An Introduction to SSL/TLS and Certificates

1
An Introduction to SSL/TLS and Certificates

• Providing secure communication over the Internet

Frederick J. Hirsch fjh_at_fjhirsch.com
2
CertCo Overview

• Background
• Established in 1996. Bankers Trust spinoff.
  Privately held.
• Mission
• CertCo provides secure and cost-effective
  business solutions that enable trust institutions
  to build a worldwide trust infrastructure to
  support high-value, secure electronic commerce.
• Expertise
• Cryptography, risk management, law, technology
  and banking.
• Location
• Headquarters New York City
• Regional Offices Cambridge (MA), Washington,
  DC, United Kingdom.

3
Outline

• Problem Creating applications which can
  communicate securely over the Internet
• TLS Transport Layer Security (SSL)
• Certificates
• Related technology S-HTTP, IPSec, SET, SASL
• References

4
Security Issues

• Privacy
• Anyone can see content
• Integrity
• Someone might alter content
• Authentication
• Not clear who you are talking with

5
TLS Transport Layer Security

• formerly known as SSL Secure Sockets Layer
• Addresses issues of privacy, integrity and
  authentication
• What is it?
• How does it address the issues?
• How is it used

6
What is TLS?

• Protocol layer
• Requires reliable transport layer (e.g. TCP)
• Supports any application protocols

7
TLS Privacy

• Encrypt message so it cannot be read
• Use conventional cryptography with shared key
• DES, 3DES
• RC2, RC4
• IDEA

8
TLSKey Exchange

• Need secure method to exchange secret key
• Use public key encryption for this
• key pair is used - either one can encrypt and
  then the other can decrypt
• slower than conventional cryptography
• share one key, keep the other private
• Choices are RSA or Diffie-Hellman

9
TLS Integrity

• Compute fixed-length Message Authentication Code
  (MAC)
• Includes hash of message
• Includes a shared secret
• Include sequence number
• Transmit MAC with message

10
TLS Integrity

• Receiver creates new MAC
• should match transmitted MAC
• TLS allows MD5, SHA-1

11
TLS Authentication

• Verify identities of participants
• Client authentication is optional
• Certificate is used to associate identity with
  public key and other attributes

12
TLS Overview

• Establish a session
• Agree on algorithms
• Share secrets
• Perform authentication
• Transfer application data
• Ensure privacy and integrity

13
TLS Architecture

• TLS defines Record Protocol to transfer
  application and TLS information
• A session is established using a Handshake
  Protocol

14
TLS Record Protocol
15
TLS Handshake

• Negotiate Cipher-Suite Algorithms
• Symmetric cipher to use
• Key exchange method
• Message digest function
• Establish and share master secret
• Optionally authenticate server and/or client

16
Handshake Phases

• Hello messages
• Certificate and Key Exchange messages
• Change CipherSpec and Finished messages

17
TLS Hello

• Client Hello - initiates session
• Propose protocol version
• Propose cipher suite
• Server chooses protocol and suite
• Client may request use of cached session
• Server chooses whether to honor request

18
TLS Key Exchange

• Server sends certificate containing public key
  (RSA) or Diffie-Hellman parameters
• Client sends encrypted pre-master secret to
  server using Client Key Exchange message
• Master secret calculated
• Use random values passed in Client and Server
  Hello messages

19
Public Key Certificates

• X.509 Certificate associates public key with
  identity
• Certification Authority (CA) creates certificate
• Adheres to policies and verifies identity
• Signs certificate
• User of Certificate must ensure it is valid

20
Validating a Certificate

• Must recognize accepted CA in certificate chain
• One CA may issue certificate for another CA
• Must verify that certificate has not been revoked
• CA publishes Certificate Revocation List (CRL)

21
X.509 Certificate Content

• Version
• Serial Number
• Signature Algorithm Identifier
• Object Identifier (OID)
• e.g. id-dsa iso(1) member-body(2) us(840) x9-57
  (10040) x9algorithm(4) 1
• Issuer (CA) X.500 name
• Validity Period (Start,End)

• Subject X.500 name
• Subject Public Key
• Algorithm
• Value
• Issuer Unique Id (Version 2 ,3)
• Subject Unique Id (Version 2,3)
• Extensions (version 3)
• optional
• CA digital Signature

22
Subject Names

• X.500 Distinguished Name (DN)
• Associated with node in hierarchical directory
  (X.500)
• Each node has Relative Distinguished Name (RDN)
• Path for parent node
• Unique set of attribute/value pairs for this node

23
Example Subject Name

• Country at Highest Level (e.g. US)
• Organization typically at next level (e.g.
  CertCo)
• Individual below (e.g. Common Name Elizabeth
  with Id 1)
• DN
• CUS
• OCertCo
• CNElizabeth, ID1

24
Version 3 Certificates

• Version 3 X.509 Certificates support alternative
  name formats as extensions
• X.500 names
• Internet domain names
• e-mail addresses
• URLs
• Certificate may include more than one name

25
Certificate Signature

• RSA Signature
• Create hash of certificate
• Encrypt using CAs private key
• Signature verification
• Decrypt using CAs public key
• Verify hash

26
TLS ServerKeyExchange

• Client
• ClientHello

• Server
• ServerHello
• Certificate
• ServerKeyExchange

27
TLS Certificate Request

• Client
• ClientHello

• Server
• ServerHello
• Certificate
• ServerKeyExchange
• CertificateRequest

28
TLS Client Certificate

• Client
• ClientHello
• ClientCertificate
• ClientKeyExchange

• Server
• ServerHello
• Certificate
• ServerKeyExchange
• CertificateRequest

29
TLS Change Cipher Spec, Finished

• Client
• ChangeCipherSpec
• Finished
• Application Data

• Server
• ChangeCipherSpec
• Finished
• Application Data

30
TLS Change Cipher Spec/Finished

• Change Cipher Spec
• Announce switch to negotiated algorithms and
  values
• Finished
• Send copy of handshake using new session
• Permits validation of handshake

31
TLS Using a Session

• Client
• ClientHello (Session )
• ChangeCipherSpec
• Finished
• Application Data

• Server
• ServerHello (Session )
• ChangeCipherSpec
• Finished
• Application Data

32
Changes from SSL 3.0 to TLS

• Fortezza removed
• Additional Alerts added
• Modification to hash calculations
• Protocol version 3.1 in ClientHello, ServerHello

33
TLS HTTP Application

• HTTP most common TLS application
• https//
• Requires TLS-capable web server
• Requires TLS-capable web browser
• Netscape Navigator
• Internet Explorer
• Cryptozilla
• Netscape Mozilla sources with SSLeay

34
Web Servers

• Apache-SSL
• Apache mod_ssl
• Stronghold
• Roxen
• iNetStore

35
Other Applications

• Telnet
• FTP
• LDAP
• POP
• SSLrsh
• Commercial Proxies

36
TLS Implementation

• Cryptographic Libraries
• RSARef, BSAFE
• TLS/SSL packages
• SSLeay
• SSLRef

37
X.509 Certificate Issues

• Certificate Administration is complex
• Hierarchy of Certification Authorities
• Mechanisms for requesting, issuing, revoking
  certificates
• X.500 names are complicated
• Description formats are cumbersome (ASN.1)

38
X.509 Alternative SDSI

• SDSI Simple Distributed Security Infrastructure
  (Rivest, Lampson)
• Merging with IETF SPKI Simple Public-Key
  Infrastructure in SDSI 2.0
• Eliminate X.500 names - use DNS and text
• Everyone is their own CA
• Instead of ASN.1 use S-expressions and simple
  syntax
• Name and Authorization certificates

39
TLS Alternatives

• S-HTTP secure HTTP protocol, shttp//
• IPSec secure IP
• SET Secure Electronic Transaction
• Protocol and infrastructure for bank card
  payments
• SASL Simple Authentication and Security Layer
  (RFC 2222)

40
Summary

• SSL/TLS addresses the need for security in
  Internet communications
• Privacy - conventional encryption
• Integrity - Message Authentication Codes
• Authentication - X.509 certificates
• SSL in use today with web browsers and servers

41
References - 1

• Engelschall, Ralph, mod_ssl, lthttp//www.engelscha
  ll.com/sw/mod_sslgt
• Ford, Warwick, Baum, Michael S. Secure Electronic
  Commerce, Prentice Hall 1997.
• Hirsch, Frederick J. Introduction to SSL and
  Certificates Using SSLeay, World Wide Web
  Journal, Summer 1997, lthttp//www.fjhirsch.com/www
  j/gt
• Hudson, Tim J, Young, Eric A , SSLeay and
  SSLapps FAQ, lthttp//www.psy.uq.oz.au/ftp/Crypto
  /gt
• Kaufman, Charlie, Perlman, Radia, Speciner,Mike
  Network Security PRIVATE Communication in a
  PUBLIC World, Prentice Hall, 1995.

42
References - 2

• Rivest, Ron, SDSI, lthttp//theory.lcs.mit.edu/cis
  /sdsi.htmlgt
• Stallings, William Cryptography and Network
  Security Principles and Practice, 2nd Edition,
  Prentice Hall, 1999.
• Wagner, David, Schneier, Bruce Analysis of the
  SSL 3.0 Protocol lthttp//www.counterpane.com/ssl.
  htmlgt
• Internet Drafts and RFCs lthttp//www.ietf.org/gt.
  Use the keyword search on TLS or SSL in the
  Internet Drafts section to find the TLS Protocol
  specification and other relevant documents.
• PKCS standards lthttp//www.rsa.com/rsalabs/pubs/P
  KCS/gt

43
References - 3

• Microsoft Security Documents lthttp//www.microsoft
  .com/workshop/security/contents.htmgt
• Netscape Security Documents lthttp//www.netscape.c
  om/eng/security/gt

44
http//www.fjhirsch.com/fhirsch/SSL/