Scribd
Upload
35 views29 pages

HTTPS Protocolo2021

HTTPS Protocol uses SSL/TLS to secure HTTP communications by encrypting traffic, verifying server identity through certificates, and detecting message tampering. During an online transaction, SSL/TLS establishes an encrypted channel between the client and server by first performing a handshake where they negotiate encryption parameters and authenticate the server. Symmetric encryption keys are then derived from a shared secret to encrypt messages and integrity checks are done using message authentication codes to prevent tampering. This ensures confidentiality, integrity, and authenticity of the user's communication with the server.

Uploaded by

HuidoQuinoQuino
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views29 pages

HTTPS Protocolo2021

HTTPS Protocol uses SSL/TLS to secure HTTP communications by encrypting traffic, verifying server identity through certificates, and detecting message tampering. During an online transaction, SSL/TLS establishes an encrypted channel between the client and server by first performing a handshake where they negotiate encryption parameters and authenticate the server. Symmetric encryption keys are then derived from a shared secret to encrypt messages and integrity checks are done using message authentication codes to prevent tampering. This ensures confidentiality, integrity, and authenticity of the user's communication with the server.

Uploaded by

HuidoQuinoQuino
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

HTTPS Protocol

Applications of TCP/IP network


Xiaolan Tang
An example of online transaction

HTTP request
Amy Web server
HTTP response www.taobao.com

 Without encryption, an intruder may obtain the payment information,


and pay with Amy’s card

 Without integrity check, an intruder may modify Amy’s order to


make her buy 10 times of the products that she needs

 Without the server authentication, the website Amy is visiting may


be a phishing website that steals Amy’s money or information

Page 2
Question

When you use online shopping or banking,


what protocol is in the URL?

HTTPS, e.g., https://www.taobao.com/

HTTP + SSL

Page 3
Outline
1. Secure socket layer (SSL)
2. A simplified version of SSL
3. Details in SSL
4. SSL certificate

Page 4
Secure socket layer (SSL)
 Secure socket layer (SSL)
 Originally specified in the 1990s by Netscape
 The first widely used protocol for securing online transactions
 A secure TCP protocol for HTTP and other applications
 Encryption, integrity, and server and client authentication

 Transport layer security (TLS)


 In 2015, TLS replaced SSL 3.0
 In 2018, TLS 3.0 is released (the current version)

Page 5
SSL in TCP/IP protocol suite
Application
program
SSL socket Application layer
Application
SSL sub layer
program
TCP socket TCP socket

TCP TCP

IP IP

TCP API TCP enhanced with SSL

Page 6
Outline
1. Secure socket layer (SSL)
2. A simplified version of SSL
3. Details in SSL
4. SSL certificate

Page 7
A simplified version of SSL

Bob
Amy a server with private
key, public key, and
certificate

Three phrases of SSL


 Handshake
 Key calculation
 Data transfer

Page 8
1. Handshake

What Amy (client) should do

 Create a TCP connection with Bob


 Verify whether Bob is a real Bob (server authentication)
 Send a Master Secret (MS) to Bob
 Used to generate the symmetric keys for the session between
Amy and Bob

Page 9
1. Handshake (continued)
Bob
Amy a server with private
key, public key, and
certificate
Create TCP
connection

Verify Bob
Calculate and
send MS
Get MS by decrypting
EMS with KA-
time time

Page 10
2. Key calculation

For Amy (client) and Bob (server), it is more secure to use


different keys than a unique secret MS
 EA: a key to encrypt the data from Amy to Bob
 MA: a MAC (Message Authentication Code) secret to check the
integrity of data from Amy to Bob
 EB: a key to encrypt the data from Bob to Amy
 MB: a MAC secret to check the integrity of data from Bob to Amy

Amy and Bob both generate four keys (EA, MA, EB, MB)
from the master secret MS

Page 11
3. Data transfer

What to encrypt and when to check integrity?

TCP byte stream is divided into several data


fragments, encrypt “data fragment + MAC”

Page 12
3. Data transfer (continued)

data

data data
MAC MAC
fragment fragment

record encrypted record encrypted


header data and MAC header data and MAC
Record Record

Page 13
3. Data transfer (continued)

Amy Bob

Jack, a man in the middle,


insert, delete or replace TCP segments

Attack: Jack reverses the order of two segments by changing


sequence numbers (each encapsulates one record)
 Bob: TCP layer cannot detect, passes two records to SSL
 SSL decrypts the records, and uses MAC to check integrity
 SSL passes byte stream to application layer; error is detected!

Page 14
3. Data transfer (continued)

Amy Bob

Jack, a man in the middle,


insert, delete or replace TCP segments

Solution: a new sequence number


 Amy has a sequence number, initialized with 0
 After sending a SSL record, add 1 to the seq num
 MAC = hash (data, MA, seq num)
 Bob uses seq num to compute MAC and check integrity

Page 15
SSL record
SSL record protocol

type version length data MAC

Encrypt with EX
 NOT encrypt: type, version, length
 type: a handshake message or application message,
SSL connection closure
 version: SSL version
 length: the receiver extracts SSL record from TCP byte stream

Page 16
Outline
1. Secure socket layer (SSL)
2. A simplified version of SSL
3. Details in SSL
4. SSL certificate

Page 17
SSL handshake
SSL handshake protocol

1. The client sends a list of encryption algorithms (cipher suites) that it


supports and client nonce (a random value) to the server
2. The server selects one symmetric encryption algorithm (e.g., AES),
one public-key algorithm (e.g., RSA with a specific length of key),
and one MAC algorithm. It sends the choice, the certificate and
server nonce to the client
3. The client verifies the certificate, extracts the public key of the server,
and generates a Pre-Master Secret (PMS). PMS is encrypted with
the server’s public key and sent to the server

Page 18
SSL handshake (continued)

4. The client and the server calculate the Master Secret (MS) from
PMS, respectively, and then get two encryption keys and two
MAC secrets from MS. After this, all the messages between
client and server are encrypted and authenticated

5. The client sends a MAC for all the handshake messages


6. The server sends a MAC for all the handshake messages

Protect the handshake messages from modification

e.g., An attacker eavesdrops and modifies the encryption algorithm list in Step 1

Page 19
Why to use the random nonce?

1. Jack sniffs all the messages between Amy and Bob


2. The next day, Jack sends the same messages to Bob by pretending
to be Amy
 Without the nonce, Bob sends the same responses. All the
messages pass the integrity check. Bob thinks Amy made a new
order for the same thing with that in the previous day.
 With the nonce, the keys in the two days are different, and the SSL
records from Jack will fail the integrity check.

Nonce: prevent “connection replay attack”;


Sequence number: prevent insertion, deletion and replacement of TCP segments

Page 20
SSL connection closure

Amy Bob

 Amy closes the TCP connection by sending TCP FIN segment


 Truncation attack: Jack (a man in the middle) sends TCP FIN to close
SSL connection between Amy and Bob too early
 Solution: type field in SSL record
 Type field is not encrypted, but the receiver authenticates it with MAC
MAC = MAC(data, Mx, seq num, type)

Page 21
Some implementations of SSL

 OpenSSL (http://www.openssl.org/)
 A free, open-source implementation of SSL

 Apache-SSL (http://httpd.apache.org/docs/current/ssl/index.html)
 A secure Webserver, based on Apache and OpenSSL

 SSLeay (http://www.ssleay.org/)
 A free implementation of Netscape’s Secure Socket Layer

Page 22
Outline
1. Secure socket layer (SSL)
2. A simplified version of SSL
3. Details in SSL
4. SSL certificate

Page 23
SSL certificate

 A key pair: a public and a private key


 Goal: establish an encrypted connection
 The public key is made public by distributing it widely; the private
key is always kept secret
 Data encrypted with the public key can be decrypted only with
the private key, and vice versa
 Contain the “subject,” the identity of the certificate/website owner

Page 24
SSL certificate (continued)

 How to get a SSL certificate


 Create a Certificate Signing Request (CSR) on your server,
including a private key and public key
 Send the CSR data file containing the public key to the SSL
Certificate issuer (called a Certificate Authority or CA)
 The CA uses the CSR file to create a data structure to match
your private key without compromising the key itself

Page 25
SSL certificate (continued)

 How to install a SSL certificate


 Install the SSL certificate on your server
 Install an intermediate certificate that ensures the credibility of
your SSL certificate by tying it to your CA’s root certificate
 The installing and testing of SSL certificate may be different for
different servers

Root Intermediate Server


certificate certificate certificate

Page 26
Summary

HTTPS = HTTP + SSL/TLS

 Secure socket layer (SSL)


 Encryption  Details in SSL
 Integrity  SSL handshake
 Authentication  SSL connection closure
 A simplified version of SSL  Implementations of SSL
 Handshake  SSL certificate
 Key calculation  A public and private key pair
 Data transfer  How to get and install it
 SSL record

Page 27
Questions

1. Tell the difference between HTTP and HTTPS protocols.


2. What are SSL and TLS?
3. What are the four keys for a client-server session by using SSL?
And how to get these keys?
4. What fields in SSL record are encrypted?

Page 28
Thanks!

工科类 20 号
教师:唐晓岚

Page 29

You might also like