New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Info Security TheoryPractice

by: Federico Kerluke

Info Security TheoryPractice ISA 562

Federico Kerluke
GPA 3.58


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in Information Security Assurance

This 21 page Class Notes was uploaded by Federico Kerluke on Monday September 28, 2015. The Class Notes belongs to ISA 562 at George Mason University taught by Staff in Fall. Since its upload, it has received 13 views. For similar materials see /class/215092/isa-562-george-mason-university in Information Security Assurance at George Mason University.

Similar to ISA 562 at Mason

Popular in Information Security Assurance


Reviews for Info Security TheoryPractice


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/28/15
Outline PKI SSL ISA 562 Information System Security PKI SSL SASGZ i ms at Genrge Masun Univa39sily isnsoz Motivation 1 Key Distribution Problem How many Symmetric Keys needed In a secret key cryptosystem the secret key must be transmitted Via a secure channel Inconvenient e n parties want to communicate with each other how many keys total keys are needed and how many other keys must each n store i n entities eThere will be ntnel 2 keys total I Eaeh entity has to store n71 keys Insecure e Is the secure channe1rea11y secure Public key cryptosystem solves the problem 7 Public key known by everyone eteiephone directory 7 Privacy key is never transmitted ms at Genrge Masun Umversty EA 556 z Administration Problems e Adding new entities e Removing existing entities e changing keys ms at Genrge Masun Univa39sily isnooo Motivation 2 Digital Signature Motivation cont Email Security In a secret key ctyptosysten authentication and none repudiath may be dif cult Authentication verify his slguature Nonrrepudlatlon I didn39t 5191 it You did sinee you also have the keyquot e w a 2 E 2 e oneis solely responsible for his pnyate key KaiElm mmmmsi nain The percentage ofemail that is actually iea ablehy an attacker at that c manipulated while in transit with little chance 39 39 100 KaiElm mmmmsi Alli Is this Key Exchange Secure Dif eHellman Example i e large mime CD 1 e gsneiamr nf 2i m lanaum XmZ39a gquot tnei m Pick landum Z Wm Yin z39 KaiElm mmmmsi nain Aha andEab wun aestnbllshashaxedsecmkzy Have agree an thewlue F353 pnmzandf3 Seizctthzrandnmsecntwluzs 7 Alice chaasesx97 Eab chnasestZZZ Denvethepubhckzys gum a a ad3534 Alice39s minauzskm Eab39s e genie Denvetheshmdsecxetkz e bhmaleZAXWmadZS dn40733 ad 6U Alice39s an Eab39s KaiElm mmmmsi nain Dif e H ellman Manin Lhemiddle Public Key Clyptography Bminstorming P7 has puma Whatfohce39s puhhc keyxs furged7 Q39QEHEmmr MI E 7 vuyme ammo snmehww gt afake pubhc keyltgemmoysom andmzy behwexusAhce spubhcke m mm mm 3 Akee can nut cummun t wnh sveryune Lhmugh puhhc key x m 2 K e ms t m andam g m 7 Am cannwt dzcxypt anthmg mcxyptedby wthzxsusngthe fake RmZ39 Ahce39spubhckzy g mud m m mm 7 thn c m anydnngwnh hzxpnvatekzy 972an else wx m2 thmkmsfake s3 mm pkk random Huw as u yuu salve ths prublan397 3 m 2 Camnute Cumuuts Compute Comm Lm gr 2 N g lt2quot s we v sm m Cem39 cate Thde Pally Tmst Model A signed message claiming somebodys pubue key s such amp sue 7 Akee39s publxckeyx5123455a Imeol does not know Bob 0 Bob s key men the cem cate sigmed by Bob doesn t mean much to Cato Imeol knows and trusts David who can cemfy Bob s key men Carol may have some trust on Bob s cem cate Them could be a chum of cem cate um mdueeuy cemfy the authenuclty of the pubue key xsm Garage um thvu39sll me Yru mg i mums Mum may we Extended Third Party Trust Model Pubhc Key Infrasmlcmre PKI Not an algorithm Uses public key cryptography Enables secure data transmission over the Internet Cu cmAmhm Certi cateAuthority A PK is a set ofagreed upon standards Cem39 ca tz39onA utlz on39tz39es CA slmcture between mullzple CAsn7etlzods to discover and Validate Vquot a 0 E Certi cation Patlzs Operational Protocols w m Management Protocols Interoperable Tools and Alic Bob Jane Joe supporlznglegzslalion Digital Certi cates book 7 Jalal Feghhi Jalil Feghhi Peteerliam Cross Certi cation ISE at George Mason University l FebmxyZElElZ 13 ISE at George Mason Umvasny 14 Public Key Infrastructure PKI PKI Simpli ed Model What is PKI for 7 Facilitate secure distribution of every one s public key Certi cation 7 Provide some authenticity of the public keys distributed Entity Basic Components of X509 PKI 7 Certi cation authorities CA Ap ication g 7 Registration Authority RA Provider side m Dmmry 7 Certi cate Distribution System 7 C erti c ates 7 PKI Enabled Application Consmern side ISE at George Mason University EA 666 15 ISE at George Mason Umvasny PKI Steps PKI Components Certificate Authority I Provides Iml identity RA Veri es subscriber based on class level May be housed by CA I Issues Certi cate amp or other entity posts in Repository WWW Can validate subscriber public key ISE at George Mason University ISA 562 0 Basic Responsibilities Key Generation Digital Certi cate Generation Certi cate Issuance and Distribution Revocation Key Backup and Recovery System CrossCerti cation ISE at George Mason University ISA 562 18 PKI Components Certificate Authority II Public keys are issued by a certification authority CA A CA verifies amp vouches for the identity information in a Certificate Like a Government for a passport Like a bank for an ATM card A certificate that the CA issues to a company binds a public key to the recipient s private key ISE at George Mason University 19 PKI Components Certificate Authority III The CA has a public and private key pair just like people and devices The CA uses its private keyto sign the body of the certificate just as people use personal private keys to sign messages 0 To verify one must use the CA s public keyto decrypt the signature just as one would verify a personal signature from another user ISE at George Mason University ISA 562 20 PKI Components Registration Authority RA Basic Responsibilities Registration of Certificate Information FacetoFace Registration Remote Registration Automatic Registration Revocation Verification level depends on class requested Class 1 can be done from public records Class 3 can be for signing software more powerful ISE at George Mason University ISA 562 PKI Components Certi cate Distribution System Provides Repository for Digital Certi cates Certi cate Revocation Lists CRLs Typically Special Purpose Databases LDAP directories ISE at George Mason University ISA 562 PKI Components Certi cate I PKI Components Certi cate II An electronic passport that proves your identity and authenticates you Who you are What your public key is Who issued your certificate Digital Certi cate thsical World Analagies 39 Identity Data ATM Card a Certificate to conduct electronic banking 39Public Key Signed by Certification Authority Driver s license a Certificate to operate a vehicle Employee badge a Certificate to gain facility access US Passport a Certificate telling who you are ISE at George Mason University ISE at George Mason University o A digital Certificate becomes a passport that proves your identity and authenticates you 7 A US passport is issued by a trusted Government 7 when another Government sees it they trust it o A digital Certificate issued by a trusted CA can also be trusted PKI Components Certi cate III 0 A certificate binds an entity to a key pair 0 The public key embedded in a digital certificate is in a public directory that is freely accessible 0 Now when you download someone s public key you know that it belongs to a specific person ISE at George Mason University ISA 562 PKI Components Certificate IV shod Name D gxr fc n mehachnoogies 0333 m umbul dm 5 CA3 MM M WWI awn IS suer mnuhen m m Subject u am mm mung mu ulnhal uignacun luv gndphermm signlng algorithm hammohl s e g SHA h M95 Q QA gignamm Subject Public Key Issuer B l l e ISE at George Mason University PKI Components Certificate Example Cet1f1ate Da 0xm 0133va EDS1E1ng cc vez czcahawcecam ltr Paaa OBzenc aaccala eeacf czgEmalAddrea5baccalafeeanfc am gmt aim ltzra faugnFm 65 9239 lb at George Mason University Certificate Expiration and Renewal A period of validity is assigned to each certificate After that date the certi cate expires A certificate can be renewed with a new expiration date assigned If the keys are still valid and remain uncompromised ISE at George Mason University Certificate Revocation Certi cate Revocation List CRL Sometimes there is a need to revoke a certi cate before it exprres 7 A hardware crash causes a key to be lost 7 A private key is compromised 7 Termination of af liation with some organization Revocation is permanent Suspension can be li ed lSE at George Mason University BA ms CRLs are published by CAs at well defined interval of tim es Contains all revoked and suspended certificates It is a responsibility of Users of certificates to download a CRL and verify if a certificate has been revo ed User application must deal with the revocation processes lSE at George Mason Umvasrty 151x552 3n CA Technology Evolution Simple Certi cation Hierarchy CA CA ll RA l J lSE at George New Umva39srty SA 562 Internet x sny mam 15 m general model farcem cman hierarchy n mm m CA mm med m certificate you can my the c r ya mm inch enmylus its awn mm and my V max thanane m mat CA s can Emum is 52mm and each subCA is Slam byrts parent CA Each CA my also m CRLs ln me m mm lzvel cm 15m CRLs l frequently lSE at George Masm Umvasny 22 Simple Certi cation Hierarchy An Example Trusted R001 tx Alice trusts the root CA n Bob sends a message to Alice K I Ll If Alice needs Bob s certificate the certificate of the CA that signed Bob s certificate and so on up to the root CA s self signed certi cate A L g L7 lt E Alice also needs each CRL for each CA Only then can Alice verify that Bob s certificate is valid and trusted and so verify the Bob s signature Alice Bob ISE at George Mason University Microsoft Root CA You can set up your own Certificate Authority Server 7 Windows Server 2003 or Windows 2000 Server 7 Install the Certi cate Services 7 Note that after installing this service the name of the main or com uter cannot chan 6 mm mm mm in Wmdwn Cnmpnnmu F 1mm addm vannvecnmwnenl WWW I a Toaddmvunuveacmrwmmc iwchxkbw Aawmmmw Wldlhmlwlhamdkd Tammysmmmmeu Dct s ceswnzx and Lmllhes Se VK l Jinx pwvw nmvmm mm a Delhicalm evilWW m m mm mm lo use with ma key mum magma ISE at George Mason University Root Certi cates built into browser browsers Certititate s intended purpose ltwgt EABAKOM Ran CA Amenm Unirm Raul Ceru canon Aum Auwvidad Cem mwra de la Ar u utmida erh zadora del CnlEqiu NEE am at intsided purpose ISE at George Mason University ISA 562 0 If the CA is a widely recognized authority its certi cate along with its public key will already be embedded in Microsoft Root CA Specify options to generate certi cates including Cryptographic Service Provider Hash algorithm Key length wmdowi ompnnnns Wizard Public and Plivale Key Pail Select e ciVDthtepbic arwne Wovidev lCSP hash algmrhm and settings Im the I key p31 cspv ammonier M04 Mmosotl Base 059 Eiwlogvephic PUPi691 A M cmtoll Enhanced Ct I re re Provide v 0 M05 Schlumbavuev mme Senice Ftwdev J 39 r AIM 1m CSP in mm mmm geskmp Lay lenglh ma ISE at George Mason University PKI solving security needs How do we solve the 4 security needs Con dentiality I Integrity 777 NonRepudiation Authentication 777 777 gital Signature Date and Time 37 ISE at George Mason University PKI solving security needs How do we solve the 4 security needs Con dentiality r Integrity Digital V Signature Secret Key Public Key NonRepudiation Authentication Digital Signature Digital Certi cates gital Signature Date and Time 38 ISE at Geuge Mason University SSLTLSSSH SSLTLS overview and basic features SSL Record Protocol SSL Handshake Protocol Other SSL Protocols SSL and TLS differences SSL applications Comparison of IPsec amp SSL ISE at George Mason University ISA 562 39 SSLTLS Overview SSL Secure Sockets Layer 7 Originally developed to secure http 7 unreleased v1 awed but useful v2 good v3 TLS Transport Layer Security 7 TLSl0 SSL30 with minor tweaks Z SSL31 7 Defined in RFC 2246 7 Opensource implementation at httpwwwopensslorg SSLTLS provides security at TCP layer 7 Uses TCP to provide reliable endtoend transport 7 Applications need some modi cation 7 In fact usually a thin layer between TCP and HTTP ISE at Geuge Mason University ISA 562 40 lO SSL Functionality SSL Services SessionLayer Security 7 Protection of bidirectional transport protocol Security Services 7 Integrity Authenticity Con dentiality Client Security 7 Server must be authenticated using publickey certi cates Server Security 7 Client may be authenticated using publickey certi cates Security Suite 7 Client and Server negotiate Algorithms and methods ISE at George Mason Unverslty ISA 562 Al Peer entity and data authentication Data confidentiality Data integrity Compressiondecompression Generationdistribution of session keys Security parameter negotiation ISE at George Mason Unlva39slty lsAsoz 42 SSLTLS Basic Features SSL Protocol Architecture SSLT LS widely used in Web browsers and servers to support secure ecornmerce over HTTP 7 Built into Microsoft IE Netscape Mozilla Apache IIS 7 The infamous browser lock SSL architecture provides two layers 7 SSL Record Protocol 7 Upper layer canying SSL Handshake Protocol Change Cipher spcc Protocol Alert Protocol HHP any other application protocols lsE at George Mason Umversty EA 562 43 Atvvo layer protocol lsE at George Mason Unrvasrty mm 44 SSL Connection and Session SSL Session Each SSL session can be used for multiple SSL connections SSL Session 7 An association between a client and a server 7 Created by handshake protocol 7 Is used to avoid negotiation ofnew security parameters for each connection SSL Connection 7 A connection is a transport that provides a suitable type of 7 Peertopeer transient 7 Each connection is associate with one session lSE at Genrge Maser University BA 552 45 We can view an SSL session as an SSL security association 7 Createdby handshake protocol 7 De nes set ofcryptogxaphic parameters encryption and hash algorithm master seeret certi cates e Carriesmultiple cannecb39ansto avoidrepeateduse ofexpensive handshake protocol A SSL session consists of 7 Session 7 X509 publickey certi cate ofpeer couldbe null e Compressi algorithm 7 Cipher spec Ehe tion al orithm message digest algorithm ete 7 Master secret 48 byte secret shared between the client and server 7 Is reusable lSE at Genrge Masnn Umvasrty rshssz SSL Connection SSL Record Protocol SSL Connection concept 7 State de ned by nonces secret keys for encryption integrity and IV Keys for many connections derived from single master secret created during handshake protocol An SSL Connection consists o S 39 rando umbers e e Clientwrite key 7 Server 7 ClientIV 7 Sequence number lSE at Genrge Mason University EA 552 47 SSL Record Protocol provides secure reliable channel to second layer 39 7 Data origin authentication and integrity MA using algorithm similar to HMAC Based on MZDeS or SHAel hash al onthms MAC protects 64 bit sequence number for antkreplay 7 Con dentiality Bulk encryption using symmeme algorithm 7 lDEARCZAEI DESAEI expenahie DES KDES e RC474UandRC47128 Carries application data and SSL management data lSE at Genrge Masm Uhrvasrty ishs z SSL Record Protocol SSL Record Protocol Operation Data from applicationupper layer SSL protocol partitioned Application into fragments max size 214 bytes Data Optional compression MAC Fragment Fragment size at most 214 bytes then pad if needed 7 finally encrypt Compress Compression is optional Prepend header 7 7 Content type version length of fragment Add MAC MAC With sharedkey Submit to TOP n I I Encrypt quot 39 h Encryption with sharedkey 354354 r 39 Add SSL I SSL Packet Header ISE at George Mason University ISA 562 49 ISE at George Mason University ISA 562 50 SSL Handshake Protocol SSL Handshake Protocol Security Goals Like IPSec SSL needs symmetric keys MAC and encryption at Record Layer Different keys in each direction These keys are established as part of the SSL Handshake Protocol As with IKE in IPSec the SSL Handshake Protocol is a complex protocol with many options ISE at George Mason University ISA 562 51 Secure ciphersuite negotiation Encryption and hash algorithms Authentication and key establishment methods Entity authentication of participating parties Participants are client and server Server nearly always authenticated client more rarely Appropriate for most ecommerce applications Establishment of a fresh shared secret Shared secret used to derive further keys For confidentiality and authentication in SSL Record Protocol ISE at George Mason University ISA 562 52 l3 SSL Handshake Protocol SSL Connection Steps Initially SSL session has null compression and encryption 39 Both are set by the handshake protocol at the beginning of session Handshake protocol may be repeated during the session Four phases 7 Establish Security Capabilities 7 Server Authentication and Key Exchange 7 Client Authentication and Key Exchange When you hit an SSL encrypted page here is what usually happens 7 Server sends certi cateto client 7 Client checkto see if signing CA is in trustedlist in browser 7 Client cornputeshash of certi cate amp cornparesrnessage digest of certi cate by decrypting using CA s public key CA signed certi cate 7 Client checks validity dates of certi cate 7 Client checks URL in certi cate to and veri es it rnatchesthe cun ent URL 7 Client extracts server s public key orn certi cate 7 Client creates a session key symmetric 7 Client encrypts session key with servers public key and sends it 7 Finish over 7 Server decrypts using private key lsE at George Mason University BA so2 53 lsE at George Mason Umva39slty lsAsoz 54 Simplified SSLv3TLS Phase 1 Establish Security Capabilities Cl ent Serve Hello ciphers I support Mm Certi cate ciphers I chose Rs 55m keyed hash oI K r handshake msgs keyed hash of all handshake msgs Data protected with keys derived from K Krs Relient RServer lsE at George Mason University BA so2 ss Client Server W W Message marked by are mandatory Other messages are optional lsE at George Mason Umva39slty lsAsoz so Phase 1 Cont d Phase 1 Cont d Clientihello 7 Version The highest SSL version understood by the c ient 7 Random 4byte timestamp 28byte random num er 7 Session ID zero for new session nonzero for a prev10us sessron 7 CipherSuite list of supported algorithms 7 Compression Method list of supported compression methods ISE at Genrge Masun Umverslty ISA 552 57 Serverihello 7 Version min clientihello version highest version supported by the server 7 Random 4 byte timestamp 28byte random number Generated by the server 7 Session ID 7 CipherSuite selected from the client s list by the server 7 Compression method selected from the client s list by the server ISE at Genrge Masm Univasity 151x552 52 Phase 2 Server Authentication and Key Exchange Serverikeyiexchange message Client Server cmmmmw A Certi cate is almost always used ISE at Genrge Masun Umverslty EA 552 59 Not required if 7 The server has sent a certi cate With xed D H parameters or 7 RSA key exchange is to be used Needed for 7 Anonymous DH 7 RSA key exchange in Which the server is using RSA but has a signatureonly RSA key ISE at Genrge Masm Umxmny sts z 6D Ceitificateirequest message Serveridone message Request a certificate from the client Two parameters 7 Certi cateitype RSA signature only DSS signature only 7 Certi cateiauthorities ISE at George Mason Umversity ISA 552 m Indicate the end of server hello and associated messages ISE at George Mason Umvasny isAs z Phase 3 Client Authentication and Key Exchange Phase 3 Client Authentication and Key Exchange Client Server ISE at George Mason Umversity EA 552 63 Certi cate 7 One or a chain of certi cates Clientikeyiexchange 7 RSA encrypted premaster secret with the server s public key 7 DH client s public key Certi cateiverify 7 Only sent following any client certi cate that has signing capability 7 Proves the client is the valid owner ofthe certi cate ISE at George Masm Umxmny sts z SSL Handshake Protocol 7 Key Exchange SSL Handshake Protocol 7 Entity an r r SSL supports several key establishment mechanisms Most common is RSA encryption 7 Client chooses preimasterisec rec encrypts using public RSA key ofserver sends to server Can also create pr eimas t erise c re t from 7 Fixed DimeHellman Server and possibly Client certificate contains DH parameters 7 Anonymous Di eHe11rnan Eaen side senols le39 e7Hellman values butno authentication Vulnerable to man7m7mlddle attacks 155 at Genrge Masun Unrversuy ISA 562 SSL supports several different entity authentication m echanism 5 Most common based on RSA 7 Ability to decrypt preimasteris ecret and generate correct MAC in finished message using keys derived from pre master 5 ecret authenticates server to client 7 D55 or RSA signatures on nonces and other fields eg DiffieHellm an values 562 155 at Genrge Masun Unrvesuy ISA SSL Key Derivation SSL Handshake Protocol Run Keys used for MAC and encryption in Record Layer derived from preimasterisecret 7 Derive master secret from preimasterisecret and clienUserver nonces using MDS and SHAl hash functions 7 Derive key material from masterisecret and clienUserver nonces by repeated use of hash functions 7 Split key material up into MAC and encryption keys for Record Protocol as needed Is at Geurge Masun Unrversny EA 562 An illustrative protocol run follows We choose the most common use of SSL 7 No client authentication 7 Client sends pre master secret using Server s public erEryption key from Server c ti cate 7 Server authenticated by ability to decrypt to obtain pre mas eris ecret and construct correct finis hed message Other protocol runs are similar Is at Geurge Masun Umvaslty lsusoz SSL Handshake Protocol Run SSL Handshake Protocol Run M1 C 9 S ClientHello Client initiates connection Sends client version number 7 31 for TLS 39 Sends ClientNonce 7 28 random bytes plus 4 bytes of time Offers list of ciphersuites 7 key exchange and authentication options encryption algorithms hash functions 7 Eg T LSiRSAilJI TH73DE SiEDEichisHA ISE at Genrge Mason University BA 562 o M2 S 9 C ServerHello ServerCertChain ServerHelloDone Sends server version number Sends ServerNonce and SeSSlODID Selects single ciphersuite from list offered by client E LSiR w H73D D c sllA Sends ServerCertChainmessage e Allows client to validate server s public key back to acceptable root of trust optional CertRequest message 7 Omitted in this protocol run 7 no client authentication Finally ServerHelloDone ISE at Genrge Mason Unlva39slty lSAsoz 7n SSL Handshake Protocol Run SSL Handshake Protocol Run M3 C 9 S ClientKeyExchange ChangeCipherSpec ClientFinished I ClientKeyExchange contains encryption of preimasterisecret under server s public key indicates L quot 39 39 39r suite to be used on this session 7 Sent using SSL Change Cipher spee Protocol optional ClientCertificate ClientCe cateVerify messages 7 Only when clientis authenticated Finally C 11 entF 1n1 shed message 7 c on all messages sent so far both sides 7 0 ed sin master secret lsaatoMAeoge soquotn R rlvas ty g 75 7r M4 S 9 C ChangeCipherSpec ServerFinished ChangeCipherSpec indicates that server is updating cipher suite to be used on this session 7 Sent using SSL Change Cipher Spec Protocol Finally S erverFinished message 7 A MAC on all messages sent so far both sides 7 MAC computed using mast e ris ec r et 7 Server can only compute MAC if it can decrypt prefmasterisecret in M ISE at Genrge Masnn Umva39srty lsAsoz 72 SSL Handshake Protocol Run SSL Handshake Protocol Run Sum m ary Ml C 9 S ClientHello M2 S 9 C ServerHello ServerCertChainServerHelloDone M3 C 9 S ClientKeyExchange ChangeCipherSpec ClientFinished M4 S 9 C ChangeCipherSpec ServerFinished ISE at George Mason University BA 562 72 1 Is the client authenticated to the server in this protocol run 2 Can an adversary learn the value of preimaste risecret 3 Is the server authenticated t0 the client 4 Who creates the session key in a way SSL connection 5 Who creates the session key in a two way SSL connection 1 N0 2 No client has validated server s public key Only holder of private key can decrypt ClientKeyExchange to learn pr imasterisecret 3 Yes ServerFinished includes MAC on nonces computed using key derived 0m preimasterisecret 4 The client 5 The client lsE at George Mason Umva39slty lsnsoz 74 Other SSL Handshake Protocol Runs SSL Handshake Protocol 7 Additional Features Many optionalsituationdependent protocol messages 7 M2 S9C can include ServerKeyEXchange eg for DH key exchange CertRequest for client authentication 7 M3 C9S can include ClientCert for client authentication ClientCertVerlfy for client authentication For details see RFC 2246 TLS lsE at George Mason University BA 562 75 SSL Handshake Protocol supports session reswnpliun and czplzersw39re relnegotiation 7 Allows authentication and shared secrets to be reused across multiple connections Eg next wehpage from same website 7 Allows rekeying of current connection using fresh ces 7 Allows change ofciphersuite during session 7 CllentHellO quotes 0 SeSSlOnID 7 Both sides contribute new nonces update 7 All protected by existing Record Protocol lsE at George Mason Umva39slty lsnsoz 7o Other SSL Protocols Alert Protocol Alert protocol 7 Management of SSL session error messages 7 Fatal errors and warnings Change cipher spec CCS protocol 7 Used to switch to agreed cipherspec Both protocols run over Record Protocol so peers of Handshake Protocol ISE at George Mason University BA 552 77 Convey SSL related alerts to the peer Compressed and encrypted Two types of alerts 7 Fatal 5 SSL immediately terminates the connection Ex les 7 Unexpected message 7 Badirecordimac 7 Warning 7 xamples 7 Closeinonfy 7 Noicem cate ISE at George Masm Umvasrty 151x552 72 Change Cipher Spec Protocol Application Ports Used with SSL Session State 7 Current state The session state in effect 7 Pending state The session being negotiated Change Cipher Spec Protocol 7 Cause the pending state to be copied into the current state ISE at George Mason Umverslty EA 552 79 https 443 smtps 465 nntps 563 ldaps 636 pop3s 995 ftpdata5889 ftps 990 imaps 991 1515 at Genrge Masm Umva39srty 513562 8U SSL and TLS SSLTLS Applications TLSl0 SSL30 with minor differences TLS signalled by version number 31 Use of newer HMAC for MAC algorithm Differences in cipher suites Additional alert codes More client certificate types Minor changes in some cryptographic computatlons And more ISE at George Mason Unrversny ISA 562 21 Secure ecommerce using SSLTLS 7 Client authentication not needed until client decides to buy s omething 7 SSL provides secure channel for sending credit card information 7 Client authenticated using credit card information ant bears most of risk No antees about What happens to client data including credit card details a er session may be stored on insecure server ISE at George Masnn Unrvesny isnsoz 22 Some SSLTLS Security Flaws Comparing IPsec amp SSLTLS I Historical aws in random number generation for SSL 7 Low quality RNGleads to predictable sessron keys 7 Goldberg andWagner Dr Dobb39sJoumal Jan 1996 7 http www oar comdoeumentss965ddj 60lh Flaws in error reporting 7 diffenng response times by serverm event ofpaddmg failure and MAC failure analysis of padding method for CBC7mode 7 recovery of SSL plaintext 7 Canvei Hiltgen Vaudenay and Vuagnoux Crypt02003 7 http laseewww ep enpnpodepubireaoonssearen pnp7rer7cnvvo3 s 7 analysis of OpenSSL server response times allows attacker in same LAN 7 Boneh and Brumley 12m Usean Security Symposrurn s17urnrng 7 http crypto Stanford edu7daboabstxaetss nnnl ISE at Genrge Masnn Unrversny EA 562 23 Both have initial authenticated key establishm ent then key derivation 7 IKE in IPSec 7 Handshake Protocol in SSLT LS Both protect ciphersuite negotiation Both use keys established to build a secure channel ISE at Genrge Masnn Umvasity mm 24


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Anthony Lee UC Santa Barbara

"I bought an awesome study guide, which helped me get an A in my Math 34B class this quarter!"

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.