How to apply OpenSSL for

the Implementation of TLS

1.2
TEAM MEMBERS:
Ch. NISHANTH – 180330015
J.PARTHASARATHY – 180330141
P. PAVAN ARSH - 180330157
Secure Socket Layer

OpenSSL is most widely

used protocol for secure
The most popular among
network connection which
the available versions of
in turn gives privacy and
SSL/TLS is OpenSSL.
security between two
different applications.
The reason behind in choosing
OpenSSL.

The main motto of TLS - Encryption. - Authentication. - Integrity.

protocol is to follow the
below 3 protocols:
 Integrity can be referred to as the
accuracy and completelness of
data.
Integrity
TLs provies integrity by ensuring
that data sent is real by a user and
also protected some attacks like
phishing attack,etc.
Concepts involved

Interoperabilit
Extensibility.
y
The problem statement

TO IDENTIFY CRYPTOGRAPHIC FLAWS FIXING THESE ERRORS/FLAWS FROM

AND FIXING THOSE ERRORS. PREVIOUS VERSIONS OF THE
SOFTWARE.
Methodology
TLS Introduction:

The TLS protocol enhances communications and its security over the Web. The protocol allows
client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering,
or message forgery.
 OpenSSL is a free, full-featured SSL implementation currently available

Open SSL
for use with the C and C++ programming languages. OpenSSL is
essentially two tools in one: a cryptography library and an SSL toolkit.
 Certificate in TLS
SSL/TLS X.509 certificates are digital files that are used for Secure Sockets Layer (SSL) or Transport
Layer Security (TLS). An SSL/TLS certificate is one of the most popular types of X.509 certificates or a
type of public-key certificate which uses the X.509 standard. X.509 certificates contain a public key and the
identity of a hostname, organization, or individual.

.
Handshake Protocol
The cryptographic parameters of the session state are International Journal of Advanced Computer produced
by the TLS Handshake Protocol which uses messages to negotiate the cipher suite and authenticate the
server to the client and to exchange information for building the cryptographic secrets.

Handshake Protocol:

The TLS Handshaking consists of 4 steps

TLS 1.2 comparison with TLS 1.1
The main differences between TLS1.2 & TLS1.1:

Specification of hash and signature algorithms by the clients and servers.

TLS 1.2 protocol contains improved flexibility, particularly in negotiation of cryptography algorithms.

Cipher-Suite specific hash algorithms as an option were introduced in SHA-256 which replaced MD5-
SHA-1 in the finished message.

Encrypted PreMasterSecret version numbers verification.

Key Algorithms used
DES The ancient Data Encryption Standard, with 56 bits keys.

3DES Triple DES, which is equivalent to a 168 bit keys.

RC2 Ancient and insecure Rivest Cipher v2, with 40 bit keys.

AES128 Modern Advanced Encryption Standard, with 128 bit keys.

AES256 Modern Advanced Encryption Standard, with 256 bit keys.

Different types of certificates and PRF
used in TLS
1) SHA256 is implemented in the cryptography library. For SSL corresponding ID and cipher needs to be
supported.

2) While using TLS1.2 the PRF function should use SHA256.

3) New TLS1.2 ciphersuite based on SHA256 should be added.

4) Protocol negotiation should now include TLS1.2 version checking

Functional and Non-Functional
requirements.
Functional requirements:

1) Error management:

2) Traffic control:

3) End-to-End Encryption:
Functional and Non-Functional
requirements
Non-Functional requirements:

1) Security.

2) Performance.

3) Reliability.

4) Usability.

5) Maintainability.

6) Concurrency.
Implementation
1)Initializing the OpenSSL Library
Int SSL_Library_init(void)

2)We’ll define constructor for the SSLv2 using SSL_METHOD structure for combined client and server

*SSLv23_method(void)
3)SSL_CTX object is created as a framework to establish TLS/SSL connection.

SSL_CTX_NEW(SSL_METHOD* method)

4)We need to create a TCP socket Connection

imp=accept(s,(structsockaddr*)&form,(void*)&len);
5)We create a new SSL Structure which is needed to hold the data for a TLS/SSL connection. This is also called
context structure.

SSL *SSL_new(SSL_CTX *ctx)

Implementation
6)We need our certificate and private key into the context connection.

SSL_CTX_use_certificate_chainfile(ctx,keyfile);

SSL_CTX_usecertificate_file(ctx,keyfile,SSL_FILETYPE_PEM);

7)We also need to set the descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl, fd will
typically be the socket file descriptor of a network connection.

8)Start creating I/O Abstraction for the socket

Sbio = BIO_new_socket((int) serverSocket, BIO_NOCLOSE);

9)After calling the fd descriptor it checks whether it’s a client or server application

10)If it’s a server application

int SSL_accept(SSL *ssl) – waits for TLS/SSL client to initiate handshake

Implementation
11)If it’s a client application

int SSL_connect(SSL *ssl) – initiates TLS/SSL handshake with the server

12)After the successful initiation of handshaking, to write data

int SSL_write(SSL *ssl, count void *buf, int num)

13)To read data after handshaking

int SSL_read(SSL *ssl, count void *buf, int num)

14)To send a close signal to the connection

int SSL_shutdown(SSL *ssl)

15)To close the connection and free the context

int SSL_free(SSL *ssl)

 Bleichenbacher’s attack:

It’s a padding oracle attack, and it exploits RSA

ciphertexts to decrypt

DROWN Attacks:
Research
Cross-protocol DROWN attack that uses an
Issues SSLv2 server as an oracle to efficiently decrypt
TLS connections. The attacker learns the
session key for targeted TLS connections but
does not learn the server’s private RSA key.
Literature Survey
The below links have been used for research of our concerned work:

https://tools.ietf.org/html/rfc5246 - TLS 2.0

https://www.ietf.org/rfc/rfc2246.txt S 1.0 – TLS 1.0

https://tools.ietf.org/html/draft-hickman-netscape-ssl-00 - SSL Protocol

https://drownattack.com/drown-attack-paper.pdf - Breaking TLS using SSlv2

https://eprint.iacr.org/2013/049.pdf - TLS Attacks

https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf - Pandora’s box

https://arxiv.org/pdf/1407.2168.pdf - TLS Hardening

https://prosecco.gforge.inria.fr/personal/karthik/pubs/cryptographically-verified-implementations-for-tls-ccs08.pdf - Cryptographically Verified Implementation TLS

https://prosecco.gforge.inria.fr/personal/karthik/pubs/cryptographically-verified-implementations-for-tls-tissec.pdf - Verification of TLS

Literature Survey
The books that are used in research of our concerned work:

A Survey on TLS 1.0 By Jim Roskind,Michael Sabin,Dan Simon,Tom Weinstein & Tim Wright.

Cryptographic Strength of SSL/TLS Servers: Current and Recent Practices By Homin K. Lee ,Tal Malkin &Erich
Nahum.

Lessons Learned From Previous SSL/TLS Attacks A Brief Chronology Of Attacks And Weaknesses By
Christopher Meyer & Jorg Schwenk.

A Comprehensive Survey on SSL/ TLS and their Vulnerabilities By Ashutosh Satapathy &Jenila Livingston L.
M.
Thank you.