How To Apply Openssl For The Implementation of Tls 1.2
How To Apply Openssl For The Implementation of Tls 1.2
How To Apply Openssl For The Implementation of Tls 1.2
Interoperabilit
Extensibility.
y
The problem statement
The TLS protocol enhances communications and its security over the Web. The protocol allows
client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering,
or message forgery.
OpenSSL is a free, full-featured SSL implementation currently available
Open SSL
for use with the C and C++ programming languages. OpenSSL is
essentially two tools in one: a cryptography library and an SSL toolkit.
Certificate in TLS
SSL/TLS X.509 certificates are digital files that are used for Secure Sockets Layer (SSL) or Transport
Layer Security (TLS). An SSL/TLS certificate is one of the most popular types of X.509 certificates or a
type of public-key certificate which uses the X.509 standard. X.509 certificates contain a public key and the
identity of a hostname, organization, or individual.
.
Handshake Protocol
The cryptographic parameters of the session state are International Journal of Advanced Computer produced
by the TLS Handshake Protocol which uses messages to negotiate the cipher suite and authenticate the
server to the client and to exchange information for building the cryptographic secrets.
Handshake Protocol:
TLS 1.2 protocol contains improved flexibility, particularly in negotiation of cryptography algorithms.
Cipher-Suite specific hash algorithms as an option were introduced in SHA-256 which replaced MD5-
SHA-1 in the finished message.
RC2 Ancient and insecure Rivest Cipher v2, with 40 bit keys.
1) Error management:
2) Traffic control:
3) End-to-End Encryption:
Functional and Non-Functional
requirements
Non-Functional requirements:
1) Security.
2) Performance.
3) Reliability.
4) Usability.
5) Maintainability.
6) Concurrency.
Implementation
1)Initializing the OpenSSL Library
Int SSL_Library_init(void)
2)We’ll define constructor for the SSLv2 using SSL_METHOD structure for combined client and server
*SSLv23_method(void)
3)SSL_CTX object is created as a framework to establish TLS/SSL connection.
SSL_CTX_NEW(SSL_METHOD* method)
imp=accept(s,(structsockaddr*)&form,(void*)&len);
5)We create a new SSL Structure which is needed to hold the data for a TLS/SSL connection. This is also called
context structure.
SSL_CTX_use_certificate_chainfile(ctx,keyfile);
SSL_CTX_usecertificate_file(ctx,keyfile,SSL_FILETYPE_PEM);
7)We also need to set the descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl, fd will
typically be the socket file descriptor of a network connection.
9)After calling the fd descriptor it checks whether it’s a client or server application
DROWN Attacks:
Research
Cross-protocol DROWN attack that uses an
Issues SSLv2 server as an oracle to efficiently decrypt
TLS connections. The attacker learns the
session key for targeted TLS connections but
does not learn the server’s private RSA key.
Literature Survey
The below links have been used for research of our concerned work:
A Survey on TLS 1.0 By Jim Roskind,Michael Sabin,Dan Simon,Tom Weinstein & Tim Wright.
Cryptographic Strength of SSL/TLS Servers: Current and Recent Practices By Homin K. Lee ,Tal Malkin &Erich
Nahum.
Lessons Learned From Previous SSL/TLS Attacks A Brief Chronology Of Attacks And Weaknesses By
Christopher Meyer & Jorg Schwenk.
A Comprehensive Survey on SSL/ TLS and their Vulnerabilities By Ashutosh Satapathy &Jenila Livingston L.
M.
Thank you.