anyone needs this user’s public key can obtain the Anyone needs this user’s public key can obtain the
certificate and verify that it is valid by the way of the attached certificate and verify that it is valid by the way of the attached trusted signature trusted signature
Information and Nework Security 5
Client/Server Mutual Authentication
Establish trust with intended Establish trust with intended recipientsrecipients
Signed Digital CertificatesSigned Digital CertificatesServer authenticates Client (optional)Server authenticates Client (optional)Client authenticates ServerClient authenticates Server
Information and Nework Security 6
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
SSL is designed to run in user-level process SSL is designed to run in user-level process – no need to change the OS (not like IPSec – no need to change the OS (not like IPSec that runs in superuser-level process)that runs in superuser-level process)
SSL uses TCP only (not UDP), hence it is SSL uses TCP only (not UDP), hence it is simple and it does not have to worry about simple and it does not have to worry about timing out and retransmitting lost data (TCP timing out and retransmitting lost data (TCP does that for SSL)does that for SSL)
Applications based on TCP needs to change Applications based on TCP needs to change (even minimum) to work with SSL(even minimum) to work with SSL
Information and Nework Security 7
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
The primary goal of the SSL Protocol The primary goal of the SSL Protocol isis To provide privacy and reliability To provide privacy and reliability
between two communicating applications.between two communicating applications. Allows client/server applications to Allows client/server applications to
communicate in a way that is designed to communicate in a way that is designed to prevent eavesdropping, tampering, or prevent eavesdropping, tampering, or message forgery (message forgery (Many applications at Many applications at
Application Layer are based on client/server modelApplication Layer are based on client/server model))
Information and Nework Security 8
SSL – Secure Client/Server CommunicationSSL – Secure Client/Server Communication
SSL Server authentication allows SSL Server authentication allows clients to confirm a server’s identityclients to confirm a server’s identity
SSL client authentication allows server SSL client authentication allows server to confirm a client’s identity (to confirm a client’s identity (optionaloptional))
SSL provides confidentiality and SSL provides confidentiality and integrityintegritySent information is encryptedSent information is encryptedIntegrity check is carried out to detect Integrity check is carried out to detect
tamperingtampering
Information and Nework Security 9
SSL – Secure Client/Server CommunicationSSL – Secure Client/Server Communication
To allow Secure To allow Secure Client/Server Client/Server Communication to happen using SSLCommunication to happen using SSL::The peer's identity can be authenticated using The peer's identity can be authenticated using
certificates [basically using asymmetric (private certificates [basically using asymmetric (private key cryptography like DES), and public key, key cryptography like DES), and public key, cryptography (e.g., RSA, DSS, etc.)].cryptography (e.g., RSA, DSS, etc.)].
Encryption is used after an initial handshake to Encryption is used after an initial handshake to define a secret key. Secret key cryptography is define a secret key. Secret key cryptography is used for data encryption (e.g., DES, RC4, etc.)used for data encryption (e.g., DES, RC4, etc.)
Integrity check is done using a keyed MAC: Integrity check is done using a keyed MAC: Secure hash functions (e.g., SHA, MD5, etc.) are Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.used for MAC computations.
Information and Nework Security 10
SSL Main FunctionsSSL Main Functions
Negotiates and employs essential Negotiates and employs essential functions for secure transactionsfunctions for secure transactionsMutual AuthenticationMutual AuthenticationData EncryptionData EncryptionData IntegrityData Integrity
Information and Nework Security 11
SSL StructureSSL Structure
ChangeCipher Alert Handshake
Record Layer
TCP/IP
}SSL/TLS
Application Layer (http – imap – etc)
Information and Nework Security 12
Cipher SuiteCipher Suite
For public-key, secret key encryption and certificate verification we needpublic-key algorithmSecret key encryption algorithmmessage digest (hash) algorithm (MD5, SHA-1, etc)
This collection is called a cipher suite SSL supports many different cipher suites Client and server must decide on which one
to use The client offers a choice; the server picks
one
Information and Nework Security 13
SSL ProtocolsSSL Protocols
SSL consists of two protocol layers (The Record Layer and its above layer which consists of ChangeCipherSpec protocol , Alert protocol and Handshake protocol.)
The SSL record protocol:The SSL record protocol: takes an application message to be transmitted,takes an application message to be transmitted, fragments the data into manageable blocks,fragments the data into manageable blocks, optionally compresses the data, optionally compresses the data, applies MAC, applies MAC, encrypts, encrypts, adds a header and transmits the resulting unit in adds a header and transmits the resulting unit in
TCP segmentTCP segment
Information and Nework Security 14
SSL Other ProtocolsSSL Other Protocols
The Handshake protocol negotiates all options of the session (most important) The handshake protocol involves using SSL record The handshake protocol involves using SSL record
protocol to exchange a series of messages between an protocol to exchange a series of messages between an SSL-enabled server and an SSL-enabled clientSSL-enabled server and an SSL-enabled client
The ChangeCipherSpec protocol indicates the channel is ready for secure communications
The Alert protocol indicates errors or other caution conditions have occurred in the connection
Information and Nework Security 15
The The CChangecipherspechangecipherspec StructureStructure
The change cipher spec message is sent byThe change cipher spec message is sent byboth the client and server to notify theboth the client and server to notify thereceiving party that subsequent records willreceiving party that subsequent records willbe protected under the newly negotiatedbe protected under the newly negotiatedCipherSpec and keysCipherSpec and keys
struct { struct { enum { change_cipher_spec(1), (255) } type; enum { change_cipher_spec(1), (255) } type;
} ChangeCipherSpec;} ChangeCipherSpec;
Information and Nework Security 16
Alert Message StructureAlert Message Structure
The Alert protocol specifies and conveys the status of transmitted messages
struct { struct {
AlertLevel level; AlertLevel level;
AlertDescription description; AlertDescription description;
} Alert; } Alert;
Information and Nework Security 17
Handshake ProtocolHandshake Protocol
The TLS Handshake Protocol involves the following The TLS Handshake Protocol involves the following steps: steps: Exchange hello messages to agree on algorithms, Exchange hello messages to agree on algorithms,
exchange random values, and check for session exchange random values, and check for session resumption. resumption.
Exchange the necessary cryptographic parameters to Exchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret.allow the client and server to agree on a premaster secret.
Exchange certificates and cryptographic information to Exchange certificates and cryptographic information to allow the client and server to authenticate themselves. allow the client and server to authenticate themselves.
Generate a master secret from the premaster secret and Generate a master secret from the premaster secret and exchanged random values.exchanged random values.
Provide security parameters to the record layer.Provide security parameters to the record layer. Allow the client and server to verify that their peer has Allow the client and server to verify that their peer has
calculated the same security parameters and that the calculated the same security parameters and that the handshake occurred without tampering by an attacker. handshake occurred without tampering by an attacker.
Information and Nework Security 18
ClientHello Message StructureClientHello Message Structure
struct {struct { ProtocolVersion client_version;ProtocolVersion client_version; Random random;Random random; SessionID session_id;SessionID session_id; CipherSuite cipher_suites;CipherSuite cipher_suites; CompressionMethod_list compression_methods; CompressionMethod_list compression_methods; } ClientHello;} ClientHello;
Information and Nework Security 19
ServerHello Message StructureServerHello Message Structure
struct {struct { ProtocolVersion server_version;ProtocolVersion server_version; Random random;Random random; SessionID session_id;SessionID session_id; CipherSuite cipher_suite;CipherSuite cipher_suite; CompressionMethod_list compression_method;CompressionMethod_list compression_method; } ServerHello;} ServerHello;
Information and Nework Security 20
Message Flow of full HandshakeMessage Flow of full Handshake
Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
* Indicates optional or situation-dependent messages that are not always sent. Borrowed from rft2246
Information and Nework Security 21
Client/Server Client/Server
Server
new thread s1to serve client1
new thread s2 to serve client2
main thread
client1
client2
message
message
Information and Nework Security 22
Client/Server Socket ConnectionClient/Server Socket Connection
Client A
Server
Original socket
Newly returned socket
#1
Client B
#2
Newly returned socket
accept
Information and Nework Security 23
Client/Server with TCP and Socket Client/Server with TCP and Socket
Client must contact server server process must first be
running server must have created
socket (door) that welcomes client’s contact
Client contacts server by: creating client-local TCP
socket specifying IP address, port
number of server process
When client creates socket: client TCP establishes connection to server TCP
When contacted by client, server TCP creates new socket for server process to communicate with client– allows server to talk with multiple clients
Information and Nework Security 24
TCP socket programming flowTCP socket programming flow
ServerClient socket()
listen()
accept()
read()
bind()
Block until connection from client
Process requests
write()
read()
close()
socket()
write()
connect()
read()
close()
well-known port
Connection establishmentTCP three-way handshake
Data (request)
Data (reply)
End-of-file notification
Information and Nework Security 25
SSL Applications – Simple DemoSSL Applications – Simple Demo
/*We can use SSL to build secure Internet application The purpose of this simple program is to show you how to connect to a secure website using SSL and Java Secure Socket Extension */
//TestSSL.java classpublic class TestSSL { public static void main(String [] args) { try { new java.net.URL("https://" + args[0] + "/").getContent(); } catch (Exception exception) { exception.printStackTrace();} } }/* you can compile this application on sng: javac TestSSL.javaAnd run it with the security option (load HTTPS protocol handler) : java –Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol –Djavax.net.debug=ssl TestSSL sng.its.monash.edu.au*/
Information and Nework Security 26
SSL-based Client (skeleton)SSL-based Client (skeleton)
import javax.net.ssl.*;import javax.net.ssl.*; public class SecureChatClient {public class SecureChatClient { SSLSocket socket;SSLSocket socket; public SecureChatClient() {public SecureChatClient() { try {try {
SSLSocketFactory sslFact =SSLSocketFactory sslFact =(SSLSocketFactory)SSLSocketFactory.getDefault(); (SSLSocketFactory)SSLSocketFactory.getDefault();
socket = (SSLSocket)sslFact.createSocket(“serverhost",5002);socket = (SSLSocket)sslFact.createSocket(“serverhost",5002); /* more code for input/ouput *//* more code for input/ouput */ }} }}
public static void main(String[] args) {public static void main(String[] args) {new SecureChatClient();new SecureChatClient();
} }} }
Information and Nework Security 27
SSL-based Server (skeleton)SSL-based Server (skeleton)
import javax.net.ssl.*;import javax.net.ssl.*; import java.security.*;import java.security.*;public class SecureChatServer {public class SecureChatServer {SSLServerSocket ssocket;SSLServerSocket ssocket; SSLSocket clientSocket;SSLSocket clientSocket;public SecureChatServer() {public SecureChatServer() { Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs",System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");"com.sun.net.ssl.internal.www.protocol"); try { try { SSLServerSocketFactory sslSrvFact = SSLServerSocketFactory sslSrvFact =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); ssocket = ssocket =
(SSLServerSocket)sslSrvFact.createServerSocket(5002);(SSLServerSocket)sslSrvFact.createServerSocket(5002);clientSocket = (SSLSocket)ssocket.accept();clientSocket = (SSLSocket)ssocket.accept();
… …} }} } public static void main(String[] args) {public static void main(String[] args) {
new SecureChatServer();new SecureChatServer(); }}}}
Information and Nework Security 28
SSL/TLS and IPSecSSL/TLS and IPSec
SSL/TLS is useful for building Secure Network and SSL/TLS is useful for building Secure Network and Internet ApplicationsInternet Applications
Both IPSec and SSL are useful for building VPNBoth IPSec and SSL are useful for building VPN SSL/TLS can be used to provide peer entity SSL/TLS can be used to provide peer entity
authentication such as authentication between authentication such as authentication between client and server of Client/Server software client and server of Client/Server software applications. IPSec is used to provide security applications. IPSec is used to provide security between hosts and networksbetween hosts and networks
IPSec can be used to enhance the security of the IPSec can be used to enhance the security of the whole network when used with firewalls or routers. whole network when used with firewalls or routers. SSL/TLS is designed to provide security mainly for SSL/TLS is designed to provide security mainly for Client/Server applicationsClient/Server applications