Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Published byFerdinand Jesse Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications."— Presentation transcript:

1 Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications in Internet –E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

2 Lecture 10 Page 2 CS 236 Online The Basics of SSL Usually a client/server operation Client contacts server A negotiation over authentication, key exchange, and cipher takes place Authentication is performed and key agreed upon Then all packets are encrypted with that key and cipher at application level

3 Lecture 10 Page 3 CS 236 Online Common Use Server authenticates to client using an X.509 certificate –Typically, client not authenticated Though option allows it Client provides material to server to derive session key Client and server derive same session key, start sending encrypted packets

4 Lecture 10 Page 4 CS 236 Online Crypto in TLS/SSL Several options supported RSA or elliptic curve for PK part AES, DES, 3DES, or others for session cryptography Not all are regarded as still secure Chosen by negotiation between client and server

5 Lecture 10 Page 5 CS 236 Online Use of SSL/TLS The core crypto for web traffic Commonly used for many other encrypted communications Used in all major browsers Usually not part of OS per se –But all major OSes include libraries or packages that implement it

6 Lecture 10 Page 6 CS 236 Online Security Status of SSL/TLS Kind of complex SSL is not very secure Early versions of TLS not so secure Later versions of TLS fairly secure –Depending on cipher choice Recent chosen-plaintext attacks shown to work on all versions –In special circumstances

7 Lecture 10 Page 7 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts of the US How can you have secure cooperation between them? Could use leased lines, but...

8 Lecture 10 Page 8 CS 236 Online Encryption and Virtual Private Networks Use encryption to convert a shared line to a “private line” Set up a firewall at each installation’s network Set up shared encryption keys between the firewalls Encrypt all traffic using those keys

9 Lecture 10 Page 9 CS 236 Online Actual Use of Encryption in VPNs VPNs run over the Internet Internet routers can’t handle fully encrypted packets Obviously, VPN packets aren’t entirely encrypted They are encrypted in a tunnel mode –Often using IPSec Gives owners flexibility and control

10 Lecture 10 Page 10 CS 236 Online Key Management and VPNs All security of the VPN relies on key secrecy How do you communicate the key? –In early implementations, manually –Modern VPNs use IKE or proprietary key servers How often do you change the key? –IKE allows frequent changes

11 Lecture 10 Page 11 CS 236 Online VPNs and Firewalls VPN encryption is typically done between firewall machines –VPN often integrated into firewall product Do I need the firewall for anything else? Probably, since I still need to allow non-VPN traffic in and out Need firewall “inside” VPN –Since VPN traffic encrypted –Including stuff like IP addresses and ports –“Inside” can mean “later in same box”

12 Lecture 10 Page 12 CS 236 Online VPNs and Portable Computing Increasingly, workers connect to offices remotely –While on travel –Or when working from home VPNs offer a secure solution –Typically as software in the portable computer Usually needs to be pre-configured

13 Lecture 10 Page 13 CS 236 Online VPN Deployment Issues Desirable not to have to pre-deploy VPN software –Clients get access from any machine Possible by using downloaded code –Connect to server, download VPN applet, away you go –Often done via web browser –Leveraging existing SSL code –Authentication via user ID/password –Implies you trust the applet... Issue of compromised user machine

Download ppt "Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS682 – Network Management and Security Session 7.

CS682 – Network Management and Security Session 7.
Virtual Private Networking Karlene R. Samuels COSC513.

Virtual Private Networking Karlene R. Samuels COSC513.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Remote Networking Architectures

Remote Networking Architectures
Securing Insecure Networks SSL/TLS & IPSec. 4-1: Cryptographic System Copyright Pearson Prentice-Hall 2010 2.

Securing Insecure Networks SSL/TLS & IPSec. 4-1: Cryptographic System Copyright Pearson Prentice-Hall

Similar presentations

Ads by Google