SSL/TLS Protocols
SSL (Secure Socket Layer, developed by Netscape ) &
TLS (Transport Layer Security, is an IETF standard)
Both are
almost the same.
They run as a user-level processes on top of TCP/IP.
The Basic Protocol:
{=============================================
Alice
Bob
I want to talk, ciphers I support, Ra
>
<
Certificate, cipher I choose, Rb
Choose secret S, compute K= f (S,Ra,Rb):
{S}Bob , {keyed hash of
handshake msgs|CLNT}
>
Compute K= f(S,Ra,Rb):
< {keyed hash of handshake msgs|SRVR}
<
Data protected with keys derived from K
>
==============================================}
Keys:
· Alice chooses a random number S, as pre-master secret.
· It is shuffled with Ra and Rb to produce a master secret K.
·
Ra and Rb are 32 octets
long. The first 4 are the UNIX time
(number of seconds since Jan 1, 1970).
This is to ensure that Rs are always different.
· The master secret is shuffled with Rs
to produce six (6) keys:
ü Three (3) for each side for encryption, integrity, and IV.
ü The three keys used for transmission are known as the write keys
ü The three keys used for reception are known as the read kyes
ü Thus Alice's write keys are
Bob's read keys and vice versa.
·
To ensure
that the keyed hash Alice sends is different from the keyed hash Bob
sends,
Alice includes the string "CLNT" and the Bob include "SRVR" in the hash.
(To avoid the Reflection attack!).
·
Note
that:
ü Alice has authenticated Bob
(Since Bob has
the secret key that corresponds to the certificate’s public key).
ü Bob has no idea to whom he's talking to.
ü In SSL it is optional for the server to
authenticate the client, if the client has a certificate.
ü Normally the server authenticates the
client using:
<name, password>
sent
securely over the ssl connection.
Session
Resumption
If
the server supports session resumption, it sends session_id for the client
at the beginning.
{===========================================
Alice
Bob
I
want to talk, ciphers I support, Ra
>
<
session_id, certificate, cipher I
choose, Rb
choose secret S, compute K= f(S,Ra,Rb):
{S}Bob,
{keyed hash of handshake msgs|CLNT}
>
compute K= f(S,Ra,Rb):
<
{keyed hash of handshake msgs|SRVR}
<
data protected with keys derived from K
>
===========================================}
Session
resumption, if both sides remember the session_id:
{=========================================
Alice
Bob
session_id, ciphers, Ra
>
<
session_id, cipher, Rb, {keyed hash
of msgs}
{keyed hash of msgs} >
<
data protected with keys derived from K
>
=========================================}
Note
that they still have to negotiate ciphers,
But the pre-master secret S is the same (since it is expensive to
generate).
Encrypted Records
SeqNum | Header | Data - > HMAC <- integriy key
||
||
||
V
V
V
Header | Data |
HMAC | pad - > ENCRYPT <
- encryption
key
||
||
V
V
Header |
encrypted-integrity-protected record
If block cipher is used, the IV
is used to encrypt the first record.
The final block of each record
is used as the IV for the next record.
Connection Closure
ü The sender should send close_notify message to signal the other end that it
has no more data to send.
ü The purpose is to prevent a trunctation attack in which the attacker inserts a TCP FIN segment before the sender has finished sending data forcing the
receiver to think that all data has been received.
ü If a party receives FIN without first receiving close_notify it must mark the session as not resumable.
HTTP Over SSL - https
HTTP:
HTTP (Hyper Text Transfer
Protocol) is the Web basic transport protocol.
The basic unit of HTTP
interaction is the request/response pair:
ü The client opens a TCP connection to the
server and writes the request.
ü The server writes back the response and
indicates the end of response either with:
length
header or by closing the connection.
HTTPS:
The client
makes a connection to the server; Negotiates an SSL
connection;
and transmits http data
over the established secure connection.
OpenSSL
s_server & s_client
Examples:
ü S1
openssl s_server -no_dhe -accept 10234 -cert server_cert.pem
-key server_privatekey.pem
ü S2
openssl s_server -no_dhe
-accept 10234 -cert server_cert.pem -key server_privatekey.pem -Verify 2 –CAfile
ca_cert.pem
-Verify : the server demand a certificate from
the client, the depth of the chain should not exceed 2.
-CAfile : specify
the trusted certificate.
Examples:
ü C1
openssl s_client -connect localhost:10234
-verify 2 -CAfile ca_cert.pem
ü C2
openssl
s_client
-connect localhost:10234 -verify 2 -CAfile ca_cert.pem -cert
client_cert.pem -key client_privatekey.pem
Testing:
ü Test1
% S1
% C1
Will be
successful: Typing any
line in C1 it will appear in S1
ü Test1
% S2
% C2
Will be
successful: Typing any
line in C2 it will appear in S2
ü Test1
% S2
% C1
Will NOT be successful: S2 demands a certificate from C1.