Download - security in transport layer ssl
![Page 1: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/1.jpg)
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 17Security at the
Transport Layer:SSL and TLS
![Page 2: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/2.jpg)
17.2
Objectives
❏ To discuss the need for security services at the transport layer of the Internet model
❏ To discuss the general architecture of SSL
❏ To discuss the general architecture of TLS
❏ To compare and contrast SSL and TLS
Chapter 17
![Page 3: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/3.jpg)
17.3
Figure 17.1 Location of SSL and TLS in the Internet model
17 Continued
![Page 4: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/4.jpg)
17.4
17-1 SSL ARCHITECTURE17-1 SSL ARCHITECTURE
SSL is designed to provide security and compression SSL is designed to provide security and compression services to data generated from the application layer. services to data generated from the application layer.
17.1.1 Services17.1.2 Key Exchange Algorithms17.1.3 Encryption/Decryption Alogrithms17.1.4 Hash Algorithms17.1.5 Cipher Suite17.1.6 Compression Algorithms17.1.7 Crypography Parameter Generation17.1.8 Session and Connections
Topics discussed in this section:Topics discussed in this section:
![Page 5: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/5.jpg)
17.5
17.1.1 Services
Fragmentation
Compression
Message Integrity
Confidentiality
Framing
![Page 6: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/6.jpg)
17.6
17.1.2 Key Exchange Algorithms
Figure 17.2 Key-exchange methods
![Page 7: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/7.jpg)
17.7
Null17.1.2 Continued
There is no key exchange in this method. No pre-There is no key exchange in this method. No pre-master secret is established between the client and the master secret is established between the client and the server.server.
Both client and server need to know the value of the pre-master secret.
Note
![Page 8: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/8.jpg)
17.8
RSA17.1.2 Continued
Figure 17.3 RSA key exchange; server public key
![Page 9: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/9.jpg)
17.9
Anonymous Diffie-Hellman17.1.2 Continued
Figure 17.4 Anonymous Diffie-Hellman key exchange
![Page 10: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/10.jpg)
17.10
Ephemeral Diffie-Hellman key exchange17.1.2 Continued
Figure 17.5 Ephemeral Diffie-Hellman key exchange
![Page 11: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/11.jpg)
17.11
Fixed Diffie-Hellman
17.1.2 Continued
Another solution is the fixed Diffie-Hellman method. Another solution is the fixed Diffie-Hellman method. All entities in a group can prepare fixed Diffie-All entities in a group can prepare fixed Diffie-Hellman parameters (g and p). Hellman parameters (g and p).
FortezzaFortezza is a registered trademark of the U.S. National Fortezza is a registered trademark of the U.S. National Security Agency (NSA). It is a family of security Security Agency (NSA). It is a family of security protocols developed for the Defense Department. protocols developed for the Defense Department.
![Page 12: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/12.jpg)
17.12
Figure 17.6 Encryption/decryption algorithms
17.1.3 Encryption/Decryption Algorithms
![Page 13: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/13.jpg)
17.13
17.1.3 Continued
The NULL category simply defines the lack of an The NULL category simply defines the lack of an encryption/decryption algorithm.encryption/decryption algorithm.
NULL
Two RC algorithms are defined in stream mode.Two RC algorithms are defined in stream mode.
One RC algorithm is defined in block mode.One RC algorithm is defined in block mode.
All DES algorithms are defined in block mode.All DES algorithms are defined in block mode.
Stream RC
Block RC
DES
![Page 14: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/14.jpg)
17.14
17.1.3 Continued
The IDEA algorithm defined in block mode is The IDEA algorithm defined in block mode is IDEA_CBC, with a 128-bit key.IDEA_CBC, with a 128-bit key.
The one Fortezza algorithm defined in block mode is The one Fortezza algorithm defined in block mode is FORTEZZA_CBC.FORTEZZA_CBC.
IDEA
Fortezza
![Page 15: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/15.jpg)
17.15
Figure 17.7 Hash algorithms for message integrity
17.1.4 Hash Algorithm
![Page 16: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/16.jpg)
17.16
17.1.4 Continued
The two parties may decline to use an algorithm. In The two parties may decline to use an algorithm. In this case, there is no hash function and the message is this case, there is no hash function and the message is not authenticated.not authenticated.
NULL
The two parties may choose MD5 as the hash The two parties may choose MD5 as the hash algorithm. In this case, a 128-key MD5 hash algorithm. In this case, a 128-key MD5 hash algorithm is used.algorithm is used.
The two parties may choose SHA as the hash The two parties may choose SHA as the hash algorithm. In this case, a 160-bit SHA-1 hash algorithm. In this case, a 160-bit SHA-1 hash algorithm is used.algorithm is used.
MD5
SHA-1
![Page 17: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/17.jpg)
17.17
17.1.5 Cipher Suite
The combination of key exchange, hash, and The combination of key exchange, hash, and encryption algorithms defines a cipher suite for each encryption algorithms defines a cipher suite for each SSL session. SSL session.
![Page 18: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/18.jpg)
17.18
17.1.5 ContinuedTable 17.1 SSL cipher suite list
![Page 19: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/19.jpg)
17.19
17.1.6 Compression Algorithms
Compression is optional in SSLv3. No specific Compression is optional in SSLv3. No specific compression algorithm is defined for SSLv3. compression algorithm is defined for SSLv3. Therefore, the default compression method is NULL. Therefore, the default compression method is NULL.
![Page 20: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/20.jpg)
17.20
17.1.7 Cryptographic Parameter Generation
Figure 17.8 Calculation of master secret from pre-master secret
![Page 21: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/21.jpg)
17.21
Figure 17.9 Calculation of key material from master secret
17.1.7 Continued
![Page 22: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/22.jpg)
17.22
Figure 17.10 Extractions of cryptographic secrets from key material
17.1.7 Continued
![Page 23: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/23.jpg)
17.23
17.1.8 Sessions and Connections
In a session, one party has the role of a client and the other the role of a server;
in a connection, both parties have equal roles, they are peers.
Note
![Page 24: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/24.jpg)
17.24
17.1.8 Continued
Figure 17.11 A session and connections
![Page 25: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/25.jpg)
17.25
17.1.8 ContinuedSession State
Table 17.2 Session state parameters
![Page 26: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/26.jpg)
17.26
17.1.8 ContinuedConnection State
Table 17.3 Connection state parameters
![Page 27: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/27.jpg)
17.27
17.1.8 Continued
The client and the server have six different cryptography secrets: three read secrets
and three write secrets.The read secrets for the client are the same as the write secrets for the server and vice
versa.
Note
![Page 28: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/28.jpg)
17.28
17-2 Four Protocols17-2 Four Protocols
We have discussed the idea of SSL without showing We have discussed the idea of SSL without showing how SSL accomplishes its tasks. SSL defines four how SSL accomplishes its tasks. SSL defines four protocols in two layers, as shown in Figure 17.12. protocols in two layers, as shown in Figure 17.12.
17.2.1 Handshake Protocol17.2.2 ChangeCipher Spec Protocol17.2.3 Alert Protocol17.2.4 Record Protocol
Topics discussed in this section:Topics discussed in this section:
![Page 29: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/29.jpg)
17.29
Figure 17.12 Four SSL protocols
17.2. Continued
![Page 30: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/30.jpg)
17.30
17.2.1 Handshake Protocol
Figure 17.13 Handshake Protocol
![Page 31: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/31.jpg)
17.31
Figure 17.14 Phase I of Handshake Protocol
17.2.1 Continued
![Page 32: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/32.jpg)
17.32
17.2.1 Continued
After Phase I, the client and server know the following:
❏ The version of SSL
❏ The algorithms for key exchange, message authentication, and encryption
❏ The compression method ❏ The two random numbers for key
generation
Note
![Page 33: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/33.jpg)
17.33
Figure 17.15 Phase II of Handshake Protocol
17.2.1 Continued
![Page 34: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/34.jpg)
17.34
17.2.1 Continued
After Phase II,
❏ The server is authenticated to the client. ❏ The client knows the public key of the
server if required.
Note
![Page 35: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/35.jpg)
17.35
Figure 17.16 Four cases in Phase II
17.2.1 Continued
![Page 36: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/36.jpg)
17.36
Figure 17.17 Phase III of Handshake Protocol
17.2.1 Continued
![Page 37: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/37.jpg)
17.37
17.2.1 Continued
After Phase III,
❏ The client is authenticated for the server. ❏ Both the client and the server know the
pre-master secret.
Note
![Page 38: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/38.jpg)
17.38
Figure 17.18 Four cases in Phase III
17.2.1 Continued
![Page 39: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/39.jpg)
17.39
Figure 17.19 Phase IV of Handshake Protocol
17.2.1 Continued
![Page 40: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/40.jpg)
17.40
17.2.1 Continued
After Phase IV, the client and server are ready to exchange data.
Note
![Page 41: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/41.jpg)
17.41
17.2.2 ChangeCipherSpec ProtocolFigure 17.20 Movement of parameters from pending state to active state
![Page 42: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/42.jpg)
17.42
17.2.3 Alert Protocol
Table 17.4 Alerts defined for SSL
![Page 43: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/43.jpg)
17.43
17.2.4 Record Protocol
Figure 17.21 Processing done by the Record Protocol
![Page 44: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/44.jpg)
17.44
Figure 17.22 Calculation of MAC
17.2.4 Continued
![Page 45: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/45.jpg)
17.45
17-3 SSL MESSAGE FORMATS17-3 SSL MESSAGE FORMATS
As we have discussed, messages from three protocols As we have discussed, messages from three protocols and data from the application layer are encapsulated and data from the application layer are encapsulated in the Record Protocol messages. in the Record Protocol messages.
17.3.1 ChangeCipherSpec Protocol17.3.2 Alert Protocol17.3.3 Handshake Protocol17.3.4 Application Data
Topics discussed in this section:Topics discussed in this section:
![Page 46: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/46.jpg)
17.46
Figure 17.23 Record Protocol general header
17.3 Continued
![Page 47: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/47.jpg)
17.47
Figure 17.24 ChangeCipherSpec message
17.3.1 ChangeCipherSpec Protocol
![Page 48: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/48.jpg)
17.48
Figure 17.25 Alert message
17.3.2 Alert Protocol
![Page 49: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/49.jpg)
17.49
Figure 17.26 Generic header for Handshake Protocol
17.3.3 Handshake Protocol
![Page 50: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/50.jpg)
17.50
17.3.3 Continued
Table 17.5 Types of Handshake messages
![Page 51: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/51.jpg)
17.51
Figure 17.27 Virtual tributary types
17.3.3 Continued
![Page 52: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/52.jpg)
17.52
Figure 17.28 ClientHello message
17.3.3 Continued
![Page 53: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/53.jpg)
17.53
Figure 17.29 ServerHello message
17.3.3 Continued
![Page 54: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/54.jpg)
17.54
Figure 17.30 Certificate message
17.3.3 Continued
![Page 55: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/55.jpg)
17.55
Figure 17.31 ServerKeyExchange message
17.3.3 Continued
![Page 56: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/56.jpg)
17.56
Figure 17.32 CertificateRequest message
17.3.3 Continued
![Page 57: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/57.jpg)
17.57
Figure 17.33 ServerHelloDone message
17.3.3 Continued
![Page 58: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/58.jpg)
17.58
Figure 17.34 CertificateVerify message
17.3.3 Continued
![Page 59: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/59.jpg)
17.59
Figure 17.35 Hash calculation for CertificateVerify message
17.3.3 Continued
![Page 60: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/60.jpg)
17.60
Figure 17.36 ClientKeyExchange message
17.3.3 Continued
![Page 61: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/61.jpg)
17.61
Figure 17.37 Finished message
17.3.3 Continued
![Page 62: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/62.jpg)
17.62
Figure 17.38 Hash calculation for Finished message
17.3.3 Continued
![Page 63: security in transport layer ssl](https://reader036.vdocuments.net/reader036/viewer/2022062316/587c48a81a28ab5a1d8b8167/html5/thumbnails/63.jpg)
17.63
17.3.3 Application Data
Figure 17.39 Record Protocol message for application data