Computer science assignment 3 | Computer Science homework help

Wireshark Lab:
SSL v8.0

SOLUTIONS

Supplement to Computer Networking: A Top-Down Approach,

8th ed., J.F. Kurose and K.W. Ross

“Tell me and I forget. Show me and I remember. Involve me and I

understand.” Chinese proverb

© 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved

A Look at the Captured Trace:

Captured SSL Packets

1. Details of the first 8 captured Ethernet frames (SSL) are listed in the following table:

Frame #

in Ethereal

Frame

#
Source Destination

# of SSL

Records
List of SSL Records

215 1 192.168.1.104 72.246.122.125 1 Client Hello

217 2 72.246.122.125 192.168.1.104 3

Server Hello

Certificate

Server Hello Done

218 3 192.168.1.104 72.246.122.125 3

Client Key Exchange

Change Cipher spec

Encrypted Handshake msg

219 4 72.246.122.125 192.168.1.104 2
Change Cipher spec

Encrypted Handshake msg

221 5 192.168.1.104 72.246.122.125 1 Application Data

224 6 72.246.122.125 192.168.1.104 1 Application Data

225 7 72.246.122.125 192.168.1.104 1 Application Data

227 8 72.246.122.125 192.168.1.104 1 Application Data

Details of the first 8 Ethernet Frames for SSL

Timing Diagram of the SSL Session

2. Each SSL record begins with the same three fields (content type, version, and length). The

values for each SSL record type are listed as follow:

Frame # SSL Record Types Content Type Version Length

1 Client Hello Handshake (22) TLS 1.0 (0x0301) 103

2 Server Hello Handshake (22) TLS 1.0 (0x0301) 74

Certificate Handshake (22) TLS 1.0 (0x0301) 989

Server Hello Done Handshake (22) TLS 1.0 (0x0301) 4

3 Client Key Exchange Handshake (22) TLS 1.0 (0x0301) 134

Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1

Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48

4 Change Cipher spec ChangeCipherSpec(20) TLS 1.0 (0x0301) 1

Encrypted Handshake msg Handshake (22) TLS 1.0 (0x0301) 48

5 Application Data Application Data (23) TLS 1.0 (0x0301) 1552

6 Application Data Application Data (23) TLS 1.0 (0x0301) 912

7 Application Data Application Data (23) TLS 1.0 (0x0301) 32

8 Application Data Application Data (23) TLS 1.0 (0x0301) 32

Client Hello Record

Expanded Client Hello Record

3. The value of the content type is Handshake (22) because this is handshake message type (as

shown above).

4. Yes, the Client Hello record contains a challenge and its value in HEX is

0xC074B51864D5EE04F9B547DFF3664597

5. Yes, Client Hello record advertises the cipher suite it supports, as shown below.

Client Hello Record’s Cipher specs

The first listed TLS (SSLv3) cipher spec (highlighted above) is: DHE and RSA (public-key

algorithms) with 256-bit CBC AES (symmetric-key) with SHA (hash algorithm).

Server Hello Record

Expanded Server Hello Record

6. Yes, this record specifies a cipher suite. The chosen suite is

TLS_RSA_WITH_AES_256_CBC_SHA (0x0035). In other words, RSA (public-key)

256-bit CBC AES (symmetric) and SHA (hash algorithm) are chosen.

7. Yes, this record includes a nonce, as known as Random.bytes, and it is 28 bytes long (as

highlighted above). The purpose of the client and server nonces in SSL is to prevent

attacker from replaying or reordering records.

8. Yes, this record includes a Session ID which is 32-bytes long. Its purpose is to allow

session resumption, which can significantly reduce the number of time-consuming server

handshake to crease a new session ID. In the Client Hello record, a nonzero session ID

means that the client to resume its previously established session; and a zero session ID

means that the client wishes to establish a new session with the server.

9. Yes, this record contains a certificate. The certificate is 982 bytes long, thus it can fit into

a single Ethernet frame.

Expanded Server Hello Record (2)

Client Key Exchange Record

Expanded Client Key Exchange Record

10. Yes, this record contains a pre-master secret (highlighted above). This encrypted

pre-master secret is decrypted at the server side and is used to produce a master secret.

Then this master secret is used to produces “key block”, which is then sliced and diced into

client MAC key, server MAC key, client encryption key, server encryption key, client IV

and serve IV. The secret is encrypted using server’s public key. The encrypted secret is

130-byte long.

Change Cipher Spec and Encrypted Handshake Records

Expanded Change Cipher Spec and Encrypted Handshake Records

11. The purpose of Change Cipher Spec is to indicate change in encryption and authentication

algorithms and to update the cipher suite to be used on this connection. This record is only

1 byte long in my trace.

12. The sender of this Encrypted Handshake Records and all handshake messages up to but not

including this message are encrypted in record. This information is concatenated and

hashed using two hash algorithms, MD5 and SHA. The content of this record is the

concatenation of these two hash values. The Encrypted Handshake Record is used to

verify that key exchange and authentication processes were successful.

13. Yes, the server also sends its own Change Cipher Spec and Encrypted Handshake records.

The only difference is the sender of this record; the sender is now the server while the

sender was the client in previous message.

Application Data Records

Expanded Application Data Record

14. The application data is encrypted using the specified algorithms in the chosen cipher suite;

in my case, RSA (public-key), 256-bit CBC AES (symmetric), and SHA (hash algorithm).

Yes, the records containing application data include a MAC; however, Ethereal does not

distinguish between the encrypted application data and the MAC.