Secure Sockets Layer (SSL)

• What are the vulnerabilities in digital communications?
  • The sender is an impostor.
  • The recipient is an impostor.
  • A third party reads a message.
  • A third party alters a message.

• SSL protects from these on the Internet by providing:
  • Server authentication.
  • Client authentication.
  • Encryption.
  • Checksum or other data integrity service.

• SSL in detail:
  • Is an Internet protocol
  • Was originally developed by Netscape Communications, Inc.
  • Uses connection-oriented, end-to-end encryption
  • Provides data confidentiality service
  • Provides data integrity service
  • Is for traffic between a client (often a web browser) and a server
  • Can optionally provide peer entity authentication between the client and the server
  • Is layered below HTTP and above a reliable transport protocol (TCP)
  • Is independent of the application it encapsulates, and any higher level protocol can layer on top of SSL transparently.
  • Has two layers:
    1. Lower layer: the SSL Record Protocol, layered on top of the transport protocol and encapsulates higher level protocols. One such encapsulated protocol is SSL Handshake Protocol.
    2. Upper layer: provides asymmetric cryptography for server authentication (verifying the server's identity to the client) and optional client authentication (verifying the client's identity to the server), and also enables them to negotiate a symmetric encryption algorithm and secret session key (to use for data confidentiality) before the application protocol transmits or receives data. A keyed hash provides data integrity service for encapsulated data.

  

• Uses https:// instead of http:// in URLs
  • HTTP enhanced by a security mechanism, usually SSL

• Uses Port 443 instead of 80.

• By default, Apache doesn't include SSL. SSL data transport requires encryption, and many governments have restrictions upon the import, export, and use of encryption technology. If Apache included SSL in the base package, its distribution would involve all sorts of legal and bureaucratic issues, and it would no longer be freely available. Also, some of the technology is patented by RSA Data Security, who restricts its use without a license.

• Two approaches:
  1. apache-ssl (http://www.apache-ssl.org/). Another version of Apache.
  2. mod_ssl (http://www.modssl.org/docs/2.8/) A module that extends Apache.

• In either case, you need to download the source and compile it with the Apache source.

How SSL Works

Encryption: Asymmetric Cryptography

• Uses two keys: a private key and a public key. Messages encrypted with the public key can only be decrypted with the private key, and viceversa.

  

• Example:

  

• The bank sends its public key to the client. The client then sends its own public key to the bank, encrypted with the bank's public key.

• The bank decrypts it using its private key.

• From now on, each sends messages encrypted with the other's public key, and decrypts received messages with their own private key.

• Encryption prevents third parties from understanding your messages. How do you prevent third parties from altering them?

Digests and Digital Signatures

• An added level of encryption security, to detect tampering.

• A "hashing algorithm" takes a message and produces a "message digest", also known as "one-way hash".

• The hash is a fixed-sized "digest" version of the original message. Any change in the message produces a different hash.

• Makes it practically impossible to "reverse-engineer" the original message from the digest.

• The encrypted version of a hash or digest is called a "digital signature".

• This is how digital signatures could be used to detect data tampering.

  

• The client sends an encrypted message and an encrypted digest of the same message.

• The bank decrypts both, and then creates a message digest using the same hashing algorithm.

• Finally, the bank compares the digest it created with the digest the client sent. If they don't match, the message was tampered with.

• Question: There remains a gap in the security scheme described thus far. What is it? (Answer)

Authenticaton: Certificates

• To solve the problem of authentication, the standards community invented "certificates."

• Generally issued by a third party, called a "Certification Authority" (CA).

• Contains:
  • the issuer's name
  • the subject's name (the entity for whom the certificate is issued)
  • the subject's public key
  • time stamps and other information

• The certificate is encrypted using the issuer's private key.

• The issuer's public key is available in its own certificate.

  Lab
  In Windows 2000, click on Settings and choose Control Panel Double-click Users and Passwords Choose Advanced Choose Certificates Choose Advanced

• Browsers contain a built-in list of certificates for trusted Certificate Authorities.

  Lab
  In Internet Explorer, click on Tools and choose Internet Options... Go to Content and click on Certificates Click on Trusted Root Certification Authorities Double click on one of them Go to Details Click on Public Key

• The server sends its certificate to the client.

• The client then authenticates the server as follows:

  

  1. Makes sure the date is within the validity period.

  2. Verifies that the issuing CA is in its list of trusted CAs.

  3. Uses the public key from the CA's certificate to validate the CA's digital signature on the server certificate.

  4. Verifies that the domain name (DN) in the server's certificate matches the domain name of the server itself. This step is not technically part of the SSL protocol, but it protects from a "man-in-the-middle attack".

• If any of the above steps fail, the user is warned that there is a problem authenticating the server:

  

• Client authentication, if required by the server, can be done in two ways:
  1. Using passwords (transmitted securely with SSL encryption mechanisms), compared against the server's own database.
  2. Using client certificates, in the same way as the client authenticates the server.

• A number of companies have established themselves as Certificate Authorities. They provide these services:
  • Verifying certificate requests
  • Processing certificate requests
  • Issuing and managing certificates

• For more information about commercial CAs look at:
  • Verisign: http://digitalid.verisign.com/server/apacheNotice.htm
  • Thawte Consulting: http://www.thawte.com/certs/server/request.html
  • CertiSign Certificadora Digital Ltda.: http://www.certisign.com.br
  • IKS GmbH: http://www.iks-jena.de/produkte/ca/
  • Uptime Commerce Ltd.: http://www.uptimecommerce.com
  • BelSign NV/SA: http://www.belsign.be
  • More...

• Note: In practice, certificates are available at low cost and require little identifying info. Thus, the simple possession of a certificate does not demonstrate the legitimacy of its owner. You can communicate securely with a crook.

SSL Handshake -- what the client (usually a browser) and the server actually do:

1. Client sends client's SSL version number and other info needed by the server to communicate using SSL.

2. Server sends similar info. It also sends its certificate.

3. Client authenticates the server as seen above.

4. Client creates a premaster secret for the session. It encrypts it with the server's public key and sends it to the server.

5. Server decrypts the premaster secret with its private key.

6. Both client and server perform certain operations on the premaster secret to generate a master secret.

7. From this master secret, they both generate the session keys. These are symmetric keys that will be used to encrypt and decrypt information exchanged during the SSL session.

8. Client sends message informing the server that all future messages will be encrypted with the session key.

9. Server does likewise.

10. The SSL handshake is complete. The browser displays the secure session symbol. All future communications between client and server are encrypted using the session keys.

Glossaries of Security Terminology

• IETF's
• Set Solutions, Inc.'s
• SANS Institute's