Upload
mrinal-wadhwa
View
1.611
Download
0
Tags:
Embed Size (px)
DESCRIPTION
a simple introduction to the TLS 1.2 spec presented at null bangalore on 20th August 2011http://null.co.in/
Citation preview
Transport Layer Security
Mrinal Wadhwa
http://www.mrinalwadhwa.com
SSL v1before 1995, internal to Netscape, never released
SSL v2draft published in FEB 1995
SSL 0.2 PROTOCOL SPECIFICATIONhttp://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
SSL v3
The SSL Protocol Version 3.0http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
draft published in NOV 1996
TLS 1.0RFC 2446 - in Jan 1999
The TLS Protocol Version 1.0http://tools.ietf.org/html/rfc2246
TLS 1.1RFC 4346 - in April 2006
The Transport Layer Security (TLS) Protocol Version 1.1http://tools.ietf.org/html/rfc4346
TLS 1.2RFC 5246 - in August 2008
The Transport Layer Security (TLS) Protocol Version 1.2http://tools.ietf.org/html/rfc5246
"The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."
- The Transport Layer Security (TLS) Protocol Version 1.2
Record Protocolhttp://tools.ietf.org/html/rfc5246#section-6
The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies
a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to
higher-level clients.
struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;
Change Cipher Spec Protocol
http://tools.ietf.org/html/rfc5246#section-7.1
Alert Protocolhttp://tools.ietf.org/html/rfc5246#section-7.2
Handshake Protocola simplified discussion
http://tools.ietf.org/html/rfc5246#section-7.3
struct { } HelloRequest;
Hello Request
http://tools.ietf.org/html/rfc5246#section-7.4.1.1
struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;
Client Hello
http://tools.ietf.org/html/rfc5246#section-7.4.1.2
CIPHER SUITES
TLS_RSA_WITH_AES_128_CBC_SHA
Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
"The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism."
CIPHER SUITES
TLS_RSA_WITH_AES_128_CBC_SHA
Key Exchange - RSACipher - AES_128_CBCMac - SHA (HMAC-SHA1)
struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;
Server Hello
http://tools.ietf.org/html/rfc5246#section-7.4.1.3
opaque ASN.1Cert<1..2^24-1>;
struct { ASN.1Cert certificate_list<0..2^24-1>;} Certificate;
Server Certificate
http://tools.ietf.org/html/rfc5246#section-7.4.2
struct { } ServerHelloDone;
Server Hello Done
http://tools.ietf.org/html/rfc5246#section-7.4.5
struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;
Client Key Exchange Message
http://tools.ietf.org/html/rfc5246#section-7.4.7
struct { opaque verify_data[verify_data_length]; } Finished;
Finished
http://tools.ietf.org/html/rfc5246#section-7.4.9
?