System and method for innovative management of transport layer security session tickets in a network environment

US 9,026,784 B2
Filed: 01/26/2012
Issued: 05/05/2015
Est. Priority Date: 01/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a transport layer security (TLS) session between a client and a server;

parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session;

computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name;

computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket;

assigning the incrementally-produced hash value of the session ticket to a session token; and

managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.

72 Citations

View as Search Results

20 Claims

1. A method, comprising:
- identifying a transport layer security (TLS) session between a client and a server;
  
  parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session;
  
  computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name;
  
  computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket;
  
  assigning the incrementally-produced hash value of the session ticket to a session token; and
  
  managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a size of the session ticket is between 32 bytes and 64 Kbytes.
  - 3. The method of claim 1, wherein a hashing algorithm used in the computing the first hash value and the computing the second hash value is chosen from a group consisting of:
    - GOST, MD5, SHA-1, SHA-256, RIPEMD-160, and WHIRLPOOL.
  - 4. The method of claim 1, wherein the managing comprises mapping the TLS session to previous sessions using the session token.
  - 5. The method of claim 1, further comprising:
    - incrementally computing hash values for portions of the session ticket in subsequent TLS protocol records of the plurality of TLS protocol records, until all portions of the session ticket have been processed.
  - 6. The method of claim 1, wherein the session ticket includes at least one of a group consisting of:
    - a protocol version, a cipher suite, a compression method, a master secret, and a client identity.
  - 7. The method of claim 1, wherein the session ticket includes an initialization vector and a message authentication code based on the initialization vector.

8. An apparatus, comprising:
- a memory element configured to store instructions; and
  
  at least one processor operable to execute the instructions and configured toidentify a transport layer security (TLS) session between a client and a server;
  
  parse a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session;
  
  compute a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name;
  
  compute a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket;
  
  assign the incrementally-produced hash value of the session ticket to a session token; and
  
  manage the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein a size of the session ticket is between 32 bytes and 64 Kbytes.
  - 10. The apparatus of claim 8, wherein a hashing algorithm used in computing the first hash value and the second hash value is chosen from a group consisting of:
    - GOST, MD5, SHA-1, SHA-256, RIPEMD-160, and WHIRLPOOL.
  - 11. The apparatus of claim 8, wherein the at least one processor is configured to use the session token to map the TLS session to previous sessions using the session token.
  - 12. The apparatus of claim 8, wherein the session ticket includes at least one of a group consisting of:
    - a protocol version, a cipher suite, a compression method, a master secret, and a client identity.
  - 13. The apparatus of claim 8, wherein the session ticket includes an initialization vector and a message authentication code based on the initialization vector.

14. Logic, encoded in non-transitory media, that includes code for execution and, when executed by a processor, is operable to perform operations comprising:
- identifying a transport layer security (TLS) session between a client and a server;
  
  parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session;
  
  computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name;
  
  computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket;
  
  assigning the incrementally-produced hash value of the session ticket to a session token; and
  
  managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The logic of claim 14, wherein a size of the session ticket is between 32 bytes and 64 Kbytes.
  - 16. The logic of claim 14, wherein a hashing algorithm used in the computing the first hash value and the computing the second hash value is chosen from a group consisting of:
    - GOST, MD5, SHA-1, SHA-256, RIPEMD-160, and WHIRLPOOL.
  - 17. The logic of claim 14, wherein the managing comprises mapping the TLS session to previous TLS sessions using the session token.
  - 18. The logic of claim 14, the operations further comprising:
    - incrementally computing hash values for portions of the session ticket in subsequent TLS protocol records of the plurality of TLS protocol records, until all portions of the session ticket have been processed.
  - 19. The logic of claim 14, wherein the session ticket includes at least one of a group consisting of:
    - a protocol version, a cipher suite, a compression method, a master secret, and a client identity.
  - 20. The logic of claim 14, wherein the session ticket includes an initialization vector and a message authentication code based on the initialization vector.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Buruganahalli, Shivakumar, Vissamsetty, Venu
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US13/358,836
Publication Number

US 20130198509A1
Time in Patent Office

1,195 Days
Field of Search

713/151, 713/176, 713/150
US Class Current

713/151
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/1408   by monitoring network traff...

H04L 63/1466   Active attacks involving in...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 67/146   Markers for unambiguous ide...

H04L 9/3242   involving keyed hash functi...

H04L 9/50   using hash chains, e.g. blo...

System and method for innovative management of transport layer security session tickets in a network environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for innovative management of transport layer security session tickets in a network environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links