lecture3-4-SSL - 1/20/09 Lecture 3-4 SSL / TLS Adrian...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
1/20/09 1 1 Lecture 3-4 SSL / TLS Adrian Perrig 18-731: Network Security Spring 2009 2 Overview Administrative issues Reading critiques due Thursday Office hours will be posted Next Tuesday lecture on TCG, syllabus updated soon Last 10 minutes of today’s lecture: brief crypto quiz for students who did not take 18-{6,7}30
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
1/20/09 2 3 SSL / TLS Overview Goal: Perform secure e-commerce across Internet Secure bank transactions Secure online purchases Secure web login (e.g., Blackboard) Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity and message authentication to prevent message alteration / injection 4 Position of Security in Protocol Stack Physical Layer Data Link Layer Network Layer Transport Layer Application Layer SSH, PGP, … SSL, TLS IPsec DNS, HTTP, SMTP TCP, UDP IP 802.3 MAC Ethernet Hourglass
Background image of page 2
1/20/09 3 5 SSL History SSL: Secure Sockets Layer protocol SSL v1: Designed by Netscape, never deployed SSL v2: Deployed in Netscape Navigator 1.1 in 1995 SSL v3: Substantial overhaul, fixing security flaws, publicly reviewed TLS: Transport Layer Security protocol TLS v1: IETF standard improving on v3 6 SSL Protocol C S: client_hello S C: server_hello S C: certificate S C: server_key_exchange S C: certificate_request S C: server_hello_done C S: certificate C S: client_key_exchange C S: certificate_verify C S: change_cipher_spec C S: finished S C: change_cipher_spec S C: finished Blue => optional message Phase 1 Phase 2 Phase 3 Phase 4
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
1/20/09 4 7 SSL Phase 1 Phase 1: Establish security capabilities {Client,Server}_hello_message Highest supported version Random = 32 bit timestamp || 28 bytes random Session id Client_hello: Supported cipher suite, ciphers are listed in decreasing order of preference Server_hello: chosen cipher Is this secure? 8 Cipher Suite Cipher suite = key exchange, cipher spec Key exchange methods RSA, encrypt key with receiver’s public key Fixed Diffie-Hellman, public key certificate contains public DH key Ephemeral Diffie-Hellman, public key is used to sign temporary DH key Anonymous Diffie-Hellman, DH without authentication Cipher spec Cipher Algorithm (RC4, RC2, DES, 3DES, DES40, IDEA) MAC Algorithm (MD5, SHA-1) Cipher Type (stream or block) Is Exportable (true or false) Hash size (0 or 16 for MD5, 20 for SHA-1)
Background image of page 4
1/20/09 5 9 SSL Configuration 10
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/31/2009 for the course ECE 18731 taught by Professor Perrig during the Spring '08 term at Carnegie Mellon.

Page1 / 23

lecture3-4-SSL - 1/20/09 Lecture 3-4 SSL / TLS Adrian...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online