30-05-2010, 11:18 PM
[attachment=3661]
TLS (Transport Layer Security)
Presented By
Angshuman Karmakar
Roll “ 000610501011
B.C.S.E “ IV
History
¢ TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
¢ 1994: Netscape designed and built SSLv2
“ and told consumers that they needed SSL; credit card numbers were too sensitive to let go unencrypted
¢ Only Netscape Commerce Server supported SSL
“ It relied on X.509 certificates issued by RSADSI
¢ Microsoft had PCT (Private Communications Technology), backwards-compatible with SSLv2
“ Fixed various problems, added some new features
¢ 1995: SSLv3 (what we will see)
¢ Microsoft Secure Transport Layer Protocol (STLP)
“ Derived from SSLv3
¢ Supported unreliable transport (UDP), client auth via shared secrets
¢
1996 IETF Transport Layer Security working group formed to pick up a protocol as a standard Transport Layer Security protocol.
“ to reconcile SSL and PCT/STLP (and others) into an IETF protocol
“ SSLv3 "won" and is the basis for TLS
“ IESG (steering group) instructed working group to add DSS, DH, 3DES
¢ TLS published in January 1999 as RFC 2246
Architecture
¢ SSL connection
“ a transient, peer-to-peer, communications link, typically a TCP connection
“ associated with a SSL session
¢ SSL session
“ an association between client & server
“ Used to avoid negotiation of new security parameters for each connection
“ created by the Handshake Protocol
“ define a set of cryptographic parameters
“ may be shared by multiple SSL connections
TLS Record Protocol
The SSL Record Protocol provides two services for SSL connections:
confidentiality
using encryption with a shared secret key defined by Handshake Protocol
message is compressed before encryption
message integrity
using a MAC (Message Authentication Code) with shared secret key
similar to HMAC Algorithm but with different padding
Record Protocol
SSL Change Cipher Spec Protocol
Consists of a single one byte message
one of 3 SSL specific protocols which use the SSL Record protocol
Causes pending state to become current
Hence updates the cipher suite in use
SSL Alert Protocol
¢ The Alert Protocol is used to convey SSL-related alerts to the peer entity.
¢ Each message in this protocol consists of two bytes .
¢ The first byte takes the value warning(1) or fatal(2) to convey the severity of the message.
¢ If the level is fatal, SSL immediately terminates the connection. Other connections on the same session may continue, but no new connections on this session may be established
¢ compressed & encrypted
TLS Handshake Protocol
¢ The most Important part of the TLS protocol
¢ Can Be Divided into Four Phases
Negotiation Phase
- Client Sends Client_Hello message containing highest version it supports,a random number, a list of suggested cipher suites and compression methods.
- The server responds with a Server_Hello message, containing the chosen protocol version, a random number, cipher suite, and compression method from the choices offered by the client. The server may also send a session id as part of the message to perform a resumed handshake.
Handshake Protocol
Server Authentication and Key Exchange
-The server sends its Certificate message
-server_key_exchange message may be sent if it is required. (not required if Diffie-Hellman , or RSA key exchange is to be used.)
-The server requests a certificate from the client, so that the connection can be mutually authenticated, using a CertificateRequestmessage.
- The server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
Client Authentication and Key Exchange
-If requested client sends a Certificate message, which contains the client's certificate
-The client sends a ClientKeyExchange message, which may contain a PreMasterSecret, public key, or nothing. (depending on the selected cipher.) This PreMasterSecret is encrypted using the public key of the server certificate.
- The client sends a CertificateVerify message, which is a signature over the previous handshake messages using the client's certificate's private key. This signature can be verified by using the client's certificate's public key. This lets the server know that the client has access to the private key of the certificate and thus owns the certificate.
-The client and server then use the random numbers and PreMasterSecret to compute a common secret, called the "master secret". All other key data for this connection is derived from this master secret
Handshake Protocol
Finish
- The client sends a ChangeCipherSpec message and copies the pending CipherSpec into the current CipherSpec
-client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages. The server will attempt to decrypt the client's Finished message, and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.
- Similarly server sends a ChangeCipherSpec message
and an Finished message.Client perform the similar tasks
on them.
Versions
¢ TLS Version 1.0
defined in RFC 2246 in January 1999 based on SSL Version 3.0
differences between them is significant enough
¢ TLS version 1.1
TLS 1.1 was updated from the previous verson 1.0 in RFC 4346 in April 2006. Significant differences in this version include;
The implicit Initialization Vector (IV) was replaced with an explicit IV.
Change in handling of padding errors.
support for IANA registration of parameters.
¢ TLS version 1.2
TLS 1.2 was updated in RFC 5246 in August 2008, that was based on the earlier TLS 1.1 specification. Major differences include:
The MD5/SHA-1 combination in the pseudorandom function (PRF) was replaced with cipher-suite-specified PRFs.
The MD5/SHA-1 combination in the digitally-signed element was replaced with a single hash, specified in a new field.
Enhancement in the client's and server's ability to specify which hash and signature algorithms they will accept.
Expansion of support for authenticated encryption.
TLS Extensions definition and Advanced Encryption Standard (AES) Cipher Suites were added
Applications Using TLS
Thank You
