Secure Sockets Layer
CS6204 - Java and the
WWW
CS4244 - WWW: The Underlying
Technology
Reference:
-
Calin Groza, "WWW
Security," in WWW Beyond
the Basics, Chapter 18.3.
-
"SSL 3.0", http://home.netscape.com/eng/ssl3/index.html,
1996.
(accessed June 11, 1997)
-
SSL, 1996, Secure
Sockets Layer Discussion FAQ, http://www.faqs.org/faqs/computer-security/ssl-talk-faq
(accessed Nov. 13, 2000).
-
E. Rescorla, A. Schiffman, The
Secure HyperText Transfer Protocol, IETF Internet Draft, August 1999.
-
L. Stein, How to Set up and Maintain a Web Server, 2nd. ed., 1997,
pp. 746-747.
-
Netscape, How
SSL Works (accessed Nov. 13, 2000).
Introduction
Features
-
SSL gives application programmer familiar socket interface, with cryptography
added transparently.
-
SSL lies between application and transport protocols to create secure and
reliable communication.
-
SSL is an open, nonproprietary protocol.
-
SSL has been submitted to W3C working group on security for consideration
as a standard
Current protocol version is 3.0.
Goals
-
Cryptographic security
-
Interoperability: SSL3.0 client from company A should work with SSL3.0
server company B
-
Extensibility:
-
"provide framework into which new public key and bulk encryption methods
can be incorporated as necessary"
-
avoids need to implement entirely new API when new cryptographic methods
are developed.
-
Permits efficiency: Implementation of SSL can minimize CPU and network
use:
-
Try to use private key encryption for normal data transit, rather than
public key.
-
Optionally cache sessions to reduce connection establishment time
Basic Properties
-
No one can eavesdrop on connection. Encryption is used after an initial
handshake to define cryptographic protocol. Secret-key cryptography is
used for data encryption (e.g. DES, RC4, etc.).
-
No one can modify messages sent over connection. Message transport includes
message integrity check using secure hash functions (e.g. SHA, MD5).
-
You can authenticate who you're connected to. Peer's identity can be authenticated
using public-key cryptography (e.g., RSA, DSS).
Two Parts to SSL
-
SSL Handshake Protocol establishes secure channel.
-
SSL Application Data Protocol is used to exchange data over channel.
SSL Handshake Protocol
SSL creates an agreement between client and server on set of cryptographic
protocols, algorithms and parameters used for communication between them.
The protocol consists of a sequence of steps:
1. Client Hello
Client sends to server the message:
ClientHello(CipherSuite[], CompressionMethod[], ClientRandom)
One CipherSuite defines three encryption protocols:
-
key-exchange protocol: RSA, Diffie-Hellman
-
secret-key encryption algorithm: null, RC4, RC2, DES, DES40, fortezza
-
cryptographic hash algorithm: null, MD5, SHA
Note: Use of random key helps prohibits an eavesdropping attacker
from replaying past message.
2. Server Hello
Server selects cipher suite and compression method, and informs client
of decision by sending:
ServerHello(CipherSuite, CompressionMethod, ServerRandom)
Remaining protocol is used to agree on secret keys.
3. Key Exchange
Two cases:
-
Server has certificate - so server sends to client certificate containing
its public key:
ServerCertificate(Certificate)
The certificate contains the server's public key,
which is used in the response message shown below.
However, the client won't use the server's public key for encryption
of subsequent data.
-
Instead, client generates 48 byte (time + random) master secret
of this session.
-
Future keys during session are generated from master secret. Random data
is used to prevent an attacker from eavesdropping on the network, and then
replaying a past transmission!
Client then sends master secret to server:
encrypt(MasterSecret) using ServerPublicKey
-
Server does not have a certificate:
Server initiates key-exchange protocol, (e.g., Diffie-Hellman). After
exchange of three messages, server and client have the master secret. Based
on master secret both parties create keys used in communication.
4. Finished
Client and server send to each other the digest of all messages
sent so far and master-secret:
-
Client to Server:
-
hash(AllMessagesSentByClient + MasterSecret)
-
Server to Client:
-
hash(AllMessagesSentByServer + MasterSecret)
SSL Application Data Protocol
-
Client sends a request to server as follows:
encrypt(ClientRequest + hash(ClientRequest+MasterSecret)) using ClientWriteKey
Example:
encrypt("Transfer $100 to my savings account"
+ hash("Transfer $100 to my savings account" + MasterSecret))
-
Server decrypts request, prepares the response, and sends it to client
as follows:
encrypt(ServerResponse + hash(ServerResponse))
using ServerWriteKey
Alternative: S-HTTP
Secure HTTP is an alternative
to SSL.
SHTTP was proposed in 1994 by Enterprise Integration Technologies (EIT)
and later adopted by CommerceNet, a coalition of businesses interested
in commerce on the Internet.
SHTTP only works with HTTP, in contrast to SSL.
SHTTP is implemented in few (lesser known) browsers and servers.
Another Protocol: S/MIME
-
Provides secure electronic mail
-
Developed by RSA
-
E-mail clients (e.g., Netscape) must implement S/MIME protocol
-
S/MIME offers users the following features:
-
message privacy
-
digital signatures
-
tamper detection
-
interoperability among vendors/platforms
-
seamless integration: decryption is transparent to user reading mail; encrypting
mail you send is achieved by clicking a button
Last modified by abrams@vt.edu
on 13 November 2000.