Академический Документы
Профессиональный Документы
Культура Документы
CertCo Overview
Background
Established in 1996. Bankers Trust spinoff. Privately held.
Mission
CertCo provides secure and cost-effective business solutions that enable trust institutions to build a worldwide trust infrastructure to support high-value, secure electronic commerce.
Expertise
Cryptography, risk management, law, technology and banking.
Location
Headquarters: New York City Regional Offices: Cambridge (MA), Washington, DC, United Kingdom.
2
Outline
Problem: Creating applications which can communicate securely over the Internet TLS: Transport Layer Security (SSL) Certificates Related technology: S-HTTP, IPSec, SET,
SASL
References
3
Security Issues
Privacy
Anyone can see content
Integrity
Someone might alter content
Authentication
Not clear who you are talking with
4
SSL: Secure Sockets Layer Addresses issues of privacy, integrity and authentication
What is it? How does it address the issues? How is it used
5
What is TLS?
Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols
HTTP Telnet TLS TCP IP FTP LDAP
TLS: Privacy
Encrypt message so it cannot be read Use conventional cryptography with shared key
DES, 3DES RC2, RC4 IDEA
A Message B Message
$%&#!@
TLS:Key Exchange
Need secure method to exchange secret key Use public key encryption for this
key pair is used - either one can encrypt and then the other can decrypt slower than conventional cryptography share one key, keep the other private
TLS: Integrity
Compute fixed-length Message Authentication Code (MAC)
Includes hash of message Includes a shared secret Include sequence number
TLS: Integrity
Receiver creates new MAC
should match transmitted MAC
A Message
MAC
B Message
MAC
MAC =?
10
TLS: Authentication
Verify identities of participants Client authentication is optional Certificate is used to associate identity with public key and other attributes
A Certificate B
Certificate
11
TLS: Overview
Establish a session
Agree on algorithms Share secrets Perform authentication
12
TLS: Architecture
TLS defines Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol
Handshake Protocol Change Cipher Spec Alert Protocol
14
TLS: Handshake
Negotiate Cipher-Suite Algorithms
Symmetric cipher to use Key exchange method Message digest function
Establish and share master secret Optionally authenticate server and/or client
15
Handshake Phases
Hello messages Certificate and Key Exchange messages Change CipherSpec and Finished messages
16
TLS: Hello
Client Hello - initiates session
Propose protocol version Propose cipher suite Server chooses protocol and suite
Validating a Certificate
Must recognize accepted CA in certificate chain
One CA may issue certificate for another CA
Algorithm Value Issuer Unique Id (Version 2 ,3) Subject Unique Id (Version 2,3) Extensions (version 3)
optional
CA digital Signature
21
Subject Names
X.500 Distinguished Name (DN) Associated with node in hierarchical directory (X.500) Each node has Relative Distinguished Name (RDN)
Path for parent node Unique set of attribute/value pairs for this node
22
23
Version 3 Certificates
Version 3 X.509 Certificates support alternative name formats as extensions
X.500 names Internet domain names e-mail addresses URLs
Certificate Signature
RSA Signature
Create hash of certificate Encrypt using CAs private key
Signature verification
Decrypt using CAs public key Verify hash
25
TLS: ServerKeyExchange
Client ClientHello ServerHello Certificate ServerKeyExchange Server
26
27
28
29
Finished
Send copy of handshake using new session Permits validation of handshake
30
Application Data
Application Data
31
32
Web Servers
Apache-SSL Apache mod_ssl Stronghold Roxen iNetStore
34
Other Applications
Telnet FTP LDAP POP SSLrsh Commercial Proxies
35
TLS: Implementation
Cryptographic Libraries
RSARef, BSAFE
TLS/SSL packages
SSLeay SSLRef
36
TLS Alternatives
S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction
Protocol and infrastructure for bank card payments
Summary
SSL/TLS addresses the need for security in Internet communications
Privacy - conventional encryption Integrity - Message Authentication Codes Authentication - X.509 certificates
References - 1
Engelschall, Ralph, mod_ssl, <http://www.engelschall.com/sw/mod_ssl> Ford, Warwick, Baum, Michael S. Secure Electronic Commerce, Prentice Hall 1997. Hirsch, Frederick J. Introduction to SSL and Certificates Using SSLeay, World Wide Web Journal, Summer 1997, <http://www.fjhirsch.com/wwwj/> Hudson, Tim J, Young, Eric A , SSLeay and SSLapps FAQ, <http://www.psy.uq.oz.au/~ftp/Crypto/>
Kaufman, Charlie, Perlman, Radia, Speciner,Mike Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall, 1995.
41
References - 2
Rivest, Ron, SDSI, <http://theory.lcs.mit.edu/~cis/sdsi.html>
Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall, 1999.
Wagner, David, Schneier, Bruce Analysis of the SSL 3.0 Protocol <http://www.counterpane.com/ssl.html>
Internet Drafts and RFCs <http://www.ietf.org/>. Use the keyword search on TLS or SSL in the Internet Drafts section to find the TLS Protocol specification and other relevant documents. PKCS standards: <http://www.rsa.com/rsalabs/pubs/PKCS/>
42
References - 3
Microsoft Security Documents <http://www.microsoft.com/workshop/security/contents.htm > Netscape Security Documents <http://www.netscape.com/eng/security/>
43