Cryptography and

Network Security
Chapter 15
Transport Level Security
 Web Security
Web now widely used by business,
government, individuals
but Internet & Web are vulnerable
have a variety of threats
● integrity
● confidentiality
● denial of service
● authentication
need added security mechanisms
SSL (Secure Socket Layer)
transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard
known as TLS (Transport Layer Security)
uses TCP to provide a reliable end-to-end
service
SSL has two layers of protocols
SSL Architecture
 SSL Architecture
SSL connection
● a transient, peer-to-peer, communication link
SSL session
● an association between client & server
● created by the Handshake Protocol
● define a set of cryptographic parameters
● may be shared by multiple SSL connections
A session state is defined by the following
parameters –
● Session identifier
● Peer certificate
● Compression method
● Cipher spec
● Master secret
● Is resumable
A connection state is defined by the
following parameters:
● Server and client random
● Server write MAC secret
● Client write MAC secret
● Server write key
● Client write key
● Initialization vectors
● Sequence numbers
 SSL Record Protocol
Services
message integrity
● using a MAC with shared secret key
confidentiality
● using symmetric encryption with a shared
secret key defined by Handshake Protocol
● AES, IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128
● message is compressed before encryption
SSL Record Protocol
Operation
SSL Header
 SSL Change Cipher Spec
Protocol

causes pending state to become current

hence updating the cipher suite in use
 SSL Alert Protocol
conveys SSL-related alerts to peer entity
severity
• warning or fatal
specific alert
• fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
• warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked,
certificate expired, certificate unknown
compressed & encrypted like all SSL data
 SSL Handshake Protocol
allows server & client to:
● authenticate each other
● to negotiate encryption & MAC algorithms
● to negotiate cryptographic keys to be used
comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
SSL Handshake Protocol
Phase 1- Establish security capabilities
CipherSuite parameters
● Key exchange method:

● RSA key exchange

● Anonymous Diffie-Hellman

● Ephemeral Diffie-Hellman
● Fixed Diffie-Hellman- Certificate with half keys
● Fortezza - is a registered trademark of the U.
S. National Security Agency (NSA). It is a
family of security protocols developed for the
Defense Department.

● Encryption/Decryption Algorithms
Hash Algorithms
Phase 2. server authentication
and Key exchange
Certificate, Server key exchange
certificate_request message includes two
parameters: certificate_type and
certificate_authorities.
● Not applicable to anonymous D-H

server_ done message -sent by the

server to indicate the end of the server
hello and associated messages
Phase 3. client authentication
and Key exchange
certificate_verify message provides
explicit verification of a client certificate
Phase 4. Finish
Cryptographic Computations
 HTTPS (HTTP over SSL)
With HTTPS the following elements of
the communication are encrypted:
● URL of the requested document • Contents
of the document
● Contents of browser forms (filled in by
browser user)
● Cookies sent from browser to server and
from server to browser
● Contents of HTTP header
Connection Initiation

Connection Closure
Secure Shell (SSH)
 Transport Layer Protocol
Host Keys
Two alternative trust models that can be
used:
● The client has a local database that
associates each host with the corresponding
public host key
● The host name-to-key association is certified
by a trusted certification authority
SSH Transport Layer Protocol
Packet Exchanges
Identification string exchange

Algorithm negotiation
Key exchange
● C is the client
● S is the server
● p is a large prime
● g is a generator for a subgroup of GF(p)
● q is the order of the subgroup
● V_S is S’s identification string
● V_C is C’s identification string
● K_S is S’s public host key
● I_C is C’s SSH_MSG_KEXINIT message and I_S is S’s
SSH_MSG_KEXINIT message
● The values of p, g, and q are known to both client and server
● The hash function hash() is also decided during algorithm
negotiation
Client
End of key exchange
● Key generation

Service request
● User Authentication or the Connection
Protocol.
User Authentication Protocol
● Authentication requests from the client have the format

● If the server either (1) rejects the authentication

request or (2) accepts the request but requires one or
more additional authentication methods, the server
sends a message with the format:

● SSH_MSG_ USERAUTH_SUCCESS (52).

Authentication Methods
● Publickey
● Password
● hostbased
Connection Protocol
● tunnel
Open a new channel

● channel types
• Session, X11, forwarded-tcpip, direct-tcpip
● SSH_MSG_CHANNEL_OPEN_CONFIRMATION
message
● SSH_MSG_CHANNEL_OPEN_ FAILURE
message
● SSH_MSG_CHANNEL_ CLOSE
 TLS (Transport Layer
Security)
IETF standard RFC 2246 similar to SSLv3
with minor differences
● in record format version number
● uses HMAC for MAC
● a pseudo-random function expands secrets
● has additional alert codes
● some changes in supported ciphers
● changes in certificate types & negotiations
● changes in crypto computations & padding
Thank You