Professional Documents
Culture Documents
Transport
Network
Link
Purposes of The Protocol
• Confidentiality
– No body beetwween the peer of TLS connection can undestand the content
• Integrity
– No data are altered when transmitted over a TLS conection
• Authentication
– Each peer of a TLS connection can check the other one is the he says to be
History of the Protocol
• SSL 2.0
– Published by Netscape, November 1994 and have Several weaknesses
• SSL 3.0
– Designed by Netscape and Paul Kocher, November 1996
• TLS 1.0
– Internet standard based on SSL 3.0, January 1999
– Not interoperable with SSL 3.0
• TLS uses HMAC instead of MAC; can run on any port
• TLS 1.1
– Publish in 2006 to update of TLS 1.0 with stronger cipher suites
• TLS 1.2
– Publish in 2008 to update TLS 1.1 with stronger cipher suites and support for extension
• TLS 1.3
– TLS 1.3 has now been finalized as of March 21st, 2018.
– Faster speed and improfed security
SSL Architecture
Used in the
management
of TLS
exchange
SSL components
• SSL Handshake Protocol
– negotiation of security algorithms and parameters
– key exchange
– server authentication and optionally client authentication
• SSL Alert Protocol
– error messages (fatal alerts and warnings)
• SSL Change Cipher Spec Protocol
– a single message that indicates the end of the SSL handshake
• SSL Record Protocol
– fragmentation
– compression
– message authentication and integrity protection
– encryption
10
SSL Connection and Session
SSL service
• For SSL such connections are peer-to-peer
relationships
Specifies the
bulk data
encryption
An arbitrary
algorithm and A flag
byte sequence An X509.v3
The algorithm a hash 48-byte secret indicating
chosen by the certificate of
used to algorithm shared whether the
server to the peer; this
compress data used for MAC between the session can be
identify an element of
prior to calculation; client and the used to
active or the state may
encryption also defines server initiate new
resumable be null
cryptographic connections
session state
attributes
such as the
hash_size
A connection state is defined by the following
parameters:
• Byte sequences that are chosen by the server and client for
Server and client random each connection • When a block cipher in CBC mode
is used, an initialization vector (IV)
is maintained for each key
Initialization • This field is first initialized by the
• The secret key used in MAC operations on data SSL
sent by the
Server write MAC secret server
vectors Handshake Protocol
• The final ciphertext block from
each record is preserved for use
as the IV with the following record
The Handshake Protocol defines a shared The Handshake Protocol also defines a shared
secret key that is used for conventional secret key that is used to form a message
encryption of SSL payloads authentication code (MAC)
SSL Record Protocol
SSL Record Format
SSL Record Protocol Payload
SSL Change Cipher Spec Protocol
• one of 3 SSL specific protocols which use the SSL Record
protocol
• a single message
• causes pending state to become current
• hence updating the cipher suite in use
SSL Alert Protocol
For HTTPS, the agent acting as the There are three levels of
HTTP client also acts as the TLS awareness of a connection in
client HTTPS:
At the HTTP level, an HTTP client requests a connection
The client initiates a connection to the server on the to an HTTP server by sending a connection request to
appropriate port and then sends the TLS ClientHello to the next lowest layer
begin the TLS handshake
•Typically the next lowest layer is TCP, but is may also be TLS/SSL
Uses Diffie-Hellman
MAC not
encrypted
Initiate to 0
incremented for
each packet
Table 17.3
SSH
Transport
Layer
Cryptographic
* = Required
** = Recommended
Algorithms
Authentication Methods
• Publickey
– The client sends a message to the server that contains the client’s public key, with
the message signed by the client’s private key
– When the server receives this message, it checks whether the supplied key is
acceptable for authentication and, if so, it checks whether the signature is correct
• Password
– The client sends a message containing a plaintext password, which is protected
by encryption by the Transport Layer Protocol
• Hostbased
– Authentication is performed on the client’s host rather than the client itself
– This method works by having the client send a signature created with the private
key of the client host
– Rather than directly verifying the user’s identity, the SSH server verifies the
identity of the client host
Connection Protocol
The SSH Connection Protocol runs on top of the SSH Transport
Layer Protocol and assumes that a secure authentication connection
is in use
The secure authentication connection, referred to as a tunnel, is used
by the Connection Protocol to multiplex a number of logical channels
Channel mechanism
All types of communication using SSH are supported using separate channels
Either side may open a channel
For each channel, each side associates a unique channel number
Channels are flow controlled using a window mechanism
No data may be sent to a channel until a message is received to indicate that
window space is available
The life of a channel progresses through three stages: opening a channel, data
transfer, and closing a channel
Connection
Protocol
Channel Types
Four channel types are recognized in the SSH Connection Protocol specification
Session
• The remote execution of a program
• The program may be a shell, an application such as file transfer or e-mail, a system command,
or some built-in subsystem
• Once a session channel is opened, subsequent requests are used to start the remote program
X11
• Refers to the X Window System, a computer software system and network protocol that
provides a graphical user interface (GUI) for networked computers
• X allows applications to run on a network server but to be displayed on a desktop machine
Forwarded-tcpip
• Remote port forwarding
Direct-tcpip
• Local port forwarding
Port Forwarding
Source:
www.tectia.com/manuals/guardian-admin/30/scb_ssh_channel_types.html
Remote Forwarding
Source:
www.tectia.com/manuals/guardian-admin/30/scb_ssh_channel_types.html
Summary
• Web security considerations • Transport layer security
• Web security threats • Version number
• Web traffic security approaches • Message authentication
code
• Secure sockets layer • Pseudorandom function
• SSL architecture • Alert codes
• SSL record protocol • Cipher suites
• Change cipher spec protocol • Client certificate types
• Alert protocol • Certificate_verify and
finished messages
• Handshake protocol
• Cryptographic
• Cryptographic computations computations
• Padding
• HTTPS
• Connection initiation • Secure shell (SSH)
• Connection closure • Transport layer protocol
• User authentication protocol
• Communication protocol
References
• W. Stallings, “Cryptography and Network Security: Principles and Practice”, 8th ed., Pearson, 2016
• E. Gean, “Chapter 13 IPSec”, California State University, 2015
• X. Y. Li, “IPSec”, Illinois Institute of Technology, 2014
• V. Shmatikov, “IP security. Internet Key Exchange (IKE) protocol”, 2004