Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
service
Impressum
Datenschutz
Haftungsausschluss
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
Greater London Linux...
Category...
ZOO Digital Group
List of computer and...
CeCILL
Ipconfig
Category titles/Archive 4
recommendation
Freenet DSL
Who's Online
12 user(s) are online (10 user(s) are browsing encyclopedia)

Members: 0
Guests: 12

more...
partner

Transport Layer Security

Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide security communications on the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term SSL as used here applies to both protocols unless clarified by context.

=Description=

SSL provides endpoint authentication and information security over the Internet using Cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires Public key infrastructure deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery. SSL involves a number of basic phases:

  • Peer negotiation for algorithm support
  • Public key-based key exchange and certificate-based authentication
  • symmetric key-based traffic encryption

    • During the first phase, the client and server negotiate which cryptographic algorithms will be used. Current implementations support the following choices:

  • for public-key cryptography: RSA, Diffie-Hellman, Digital_Signature_Algorithm or Fortezza;
  • for symmetric ciphers: RC2, RC4 (cipher), International Data Encryption Algorithm, Data Encryption Standard, Triple DES or Advanced Encryption Standard;
  • for one-way hash functions: MD5 or SHA family.

    • =How it works=

    The SSL protocol exchanges records; each record can be optionally compressed, encrypted and packed with a Message authentication code (Message Authentication Code). Each record has a content_type field that specifies which upper level protocol is being used.

    When the connection starts, the record level encapsulates another protocol, the handshake protocol, which has content_type 22.

    The client sends and receives several handshake structures:

  • It sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. It also sends random bytes which will be used later.

  • Then it receives a ServerHello , in which the server chooses the connection parameters from the choices offered by the client earlier.

  • When the connection parameters are known, client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there s also a draft specifying the use of OpenPGP ones.

  • The server can request a certificate from the client, so that the connection can be mutually authenticated.

  • Client and server negotiate a common secret called master secret . All other key data is derived from this secret (and the client- and server-generated random values), which is passed through a carefully designed Pseudo Random Function .

    • TLS has a variety of security measures:

  • Numbering all the records and using the sequence number in the MACs.
  • Using a message digest enhanced with a key (so only with the key can you check the MAC). This is specified in RFC 2104).
  • Protection against several known attacks (including man in the middle attack), like those involving a downgrade of the protocol to previous (less secure) versions, or weaker cipher suites.
  • The message that ends the handshake ( Finished ) sends a hash of all the exchanged data seen by both parties.
  • The pseudo random function splits the input data in 2 halves and processes them with different hashing algorithms (MD5 and SHA), then XORs them together. This way it protects itself in the event that one of these algorithms is found vulnerable.

    • =Applications=

    SSL runs on layers beneath application protocols such as HTTP, SMTP and Network News Transfer Protocol and above the Transmission Control Protocol transport protocol, which forms part of the Internet protocol suite protocol suite. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce. It uses public key certificates to verify the identity of endpoints.

    While an increasing number of client and server products can support SSL natively, many still do not. In these cases, a user may wish to use standalone SSL products like Stunnel to provide encryption. However, the IETF recommended in 1997 that application protocols offer a way to upgrade to TLS from a plaintext connection, rather than use a separate port for encrypted communications - this prevents use of wrappers such as Stunnel.

    SSL can also be used to tunnel an entire network stack to create a Virtual Private Network, as is the case with OpenVPN.

    =History and development=

    Developed by Netscape Communications Corporation, SSL version 3.0 was released in 1996, which later served as a basis to develop TLS version 1.0, an IETF standard protocol first defined in RFC 2246. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet.

    SSL operates in modular fashion: its authors designed it for extendability, with support for forwards and backwards compatibility and negotiation between peer-to-peers.

    ==Early weak keys==

    Some early implementations of SSL could use a maximum of only 40-bit encryption symmetric keys because of United States of America government restrictions on the Export of cryptography. The US government explicitly imposed a 40-bit keyspace small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of changes in the market availability of better cryptographic products produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away. Modern implementations use 128-bit (or longer) keys for symmetric key ciphers.

    =Standards=

    The first definition of TLS appeared in RFC 2246: The TLS Protocol Version 1.0 .

    Other Request for commentss subsequently extended TLS, including:

  • RFC 2712: Addition of Kerberos (protocol) Cipher Suites to Transport Layer Security (TLS) . The 40-bit ciphersuites defined in this memo appear only for the purpose of documenting the fact that those ciphersuite codes have already been assigned.
  • RFC 2817: Upgrading to TLS Within HTTP/1.1 , explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443).
  • RFC 2818: HTTP Over TLS , distinguishes secured traffic from insecure traffic by the use of a different server port .
  • RFC 3268: AES Ciphersuites for TLS . Adds Advanced Encryption Standard (AES) ciphersuites to the previously existing symmetric ciphers.
  • RFC 3546: Transport Layer Security (TLS) Extensions , adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions.

    • =TLS 1.1=

    TLS 1.1 is the next generation of the TLS protocol. TLS 1.1 is currently a draft and is expected to be published as RFC late 2005. A Last Call , one of the last steps in the RFC process, was issued August 19, 2004. TLS 1.1 clarifies some ambiguities and adds a number of recommendations. TLS 1.1 is very similar to TLS 1.0. Main reason for the new version number is a modified format for the encrypted packages, which is done to protect against a certain form of attack. TLS 1.1 is currently supported by Opera_(web_browser) and GnuTLS.

    = See also =

  • SSL acceleration
  • OpenSSL: a free (and very popular) implementation.
  • .
  • Datagram Transport Layer Security
  • VeriSign
  • Thawte
  • X.509

    • = External links =

  • [http://www.ietf.org/html.charters/tls-charter.html The IETF TLS Workgroup]
  • RFC 2246 - The TLS Protocol, Version 1.0
  • [http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-13.txt The TLS Protocol, Version 1.1 - Draft 13]
  • [http://wp.netscape.com/eng/ssl3/ SSL 3.0 specification]
  • [http://www.ssl-forum.com SSL Security Forum]
  • [http://www.gnu.org/software/gnutls/manual/index.html The GNU Transport Layer Security Library] implements both SSL and TLS
  • [http://www.mozilla.org/projects/security/pki/nss/ Mozilla s Network Security Services (NSS)] is dual-licensed under the MPL and the GPL

    • =References=

  • David Wagner and Bruce Schneier, Analysis of the SSL 3.0 Protocol, The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp29–40.
    		•