Telecom and Networks Department

Faculty of Information Technology

Misurata University

CN 316
Networks Security

Security at the Transport Layer

Fall 2024/2025

Transport layer security

Location of SSL and TLS in the Internet model (TCP/IP)

Secure Sockets Layer (SSL)

Transport Layer Security (TLS)
Fall 2024/2025

CN316: Networks Security 1

Telecom and Networks Department

Processes communicating

process: program running clients, servers

within a host client process: process that
 within same host, two initiates communication
processes communicate server process: process
using inter-process that waits to be contacted
communication (defined by
OS)
 processes in different hosts
communicate by exchanging
messages

Fall 2024/2025

Sockets
 process sends/receives messages to/from its socket
 socket similar to door
◦ sending process shoves message out door
◦ sending process relies on transport infrastructure on other
side of door to deliver message to socket at receiving
process

application application
socket controlled by
process process app developer

transport transport
network network controlled
link by OS
link Internet
physical physical

Fall 2024/2025

CN316: Networks Security 2

Telecom and Networks Department

Addressing processes

 to receive messages,  identifier includes both IP

process must have identifier address and port numbers
 host device has unique 32- associated with process on
bit IP address host.
 Q: does IP address of host  example port numbers:
on which process runs ◦ HTTP server: 80
suffice for identifying the ◦ mail server: 25
process?  to send HTTP message to
▪ A: no, many processes http: // it.misuratau.edu.ly
can be running on same web server:
host ◦ IP address: 128.119.245.12
◦ port number: 80

Fall 2024/2025

If you are asked to design a secure

transport layer…

 What security services are desirable?

◦ Server authentication: to be sure that the server
belongs to the actual vendor, not an impostor.
◦ Confidentiality: to be sure does not intercept sensitive
information.
◦ Integrity: to be sure that the contents of the message
are not modified.
◦ Prevention of other network attacks eg. Replay, …

Fall 2024/2025

CN316: Networks Security 3

Telecom and Networks Department

SSL: Secure Sockets Layer

❖ widely
deployed security ◦ web-server authentication
protocol ◦ optional client authentication
▪ supported by almost all ◦ minimum hassle in doing
browsers, web servers
business with new merchant
▪ https://
 available to all applications over
▪ billions $/year over SSL
TCP
❖ variation -TLS: transport layer
◦ secure socket interface
security, RFC 2246
◦ most widely: HTTPS, TCP
❖ original goals:
port 443
▪ web e-commerce ◦ but also: FTPS, SMTPS,
transactions LDAPS,
▪ encryption (especially
credit-card numbers)

Fall 2024/2025

SSL and TCP/IP

Application Application

SSL
TCP
TCP
IP IP

normal application application with SSL

❖ SSL provides application programming interface (API) to

applications
❖ SSL is designed to provide security and compression services
to data generated from the application layer.
❖ C and Java SSL libraries/classes readily available
Fall 2024/2025

CN316: Networks Security 4

Telecom and Networks Department

SSL Services

 Fragmentation:
◦ dividing the data into blocks
 Compression:
◦ each fragment of data is compressed.
 Message Integrity:
◦ using a keyed-hash function to create a MAC.
 Confidentiality:
◦ original data and the MAC are encrypted using symmetric-key
cryptography
 Framing:
◦ A header is added to encrypted payload,, then passed to a reliable
transport layer protocol.

Fall 2024/2025

SSL: a simple secure channel

 handshake: Alice and Bob use their certificates,
private keys to authenticate each other and
exchange shared secret
 key derivation: Alice and Bob use shared secret to
derive set of keys
 data transfer: data to be transferred is broken up
into series of records (encrypted and integrity-
protected using derived keys above)
 connection closure: special messages to securely
close connection

Fall 2024/2025

10

CN316: Networks Security 5

Telecom and Networks Department

Key Exchange Algorithms

Fall 2024/2025

11

Encryption/Decryption Algorithms

Fall 2024/2025

12

CN316: Networks Security 6

Telecom and Networks Department

Hash Algorithm

Hash algorithms for message integrity

Fall 2024/2025

13

SSL Cipher Suite

 cipher suite common SSL symmetric ciphers

◦ The combination of key ▪ DES – Data Encryption
exchange, hash, and Standard: block
encryption algorithms defines ▪ 3DES – Triple strength: block
a cipher suite for each SSL ▪ RC2 – Rivest Cipher 2: block
session
▪ RC4 – Rivest Cipher 4:
◦ SSL supports several cipher stream
suites SSL Public key encryption
◦ negotiation: client, server ▪ RSA
agree on cipher suite
◦ client offers choice
◦ server picks one

Fall 2024/2025

14

CN316: Networks Security 7

Telecom and Networks Department

SSL Cipher Suite

SSL cipher suite list

Fall 2024/2025

15

Compression Algorithms

 Compression is optional in SSLv3. No specific

compression algorithm is defined for SSLv3.
Therefore, the default compression method is
NULL.

Fall 2024/2025

16

CN316: Networks Security 8

Telecom and Networks Department

Cryptographic Parameter Generation

 To achieve message integrity and confidentiality, SSL needs
six cryptographic secrets, four keys and two initialization
vectors (IV).

 The client needs one key for message authentication, one

key for encryption, and one IV for block encryption.

 The server needs the same, but different from those for
other direction. If there is attack in one direction, other
direction is not affected.

Fall 2024/2025

17

Cryptographic Parameter Generation

 The parameters are generated using the next procedure:
 The client and server exchange two random numbers,
 The client and server exchange one pre-master secret
using one of the key exchange algorithms.
 A 48-byte master secret is created from pre-master secret
by applying two hash function.
 The master secret is used to create variable-length key
material. The length of key material block depends on the
cipher suite selected and the size of keys needed.
 Six different keys are extracted from the key material.

Fall 2024/2025

18

CN316: Networks Security 9

Telecom and Networks Department

Cryptographic Parameter Generation

Calculation of master secret from pre-master secret

Fall 2024/2025

19

Cryptographic Parameter Generation

Calculation of key material from master secret

Fall 2024/2025

20

CN316: Networks Security 10

Telecom and Networks Department

Cryptographic Parameter Generation

Extractions of cryptographic secrets from key material

Fall 2024/2025

21

Sessions and Connections

 In a session, one party has the role of a client and the

other the role of a server; in a connection, both parties
have equal roles, they are peers

Fall 2024/2025

22

CN316: Networks Security 11

Telecom and Networks Department

Sessions and Connections

Session state parameters

Connection state parameters

Fall 2024/2025

23

SSL Sub-Protocols

 SSL defines four protocols in two layers, as shown in Figure

Fall 2024/2025

24

CN316: Networks Security 12

Telecom and Networks Department

Handshake Protocol
• Handshake Protocol: using the Record protocol to
exchange messages between an SSL-enable server and an
SSL-enable client.

Purpose:
1. server authentication
2. negotiation: agree on
crypto algorithms
3. establish keys
4. client authentication
(optional)

Fall 2024/2025

25

Handshake Protocol
• Handshake Protocol: using the Record protocol to
exchange messages between an SSL-enable server and an
SSL-enable client.

Fall 2024/2025

26

CN316: Networks Security 13

Telecom and Networks Department

Handshake Protocol
Phase I of Handshake Protocol

After Phase I, the client and server know the following:

✓ The version of SSL
✓ The algorithms for key exchange, message authentication,
and encryption
✓ The compression method
✓ The two random numbers (32-byte) for key generation
Fall 2024/2025

27

Handshake Protocol
Phase II of Handshake Protocol

After Phase II,

✓ The server is authenticated to the client.
✓ The client knows the public key of the server if required.

Fall 2024/2025

28

CN316: Networks Security 14

Telecom and Networks Department

Handshake Protocol
Phase III of Handshake Protocol

After Phase III,

✓ The client is authenticated for the server.
✓ Both the client and the server know the pre-master
secret.
Fall 2024/2025

29

Handshake Protocol
Phase IV of Handshake Protocol

After Phase IV, the client and server are ready to exchange
data.

Fall 2024/2025

30

CN316: Networks Security 15

Telecom and Networks Department

Handshake Protocol - Verify Certificate

Server

Privat Public
Certificate is Good and Valid
e key key

Server/vendor has been verified and authenticated

Client has vendor’s public key

and can now encrypt pre-
Certificate master to send to
server/vendor

Client

Public
key

After Phase IV, the client and server are ready to exchange
data.
Fall 2024/2025

31

Handshake Protocol; Not-recognizable Certificate

Fall 2024/2025

32

CN316: Networks Security 16

Telecom and Networks Department

SSL connection

everything
henceforth
is encrypted

TCP FIN follows

Fall 2024/2025

33

Change Cipher Spec Protocol

• Notify the other party to use the new cipher suite, Before
the session is finished.
Movement of parameters from pending state to active state

Fall 2024/2025

34

CN316: Networks Security 17

Telecom and Networks Department

Alert Protocol
• Alert protocol: uses for reporting errors; explains
severity of the message and its description. Alerts are
compressed same as other data
Alerts defined for SSL

Fall 2024/2025

35

Record Protocol
• Record Protocol: carries messages from upper layers
(Handshake, Change-Ciphers-Spec, Alert protocols or from
application layer); defines the format used to transmit data.

Processing done by the Record Protocol

Fall 2024/2025

36

CN316: Networks Security 18

Telecom and Networks Department

Record Protocol

data

data data
MAC MAC
fragment fragment

record encrypted record encrypted

header data and MAC header data and MAC

record header: content type; version; length

MAC: includes sequence number, MAC key MKx
fragment: each SSL fragment 214 bytes (~16 Kbytes)
Fall 2024/2025

37

Record Protocol
Processing done by the Record Protocol

Fall 2024/2025

38

CN316: Networks Security 19

Telecom and Networks Department

Record Protocol
Calculation of MAC (Message Authentication Code)

Fall 2024/2025

39

SSL: data records

 why not encrypt data in constant stream as we write it to TCP?
◦ where would we put the MAC? If at end, no message integrity until all
data processed.
◦ e.g., with instant messaging, how can we do integrity check over all bytes
received before displaying?
 instead, break stream in series of records
◦ each record carries a MAC
◦ receiver can act on each record as it arrives

type version length data MAC

Fall 2024/2025

40

CN316: Networks Security 20

Telecom and Networks Department

SSL Message Formats

Messages from three protocols and data from the application
layer are encapsulated in the Record Protocol messages
Record Protocol- general header

Fall 2024/2025

41

SSL Message Formats

Change Cipher Spec message

Alert message

Fall 2024/2025

42

CN316: Networks Security 21

Telecom and Networks Department

SSL Message Formats

Generic header for Handshake Protocol

Types of Handshake
messages

Fall 2024/2025

43

Application Data
Record Protocol message for application data

data and MAC encrypted (symmetric algorithm)

Fall 2024/2025

44

CN316: Networks Security 22

Telecom and Networks Department

Transport Layer Security (TLS)

• The Transport Layer Security (TLS) protocol is the IETF

standard version of the SSL protocol. The two are very
similar, with slight differences.

• The first difference is the version number. The current

version of SSL is 3.0; the current version of TLS is 1.0. In
other words, SSL v3.0 is compatible with TLS v1.0.

• Another minor difference between SSL and TLS is the lack

of support for the Fortezza method. TLS does not support
Fortezza for key exchange or for encryption/ decryption.

Fall 2024/2025

45

Transport Layer Security (TLS)

Cipher Suite for TLS

Fall 2024/2025

46

CN316: Networks Security 23

Telecom and Networks Department

Generation of Cryptographic Secrets

Data-expansion function

Fall 2024/2025

47

Generation of Cryptographic Secrets

Master secret generation

Fall 2024/2025

48

CN316: Networks Security 24

Telecom and Networks Department

Generation of Cryptographic Secrets

Key material generation

Fall 2024/2025

49

Alert Protocol
• TLS supports all of the alerts defined in SSL except for No
Certificate. TLS also adds some new ones to the list. Table
below shows the full list of alerts supported by TLS.

Fall 2024/2025

50

CN316: Networks Security 25

Telecom and Networks Department

Record Protocol

HMAC for TLS

Fall 2024/2025

51

CN316: Networks Security 26