Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
5 views28 pages

Module 4 Part-2

The document discusses the importance of Socket Layer Security (SSL) in web security, highlighting its role in protecting against various threats such as integrity, confidentiality, and denial of service. It explains the architecture of SSL, including the SSL connection and session, as well as the protocols involved in ensuring message confidentiality and integrity. Additionally, the document outlines potential attacks on SSL, including Man-in-the-Middle and Padding Oracle attacks, emphasizing the need for robust security mechanisms.

Uploaded by

1rn22cy036.shreyaacharya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views28 pages

Module 4 Part-2

The document discusses the importance of Socket Layer Security (SSL) in web security, highlighting its role in protecting against various threats such as integrity, confidentiality, and denial of service. It explains the architecture of SSL, including the SSL connection and session, as well as the protocols involved in ensuring message confidentiality and integrity. Additionally, the document outlines potential attacks on SSL, including Man-in-the-Middle and Padding Oracle attacks, emphasizing the need for robust security mechanisms.

Uploaded by

1rn22cy036.shreyaacharya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Socket Layer Security

Web Security
 Web now widely used by business, government,
individuals
 but Internet & Web are vulnerable
 Passive attacks & Active attacks
 have a variety of threats
 integrity
 confidentiality
 denial of service
 authentication
 need added security mechanisms
Web Traffic Security Approaches
SSL (Secure Socket Layer)
 transport layer security service
 originally developed by Netscape
 version 3 designed with public input
 subsequently became Internet standard known as TLS
(Transport Layer Security)
 uses TCP to provide a reliable end-to-end service
 SSL has two layers of protocols
SSL Architecture
 SSL connection
 a transient, peer-to-peer, communications link
 associated with 1 SSL session
 SSL session
 an association between client & server
 created by the Handshake Protocol
 define a set of cryptographic parameters
 may be shared by multiple SSL connections
SSL Architecture
SSL Record Protocol Services
 confidentiality
 using symmetric encryption with a shared secret key
defined by Handshake Protocol
 AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-
40, RC4-128
 message is compressed before encryption
 message integrity
 using a MAC with shared secret key
 similar to HMAC but with different padding
SSL Record Protocol Operation
SSL Change Cipher Spec Protocol
 one of 3 SSL specific protocols which use the SSL
Record protocol
 a single message
 causes pending state to become current
 hence updating the cipher suite in use
SSL Alert Protocol
 conveys SSL-related alerts to peer entity
 severity
 warning or fatal
 specific alert
 fatal: unexpected message, bad record mac, decompression
failure, handshake failure, illegal parameter
 warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked, certificate
expired, certificate unknown
 compressed & encrypted like all SSL data
Level:
•Warning (1):
•Indicates a non-critical issue that doesn't necessarily require immediate termination of the
connection. The connection can continue, though the issue should be addressed.
•Fatal (2):

•Indicates a critical error that requires the immediate termination of the connection.

Alert:
•Each alert message consists of two bytes: the Alert Level (1 byte) and the Alert Description (1
byte).
•The Alert Description specifies the reason for the alert (e.g., certificate expired, bad record
mac, close notify).
•Alert messages are encrypted and compressed within the SSL Record Protocol.
SSL Handshake Protocol
 allows server & client to:
 authenticate each other
 to negotiate encryption & MAC algorithms
 to negotiate cryptographic keys to be used
 comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
•Type:
•This field identifies the specific type of message being exchanged during the
handshake. It's a single byte, with different values corresponding to different
message types like "Client Hello," "Server Hello," "Certificate," "Server Key
Exchange," "Client Key Exchange," and "Finished".
•Length:
•This field specifies the length of the handshake message, excluding the "Type" and
"Length" fields themselves. It's a three-byte value, allowing for a message length of
up to 2^16 -1 bytes.
•Content:
•This field contains the actual data and parameters associated with the specific
handshake message type. The content can vary significantly depending on the type
of message. For example, a "Client Hello" message will contain information about
the client's supported SSL/TLS versions, cipher suites, compression methods, and
random values. A "Server Hello" message will include the server's chosen version,
cipher suite, and random values. The "Certificate" message will contain the server's
certificate.
SSL
Handshake
Protocol
Attacks on Handshake Protocol
• Man-in-the-Middle (MITM) Attacks: Exploit poor or missing certificate validation
to intercept communication.
• Downgrade Attacks: Trick clients and servers into using weaker protocols like SSL
3.0 (e.g., SSL stripping).

: Attacks on Record and Application Data Protocols


• Padding Oracle Attacks: Exploit flaws in CBC mode padding to decrypt messages
(e.g., POODLE).
• Compression Attacks: Use response size to infer secret data (e.g., CRIME and
BREACH attacks).
Attacks on PKI (Public Key Infrastructure)
• Rogue Certificate Authorities (CAs): Compromised or malicious CAs can issue
valid-looking but fake certificates.
• Weak Revocation Mechanisms: Systems often fail to check or respect revoked
certificates.

Other SSL/TLS Attacks


• Heartbleed: A vulnerability in OpenSSL's heartbeat extension leaks server memory,
including private keys.
• Side-Channel Attacks: Use timing, power usage, or cache behavior to extract
cryptographic keys.

You might also like