Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Internet Security Protocols. Basic Concepts Static Web Pages  Figure 1: Static web Page Figure 1 Dynamic Web Pages: the contents can vary all.

Similar presentations


Presentation on theme: "Chapter 8 Internet Security Protocols. Basic Concepts Static Web Pages  Figure 1: Static web Page Figure 1 Dynamic Web Pages: the contents can vary all."— Presentation transcript:

1 Chapter 8 Internet Security Protocols

2 Basic Concepts Static Web Pages  Figure 1: Static web Page Figure 1 Dynamic Web Pages: the contents can vary all day depending on a number of parameters  Involves server-side programming.  Tools to create: CGI, ASP, JSP.  Figure 2: Dynamic web page Figure 2 Active Web Pages:  Figure 3: Active web page Figure 3  Java applet: small program sent to the browser along the HTML page

3 Basic Concepts (cont’d) Figure 1: Static Web Page

4 Basic Concepts (cont’d) Figure 2: Dynamic Web Page

5 Basic Concepts (cont’d) Figure 3: Active Web Page

6 Basic Concepts (cont’d)  ActiveX controls  Difference between Java applets and ActiveX controls An applet cannot write to the client’s hard disk, but an ActiveX controls has no such restrictions An applet is downloaded with an active web page, executed inside the browser, and destroyed when the user exits that Web page, but once downloaded, an ActiveX control remains on the client computer till it is explicitly deleted. Making applet quite slow as compared to ActiveX controls.

7 Basic Concepts (cont’d) Protocols and TCP/IP  Figure 4: TCP/IP layers. Layered Organization  Figure 5: Data exchange using TCP/IP layers. Figure 5 Figure 4: TCP/IP layers

8 Basic Concepts (cont’d) Figure 5: Data exchange using TCP/IP layers

9 Secure Socket Layer (SSL) An Internet protocol for secure exchange of information between a web browser and a web server. Provides 2 basic security services:  Authentication  Confidentiality Position of SSL in TCP/IP Protocol Suite  Figure 6: Position of SSL in TCP/IP  Figure 7: SSL is located between application and transport layers

10 Secure Socket Layer (SSL) (cont’d) Figure 6: Position of SSL in TCP/IP

11 Secure Socket Layer (SSL) (cont’d) Figure 7: SSL is located between application and transport layer

12 How SSL Works? SSL has three sub-protocols:  Handshake Protocol  Record Protocol  Alert Protocol The handshake protocol consists of a series of messages between the client and the server.  Figure 8 shows format of the handshake protocol message.

13 How SSL Works? (cont’d) Figure 8: Format of the handshake protocol message. Table 1: SSL handshake protocol message types

14 How SSL Works? (cont’d) The handshake protocol is made up of 4 phases as shown in Figure 9.Figure 9 Phase 1: Establish security capabilities  Initiate a logical connection and establish the security capabilities associated with the connection.  Consists of 2 messages: The client hello The server hello. Figure 10

15 How SSL Works? (cont’d) Figure 9: SSL handshake phases

16 How SSL Works? (cont’d) Figure 10: Phase 1 of SSL handshake protocol: Establish security capabilities

17 How SSL Works? (cont’d) Phase 2: Server authentication and key exchange  Figure 11 Figure 11 Phase 3: Client authentication and key exchange  Figure 12 Figure 12 Phase 4: Finish  Figure 13 Figure 13

18 How SSL Works? (cont’d) Figure 11: Phase 2 of SSL handshake protocol: Server authentication and key exchange Help client to authenticate the server using server’s public key from the server’s certificate (Optional) Server request for the client’s digital certificate Optional in case of server does not send its digital certificate, server send Public Key Indicate to the client that server’s portion of the hello message is complete

19 How SSL Works? (cont’d) Figure 12: Phase 2 of SSL handshake protocol: Client authentication and key exchange Allow the client to send information to the server. Client creates a 48-byte pre-master secret to encrypts it with the server’s public key and sends it to the server.

20 How SSL Works? (cont’d) Figure 13: Phase 2 of SSL handshake protocol: Finish

21 How SSL Works? (cont’d) Record protocol  Provides 2 services to an SSL connection: Confidentiality: achieve by using the secret key that is defined by the handshake protocol Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the message integrity.

22 How SSL Works? (cont’d) Figure 14: SSL record protocol

23 How SSL Works? (cont’d) Alert Protocol  When client or server detects an error, the detecting party sends an alert message to the other party. If the error is fatal, both the parties immediately close the SSL connection Other error, which are not severe, do not result in the termination of the connection. SeverityCause Byte 1Byte 2 Figure 15 Alert protocol message format

24 Closing and Resuming SSL connections Before ending their communication, the client and the server must inform each other that their side of the connection is ending. TSL (Transport Layer Security) is an IETF standardization initiative, whose goal is to come out with an Internet standard version of SSL.


Download ppt "Chapter 8 Internet Security Protocols. Basic Concepts Static Web Pages  Figure 1: Static web Page Figure 1 Dynamic Web Pages: the contents can vary all."

Similar presentations


Ads by Google