Comp & Network Security
Comp & Network Security CS 4237
Popular in Course
Popular in ComputerScienence
This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 4237 at Georgia Institute of Technology - Main Campus taught by Staff in Fall. Since its upload, it has received 13 views. For similar materials see /class/234115/cs-4237-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.
Reviews for Comp & Network Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/02/15
E E Q m H U 9 TE Key Distribution and Management E U cs 4237 d U E 5i Q U Q m m Key Distribution and Management 3 3 l Secret key distribution l Public key distribution l Secret key distribution using public key r r C v quotv QQEQQQQD encryption QEEE Q l L iquot C L D Secret Key Distribution l A and B can establish a secret key by 0 Manual delivery 0 Selection and delivery by a trusted third party 7 0 Using a previous key to encrypt the new key f 0 Using encrypted links to a third party to relay l Problem 0 Need to scale up need for each pair of hostsapplications n a Eli Key Distribution Center KDC Ci r3 l Responsible for distributing keys to pairs of users hosts processes applications l Each user must share a unique key the E master key with the KDC E 0 Use the master key to communicate with KDC to get a temporary session key for establishing a secure session with another user mggggg 0 Master keys are distributed in some non cryptographic ways QEEH A Typical Key Distribution Scenario ll a E r3 E g l Requesth 7 1 2 EKaKsiRequeStiN1iEKbKsIDA 3 EK KSJDA 1 in El 1 U 2 5 EKsfNZ K3 Kb are master keys K5 is a session key Eli rn Si 3 Public Key Distribution in a 1 j I General schemes 1 0 Public announcement Can be forged A 1 0 Publicly available directory L Can be tempered 0 Publickey authority 1 0 Publickey certi cates QEQQQQ QEEE Q Publickey Authority Q 4 RequestiT2 e aiRequeStiTZ E 1 RequestiT1 g EKdiamh Keibi RequeSti T1 TI 3 EKeibUDAi N1 6 EKC aN1N2 E3 3 E 7 EKeJJNz m m 16 3 Publickey Certificates 4 C g l A certlflcate contalns a pubhc key and other information 2 0 Created by a certificate authority 0 Given to the participant with the matching E private key l A participant transmits its certificate to convey its key information 0 Other participants can verify that the certificate mggggg was created by the authority All nodes are precon gured with the public key of the certi cate authority CA BE 3 Exchange of Publickey Certificates W U 9 L1 E t C C E E A EKd aumiTia IDA K6721 l I 7 1 1 CA 9 u E U m g 313 does DKe m A DKU 1hEKUumT1IDA KUD T1 IDA Kw mhence gets the public key 0 A m CWWDPWWUDDDQD QEQQQDDQC Q Publickey Distribution of Secret Keys a l m El 9 Security Handshake Pitfalls I E 3 CS 4237 lg M Q 51 Q D l Q n1 n1 Login With Shared Secret 3 Variant l D l Bob challenge R Alice KABR K can be A hash l Problems 0 Authentication not mutual H 0 Connection hijacking 0 Offline password guessing attack 0 Compromise of database at Bob Impersonate Alice at E in Q QEEE Q l Login With Shared Secret One Way Cl Ejj l Alice K ABtimestamp l Problems 1 r 0 Requires synchronized clocks L 7 0 Replay attacks f Eavesdropping and use the recorded message within clock skew window H Use for other server if several servers share the same secret E Reuse if server clock can be set back D U a W E 39 a Oneway Public Key J H D a l Alice hi Bob R Alice R A Alice Signs R C t l Alice hi Bob R A Bob encrypts using Alice s 3 public key Alice R l Database at Bob only writelocked not read E locked l y E 5 l Problems 9 Can trick Alice into signing or decrypting message 9 To x don t use the same key for different purposes or in explicitly speci es the message type a m El IQ ED l Trudy then impersonates Alice S Lamport s Hash Lll C g l Safe from eavesdropping and database reading I No public key cryptography l Alice human workstation password 1 l Bob server username n hash password l Authentication E 0 Human ltAlice passwordgt a workstation Alice name a Bob Bob n 9 Alice 0 Alice x hashquot391password Bob 0 Bob compares hashx with database stores new 0 ltnl xgt D E El Lamport s Hash Small n Attack J J E I No mutual authentication Cl l Trudy impersonates Bob 1 0 Sends small n say 50 to Alice 0 Alice sends back hash49password l L SDI QEQQQQ 0 The actual n in the real bob is greater than 50 0 Trudy can compute hash hash l Alice should remember what 11 should be EE Mutual Authentication EA Shared Secret I Alice a Bob rm Alice I Bob a Alice R1 I Alice a Bob KABR1 i I Alice a Bob R2 E I Bob a Alice KABR l Simpli ed B 0 Alice 9 Bob I m Alice R2 51 0 Bob 9 Alice R1 KABR2 9 Alice 9 Bob KABR1 D Mutual Authentication Re ection Attack g I First login connection by Trudy 0 Trudy a Bob I m Alice R2 Bob 9 Trudy R1 KABR2 0 Can t do Trudy Bob KABR1 yet l Second login connection by Trudy 0 Trudy a Bob I m Alice RL Bob 9 Trudy R3 KABR1 QEQQQQ 0 Go back to first connection and do Trudy gt Bob KABR1 Forget about the second connection EE Mutual Authentication a DJ Reflection Attack Cont d Ca l Fixes 0 Different keys for initiator and responder Trudy can t get Bob to encrypt using Alice s key IEquot 0 Different type of challenges for initiator and a responder e g even number for initiator and odd number for i responder E3 El U 391 D a Mutual Authentication Cf 3 Public Keys in I Alice a Bob rm Alice R2 l Bob a Alice R2 R1A l Alice 9 Bob R1 F3 l Variant Equot 0 Sign instead of encrypt l Challenges QEQQQQ 0 Public key distribution and storage DDDCEIQQQQQEEEE IP Security 11 E9 CS 4237 E D a a n at E E In Im at Eu 3 Agenda 9 l Key Management 0 Concepts 0 Manual Exchange 0 Internet Key Exchange 1 EEEEQEQDDQ l IPSec Strengths amp Weaknesses l Implementation of IPSec Q U Key Management Ca l AH and ESP require encryption and authentication keys l Process to negotiate and establish IPSec SA s between two entities 39539 D E 54 DJ E D E E1 W a a Concepts E Cl 3 l PFS Perfect Forward Secrecy 1 0 Obtaining one key does not give access to all data only data protected by that one key 0 Keys not derived from predecessors l Nonces locally generated pseudorandom 3 numbers E U Cl 61 m gg EQ EE 9 Use that SA to negotiate IPSec SAs l IKE SA used to define encryption amp authentication of IKE traffic I Multiple IPSec SAs can be established with one IKE SA l IKE SA bidirectional Q m Manual Key Management 92 l Mandatory l Useful when IPSec developers are debugging 4 l Keys exchanged of ine phone email etc I Set up SP1 and negotiate parameters 5 gi 21 m E E1 W a Internet Key Exchange IKE D I Used when an outbound packet does not have an 5 SA 2 l Tow phases 6 o Establish an IKE SA E DDS QEQQQQ g n IKE Phase I Create IKE SA C 55 E l Negotiate protection suite I Use DiffieHellman to establish shared secret I l Authenticate the shared secret IKE SA 3 0 Preshared keys secret E 0 Digital signatures ii 0 Publickeys EU 1 D a Eli rn a 3 Mode of Exchanges E c p l Phase I 1 0 Main Mode exible 6 messages Checks cookies before DH work 0 Aggressive mode faster 3 messages I Open to clogging DoS doesn t check cookie before DH work l Phase II Quick Mode m gg EQ LEEz Di 1quot WCWWDCXHYCYJDQ T39QEJDD QQQQ Concepts Cookies l Requirements 0 Depend on specific parties 0 Only the issuing entity can generate acceptable cookies implies issuer using local secret 0 Cookie generation and verification must be fast I Hash over IP SrcDest UDP SrcDest local secret 39 E iiquot iil rJLTV C riUCJDBQDQ QQQEDE BBQ Initiator Responder Crypto Offered Cookie 8 I I Negotiate IKE Crypto parameters Crypto Chosen CR Nonce I YI gt Exchange items to NR YR generate secret Generate SKEYID DH K IDI Hashl Send hash digest so peer can authenticate sender IDR HashR Example Main Mode Preshared EE Q4 DJ Main Mode Preshared C3 l PRF PseudoRandom Function l SKEYID root secret PRFpresharedkeyNINR IEquot I SKEYIDid for IPSec SA PRFSKEYIDKCICR0 39r K is the secret generated by DH E l SKEYIDia for IKE message data auth amp integrity g PRFSKEYIDSKEYID7dKCICR 1 u 20 l SKEYIDie use to encrypt IKE messages PRFSKEYIDSKEYID7aKCICR 2 D U a W Si 3 Main Mode Preshared Hashes E D E g I To authenticate each other each entity IF generates a hash digest that only the peer could know E 3 HashIPRFSKEYIDYIYR 01 th Crypto Offer IDI 5 Hash RPRFSKEYIDYRYICICRCrypto Offer IDR Ci 9 U Cquot U E SE SE Q U IKE Phase II Keys Ca l Default no PFS 0 Keys for IPSec SA derived from IKE shared secret I With PFS use nonces 39539 D Q 54 U Q U U W a a Phase II E D quoti I What traffic does SA cover l Initiator specifies which entries selectors in SPD are for this IPSec SA sends off to E responder l Keys and SA attributes communicated with the Phase I IKE SA iii 0 Passes encrypted amp authenticated i m gg EQ QEQEQQ lquot C 1 Q 39CUF U Example Quick Mode Initiator Responder HASH2 SA NonceR New K E HASH I IPSec SA Noncel New K Negotiate lPSec SA Parameters PFS 395 D Re Ia HASH3 p y 01 gt Liveness proof for Q Responder El 9 D U E a a 3 lPSec D D Cl E l Key exchange and encryptlon are separate 1 0 New encryption algorithms can be added l Complex a lot of exibility amp options l Best VPN standard we ve got El 1 El 6139 U E DJ E E D ll El An OverV1ew of Computer Security CS 4237 i a E ii Bl a The Definition l Security is a state of wellbeing of information and infrastructures in which the possibility of successful yet undetected theft tampering and disruption of information and services is kept low or tolerable l Security rests on confidentiality authenticity integrity and availability 9Q CJJQGQQUQ v 1quot The Basic Components l Confidentiality is the concealment of information or resources I Authenticity is the identification and assurance of the origin of information I Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes I Availability refers to the ability to use the information or resource desired Security Threats and Attacks l A threat is a potential violation of security 0 Flaws in design implementation and operation I An attack is any action that violates security 0 Active adversary l Common threats 0 Snoopingeavesdropping alteration spoofing repudiation of origin denial of receipt delay and denial of service EMJQQEEEIEIIIIIIII Eavesdropping Message Interception Attack on Con dentiality l Unauthorized access to information I Packet sniffers and Wiretappers l Illicit copying of data and programs EJQEEEDDQJIIIIIIII Integrity Attack Tampering With Messages I Stop the ow of the message I Delay and optionally modify the message I Release the message again QQEEEIEIIIIIIII Lll Du Authenticity Attack Fabrication l Unauthorized assumption of other s identity I Generate and distribute objects under this identity I I 5 Attack on Availability 5 l Destroy hardware cutting fiber or software I Modify software in a subtle way alias commands a l Corrupt packets in transit III III e l Blatant denial of service DOS 9 Crashing the server 9 Overwhelm the server use up its resource 9Q I Q 3 Impact of Attacks l Theft of con dential information 5 l Unauthorized use of r 0 Network bandwidth 1 0 Computing resource 5 l Spread of false information j g l Disruption of legitimate services All attacks can be related and are dangerous 1 D n Security Policy and Mechanism CH C l Policy a statement of what is and is not allowed I Mechanism a procedure tool or method of enforcing a policy I Security mechanisms implement functions that help prevent detect and respond to recovery from security attacks 9 Goals prevention detection and recovery I Security functions are typically made available to users as a set of security services through APls or integrated interfaces l Cryptography underlies many security mechanisms SQ a Security Serv1ces l Con dentiality protection of any information om being exposed to i unintended entities 0 Information content 3 0 Parties involved 0 Where they are how they communicate how often etc En El Ei U 2 Security Serv1ces Cont d l Authentication assurance that an entity of concern or the origin of a communication is authentic it s what it claims to be or from I Integrity assurance that the information has not been tampered with l Nonrepudiation offer of evidence that a party indeed is the sender or a receiver of certain information GQQEQEQ J 1 391 itquot Security Services Cont d l Access control facilities to determine and enforce who is allowed access to what resources hosts software network connections I Monitor amp response facilities for a monitoring security attacks generating E3 indications surviving tolerating and E3 recovering from attacks D a ti 3 Security Serv1ces Cont d C l Security management facilities for coordinating users service requirements and mechanism implementations throughout the enterprise network and across the Internet 0 Trust model 0 Trust communication protocol 0 Trust management infrastructure 9Q QQEQ Assumptions and Trust El LJ 5 l A security policy consists of a set of 39 axioms that the policy makers believe can be enforced 5 l Two assumptions 0 The policy correctly and unambiguously partitions the set of system states into secure and nonsecure states The policy is correct 0 The security mechanisms prevent the system Q from entering a nonsecure state The mechanisms are effective a a Assumptions and Trust Cont d En E l Trusting the mechanisms work require the following assumptions 0 Each mechanisms enforces parts of the security policy 0 The union of the mechanisms enforce all aspects of the policy 0 The mechanisms are implemented installed and administered correctly E 9 How to Make a System Trustworthy El E3 l Specification O A statement of desired functions I Design 7 O A translation of speci cations to a set of components 1 z I Implementation O Realization of a system that satis es the design E l Assurance O The process to insure that the above steps are carried 2i out correctly ET 9 Inspections proofs testing etc D D r E El a Operatlonal Issues D D l Rlsk Analys1s 7 l CostBene t Analysis r g1 l Laws and Custom a 1 U Cl 3i C0 at us a En El Security Handshake Pitfalls H l 3 CS 4237 IQ U E 51 Q EU or n E E1 Establishing Sess10n Keys g l Authentication handshakes to securely g establish session keys 0 Using shared secret 0 Using public keys ii 0 Oneway public key only Alice needs to have keys El 0 Lamport s hash in ii En E a Q EE El gi Sesswn Key Shared Secret all E23 I Alice a Bob rm Alice l Bob 9 Alice R l Alice a Bob KABR F I Use fK AB R as the session key l KABR1 is bad E 0 Trudy can eavesdrop to know R then impersonate Bob and trick Alice to encrypt R1 3 hence getting the session key btw Alice and Bob 39l l II a SeSSlon Key Twoway Public Key EU 3 Alice a Bob RB El 9 0 Trudy can impersonate Alice and send her own R B to Bob I Alice 9 Bob RBA 0 Trudy can record conversation break into Bob ETC TVTQTHT JC TNTle CID QEQQQQ and decrypt l Alice 9 Bob R1B Bob 6 Alice R2A 0 R1 R2 is session key Trudy needs to break into both Alice and Bob I DiffieHellman with signing EE El Mediated Authentication J J l Alice 9 KDC I want Bob l KDC invents K AB I KDC a Alice KAllceuse KAB for Bob r E l KDC a Bob KBobuse KAB for Alice l Avoid race condition El 0 KDC sends ticket K Bobuse K A B for Alice E3 to Alice who then uses the ticket to contact Eli Bob U 391 D E E9 NeedhamSchroeder Ci E l Alice 9 KDC N1 1 want Bob l KDC 9 Alice o KA N Bob KAB ticket N1 to authenticate KDC E 9 ticket KB 1913 Alice t Ensure Bob that it is Alice i l Alice 6 Bob ticket K ABN2 d QEQQQQ l Bob a Alice KABN2 1N3 l Alice a Bob KABN3l EE 5g Needham Schroeder Re ection El 3 Attack I Bob a Alice KABN2 1N3 l Assume 3 0 M is multiple of block size 9 o Use ECB I Should use CBC 5 d i n a NeedhamSchroeder Limit n1 g Compromise D l Trudy steals Alice s Key E 0 Old ticket remains valid t Can impersonate Alice to communicate with Bob using the ticket C1 Even after Alice changes her key 3 I Add two initial messages to fiX 0 1 Alice 9 Bob Hello E QEQQQQ 0 2 Bob 9 Alice KBNB NB made part of the ticket Bob knows Alice must just be authenticated by El Eli OtwayRees Ell l Alice a Bob NC Alice Bob KANA NC Alice Bob l Bob 9 KDC KANANC Alice Bob KBNBNC Alice Bob F 0 KDC uses NC to authenticate Bob I KDC a Bob NC KANAKAB KBNBKAB E 0 Ensure that both KDC and Bob are legit l Bob a Alice K AN A K AB ticket l Alice 9 Bob KABs0meIhing readable Nonce Types l A nonce is a quantity which any given user of a protocol uses only once 0 Timestamp 0 A large random number E1 0 Sequence number l Predictableguessable E QEQQQQ I How to generate gmgn Random Numbers 0 Number of bytes encrypted or decrypted using a secret key a a 3 l Truly random numbers are hard to 2 have generate I Use a pseudorandom number generator 7 gquot 0 Can be made as good as a source of true random l L numbers if it can be provrded With an adequately L3 unguessable seed ii E g hash together all sources of randomness you can nd keystroke timing disk seek times packet arrival git statistics etc I l 3 I a Performance Cons1deratlons n A in l Metrics to be cons1dered B E 0 Number of cryptographic operations using a 139 private key 7 0 Number of cryptographic operations using a public key F H L L EDI mggggg 0 Number of bytes to cryptographically hashed 0 Number of messages transmitted Public Key Algorithms CS 4237 Modular Arithmetic l Public key algorithms are based on modular arithmetic l Modular addition I Modular multiplication l Modular exponentiation Modular Addition l Addition modulo mod K 9 Poor cipher With dkdm mod K e g if KlO and dk is the key I Additive inverse addition mod K yields 0 l Decrypt by adding inverse Modular Multiplication l Multiplication modulo Multiplicative inverse multiplication mod K yields 1 I Only some numbers have inverse I Use Euclid s algorithm to nd inverse 0 Given x n it nds y such that xrgt1lty mod n 1 I Only the numbers relatively prime to n Will have mod n multiplicative inverse Totient Function l x m relative prime no other common factor than 1 l Totient mction Q01 number of integers less than n relatively prime to n o if n is prime annJ1 if 39 np q and p q are distinct primes anp 1 611 Modular Exponentiation l xy mod n xy modem mod n l ify 1 mod n then xy mod n x mod n RSA Rivest Shamir Adleman I The most popular public key algorithm I Support both public key encryption and digital signature I Assumptiontheoretical basis 0 Factoring a big number is hard I Variable key length usually 512 bits I Variable pliainteXt block size 9 Plaintext must be smaller than the key o C iphertext block size is the same as the key length What Is RSA I To generate key pair 0 Pick large primes 256 bits each p and q 9 Let n pq keep your p and q to yourself 9 For public key choose 6 that is relatively prime to Mn 091 q1 let pub lte 17gt o For private key nd d that is the multiplicative inverse of 6 mod Mn ier 9 1 mod Mn let priV ltdn gt HOW Does RSA Work I Given pub lt6 ngt and priv ltd 71gt o encryption c me mod n m lt n 9 decryption m c d mod n 9 signature 5 md mod n m lt n 9 veri cation m S6 mod n Why Does RSA Work I Given pub lt6 ngt and priv ltd ngt 9 n p 61 Wt pI 611 0 erd 1 mod Mn 0 x67 x mod n 0 encryption c me mod n 0 decryption m Cd mod n me mod n m mod n m sincem lt n 9 digital signature similar Why Is RSA Secure l Factoring 512bit number is very hard I ut if you can factor big number n then given public key ltengti you can nd d hence the private key by 0 Knowing factors 19 q such that n p kq 0 Then Mn 091q1 0 Then 0 such that 9 1 mod Mn Dif eHellman Key Exchange l Shared key public communication I No authentication of partners I What s involved 9 p is a prime about 512 bits and g lt p 19 and g are publicly known Dif eHellman Merkle Key Exchange l Procedure m pick secret Sa randomly pick secret Sb randomly compute T Ag a mod p compute T B ng mod 1 send T A to Bob send T B to Alice compute T350 mod p compute T AS mod p Alice and Bob reached the same secret 5 mod which is then used as the shared key DH Security Discrete Logarithm Is Hard l T mod p l Ccnj ecture given T p it is extremely hard to compute the Value of s discrete logarithm Dif eHellman Scheme l Security factors 0 Discrete logarithm Very dif cult 9 Shared key the secret itself never transmitted l Disadvantages o EXpensiVe exponential Operation DoS possible 6 The scheme itself cannot be used to encrypt anything it is for secret key establishment o No authentication so yOu can not sign anything Bucket Brigade AttackMan In The Middle Alice Trudy Bob gSal23 ng 2654 81 2255 123 gt 654 gt lt654 lt255 6 545 l 2355C 215559626 5 43b I dey plays Bob to Alice and Alice to Bob n DH was subject to active maninthe middle attack because their public keycomponent was intercepted and substituted Phone book mode allows everyone to generate the public keycomponent in advance and publish them through other reliable means e g ltTBgt for Bob 7 All communicating parties agree on their common ltg pgt Q l EU Cl 9 9 gig Web Security 1 3 CS 4237 IQ H E3 51 Q U Q U U i E a How the Web Works HTTP E l Hypertext transfer protocol http 7 l Clients request documents or scripts through URL C g l Server response With documents E l Documents are not interpreted by http g l Stateless protocol request are independent U E DJ E 9 How the Web Works Other g D Elements a l Hypertext markup language html l Other application specific document F O EG MIME graphics videoaudio postscript Java 9 applets etc f l Browsers 9 Display html documents and embedded graphics E 9 Run Java program 9 Start helper applications Ll a o 391 n 1 Eli rm 3 Web Vulnerabrlrtres r3 9 l httpWWWW3orgSecurrtyFaq E l Revealing private information on server l Intercept of client information E fi l Execute unauthorized programs i l Denial of service 1 D D I Cl U m 3 El IQ Q U u u u u u Web Vulnerab111t1es cgibm Ca E l cgibin serverside includes C I If random arguments are allowed l Web server program should run under a iFj particular UID eg WWW nobody E E3 54 DJ E D E E9 3 Web Secur1ty g l Authentication g 0 Basic username password f Can be used along With cookie i 0 Digest l Access control Via addresses l Multilayered Lquot 0 S http secure http just for http Proposed by CommerceNet pretty much dead g o SSL TLS generic for TCP https http over SSL St 0 lPSec Ea EQ EE HTTP Authentication Basic E Ell a l Client doesn t know which method l Client attempts access GET PUT normally l Server returns Er 0 401 unauthorized 0 Realm protection space E l Client tries again with userzpassword 0 Passwords in the clear 9 0 Repeated for each access PDQ From Basic Authentication to Forms and Cookies D I Not all sites use basic authentication i l Many instead ask the user to type usemamepassword into a HTML form l Server looks up the user and sends back a cookie l The browser client resends the cookie on QEQQQQ subsequent requests 5 HTTP Access Control Digest E l Server sends WWWauthenticate parameters 0 Realm 0 Domain 0 Nonce new for each 401 response f EG HclientIPtimestampserversecret 395 0 Algorithm 5 EG MD5 54 Ele o n n 9 HTTP Access Control Digest 7 at E g l Cllent sends authorlzatlon response 5 0 Same nonce IF 0 HAl Where Al userrealmpassword and other information A E Z 0 Steal HAl 3 Only good for realm Ll Cl i m gg EQ Q 5 Web Server Access Configuration l httphoohooncsauiucedudocstutorials userhtml l htaccess per directory H l Global con guration file accessconf 39539 D E 51 ETAJ Q U U SSL OverVIew Q g I For any TCP protocol HTTP https port 443 NNTP telnet etc 21 0 Secure byte stream l Optional but common public key server authentication 3 l Optional client authentication l Hash combined MD5 and SHA a l Encryption optional I Now TLS IETF WG 9Q EQ QEEE Q l SSL Architecture l Two layers a 0 SSL record protocol provides basic security f3 services 0 3 higherlayer protocols E Handshake change cipher spec alert E l Connection i 0 A transport with some service associated with a session l Session 0 Created by handshake defines cryptographic E3 security parameters for multiple connections 6 m Eli W Sessmn and Connection 4 m g l Sess10n parameters 0 ID peer certificate compression method cipher spec master secret is resumable l Connection parameters 0 Server and client random server write MAC i secret client write MAC secret server write key client write key IV sequence number m D mggggg g IJJ 5 SSL Record Protocol l 2 services 0 Confidentiality message integrity l Layered protocol 0 Fragment application data into blocks 7 gquot 0 Compress data M 0 Apply message authentication code MAC 53 hms for message m and secrets 3 0 Encrypt with client cw or server sw write key El 0 Transmit over TCP l Spec1fy content type for higher protocols F9 3 Handshake Protocol g l Establish security capabilities E 0 Protocol version session ID cipher suite E compression method IV l Server authentication and key exchange E 0 Send certificate key exchange request client ff certi cate L l Client authentication and key exchange 0 Send certificate key exchange certificate l i verification Ll l Finish raga EE 5g CryptographIC ComputatIOns m a E l Master secret creation 0 A premaster secret is exchanged first RSA or Di ieHellman 0 Both sides compute master secret based on Ff premastersecret f l Generation of cryptographic parameters E 0 ClienUserver write MAC secrets client server write keys clienU server write IV are generated from master secret I 1 iii u Crypto graph1c Computat10ns Cf g Details 1 a l Client generates a 48byte premaster i secret Sp l Master secret o smMDSspSHA A sprcrs MDSspSHA BB sprcrs 543 lDSspSHA CCC sprcrs i 0 Where rC S client server random QEQQQQ