1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
SSL basics and SSL packet analysis using wireshark
1. SSL BASICS AND SSL
PACKET ANALYSIS USING
WIRESHARK
Presented by
Md. Al Imran
M.Sc in MISS
CEH, ISO 27001 LA
2. YOU WILL LEARN
Definition of SSL
Components of SSL
How SSL works
Packet capturing and analysis using Wireshark
Concepts about Digital Signature, PKI, Digital
Envelope, Digital Certificate
PreparedbyMd.AlImran
2
3. WHAT IS SSL
Secure communication protocol
Between client(browser) and server
Securing any transmission over TCP
HTTPS is an application of SSL
We can tell it HTTP over SSL
PreparedbyMd.AlImran
3
7. RECORD LAYER (CONTD..)
Collects all messages from Alert,
ChangeCipherSpec, Handshake and application
protocol messages
Format them, formatting provides
a header of each message
Add Message Authentication Code(MAC) at the end
Five bytes header
Protocol message follow the header no longer
that 16384 bytes
PreparedbyMd.AlImran
7
8. RECORD LAYER (CONTD..)
Header contains
Protocol definition(1 byte): indicated which higher
layer protocol is contained
Version(2 byte): SSL protocol version
Length(2 byte): length of higher layer protocol
message
PreparedbyMd.AlImran
8
10. ALERT PROTOCOL
Sends errors, problems, warning about the
connection between client and server
Layer is formed with two fields
Severity level: 1 means warning, 2 means fatal error
Alert description:
Close notify, no certificate, bad certificate, BadRecordMAC,
handshake failure etc
PreparedbyMd.AlImran
10
11. HANDSHAKE PROTOCOL
Establish a handshake which begins secure
communication between client and server
The following steps shows how handshake is
established
PreparedbyMd.AlImran
11
13. HANDSHAKE PROTOCOL (CONTD..)
ClientHello
5 components of the message
Version: which SSL version client supports
Random number: 32 byte for cryptographic
calculation, with (4 byte)time & date at the last
Session ID: empty
Cipher suites: exact algorithm(DES, AES,
3DES,RC4,MD5,SHA-1), key size
Compression method: compression before encryption
PreparedbyMd.AlImran
13
14. HANDSHAKE PROTOCOL (CONTD..)
ServerHello
Server takes the decision
Version: determines SSL version to be used
Random number: 32 byte for cryptographic
calculation, with (4 byte)time & date at the last,
avoid replay attack
Session ID: specific session ID
Cipher suites: selects exact, key size to be used
Compression method: select exact compression
method
PreparedbyMd.AlImran
14
15. HANDSHAKE PROTOCOL (CONTD..)
ServerkeyExchange
Sends public key information(Digital Certificate) of
itself according to selected ciphersuite
ServerHelloDone
Has finished negotiation message.
Very important for client to move next state
PreparedbyMd.AlImran
15
16. HANDSHAKE PROTOCOL (CONTD..)
ClientkeyExchange
Client sends his key information.
Premaster-secret encrypted using servers public key
which is called “Digital Envelope”
Server and client generate master-secret and session
key based on premaster-secret
Prevent Man-in-the-Middle attack
Server decrypt it using his private key that ensures
server authentication
PreparedbyMd.AlImran
16
17. HANDSHAKE PROTOCOL (CONTD..)
ChangeCipherSpec
Both client and server sends this message
Begin using agreed upon security services
Finished
Both client and server sends this final message
Both ends verify negotiation is successful
Encrypted and hashed message(ensures intigrity)
Ensures 3 points
Key information
Contents of all previous SSL handshake messages exchanged
by the systems
A special value indicating whether the sender is a client or
server
PreparedbyMd.AlImran
17
23. DIGITAL CERTIFICATE
It’s a component of PKI
Why PKI?
Electronic passport
Allows client to exchange information securely
over the Internet using PKI
Contains public key and identity of the public key
holder
Contains serial no., valid duration, version,
algorithm, digital signature of the CA to verify
that certificate is real
Provides sender authentication
Issued by trusted CA
PreparedbyMd.AlImran
23
27. DIGITAL SIGNATURE
Digitally signed document
Process of ensuring sender authentication,
message integrity and non-repudiation
PreparedbyMd.AlImran
27
29. DIGITAL ENVELOPE
Secure data container
Message is encrypted using a secret
key(symmetric encryption)
Secret key is encrypted using recipients public
key(public key encryption)
PreparedbyMd.AlImran
29