Encryption protocolsMonil Adhikari

What is SSL / TLS?• Transport Layer Security protocol, ver 1.0• De facto standard for Internet security• “The primary goal of the TLS protocol is to provide privacy and

data integrity between two communicating applications”• In practice, used to protect information transmitted between

browsers and Web servers

• Deployed in nearly every web browser

3

What are SSL and TLS?• SSL – Secure Socket Layer• TLS – Transport Layer Security• Both provide a secure transport connection between applications (e.g., a web server

and a browser)• SSL was developed by Netscape• SSL version 3.0 has been implemented in many web browsers (e.g., Netscape

Navigator and MS Internet Explorer) and web servers and widely used on the Internet• SSL v3.0 was specified in an Internet Draft (1996)• it evolved into TLS specified in RFC 2246• TLS can be viewed as SSL v3.1

History of the Protocol• SSL 1.0• Internal Netscape design, early 1994?• Lost in the mists of time

• SSL 2.0• Published by Netscape, November 1994• Badly broken

• SSL 3.0• Designed by Netscape and Paul Kocher, November 1996

• TLS 1.0• Internet standard based on SSL 3.0, January 1999• Not interoperable with SSL 3.0

Evolution of the SSL/TLS RFC

01020304050607080

SSL 2.0 SSL 3.0 TLS 1.0

Page count

SSL and TLS in Real World

SSL and TLS in Real World (Contd.)

8

SSL architecture

SSL Record Protocol

SSLHandshake Protocol

SSL ChangeCipher Spec Protocol

SSLAlert Protocol

applications(e.g., HTTP)

TCP

IP

9

SSL components• SSL Handshake Protocol

• negotiation of security algorithms and parameters• key exchange• server authentication and optionally client authentication

• SSL Record Protocol• fragmentation• compression• message authentication and integrity protection• encryption

• SSL Alert Protocol• error messages (fatal alerts and warnings)

• SSL Change Cipher Spec Protocol• a single message that indicates the end of the SSL handshake

TLS Basics• TLS consists of two protocols• Handshake protocol• Use public-key cryptography to establish a shared secret key between the

client and the server

• Record protocol• Use the secret key established in the handshake protocol to protect

communication between the client and the server

• We will focus on the handshake protocol

TLS Handshake Protocol• Two parties: client and server• Negotiate version of the protocol and the set of

cryptographic algorithms to be used• Interoperability between different implementations of the

protocol

• Authenticate client and server (optional)• Use digital certificates to learn each other’s public keys and

verify each other’s identity

• Use public keys to establish a shared secret

Abbreviated Handshake• The handshake protocol may be executed in an

abbreviated form to resume a previously established session• No authentication, key material not exchanged• Session resumed from an old state

• For complete analysis, have to model both full and abbreviated handshake protocol• This is a common situation: many protocols have several

branches, subprotocols for error handling, etc.

Client-Server Communication

Common TLS/SSL ScenariosMany people think of TLS and SSL as protocols that are used with Web browsers to browse the Internet more securely. However, they are also general purpose protocols that can be used whenever authentication and data protection are necessary. For example, you can use TLS/SSL for:

• SSL-secured transactions with an e-commerce Web site• Authenticated client access to an SSL-secured Web site• Remote access• SQL access• E-mail