Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang.

Similar presentations


Presentation on theme: "SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang."— Presentation transcript:

1 SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang

2 E- COMMERCE Part of our life now US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007

3 E- COMMERCE S ECURITY I SSUE Security issue is the top concern in the e- commerce Most people tend to fear that the website compromise their personal information. People may not use e-commerce websites just because of the worry about security and privacy

4 T HREE K INDS OF S ECURITY T HREATS Server part Client part Network part

5 S ECURITY I SSUES OF S ERVERS Server install important software and store valuable information. Firewall is used

6 S ECURITY I SSUES OF C LIENTS The systems of clients have inherent insecurity. Virus problem Trojan problem fatal to e-commerce

7 S ECURITY I SSUES OF N ETWORK The information transmitted can be viewed by others The information can be modified during transmission The two sides of the transaction don’t meet with each other SSL can solve these problems

8 SSL I NTRODUCTION Secure Sockets Layer It has another name now, TSL Transport Layer Security Cryptographic protocols that provide securities for communications over the network

9 Cite from "Inside SSL: the secure sockets layer protocol“ by Chou, W

10 F EATURES OF SSL Application protocol independent Does not specify the detailed mechanism

11 R ESPONSIBILITIES OF SSL Authenticate Server Authenticate Client(Optional) Encrypt the message sent between the client and the server. Detect tampering data

12 T WO S UB P ROTOCOLS SSL record protocol Defines the format used to transmit data SSL handshake protocol Establish an SSL connection. Negotiate the encryption mechanism

13 R ECORD P ROTOCOL AND H ANDSHAKE P ROTOCOL

14 SSL R ECORD P ROTOCOL When transmitting message, it fragments, compresses and encrypts the data, and transmit it. When receiving message, it decrypts, verifies, decompress, and reassembles the data, then delivered to the higher level

15 SSL H ANDSHAKE P ROTOCOL Change cipher spec protocol notify the recipient there is transition in ciphering strategies Alert protocol warning and fatal Handshake protocol How messages are exchanged to establish a SSL connection

16

17 SSL AND E NCRYPTION Chou, W. "Inside SSL: the secure sockets layer protocol"

18 C OMPARISON OF TWO ALGORITHMS asymmetric encryption public key needn’t to be encrypted based on mathematical problems that are easier to generate rather than to solve symmetric encryption private key needs to be kept secret Public KeyPrivate Key

19 H ISTORY OF SSL TLS 1.1 was released in April TLS 1.2 was released in August 2008

20 K EEP SECRET

21 V ERIFY INFORMATION

22 C HECK IDENTITY

23 O THER APPROACHES TO NETWORK SECURITIES Application- Specific Security Security within Core Protocols Parallel Security Protocol

24 SSL L IMITATION Doesn’t protect the IP or TCP headers Manipulating users, SSL cannot guarantee that the person using the certificate is the person to whom the certificate was issued. Cannot support UDP protocol Depend on whether encryption algorithms themselves have weaknesses Cannot provide an important service called nonrepudiation. (Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. This is part of the digital signature. )

25


Download ppt "SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang."

Similar presentations


Ads by Google