#MoreCrypto : Introduction to TLS

TLS in five minutes#MeraKrypto

@oej * oej@edvina.net

Identity

Security basics.

Confidentiality

Authorization

Integrity

Non-repudiation

TLS basics in a minute• TLS use a keypair to set up a secure connection

• Assymetric encryption

• The server sends the public key at connection

• The client challenges the server

• The server responds to the challenge using the server private key

• Now the client knows that the server has the private key that matches the public key

private

TLS Usage• TLS is used for

• authentication of servers and clients

• initiating encryption of a session

• digital signatures on messages to ensure integrity and provide authentication

Authentication Who are you? Prove it!

Encryption Providing confidentiality

Integrity Making sure that the receiver get what the

sender sent

Adding a certificate to the mix

• A certificate is nothing more complicated than a passport or an ID card

• It contains the public key and some administrative data

• And is signed (electronically) by someone you might trust ... or not.

• This is part of the complex structure called PKI, which you might want or just disregard

• A PKI is not needed to get encryption for the signalling path!

• You can however use a PKI to only set up connections that you trust

The X.509v3 certificate• An X.509 certificate is the standardised way to

bind a public key to an identity • The certificate is issued by a

Certification Authority (CA)

• The most important component of the PKI?

• An X.509 certificate is an electronic document with a specific layout

!

• Standard: documented in IETF PKIX RFC:s

Version

Serial number

Issuer identity

Validity period

User identity

Public key

Extension fields

X509.v3contents

• Version number

• Certificate serial numberUsed for validation

• Identity of the issuer • Validity period • Identity of the public key owner • Public key • Extension fields • A digital signature, created by the issuer

InternetExplorer

CertificateManager

SIP certificates• SubjectAltName contains a list of identities that

are valid for this certificate

• draft-ietf-certs outlines a SIP event package to distribute and manage certificates

• This is based on the Authentication Service in SIP identity (RFC 4474)

• The domain cert is used to sign the NOTIFY payload

x.509 cert for SIPCertificate: Data: Version: 3 (0x2) Serial Number: 01:08:00:79:00:15:00:43 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=Sipit Test Certificate Authority Validity Not Before: Sep 16 17:17:00 2009 GMT Not After : Sep 15 17:17:00 2012 GMT Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc: a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d: 30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43: 64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05: 20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed: 2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df: 65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18: b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54: 54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60: 30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6: cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2: 86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4: a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78: 66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed: a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b: 24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40: 5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2: 2d:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30 Signature Algorithm: sha1WithRSAEncryption 1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96: f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c: 74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a: 15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74: 56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a: fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4: 46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee: eb:7e

Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net

X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net

Process for a serverGenerate

KeysPack public key

in CSR

Send CSRto CA

CA validateprocess

CA issues Certificate

Install certin server withprivate key

Client connectionOpen TCPconnection

Server sendscertificate

Clientchallenge server

Server answerschallenge

Client validatescertificate

Server can issue cert request

Client and server produce session key

Symmetric encryption starts

Protocol specifics

• Given a protocol request - how do we match the request address to a certificate

• SIP Uri, E-mail address, HTTPS uri

User specifics

• Which CAs do we trust?

• How do we check validity of certificate, even if we trust the CA?

• Do we have time for validation?

New solutions

• Anchoring the certificate in DNS

• Validating the certificate in DNS

• No certificate - bare keys

• Oppurtunistic Security with TLS