communication tls
play

Communication: TLS CS 161: Computer Security Prof. David Wagner - PowerPoint PPT Presentation

Jan 08, 2023 •501 likes •1.09k views

Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Todays Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases for crypto: Sealed blob:

  1. Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016

  2. Today’s Lecture • Applying crypto technology in practice • Two simple abstractions cover 80% of the use cases for crypto: – “Sealed blob”: Data that is encrypted and authenticated under a particular key – Secure channel: Communication channel that can’t be eavesdropped on or tampered with • Today: SSL – a secure channel

  3. Today’s Lecture • Goal #1: overview of SSL/TLS, the most prominent Internet security protocol – Secures the web via HTTPS • Goal #2: cement understanding of crypto building blocks & how they’re used together

  4. Building Secure End-to-End Channels • End-to-end = communication protections achieved all the way from originating client to intended server – With no need to trust intermediaries • Dealing with threats: – Eavesdropping? • Encryption (including session keys) – Manipulation (injection, MITM)? • Integrity (use of a MAC); replay protection – Impersonation? What’s missing? ( ) • Signatures Availability …

  5. Building A Secure End-to-End Channel: SSL/TLS • SSL = Secure Sockets Layer (predecessor) • TLS = Transport Layer Security (standard) – Both terms used interchangeably • Security for any application that uses TCP – Secure = encryption/confidentiality + integrity + authentication (of server, but not of client) – E.g., puts the ‘ s ’ in “ https ”

  6. Regular web surfing - http: URL But if we click here …

  7. Web surfing with TLS/SSL - https: URL Note: Amazon makes sure that all of these images, etc., are now also fetched via https: URLs. Doing so gives the web page full integrity, in keeping with end-to-end security. (Browsers do not provide this “ promotion ” automatically.)

  8. Basic idea Amazon • Browser (client) picks some Browser Server symmetric keys for encryption E KA (keys) + authentication ) … ( C A M • Client sends them to server, k1 encrypted using RSA public- M A C ( … key encryption ) k 2 • Both sides send MACs E k3 (message), MAC k1 (…) • Now they use these keys to encrypt and authenticate all subsequent messages, using symmetric-key crypto

  9. HTTPS Connection (SSL / TLS) Amazon • Browser (client) connects to Browser Server Amazon’s HTTPS server • Client picks 256-bit random number R B , sends over list of crypto algorithms it supports Hello. My rnd # = R B . I support • Server picks 256-bit random (TLS+RSA+AES128+SHA1) or number R S , selects algorithms (SSL+RSA+3DES+MD5) or … to use for this session • Server sends over its certificate . Let ’ s use My rnd # = R TLS+RSA+AES128+SHA1 S • (all of this is in the clear) Here ’ s my cert • Client now validates cert a t a d f o B K 3 - 2 ~

  10. HTTPS Connection (SSL / TLS) Amazon • Browser (client) connects via Browser Server TCP to Amazon’s HTTPS server SYN • Client picks 256-bit random K C A N Y S number R B , sends over list of crypto protocols it supports A C K Hello. My rnd # = R B . I support • Server picks 256-bit random (TLS+RSA+AES128+SHA1) or number R S , selects protocols to (SSL+RSA+3DES+MD5) or … use for this session • Server sends over its certificate . Let ’ s use My rnd # = R TLS+RSA+AES128+SHA1 S • (all of this is in the clear) Here ’ s my cert • Client now validates cert a t a d f o B K 3 - 2 ~

  11. HTTPS Connection (SSL / TLS), cont. Amazon • For RSA, browser constructs Browser Server “ Premaster Secret ” PS Here ’ s my cert • Browser sends PS encrypted using a t a d f o Amazon’s public RSA key K Amazon B K 3 - 2 ~ • Using PS, R B , and R S , browser & PS { P S } server derive symm. cipher keys K Amazon (C B , C S ) & MAC integrity keys (I B , I S ) PS – One pair to use in each direction

  12. HTTPS Connection (SSL / TLS), cont. Amazon • For RSA, browser constructs Browser Server “ Premaster Secret ” PS Here ’ s my cert • Browser sends PS encrypted using a t a d f o Amazon’s public RSA key K Amazon B K 3 - 2 ~ • Using PS, R B , and R S , browser & PS { P S } server derive symm. cipher keys K Amazon (C B , C S ) & MAC integrity keys (I B , I S ) PS – One pair to use in each direction These seed a cryptographically strong pseudo-random number generator (PRNG). Then browser & server produce C B , C S , etc ., by making repeated calls to the PRNG.

  13. HTTPS Connection (SSL / TLS), cont. Amazon • For RSA, browser constructs Browser Server “ Premaster Secret ” PS Here ’ s my cert • Browser sends PS encrypted using a t a d f o Amazon’s public RSA key K Amazon B K 3 - 2 ~ • Using PS, R B , and R S , browser & PS { P S } server derive symm. cipher keys K Amazon (C B , C S ) & MAC integrity keys (I B , I S ) MAC( dialog ,I B ) PS – One pair to use in each direction • Browser & server exchange MACs ) I , g o l a i S d ( C computed over entire dialog so far A M • If good MAC, Browser displays {M 1 , MAC(M 1 ,I B )} CB • All subsequent communication encrypted w/ symmetric cipher (e.g., AES128) cipher keys, MACs } ) I , CS M ( C S A M 2 – Sequence #’s thwart replay attacks , M { 2

  14. Alternative: Key Exchange via Diffie-Hellman Amazon • For Diffie-Hellman, server Browser Server generates random a, sends public Here ’ s my cert params and g a mod p a t a – Signed with server’s private key d f o B K 3 - 2 ~ -1 • Browser verifies signature } p Amazon d o K m a g , p , g { • Browser generates random b, PS computes PS = g ab mod p, sends g b m o d p to server MAC( dialog ,I B ) PS • Server also computes PS = g ab mod p ) I , g o l • Remainder is as before: from PS, a i S d ( C A M R B , and R S , browser & server derive symm. cipher keys (C B , C S ) {M 1 , MAC(M 1 ,I B )} CB and MAC integrity keys (I B , I S ), etc … …

  15. HTTPS Connection (SSL / TLS) Amazon • Browser (client) connects via Browser Server TCP to Amazon’s HTTPS server SYN • Client picks 256-bit random K C A N Y S number R B , sends over list of crypto protocols it supports A C K Hello. My rnd # = R B . I support • Server picks 256-bit random (TLS+RSA+AES128+SHA1) or number R S , selects protocols to (SSL+RSA+3DES+MD5) or … use for this session • Server sends over its certificate . Let ’ s use My rnd # = R TLS+RSA+AES128+SHA1 S • (all of this is in the clear) Here ’ s my cert • Client now validates cert a t a d f o B K 3 - 2 ~

  16. Certificates • Cert = signed statement about someone’s public key – Note that a cert does not say anything about the identity of who gives you the cert – It simply states a given public key K Bob belongs to Bob … • … and backs up this statement with a digital signature made using a different public/private key pair, say from Verisign • Bob then can prove his identity to you by you sending him something encrypted with K Bob … – … which he then demonstrates he can read • … or by signing something he demonstrably uses • Works provided you trust that you have a valid copy of Verisign’s public key … – … and you trust Verisign to use prudence when she signs other people’s keys

  17. Validating Amazon’s Identity • Browser compares domain name in cert w/ URL – Note: this provides an end-to-end property (as opposed to say a cert associated with an IP address) • Browser accesses separate cert belonging to issuer – These are hardwired into the browser – and trusted! – There could be a chain of these … • Browser applies issuer’s public key to verify signature S , obtaining hash of what issuer signed – Compares with its own SHA-1 hash of Amazon’s cert • Assuming hashes match, now have high confidence it’s indeed Amazon … = assuming didn’t lose – assuming signatory is trustworthy private key; assuming didn’t sign thoughtlessly

  18. End-to-End ⇒ Powerful Protections • Attacker runs a sniffer to capture our WiFi session? – (maybe by breaking crummy WEP security) – But: encrypted communication is unreadable • No problem! • DNS cache poisoning? – Client goes to wrong server – But: detects impersonation • No problem! • Attacker hijacks our connection, injects new traffic – But: data receiver rejects it due to failed integrity check • No problem!

  19. Powerful Protections, cont. • DHCP spoofing? – Client goes to wrong server – But: detects impersonation • No problem! • Attacker manipulates routing to run us by an eavesdropper or take us to the wrong server? – But: they can’t read; we detect impersonation • No problem! • Attacker slips in as a Man In The Middle? – But: they can’t read, they can’t inject – They can’t even replay previous encrypted traffic – No problem!

  20. Validating Amazon’s Identity, cont. • Browser retrieves cert belonging to the issuer – These are hardwired into the browser – and trusted! • What if browser can’t find a cert for the issuer?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication

Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication

Session 12 Assessing and Developing Communication SECTION 4: 1 Communication Communication assessment of communication during everyday events to see which is the most effective communication method of verbal communication

536 views • 9 slides
Vermont Communication Support Project Communication Support In and Out of the Courtroom

Vermont Communication Support Project Communication Support In and Out of the Courtroom

Vermont Communication Support Project Communication Support In and Out of the Courtroom Disability, Communication & Accommodations COMMUNICATION COMMUNI NICATI TION Commu mmuni nication Commun unic icatio ion Communication

654 views • 24 slides
Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1

Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1

Keep Communication Going Please download the Keep Communication Going Worksheet and Handouts 1 before beginning this class. Keep Communication Going (APR 2013) Principles of Communication Communication is . . . A process by which

509 views • 7 slides
Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its

Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its

Session 11 Early Communication Development SECTION 4: 1 Communication Communication in its widest sense Make a list of all the different ways in which we communicate with each other speech, gesture, touching, pointing..

295 views • 7 slides
Lab 2 Group Communication Desired group communication Multicast communication Andreas

Lab 2 Group Communication Desired group communication Multicast communication Andreas

Overview Introduction to group communication Lab 2 Group Communication Desired group communication Multicast communication Andreas Larsson Group membership service 2009-02-04 DSII: Group Comm. 2 A Distributed System in

415 views • 6 slides
71 www.AgriMoon.Com Communication Skills In this type, the speaker is provided with seven

71 www.AgriMoon.Com Communication Skills In this type, the speaker is provided with seven

Communication Skills Module 4. Oral communication and organizational skills Lesson 15 IMPROMPTU PRESENTATION AND EXTEMPORE 15.1 Introduction Though oral communication happens to be a part of basic communication skills (which has been already

692 views • 8 slides
Communication Saves Lives Communication in healthcare Communication is essential to healthcare

Communication Saves Lives Communication in healthcare Communication is essential to healthcare

Communication Saves Lives Communication in healthcare Communication is essential to healthcare delivery Research has shown that ineffective communication among healthcare professionals is one of the leading causes of medical errors and

388 views • 19 slides
Communication Major Because communication is a vital social phenomenon, the mission of the

Communication Major Because communication is a vital social phenomenon, the mission of the

Communication Major Because communication is a vital social phenomenon, the mission of the communication program at the University of Connecticut is to study and teach about communication with areas of specialization including interpersonal,

642 views • 15 slides
Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever

Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever

Effective Communication STOR 390 04/11/17 Effective communication will make better at whatever you are doing Final project grade Communication is context dependent Audience Medium Content Time Purpose Differing types of audiences

1.06k views • 67 slides
2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication

2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication

2. Knowledge Representation and Communication Part 2 Part 2: ems (SMA-UPC) Agent Communication Javier Vzquez-Salceda q Multiagent Syste SMA-UPC https://kemlg.upc.edu Communication Why agent communication? In order to solve

517 views • 19 slides
EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26,

EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26,

EFFECTIVE COMMUNICATION UITLIZING COMMUNICATION TO INCREASE EFFECTIVNESS Thursday, April 26, 2018 APWA Northern California Chapter Communication and Writing Seminar Learning Objectives 4 key tools for effective communication: Get to the

545 views • 17 slides
PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the

PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the

Marketing the power of communication & temptation PART 1 PROFESSIONAL COMMUNICATION COMMUNICATION Minor CE 1 thing in advance To enlarge the ability of the student to create, write and execute a communicationplan. COMMUNICATION Minor

646 views • 47 slides
Interprocess Communication Primitives Message Passing: issues Communication

Interprocess Communication Primitives Message Passing: issues Communication

CPSC-662 Distributed Computing Interprocess Communication Interprocess Communication Primitives Message Passing: issues Communication Schemes Reading: Colouris, Chapter 4 Interprocess Communication (IPC) communicate by

372 views • 6 slides
Leadership Using Effective Communication L eader eadership ship = = Using communication t

Leadership Using Effective Communication L eader eadership ship = = Using communication t

Leadership Using Effective Communication L eader eadership ship = = Using communication t Using communication to achie achieve desired outco e desired outcomes. es. Wh Why is communication y is communication central t central to leader

430 views • 27 slides
Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between

Interprocess Communication (IPC) The characteristics of protocols for communication between processes in a distributed system Exploring the Middleware Layers Applications, services RMI and RPC and Request Reply Protocol Marshalling and

883 views • 64 slides
distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by:

distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by:

Introduction to centralized Authentication, Authorization and Accounting (AAA) management for distributed IP networks IETF 89 - Tutorials London, England March 2 - 7, 2014 Presented by: Lionel Morand Co-authored by: Alan Dekok x Introduction

1.2k views • 71 slides
CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates

CS 423 Operating System Design: OS Security Crash Course Tianyin Xu Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design Security Properties Confidentiality? Integrity? Availability? Authenticity? CS

437 views • 22 slides
Bonsai: Balanced Lineage Authentication Ashish Gehani Bonsai:Balanced Lineage Authentication

Bonsai: Balanced Lineage Authentication Ashish Gehani Bonsai:Balanced Lineage Authentication

Bonsai: Balanced Lineage Authentication Ashish Gehani Bonsai:Balanced Lineage Authentication p. 1/19 What is data lineage ? Output Operation Input 1 Input n (a) Primitive operation (b) Compound operation tree Bonsai:Balanced Lineage

651 views • 19 slides
Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech

Introduction Formal Definitions Case Studies Conclusion Formal Verification of e-Auction protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS, VERIMAG firstname.lastname@imag.fr Principles of Security and

806 views • 68 slides
Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many Authentication ? Servers Users How do users prove their identities when requesting services from machines on the network? Nave solution:

359 views • 10 slides
CS 4803 Computer and Network Security Servers Users How do users prove their identities when

CS 4803 Computer and Network Security Servers Users How do users prove their identities when

Many-to-Many Authentication ? CS 4803 Computer and Network Security Servers Users How do users prove their identities when requesting services from machines on the network? Alexandra (Sasha) Boldyreva Nave solution: every server knows

217 views • 5 slides
SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM?

SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM?

SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM? S alted C hallenge R esponse A uthentication M echanism SCRAM-SHA-1-PLUS An improved SASL mechanism for password authentication of the

469 views • 31 slides
Authentication and technology Secure Communication people Jeff Chase Duke University Where

Authentication and technology Secure Communication people Jeff Chase Duke University Where

Authentication and technology Secure Communication people Jeff Chase Duke University Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

574 views • 10 slides

More recommend