Web Security

(TRANSPORT-LEVEL SECURITY)
Secure Socket Layer
Transport Layer Security
 Web Security
◆ Secure Socket Layer (SSL) provides security
services between TCP and applications that use TCP.
The Internet standard version is called Transport Layer
Service (TLS).
◆ SSL/TLS provides confidentiality using symmetric
encryption and message integrity using a message
authentication code.
◆ SSL/TLS includes protocol mechanisms to enable
two TCP users to determine the security mechanisms
and services they will use.
 1. SECURE SOCKET LAYER
Two important SSL concepts are the SSL session and the SSL
connection, which are defined in the specification as follows.
• Connection: A connection is a transport (in the OSI layering
model definition) that provides a suitable type of service. For
SSL, such connections are peer-to-peer relationships. The
connections are transient. Every connection is associated
with one session.
• Session: An SSL session is an association between a client
and a server. Sessions are created by the Handshake
Protocol. Sessions define a set of cryptographic security
parameters which can be shared among multiple
connections
 session state
A session state is defined by the following
parameters.
• Session identifier
• Peer certificate
• Compression method
• Cipher spec
• Master secret
• Is resumable
 connection state
• A connection state is defined by the following
parameters.
– Server and client random
– Server write MAC secret
– Client write MAC secret
– Server write key
– Client write key
– Initialization vectors
– Sequence numbers
SSL Architecture
 SSL Record Protocol
The SSL Record Protocol provides two services
for SSL connections:
• Confidentiality: The Handshake Protocol
defines a shared secret key that is used for
conventional encryption of SSL payloads.
• Message Integrity: The Handshake Protocol
also defines a shared secret key that is used to
form a message authentication code (MAC).
SSL Record Protocol Operation
 SSL Record Protocol header
• Content Type (8 bits): The higher-layer
protocol used to process the enclosed fragment.
• Major Version (8 bits): Indicates major version
of SSL in use. For SSLv3, the value is 3.
• Minor Version (8 bits): Indicates minor version
in use. For SSLv3, the value is 0.
• Compressed Length (16 bits): The length in
bytes of the plaintext fragment (or compressed
fragment if compression is used)
SSL Record Format
SSL Record Protocol Payload
 Alert Protocol Messages
If it is fatal:
• unexpected_message
• bad_record_mac
• decompression_failure
• handshake_failure
• illegal_parameter
If it is warning:
• close_notify
• no_certificate
• bad_certificate
• unsupported_certificate
• certificate_revoked
• certificate_expired
• certificate_unknown:
Handshake Protocol
 2. TRANSPORT LAYER SECURITY
• Version Number
• Message Authentication Code
• Pseudorandom Function
• Alert Codes
• Cipher Suites
• Client Certificate Types
• Cryptographic Computations
• Padding
Pseudorandom Function
 Alert Codes

• No certificate (not available)

• record_overflow
• unknown_ca
• access_denied
• decode_error
• protocol_version
• insufficient_security
• unsupported_extension
• internal_error
• decrypt_error