Abstract image of a woman sitting on books and studying on a laptop

BSET_Lecture_Crypto and SSL_Overview_FINAL

Glenn Haley, profile picture
Glenn Haley

This document provides an overview of cryptography and the SSL/TLS protocol. It begins with an introduction to symmetric and asymmetric cryptography. It then discusses how SSL/TLS uses both types of cryptography to provide data encryption, server authentication, and optional client authentication over unsecured networks. The document outlines the SSL/TLS handshake process and record layer format. It explains how SSL/TLS enables secure communication for applications like HTTPS. It also notes that SSL/TLS performance can be improved with hardware offloading due to its computational demands. Related books on cryptography and SSL/TLS are listed for additional reference.

1 of 27
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1 Cryptography and SSL/TLS Overview What is SSL/TLS and Why Use It? © 2005 Britestream
© 2005 Britestream 2 Glenn Haley Sr. Product Line Manager ghaley@britestream.com
3 Agenda • Cryptography Basics • Security Protocols Examples • SSL/TLS Overview • SSL Protocol • Reference Books © 2005 Britestream
4 Two Types of Cryptography Symmetric Key – Two parties share a common secret (the key) – Same key used to encrypt/decrypt data – Cryptographic strength controlled by • Algorithm used (e.g., AES, DES, 3DES, ARC4) • Key length (e.g., 128-bit vs 256-bit) Asymmetric Key – Two keys exist, a public key and a private key – Data encrypted with public key can only be decrypted with private key (and vice-versa) – RSA is most popular asymmetric key algorithm, and the main one used by SSL/TLS © 2005 Britestream
5 Crypto Pros and Cons Symmetric crypto is fast, but has a problem: – How do the two parties agree on a shared secret? – Without permitting an eavesdropper to learn it? Asymmetric crypto has no key distribution problem – Public key can be known by anyone – Private key never shared But Asymmetric crypto has its own problems – Much slower (factor of 100) than symmetric crypto – Everything depends on secrecy of private key – Other party must authenticate validity of public key © 2005 Britestream
6 • Data Confidentiality – Data can’t be read by intruder (encryption) – Implemented with Symmetric Key Encryption • End Point Authentication – Data/peer origin authentication (message authentication) – Implemented with Public Key Encryption • User Authentication/Access Control – Client authentication to server (passwords, message authentication) – Implemented with passwords, hashing, or Public Key Encryption • Data Integrity – Data hasn’t been modified (message authentication) • Non-Repudiation – Preventing denial of participation (PKI and digital signatures) • Verification – Validating that the sender is accurate and trusted (PKI and digital signatures) Security Definitions and Goals © 2005 Britestream
7 Certificates and Identity Digital Signature ensures data remains same since signed – Special case of message integrity code – Generated only by one participant – Proves that the data was generated by the owner of a certain key Digital certificate is signed with a PK digital signature – Issued by a trusted Certificate Authority (CA) – States specified public key belongs to someone or something with a specified name – Uses standard format (X.509) – Contains credentials, including public key; signed by issuing CA’s private key but included as part of Certificate – Can be validated by receiver using issued CA’s public key – Enables recipient to trust the public key contained in the certificate PKI (Public Key Infrastructure) – The framework to deploy, manage, scale Public key cryptography and related security techniques to provide IT security services © 2005 Britestream
8 ICMP, IPSec, IP PPTP, L2TP(IPSec) SSL, TLS HTTPS, FTPS, SET Layers of Security in the ISO Stack Application Presentation Network Layer 1 Layer 2 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7 Session Transport Data Link Physical LLC MAC Protocol Examples IKE HTML © 2005 Britestream
9 What is SSL? • Data Encryption in Transit – Does Not Protect Data on Client – Does Not Protect Data on Server • Server Authentication with Certificate – Signed by Certificate Authority • Optional: Client Authentication with Certificate • Uses Standard Cryptographic Technology – RSA for Handshake and Authentication – RC4, DES, 3DES, AES for Encryption – SHA-1, MD5 for Message Integrity © 2005 Britestream
10 A Quick Tour of SSL/TLS SSL/TLS Commonalities – RSA for PK, use of DES, ARC4 for SK SSL (Secure Sockets Layer) – Developed by Netscape for secure browsing – Submitted to IETF as RFC 1825 MAC in 1996; not approved! – Rapidly became a de facto standard; built into all web browsers – SSL version 3.0 is only version still in widespread use • Major security holes in prior versions TLS (Transport Layer Security) – TLS is the standardized version of SSL – Corrects a few subtle security flaws in SSL • Added DH and DSS for PK; added 3DES for SK; use of HMAC – IETF reworked SSL into the TLS standard • TLS 1.0 (SSL version 3.1) defined by RFC 2246 in 1999 • TLS 1.1 (SSL version 3.2) currently in “final call” © 2005 Britestream
11 Purpose of SSL/TLS • Created as a secure protocol to secure communications channel between computers over an unsecured network • Applications are secured – FTP becomes FTPS – HTTP becomes HTTPS Application TCP IP Application TCP Port Secured TCP Port FTP - Data 20 989 FTP - Control 21 990 HTTP 80 443 Normal Application Application with SSL Application SSL/TLS TCP IP © 2005 Britestream
12 • Features – Security for all applications between client and server • Browsing (HTTP) - most common application • Mail (SMTP) • File transfers (FTP) • Remote User (TELNET) – Provides two interlocking technologies • Handshake & protected record transfers – Security occurs at client & server – SSL & TLS embedded in applications • Benefits – Security already built-in to browsers – Operation invisible to user – Standards based protocol defined by IETF SSL/TLS Features and Benefits © 2005 Britestream
13 Attack avoidance • Man-in-the-Middle • Message Relaying • Message Tampering Network Edge Mobile Device laptops desktops WAN/ Internet Web / E-Commerce ERP / CRM Email Database Apps Protect data in transit on both sides of the network edge. Inherent Security Advantages of SSL/TLS © 2005 Britestream
14 Protection Against Snooping • Minimize risk of snooping with Britestream SSL/TLS between the client and host – Traffic between the host is encrypted. – Britestream’s 100% SSL offload makes this possible without the need to add additional servers or hosts – SSL / TLS is an industry standard – available in every browser Mobile Device laptops desktops Edge Router Web / E-Commerce ERP / CRM Email Database Apps VPN Firewall NAT Proxy / ALG Security Policy Enforcer Load Balancer Intrusion Det./Prev. Application Accelerator WAN/ Internet Inherent SSL/TLS Advantages © 2005 Britestream
15 HTTP vs. SSL (HTTPS) Protocol • Significant increase in network usage with SSL • Each transaction requires more processing power Request (Port 443) Server Public Key Client Server Session Key Encrypted Data Transfer Encryption Decryption Secure Transaction: Client Server Request (Port 80) Data Transfer Insecure Transaction: © 2005 Britestream
16 Basic SSL/TLS Protocol The SSL/TLS Handshake – Negotiate the symmetric crypto algorithm to be used – Exchange random values for key generation – Client authenticates server certificate – Use asymmetric crypto to solve the key distribution problem • secure exchange of shared secret required for symmetric crypto – Verify handshake – Server authenticates client certificate (optional) Application Data Exchange – Following the handshake, application data is encrypted/decrypted using negotiated symmetric algorithm and key – Transfers data between client & server as records © 2005 Britestream
17 • Link Management (Establishing a connection) – Setup and tear down communications connections • Key Management (SSL Handshake) – Key generation/exchange of symmetric (session) key using public key encryption – Exchange policies, algorithms, and keys – Verify message and sender’s identity (Digital Signature) using public key encryption • Encryption (SSL Protected Records) – Encrypt payload using symmetric key – Authenticate payload using keyed hash (a.k.a. MAC) Typical SSL Session © 2005 Britestream
18 ChangeCipher RECORD LAYER TCP Alert HandShake Application HTTP Secure Sockets Layer • ChangeCipherSpec Protocol - Very simple, only 1 message • Alert Protocol - Used to signal error or caution conditions • Handshake Protocol - Used to negotiate SSL sessions • Each of the above protocols uses messages to communicate • The Record Layer protocol accepts all messages and formats / frames them before passing them on to a transport layer protocol such as TCP SSL’s Component Protocols © 2005 Britestream
19 TLS (SSL v3.0) Record Format Protocols – 0x14 – ChangeCipherSpec – 0x15 – Alert – 0x16 – Handshake – 0x17 – ApplicationData Version (Major/Minor) – 0x0300 – SSL v3 – 0x0301 – TLS 1.0 – 0x0302 – TLS 1.1 Length – Length of payload fragment – Payload byte count Payload – Content varies by protocol – Payload of all records following MAC – Message Authentication Code – SHA or MD5; HMAC (TLS) PAD – Padding is added prior to encryption in order to fill block sizes Protocol Type Version Length Payload MAC PAD PAD Length Authentication2 Encryption3 Compression (optional)1 © 2005 Britestream
20 Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished SSL Initial (Normal) Handshake Server chooses cryptographic parameters to use for the session. Client encrypts a session key with the servers public key and sends the result to the server. Client tells server to begin using agreed upon security services. Client is done sending messages 5 and 6. From this point forward all messages from the client will be encrypted with the agreed upon encryption and authentication algorithms. Server tells client to begin using agreed upon security services. Server is done sending messages 7 and 8. From this point forward all messages from the server will be encrypted with the agreed upon encryption and authentication algorithms. Client proposes PK algorithm and key sizes that may be used.1 2 Server sends public key information to client.3 Server is done sending messages 2 and 3.4 5 6 7 8 9 © 2005 Britestream
21 SSL Initial Handshake Details • Initial Handshakes are used to create new SSL sessions • Typical message content and length © 2005 Britestream
22 SSL Resume Handshake ClientHello ServerHello ChangeCipherSpec Finished ChangeCipherSpec Finished Client Server Client is done sending messages 5. From this point forward all messages from the client will be encrypted using the master secret previously agreed upon during initial handshake. Client proposes PK algorithm and key sizes that may be used.1 Server retrieves initial cryptographic parameters from the SSL initial handshake and uses them for the session.2 Client tells server to use previously agreed security services.5 6 Server tells client to begin using agreed upon security services.3 Server is done sending messages 2 and 3. From this point forward all messages from the server will be sent using the encryption and authentication algorithms previously agreed upon during initial handshake. 4 © 2005 Britestream
23 Resume Handshake Details • Resume Handshakes enable SSL sessions “re-use” • 6 Messages in a resume handshake • Fast - no PK requirements in a resume handshake ! • Client proposes same Session ID • Server has the option to accept a resume handshake • Typical message content and length © 2005 Britestream
24 Securing Web Pages with HTTPS Open TCP Connection #1 SSL Session Establishment and Certif. Exchange Key Exchange and Cipher Negotiation GET and RESPONSE #1 GET and RESPONSE #5 GET and RESPONSE #9 CLOSE CONNECTION Open TCP Connection #2 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #2 GET and RESPONSE #6 GET and RESPONSE #10 CLOSE CONNECTION Open TCP Connection #3 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #3 GET and RESPONSE #7 GET and RESPONSE #11 CLOSE CONNECTION Open TCP Connection #4 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #4 GET and RESPONSE #8 GET and RESPONSE #12 CLOSE CONNECTION Normal Handshake Resume Handshake Resume Handshake Resume Handshake © 2005 Britestream
25 Clearly a Need for SSL Hardware Offload! • SSL is a computationally intensive task • Example: A Pentium III (1GHz) server capable of supporting up to 7000 connections/sec without SSL can support less than 400 connections/sec with SSL © 2005 Britestream
26 Security and SSL Related Books • Cryptography and Network Security, by William Stallings, Prentice-Hall; 2nd edition (1999); ISBN: 0- 13-869017-0 • SSL and TLS, Designing and Building Secure Systems, by Eric Rescorla, Addison-Wesley Professional; 1st edition (October 13, 2000); ISBN: 0- 201-61598-3 (Chinese Translation 7508310934) • Network Security with OpenSSL, by John Viega et. al.; O'Reilly; 1st edition (June 15, 2002); ISBN: 0- 596-00270-X © 2005 Britestream
27 Questions and Answers The End © 2005 Britestream

More Related Content

PPTX
Securing TCP connections using SSL
Sagar Mali
 
PDF
TLS/SSL Protocol Design 201006
Nate Lawson
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPTX
Secure Socket Layer
Abhishek Gupta
 
PPSX
Secure socket layer
Nishant Pahad
 
PDF
BAIT1103 Chapter 4
limsh
 
PPTX
SSL/TLS 101
Chul-Woong Yang
 
PPT
SSL/TLS
Dr Anjan Krishnamurthy
 
Securing TCP connections using SSL
Sagar Mali
 
TLS/SSL Protocol Design 201006
Nate Lawson
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Secure Socket Layer
Abhishek Gupta
 
Secure socket layer
Nishant Pahad
 
BAIT1103 Chapter 4
limsh
 
SSL/TLS 101
Chul-Woong Yang
 
SSL/TLS
Dr Anjan Krishnamurthy
 

What's hot (20)

PPT
Secure Socket Layer
Naveen Kumar
 
PDF
SSL/TLS
pavansmiles
 
PPT
Secure Socket Layer (SSL)
amanchaurasia
 
PPT
SSL
Duy Do Phan
 
PPTX
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
PPT
SSL
theekuchi
 
PPTX
secure socket layer
Amar Shah
 
PPT
SSL & TLS Architecture short
Avirot Mitamura
 
PPT
Ssl (Secure Sockets Layer)
Asad Ali
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
PDF
TLS Optimization
Nate Lawson
 
PPTX
Internet security protocol
Mousmi Pawar
 
PDF
SSL Secure socket layer
Ahmed Elnaggar
 
PDF
TLS/SSL Protocol Design
Nate Lawson
 
PPT
Sniffing SSL Traffic
dkaya
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PDF
Basics of ssl
n|u - The Open Security Community
 
PPTX
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Ssl and tls
Rana assad ali
 
Secure Socket Layer
Naveen Kumar
 
SSL/TLS
pavansmiles
 
Secure Socket Layer (SSL)
amanchaurasia
 
SSL
Duy Do Phan
 
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
Secure Socket Layer (SSL)
Samip jain
 
SSL
theekuchi
 
secure socket layer
Amar Shah
 
SSL & TLS Architecture short
Avirot Mitamura
 
Ssl (Secure Sockets Layer)
Asad Ali
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
TLS Optimization
Nate Lawson
 
Internet security protocol
Mousmi Pawar
 
SSL Secure socket layer
Ahmed Elnaggar
 
TLS/SSL Protocol Design
Nate Lawson
 
Sniffing SSL Traffic
dkaya
 
SSL And TLS
Ghanshyam Patel
 
Basics of ssl
n|u - The Open Security Community
 
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Ssl and tls
Rana assad ali
 
Ad

Viewers also liked (11)

PDF
SSL/TLS : Faille Heartbleed
Thomas Moegli
 
PDF
Dropbox - Architecture and Business Prospective
Chiara Cilardo
 
PPT
Vpn
kwabo
 
PDF
Authentification des protocoles de routage
Thomas Moegli
 
PDF
IPv6
Thomas Moegli
 
PDF
EtherChannel
Thomas Moegli
 
PDF
Protocole OSPF
Thomas Moegli
 
PDF
Protocole IKE/IPsec
Thomas Moegli
 
PDF
Protocoles SSL/TLS
Thomas Moegli
 
PDF
Cisco ASA
Thomas Moegli
 
PDF
Protocole EIGRP
Thomas Moegli
 
SSL/TLS : Faille Heartbleed
Thomas Moegli
 
Dropbox - Architecture and Business Prospective
Chiara Cilardo
 
Vpn
kwabo
 
Authentification des protocoles de routage
Thomas Moegli
 
IPv6
Thomas Moegli
 
EtherChannel
Thomas Moegli
 
Protocole OSPF
Thomas Moegli
 
Protocole IKE/IPsec
Thomas Moegli
 
Protocoles SSL/TLS
Thomas Moegli
 
Cisco ASA
Thomas Moegli
 
Protocole EIGRP
Thomas Moegli
 
Ad

Similar to BSET_Lecture_Crypto and SSL_Overview_FINAL (20)

PPT
ch22.ppt
ImXaib
 
PPTX
ssl-tls-ipsec-vpn.pptx
jithu26327
 
PPTX
Parallel and distributed computing .pptx
AmnaNadeem27
 
PDF
SSLtalk
Matthew Aylard
 
PDF
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
PPTX
Sequere socket Layer
Raghavendra Rao
 
PDF
wolfSSL and TLS 1.3
wolfSSL
 
PDF
Network Security Applications
Hatem Mahmoud
 
PPTX
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PPTX
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT
Transport layer security.ppt
ImXaib
 
PPTX
Secure Socket Layer.pptx
Jenish Prajapati
 
PPTX
Chapter 22 Internet Security Protocols and Standards
GoldenMIT
 
PDF
Transport Layer Security
Ibrahiem Mohammed
 
PPT
SecureSocketLayer.ppt
PranavUndre1
 
PPTX
Network Security- Secure Socket Layer
Dr.Florence Dayana
 
PPTX
ncsmodule module department of electronics
PrateekJoshi63
 
PPT
Ip sec and ssl
Mohd Arif
 
PDF
SSL certificates in the Oracle Database without surprises
Nelson Calero
 
ch22.ppt
ImXaib
 
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Parallel and distributed computing .pptx
AmnaNadeem27
 
SSLtalk
Matthew Aylard
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
Sequere socket Layer
Raghavendra Rao
 
wolfSSL and TLS 1.3
wolfSSL
 
Network Security Applications
Hatem Mahmoud
 
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
cryptography and network security thid.ppt
ubaidullah75790
 
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
Transport layer security.ppt
ImXaib
 
Secure Socket Layer.pptx
Jenish Prajapati
 
Chapter 22 Internet Security Protocols and Standards
GoldenMIT
 
Transport Layer Security
Ibrahiem Mohammed
 
SecureSocketLayer.ppt
PranavUndre1
 
Network Security- Secure Socket Layer
Dr.Florence Dayana
 
ncsmodule module department of electronics
PrateekJoshi63
 
Ip sec and ssl
Mohd Arif
 
SSL certificates in the Oracle Database without surprises
Nelson Calero
 

BSET_Lecture_Crypto and SSL_Overview_FINAL

  • 1. 1 Cryptography and SSL/TLS Overview What is SSL/TLS and Why Use It? © 2005 Britestream
  • 2. © 2005 Britestream 2 Glenn Haley Sr. Product Line Manager [email protected]
  • 3. 3 Agenda • Cryptography Basics • Security Protocols Examples • SSL/TLS Overview • SSL Protocol • Reference Books © 2005 Britestream
  • 4. 4 Two Types of Cryptography Symmetric Key – Two parties share a common secret (the key) – Same key used to encrypt/decrypt data – Cryptographic strength controlled by • Algorithm used (e.g., AES, DES, 3DES, ARC4) • Key length (e.g., 128-bit vs 256-bit) Asymmetric Key – Two keys exist, a public key and a private key – Data encrypted with public key can only be decrypted with private key (and vice-versa) – RSA is most popular asymmetric key algorithm, and the main one used by SSL/TLS © 2005 Britestream
  • 5. 5 Crypto Pros and Cons Symmetric crypto is fast, but has a problem: – How do the two parties agree on a shared secret? – Without permitting an eavesdropper to learn it? Asymmetric crypto has no key distribution problem – Public key can be known by anyone – Private key never shared But Asymmetric crypto has its own problems – Much slower (factor of 100) than symmetric crypto – Everything depends on secrecy of private key – Other party must authenticate validity of public key © 2005 Britestream
  • 6. 6 • Data Confidentiality – Data can’t be read by intruder (encryption) – Implemented with Symmetric Key Encryption • End Point Authentication – Data/peer origin authentication (message authentication) – Implemented with Public Key Encryption • User Authentication/Access Control – Client authentication to server (passwords, message authentication) – Implemented with passwords, hashing, or Public Key Encryption • Data Integrity – Data hasn’t been modified (message authentication) • Non-Repudiation – Preventing denial of participation (PKI and digital signatures) • Verification – Validating that the sender is accurate and trusted (PKI and digital signatures) Security Definitions and Goals © 2005 Britestream
  • 7. 7 Certificates and Identity Digital Signature ensures data remains same since signed – Special case of message integrity code – Generated only by one participant – Proves that the data was generated by the owner of a certain key Digital certificate is signed with a PK digital signature – Issued by a trusted Certificate Authority (CA) – States specified public key belongs to someone or something with a specified name – Uses standard format (X.509) – Contains credentials, including public key; signed by issuing CA’s private key but included as part of Certificate – Can be validated by receiver using issued CA’s public key – Enables recipient to trust the public key contained in the certificate PKI (Public Key Infrastructure) – The framework to deploy, manage, scale Public key cryptography and related security techniques to provide IT security services © 2005 Britestream
  • 8. 8 ICMP, IPSec, IP PPTP, L2TP(IPSec) SSL, TLS HTTPS, FTPS, SET Layers of Security in the ISO Stack Application Presentation Network Layer 1 Layer 2 Layer 3 Layer 4 Layer 5 Layer 6 Layer 7 Session Transport Data Link Physical LLC MAC Protocol Examples IKE HTML © 2005 Britestream
  • 9. 9 What is SSL? • Data Encryption in Transit – Does Not Protect Data on Client – Does Not Protect Data on Server • Server Authentication with Certificate – Signed by Certificate Authority • Optional: Client Authentication with Certificate • Uses Standard Cryptographic Technology – RSA for Handshake and Authentication – RC4, DES, 3DES, AES for Encryption – SHA-1, MD5 for Message Integrity © 2005 Britestream
  • 10. 10 A Quick Tour of SSL/TLS SSL/TLS Commonalities – RSA for PK, use of DES, ARC4 for SK SSL (Secure Sockets Layer) – Developed by Netscape for secure browsing – Submitted to IETF as RFC 1825 MAC in 1996; not approved! – Rapidly became a de facto standard; built into all web browsers – SSL version 3.0 is only version still in widespread use • Major security holes in prior versions TLS (Transport Layer Security) – TLS is the standardized version of SSL – Corrects a few subtle security flaws in SSL • Added DH and DSS for PK; added 3DES for SK; use of HMAC – IETF reworked SSL into the TLS standard • TLS 1.0 (SSL version 3.1) defined by RFC 2246 in 1999 • TLS 1.1 (SSL version 3.2) currently in “final call” © 2005 Britestream
  • 11. 11 Purpose of SSL/TLS • Created as a secure protocol to secure communications channel between computers over an unsecured network • Applications are secured – FTP becomes FTPS – HTTP becomes HTTPS Application TCP IP Application TCP Port Secured TCP Port FTP - Data 20 989 FTP - Control 21 990 HTTP 80 443 Normal Application Application with SSL Application SSL/TLS TCP IP © 2005 Britestream
  • 12. 12 • Features – Security for all applications between client and server • Browsing (HTTP) - most common application • Mail (SMTP) • File transfers (FTP) • Remote User (TELNET) – Provides two interlocking technologies • Handshake & protected record transfers – Security occurs at client & server – SSL & TLS embedded in applications • Benefits – Security already built-in to browsers – Operation invisible to user – Standards based protocol defined by IETF SSL/TLS Features and Benefits © 2005 Britestream
  • 13. 13 Attack avoidance • Man-in-the-Middle • Message Relaying • Message Tampering Network Edge Mobile Device laptops desktops WAN/ Internet Web / E-Commerce ERP / CRM Email Database Apps Protect data in transit on both sides of the network edge. Inherent Security Advantages of SSL/TLS © 2005 Britestream
  • 14. 14 Protection Against Snooping • Minimize risk of snooping with Britestream SSL/TLS between the client and host – Traffic between the host is encrypted. – Britestream’s 100% SSL offload makes this possible without the need to add additional servers or hosts – SSL / TLS is an industry standard – available in every browser Mobile Device laptops desktops Edge Router Web / E-Commerce ERP / CRM Email Database Apps VPN Firewall NAT Proxy / ALG Security Policy Enforcer Load Balancer Intrusion Det./Prev. Application Accelerator WAN/ Internet Inherent SSL/TLS Advantages © 2005 Britestream
  • 15. 15 HTTP vs. SSL (HTTPS) Protocol • Significant increase in network usage with SSL • Each transaction requires more processing power Request (Port 443) Server Public Key Client Server Session Key Encrypted Data Transfer Encryption Decryption Secure Transaction: Client Server Request (Port 80) Data Transfer Insecure Transaction: © 2005 Britestream
  • 16. 16 Basic SSL/TLS Protocol The SSL/TLS Handshake – Negotiate the symmetric crypto algorithm to be used – Exchange random values for key generation – Client authenticates server certificate – Use asymmetric crypto to solve the key distribution problem • secure exchange of shared secret required for symmetric crypto – Verify handshake – Server authenticates client certificate (optional) Application Data Exchange – Following the handshake, application data is encrypted/decrypted using negotiated symmetric algorithm and key – Transfers data between client & server as records © 2005 Britestream
  • 17. 17 • Link Management (Establishing a connection) – Setup and tear down communications connections • Key Management (SSL Handshake) – Key generation/exchange of symmetric (session) key using public key encryption – Exchange policies, algorithms, and keys – Verify message and sender’s identity (Digital Signature) using public key encryption • Encryption (SSL Protected Records) – Encrypt payload using symmetric key – Authenticate payload using keyed hash (a.k.a. MAC) Typical SSL Session © 2005 Britestream
  • 18. 18 ChangeCipher RECORD LAYER TCP Alert HandShake Application HTTP Secure Sockets Layer • ChangeCipherSpec Protocol - Very simple, only 1 message • Alert Protocol - Used to signal error or caution conditions • Handshake Protocol - Used to negotiate SSL sessions • Each of the above protocols uses messages to communicate • The Record Layer protocol accepts all messages and formats / frames them before passing them on to a transport layer protocol such as TCP SSL’s Component Protocols © 2005 Britestream
  • 19. 19 TLS (SSL v3.0) Record Format Protocols – 0x14 – ChangeCipherSpec – 0x15 – Alert – 0x16 – Handshake – 0x17 – ApplicationData Version (Major/Minor) – 0x0300 – SSL v3 – 0x0301 – TLS 1.0 – 0x0302 – TLS 1.1 Length – Length of payload fragment – Payload byte count Payload – Content varies by protocol – Payload of all records following MAC – Message Authentication Code – SHA or MD5; HMAC (TLS) PAD – Padding is added prior to encryption in order to fill block sizes Protocol Type Version Length Payload MAC PAD PAD Length Authentication2 Encryption3 Compression (optional)1 © 2005 Britestream
  • 20. 20 Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished SSL Initial (Normal) Handshake Server chooses cryptographic parameters to use for the session. Client encrypts a session key with the servers public key and sends the result to the server. Client tells server to begin using agreed upon security services. Client is done sending messages 5 and 6. From this point forward all messages from the client will be encrypted with the agreed upon encryption and authentication algorithms. Server tells client to begin using agreed upon security services. Server is done sending messages 7 and 8. From this point forward all messages from the server will be encrypted with the agreed upon encryption and authentication algorithms. Client proposes PK algorithm and key sizes that may be used.1 2 Server sends public key information to client.3 Server is done sending messages 2 and 3.4 5 6 7 8 9 © 2005 Britestream
  • 21. 21 SSL Initial Handshake Details • Initial Handshakes are used to create new SSL sessions • Typical message content and length © 2005 Britestream
  • 22. 22 SSL Resume Handshake ClientHello ServerHello ChangeCipherSpec Finished ChangeCipherSpec Finished Client Server Client is done sending messages 5. From this point forward all messages from the client will be encrypted using the master secret previously agreed upon during initial handshake. Client proposes PK algorithm and key sizes that may be used.1 Server retrieves initial cryptographic parameters from the SSL initial handshake and uses them for the session.2 Client tells server to use previously agreed security services.5 6 Server tells client to begin using agreed upon security services.3 Server is done sending messages 2 and 3. From this point forward all messages from the server will be sent using the encryption and authentication algorithms previously agreed upon during initial handshake. 4 © 2005 Britestream
  • 23. 23 Resume Handshake Details • Resume Handshakes enable SSL sessions “re-use” • 6 Messages in a resume handshake • Fast - no PK requirements in a resume handshake ! • Client proposes same Session ID • Server has the option to accept a resume handshake • Typical message content and length © 2005 Britestream
  • 24. 24 Securing Web Pages with HTTPS Open TCP Connection #1 SSL Session Establishment and Certif. Exchange Key Exchange and Cipher Negotiation GET and RESPONSE #1 GET and RESPONSE #5 GET and RESPONSE #9 CLOSE CONNECTION Open TCP Connection #2 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #2 GET and RESPONSE #6 GET and RESPONSE #10 CLOSE CONNECTION Open TCP Connection #3 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #3 GET and RESPONSE #7 GET and RESPONSE #11 CLOSE CONNECTION Open TCP Connection #4 SSL Session Establishment (including previous Session Identifier) GET and RESPONSE #4 GET and RESPONSE #8 GET and RESPONSE #12 CLOSE CONNECTION Normal Handshake Resume Handshake Resume Handshake Resume Handshake © 2005 Britestream
  • 25. 25 Clearly a Need for SSL Hardware Offload! • SSL is a computationally intensive task • Example: A Pentium III (1GHz) server capable of supporting up to 7000 connections/sec without SSL can support less than 400 connections/sec with SSL © 2005 Britestream
  • 26. 26 Security and SSL Related Books • Cryptography and Network Security, by William Stallings, Prentice-Hall; 2nd edition (1999); ISBN: 0- 13-869017-0 • SSL and TLS, Designing and Building Secure Systems, by Eric Rescorla, Addison-Wesley Professional; 1st edition (October 13, 2000); ISBN: 0- 201-61598-3 (Chinese Translation 7508310934) • Network Security with OpenSSL, by John Viega et. al.; O'Reilly; 1st edition (June 15, 2002); ISBN: 0- 596-00270-X © 2005 Britestream
  • 27. 27 Questions and Answers The End © 2005 Britestream