An Introduction to SSL/TLS

Providing secure communication

over the Internet
 What is SSL?
• SSL – Secure Socket Layer ƒ it provides a secure
transport connection between applications (e.g., a
web server and a browser)
• SSL was developed by Netscape
• uses TCP to provide a reliable end-to-end service
• TLS can be viewed as SSL v3.1
 Security Issues
• Privacy
– Anyone can see content
• Integrity
– Someone might alter content
• Authentication
– Not clear who you are talking with
SSL Architecture
 SSL Components

SSL HANDSHAKE SSL RECORD SSL ALERT SSL CHANGE

PROTOCOL PROTOCOL PROTOCOL CIPHER SPEC
PROTOCOL

• Negotiation of • Fragmentation. • Error message • A single message

security algorithms • Compression. ( fatal alerts and that indicates the
and parameters. • Encryption. warning ) end of SSL
• Key exchange. • Message handshake.
• Server
authentication and
optionally client
authentication.
 Sessions and Connections
• An SSL session is a connection between
client and server.
• Sessions are stateful ; the session state
includes security algorithm and
parameters.
• A session may include multiple secure
connection between same server and
client.
• Server and client random – random
byte sequence is chosen by the client
and server for new connection.
 Session States…
• Session state
– Session identifier – arbitrary byte sequence
chosen by the server to identify the session.
– Peer certificate – may be null.
– Compression method.
– Cipher Spec – bulk data encryption
algorithm and MAC algorithm ( eg. DES,
MD5 ).
– Master key – a 48 byte secret key is used in
between client and server.
– Resumable – a flag indicating whether the
session can be used to initiate new
connections.
 What is TLS?
• Protocol layer
• Requires reliable transport layer (e.g.
TCP)
• Supports any application protocols
HTTP Telnet FTP LDAP
TLS
TCP
IP

9
 TLS: Privacy
• Encrypt message so it cannot be read
• Use conventional cryptography with
shared key
– DES, 3DES
– RC2, RC4
– IDEA

A B
Message $%&#!@ Message 10
 TLS:Key Exchange
• Need secure method to exchange secret
key
• Use public key encryption for this
– “key pair” is used - either one can encrypt
and then the other can decrypt
– slower than conventional cryptography
– share one key, keep the other private

11
 TLS: Integrity
• Compute fixed-length Message
Authentication Code (MAC)
– Includes hash of message
– Includes a shared secret
– Include sequence number
• Transmit MAC with message

12
 TLS: Integrity
• Receiver creates new MAC
– should match transmitted MAC

A B
Message Message’ MAC

MAC MAC’ =?
13
14

TLS: Authentication
• Verify identities of participants
• Client authentication is optional
• Certificate is used to associate identity
with public key and other attributes

A B
Certificate
Certificate
15

TLS: Overview
• Establish a session
– Agree on algorithms
– Share secrets
– Perform authentication
• Transfer application data
– Ensure privacy and integrity
 SUMMARY
• SSL/TLS address the need for
security in internet communications
– Privacy – conventional encryption
– Integrity – message authentication codes
– Authentication – X.509
• SSL in use today with web browsers
and servers.
Thank You