<p><strong>Secure Socket Layer (SSL) </strong><br><strong>Transport Layer Security (TLS) </strong></p><p></p><ul style="display: flex;"><li style="flex:1">© André Zúquete </li><li style="flex:1">Advanced Network Security </li></ul><p></p><p><strong>TLS (Transport Layer Security, RFC 5246): </strong><br><strong>Goals </strong></p><p>w</p><p>Secure communication protocol over TCP/IP </p><p>®</p><p>Standard inspired by SSL V3 (Secure Sockets Layer) </p><p>®</p><p>Handles secure sessions per application over TCP/IP </p><p>• Initially conceived for HTTP traffic • Currently being used by other kinds of traffic </p><p>w</p><p>Security mechanisms </p><p>®</p><p>TCP payload protection </p><p>• Confidentiality • Stream integrity </p><p>Key distribution </p><p>®®</p><p>Peer authentication </p><p>• Server authentication (the normal scenario) • Client authentication </p><p>•</p><p>Usually a person Not usually explored </p><p>•</p><p>© André Zúquete <br>Advanced Network Security </p><p>1</p><p>Change Cipher Spec. </p><p>IMAP, etc. </p><p>Handshake Protocol <br>Alert Protocol </p><p>HTTP </p><p><strong>TLS/SSL: </strong></p><p>IMAP, etc. <br>HTTP <br>Record Protocol </p><p>TCP </p><p><strong>Protocols </strong></p><p>w Handshake Protocol </p><p>® Key distribution </p><p>• Master secrets (48 bytes) </p><p>• Computed with DH; or • Chose by the client, upload to the server encrypted with the server’s public key </p><p>• Session keys </p><p>• Computed from a <em>master secret &nbsp;</em>and two nonces exchanged </p><p>® Peer authentication </p><p>• Asymmetric encryption with long-term or ephemeral keys • Public key certificates for long-term public keys </p><p>w Record Protocol </p><p>® Handling of secure data records ® Compression, confidentiality, integrity control </p><p>© André Zúquete <br>Advanced Network Security </p><p><strong>TLS/SSL versions </strong></p><p>w SSL </p><p>® 1.0 ® 2.0: 1995, prohibited by RFC 6176 (2011) ® 3.0: 1996, RFC 6101 (2011), deprecated by RFC 7568 (2015) </p><p>w TLS </p><p><strong>SSL BEAST </strong><br><strong>(2011) </strong></p><p>® 1.0: 1999: RFC 2246 ® 1.1: 2006: RFC 4346 ® 1.2: 2008: RFC 5246 ® 1.3: 2018: RFC 8446 </p><p>© André Zúquete <br>Advanced Network Security </p><p>2</p><p><strong>TLS/SSL: </strong><br><strong>Operational aspects </strong></p><p>w Client-server model </p><p>® As in a TCP connection </p><p>w Applications define some operational details </p><p>® Peer authentication </p><p>• If required, how it should be done </p><p>® Algorithms (cipher suites) </p><p>• Both present their possibilities • Server selects one from a common set </p><p>® Session key management </p><p>• Lifetime of a master secret • Lifetime of a session key </p><p>• Equal or smaller than the lifetime of a TCP connection </p><p>© André Zúquete <br>Advanced Network Security </p><p><strong>SSL/TLS: </strong><br><strong>Interactions diagram (1st part) </strong></p><p>© André Zúquete <br>Advanced Network Security </p><p>3</p><p><strong>SSL/TLS: </strong><br><strong>Interactions diagram (2nd part) </strong></p><p>© André Zúquete <br>Advanced Network Security </p><p>Normal port <br>TLS/SSL port <br>Protocols </p><p>HTTP IMAP POP3 </p><p><strong>TLS/SSL: </strong></p><p>80 </p><p>443 993 995 465 636 </p><p>143 110 25 </p><p><strong>Usage </strong></p><p>SMTP LDAP </p><p>w Just a standard protocol </p><p>389 </p><p>® No standard API </p><p>Explore only a subset of <br>TLS/SSL features </p><p>w Common interfaces </p><p>® SSLref </p><p>• Reference SSL API </p><p>® SSLeay, OpenSSL </p><p>• APIs of public SSL implementations </p><p>w Usage by servers </p><p>® Two interfaces </p><p>• A conventional one (usencure), with the normal transport port • Another over SSL, with a new transport port </p><p>® The client defines its intensions upon the used interface </p><p>© André Zúquete <br>Advanced Network Security </p><p>4</p><p><strong>stunnel </strong></p><p>w General purpose client/server SSL tunnel </p><p><strong>Server w/ </strong></p><p><strong>SSL </strong></p><p><strong>Legacy </strong></p><p><strong>client app </strong></p><p><strong>Client </strong></p><p><strong>stunnel </strong></p><p></p><ul style="display: flex;"><li style="flex:1"><strong>SSL </strong></li><li style="flex:1"><strong>TCP </strong></li></ul><p></p><p><strong>Server </strong></p><p><strong>stunnel </strong></p><p><strong>Legacy </strong></p><p><strong>server </strong></p><p><strong>Client app </strong></p><p><strong>w/ SSL </strong></p><p><strong>SSL </strong><br><strong>TCP </strong></p><p><strong>TCP </strong></p><p><strong>Legacy </strong></p><p><strong>client app </strong></p><p><strong>Client </strong></p><p><strong>stunnel </strong></p><p><strong>Server </strong></p><p><strong>stunnel </strong></p><p><strong>Legacy </strong></p><p><strong>server </strong></p><p></p><ul style="display: flex;"><li style="flex:1"><strong>TCP </strong></li><li style="flex:1"><strong>SSL </strong></li></ul><p></p><p>© André Zúquete <br>Advanced Network Security </p><p><strong>stunnel authentication </strong></p><p>w An stunnel server provides a certificate of its own </p><p>® Not a certificate of the services it gives access to </p><p>w Certificate validation has several flavors </p><p>® No validation ® Validation with standard rules ® Validation with pre-loaded, self-signed certificate </p><p>• Somewhat similar to SSH </p><p>© André Zúquete <br>Advanced Network Security </p><p>5</p>