Secure Socket Layer & Transport Layer Security: 5/30/2015 Prof. N Ravi, Jerusalem College of Engineering 1

SSL & TLS
Secure Socket Layer & Transport Layer Security
5/30/2015
Prof. N Ravi, Jerusalem College of Engineering
SECURITY IN MANY LAYERS
HTTP
FTP
SMTP
FTP
TCP
IP
ESP
IP
Network approach
Transport approach
SET
S-HTTP
PGP
S/MIME
HTTP
TCP
IP
Application approach
5/30/2015
SMTP
SSL/PCT/TLS
TCP
AH
HTTP
FTP
SMTP
TCP
IP
Presentation approach
SSL & TLS

SSL was first developed by Netscape in 1994 and
became an internet standard in 1996 ( RFC 2246
TLS V1.0)
SSL is a cryptographic protocol to secure network
across a connection-oriented layer
Any program using TCP can be modified to use
SSL connection
5/30/2015
SSL & TLS

SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
SSL is flexible in choice of which symmetric
encryption, message digest, and
authentication can be used
SSL provides built in data compression
5/30/2015
SSL & TLS

Authenticate the server to the client
Allow the client and server to select cryptographic
algorithms, or ciphers, that they both support
Optionally authenticate the client to the server
Use public key encryption techniques to generate
shared secret
Establish an encrypted SSL connection
5/30/2015
SSL & TLS

SSL is a secure protocol which runs above TCP/IP
and allows users to encrypt data and authenticate
servers/vendors identity securely
HTTPS
FTPS
SMTPS
Application
layer
SECURE SOCKETS LAYER
Transport
layer
TCP/IP layer
5/30/2015
SSL & TLS
SSL
Handshake
Protocol
SSL Change
Cipher Spec
Protocol
SSL Alert
Protocol
HTTP
SSL Record protocol
TCP
IP
5/30/2015
SSL & TLS

SSL RECORD LAYER
APPLICATION DATA
FRAGMENT
FRAGMENT
FRAGMENT
COMPRESS
COMPRESS
ADD MAC
ENCRYPT
SSL -RH
5/30/2015
ENCRYPT
SSL & TLS - SSL Record Format

Major
Version
Minor
Version
Compressed
Length
PLAIN TEXT (OPTIONALLY COMPRESSED)
ENCRYPTED
Content
Type
MAC
5/30/2015
SSL & TLS

SSL handshake verifies the server and allows client and server to agree
on an encryption set before any data is sent out
Server
Public
key
Private
key
Client
request
Client
Public key
5/30/2015
10
SSL & TLS SSL SESSION KEY
Server
Private
key
Public
key
PreMaster
Session key
PreMaster
Client
Public key
5/30/2015
Pre-Master
Session key
11
SSL & TLS SSL SECURE DTA ON NETWORK
Server
Private
key
Public
key
Session
key
Data
Session key
Data
Data
Client
Data
5/30/2015
Session key
Data
12
SSL & TLS Man-in-Middle Attack
Server
Private
key
Public
key
Public
key
Session
key
Premaster
Hacker
Private
key
Public
key
Public
key
Session
key
Premaster
PrePublic
master
key
Client
Public key
5/30/2015
Pre-master
13
SSL & TLS SSL Hand-Shake Protocol

Client hello
Server hello
Present Server Certificate
*Request Client Certificate
Server Key Exchange
Client
Client Finish
*Present Client Certificate
Client Key Exchange
*Certificate Verify
Change Cipher Spec
Server Finish
Change Cipher Spec
Server
Application Data
5/30/2015
14
SSL & TLS SSL Alert Protocol

Explain severity of the message and a description
fatal
Immediate termination
Other connections in session may continue
Session ID invalidated to prevent failed
session to open new sessions

Alerts are compressed same as other data
5/30/2015
15
SSL & TLS Change Cipher Spec Protocol
Notify the other party to use the new

cipher suite
Before the Finished message
5/30/2015
16
SSL & TLS

The differences between the two protocols are very minor and
technical, but they are different standards. TLS uses stronger encryption
algorithms and has the ability to work on different ports. Additionally,
TLS version 1.0 does not interoperate with SSL version 3.0.
Netscape originally developed the SSL (Secure Sockets Layer)
protocol to transmit information privately, ensure message integrity, and
guarantee the server identity. SSL works mainly through using
public/private key encryption on data. It is commonly used on web
browsers, but SSL can also be used with email servers or any kind of
client-server transaction. For example, some instant messaging servers
use SSL to protect conversations.
The Internet Engineering Task Force (IETF) created TLS
(Transport Layer Security) as the successor to SSL. It is most often used
as a setting in email programs, but, like SSL, TLS can have a role in any
client-server transaction.
5/30/2015
17
5/30/2015
18

Secure Socket Layer & Transport Layer Security: 5/30/2015 Prof. N Ravi, Jerusalem College of Engineering 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secure Socket Layer & Transport Layer Security: 5/30/2015 Prof. N Ravi, Jerusalem College of Engineering 1

Uploaded by

Copyright:

Available Formats

SSL & TLS