Upload
olle-e-johansson
View
539
Download
0
Embed Size (px)
DESCRIPTION
A very brief introduction to TLS, delivered at the #MeraKrypto event in Stockholm April 29th, 2014.
Citation preview
TLS in five minutes#MeraKrypto
@oej * [email protected]
Identity
Security basics.
Confidentiality
Authorization
Integrity
Non-repudiation
TLS basics in a minute• TLS use a keypair to set up a secure connection
• Assymetric encryption
• The server sends the public key at connection
• The client challenges the server
• The server responds to the challenge using the server private key
• Now the client knows that the server has the private key that matches the public key
private
TLS Usage• TLS is used for
• authentication of servers and clients
• initiating encryption of a session
• digital signatures on messages to ensure integrity and provide authentication
Authentication Who are you? Prove it!
Encryption Providing confidentiality
Integrity Making sure that the receiver get what the
sender sent
Adding a certificate to the mix
• A certificate is nothing more complicated than a passport or an ID card
• It contains the public key and some administrative data
• And is signed (electronically) by someone you might trust ... or not.
• This is part of the complex structure called PKI, which you might want or just disregard
• A PKI is not needed to get encryption for the signalling path!
• You can however use a PKI to only set up connections that you trust
The X.509v3 certificate• An X.509 certificate is the standardised way to
bind a public key to an identity • The certificate is issued by a
Certification Authority (CA)
• The most important component of the PKI?
• An X.509 certificate is an electronic document with a specific layout
!
• Standard: documented in IETF PKIX RFC:s
Version
Serial number
Issuer identity
Validity period
User identity
Public key
Extension fields
X509.v3contents
• Version number
• Certificate serial numberUsed for validation
• Identity of the issuer • Validity period • Identity of the public key owner • Public key • Extension fields • A digital signature, created by the issuer
InternetExplorer
CertificateManager
SIP certificates• SubjectAltName contains a list of identities that
are valid for this certificate
• draft-ietf-certs outlines a SIP event package to distribute and manage certificates
• This is based on the Authentication Service in SIP identity (RFC 4474)
• The domain cert is used to sign the NOTIFY payload
x.509 cert for SIPCertificate: Data: Version: 3 (0x2) Serial Number: 01:08:00:79:00:15:00:43 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=Sipit Test Certificate Authority Validity Not Before: Sep 16 17:17:00 2009 GMT Not After : Sep 15 17:17:00 2012 GMT Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc: a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d: 30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43: 64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05: 20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed: 2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df: 65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18: b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54: 54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60: 30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6: cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2: 86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4: a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78: 66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed: a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b: 24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40: 5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2: 2d:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30 Signature Algorithm: sha1WithRSAEncryption 1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96: f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c: 74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a: 15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74: 56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a: fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4: 46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee: eb:7e
Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net
X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
Process for a serverGenerate
KeysPack public key
in CSR
Send CSRto CA
CA validateprocess
CA issues Certificate
Install certin server withprivate key
Client connectionOpen TCPconnection
Server sendscertificate
Clientchallenge server
Server answerschallenge
Client validatescertificate
Server can issue cert request
Client and server produce session key
Symmetric encryption starts
Protocol specifics
• Given a protocol request - how do we match the request address to a certificate
• SIP Uri, E-mail address, HTTPS uri
User specifics
• Which CAs do we trust?
• How do we check validity of certificate, even if we trust the CA?
• Do we have time for validation?
New solutions
• Anchoring the certificate in DNS
• Validating the certificate in DNS
• No certificate - bare keys
• Oppurtunistic Security with TLS