Scribd
Upload
128 views

Fall2012 DVGC19 Websec Ge PDF

The document discusses Web security topics including spoofing, TLS, and DNS. It provides details on the SSL/TLS handshake protocol, including the steps of negotiating algorithms, optionally authenticating clients and servers through digital certificates, establishing a shared secret through public keys, changing cipher specs, and finishing with hashes. It also describes how SSL encryption works by generating a master secret from premaster secrets then deriving key material and encryption keys. The SSL record protocol format is outlined. Finally, it mentions how alerts are used to notify the other side of exceptions or errors.

Uploaded by

abdel_lak
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
128 views

Fall2012 DVGC19 Websec Ge PDF

The document discusses Web security topics including spoofing, TLS, and DNS. It provides details on the SSL/TLS handshake protocol, including the steps of negotiating algorithms, optionally authenticating clients and servers through digital certificates, establishing a shared secret through public keys, changing cipher specs, and finishing with hashes. It also describes how SSL encryption works by generating a master secret from premaster secrets then deriving key material and encryption keys. The SSL record protocol format is outlined. Finally, it mentions how alerts are used to notify the other side of exceptions or errors.

Uploaded by

abdel_lak
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Web security

(Spoofing & TLS & DNS)

Ge Zhang

SSL Architecture
SSL &an sha'e !rotoco" SSL -hange -ipher Spec( !rotoco" SSL Recor !rotoco" T-! )! SSL A"ert !rotoco" &TT!/ etc(

Recor !rotoco"# $essage encryption%authentication &an sha'e !(# ) entity authentication & 'ey e*change A"ert !(# +rror notification (cryptographic or other,ise) -hange -ipher !(# Acti.ate the pen ing crypto suite

SSL &an sha'e !rotoco"


T,o parties# c"ient an ser.er Negotiate .ersion of the protoco" an the set of cryptographic a"gorith0s to be use
1 )nteroperabi"ity bet,een ifferent i0p"e0entations of the protoco"

Authenticate c"ient an ser.er (optiona")


1 2se igita" certificates to "earn each other3s pub"ic 'eys an .erify each other3s i entity

2se pub"ic 'eys to estab"ish a share secret

&an sha'e !rotoco" (4)


-"ient5he""o# .ersion/ ran o0/ session i / cipher suite/ co0pression 0etho Ser.er5he""o# .ersion/ ran o0/ session i / cipher suite/ co0pression 0etho
Client
Client_hello Server_hello

Server

&an sha'e !rotoco" (6)


-ertificate# 7(89: certificate chain Ser.er5'ey5e*change# para0eters/ signature -ertificate5re;uest# type/ authorities Ser.er5he""o5 one# nu""
Client
Client_hello Server_hello C ertificate change Server_key_ex quest Certificate_re one Server_hello_d

Server

&an sha'e !rotoco" (<)


-ertificate# 7(89: certificate chain -"ient5'ey5e*change# para0eters/ signature -ertificate5.erify# signature
Client
Client_hello Server_hello C ertificate change Server_key_ex quest Certificate_re one Server_hello_d Certificate

Server

Client_key_e xchange Certificate_ve rify

&an sha'e !rotoco" (=)


-hange5cipher5spec# a sing"e 0essage/ ,hich consists of a sing"e byte ,ith .a"ue 4( >inishe # hash .a"ue
Client
Client_hello Se rver_hello Certificate xchange Se rver_k ey_e equest Certifica te _r done Server_hello_ Certificate C lient_key_ex change Certifica te_ve rify Change_ciphe r_ spec Finished er_sp Change_ciph Finished ec

Server

SSL +ncryption
$aster secret
1 Generate by both parties fro0 pre0aster secret an ran o0 .a"ues generate by both c"ient an ser.er

?ey 0ateria"
1 Generate fro0 the 0aster secret an share ran o0 .a"ues

+ncryption 'eys
1 +*tracte fro0 the 'ey 0ateria"

SSL Recor !rotoco"

Content Ma'or type version

Minor (engt version h

Data (optionally compressed)

M C (!"#$" or %! &ytes)

A"erts an -"osure
A"ert the other si e of e*ceptions
1 1 1 1 1 1 2ne*pecte 0essage @a recor 0ac &an sha'e fai"ure )""ega" para0eter @a certificate A

6 "e.e"s
1 Warning 1 fata"

You might also like