1 / 7

SSL/TLS Protocol

SSL/TLS Protocol. Network Security Gene Itkis. Basic paradigmatic application: on-line purchase. Client contacts Server (possibly for the first time) Spontaneity Client conveys secret info to Server Confidentiality Who’s on the other side?

alina
Download Presentation

SSL/TLS Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL/TLS Protocol Network Security Gene Itkis

  2. Basic paradigmatic application: on-line purchase • Client contacts Server(possibly for the first time) • Spontaneity • Client conveys secret info to Server • Confidentiality • Who’s on the other side? • ServerAuthentication – requiredClient authentication– optional • You do not want to know about security • Transparency • Allows other protocols to work over SSL/TLS

  3. Design Goals • Confidentiality • Authentication • Server – required • Client – optional • Spontaneity • Transparency • Message Integrity • Expandability • Fix problems of v.2 SSL v.2 SSL v.3

  4. Protocol parts • Handshake • Authenticated Key Establishment • Data transfer • Encryption • Integrity (Message Authentication)

  5. Handshake protocol outline C S • ClientHello: • Version • Cipher Suits • Random • ServerHello: • Version • Cipher Suit • Session ID • Random ClientHello ServerHello • Certificate: • Subject • Issuer (CA) • Signed PK Certificate + Done RSA ClientKE • ClientKeyExchange: • Pre-Master Key encrypted w/PK • Attacks: • force weak cipher suit • replay: e.g., cause multiple payments • Remedy: • Random in Hello • Check under protection: Finished msgs Data transfer Keys computed finished

  6. Finished & ChangeCipherSpec Data transfer Keys computed … finished : ClientKE ChangeCipherSpec keys computed ClientFinished ChangeCipherSpec ServerFinished Finished: HASH(all Handshake msgs)

  7. Handshake protocol outline C S • ClientHello: • Version • Cipher Suits • Random • ServerHello: • Version • Cipher Suit • Session ID • Random ClientHello ServerHello • Certificate: • Subject • Issuer (CA) • Signed PK Certificate DH ServerKE + Done • ServerKeyExchange: • DH message, signed to be verified w/ PK ClientKE • ClientKeyExchange: • DH message

More Related