Encryption protocolsMonil Adhikari
What is SSL / TLS?• Transport Layer Security protocol, ver 1.0• De facto standard for Internet security• “The primary goal of the TLS protocol is to provide privacy and
data integrity between two communicating applications”• In practice, used to protect information transmitted between
browsers and Web servers
• Deployed in nearly every web browser
3
What are SSL and TLS?• SSL – Secure Socket Layer• TLS – Transport Layer Security• Both provide a secure transport connection between applications (e.g., a web server
and a browser)• SSL was developed by Netscape• SSL version 3.0 has been implemented in many web browsers (e.g., Netscape
Navigator and MS Internet Explorer) and web servers and widely used on the Internet• SSL v3.0 was specified in an Internet Draft (1996)• it evolved into TLS specified in RFC 2246• TLS can be viewed as SSL v3.1
History of the Protocol• SSL 1.0• Internal Netscape design, early 1994?• Lost in the mists of time
• SSL 2.0• Published by Netscape, November 1994• Badly broken
• SSL 3.0• Designed by Netscape and Paul Kocher, November 1996
• TLS 1.0• Internet standard based on SSL 3.0, January 1999• Not interoperable with SSL 3.0
Evolution of the SSL/TLS RFC
01020304050607080
SSL 2.0 SSL 3.0 TLS 1.0
Page count
SSL and TLS in Real World
SSL and TLS in Real World (Contd.)
8
SSL architecture
SSL Record Protocol
SSLHandshake Protocol
SSL ChangeCipher Spec Protocol
SSLAlert Protocol
applications(e.g., HTTP)
TCP
IP
9
SSL components• SSL Handshake Protocol
• negotiation of security algorithms and parameters• key exchange• server authentication and optionally client authentication
• SSL Record Protocol• fragmentation• compression• message authentication and integrity protection• encryption
• SSL Alert Protocol• error messages (fatal alerts and warnings)
• SSL Change Cipher Spec Protocol• a single message that indicates the end of the SSL handshake
TLS Basics• TLS consists of two protocols• Handshake protocol• Use public-key cryptography to establish a shared secret key between the
client and the server
• Record protocol• Use the secret key established in the handshake protocol to protect
communication between the client and the server
• We will focus on the handshake protocol
TLS Handshake Protocol• Two parties: client and server• Negotiate version of the protocol and the set of
cryptographic algorithms to be used• Interoperability between different implementations of the
protocol
• Authenticate client and server (optional)• Use digital certificates to learn each other’s public keys and
verify each other’s identity
• Use public keys to establish a shared secret
Abbreviated Handshake• The handshake protocol may be executed in an
abbreviated form to resume a previously established session• No authentication, key material not exchanged• Session resumed from an old state
• For complete analysis, have to model both full and abbreviated handshake protocol• This is a common situation: many protocols have several
branches, subprotocols for error handling, etc.
Client-Server Communication
Common TLS/SSL ScenariosMany people think of TLS and SSL as protocols that are used with Web browsers to browse the Internet more securely. However, they are also general purpose protocols that can be used whenever authentication and data protection are necessary. For example, you can use TLS/SSL for:
• SSL-secured transactions with an e-commerce Web site• Authenticated client access to an SSL-secured Web site• Remote access• SQL access• E-mail
Top Related