Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented By: Atish Baul Module: CSYM020, Internet Security Course: MSc Internet Computing.

Published bySybil Ellis Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented By: Atish Baul Module: CSYM020, Internet Security Course: MSc Internet Computing."— Presentation transcript:

1 Presented By: Atish Baul Module: CSYM020, Internet Security Course: MSc Internet Computing

2 Contents 1.Introduction 2.SSL Architecture 3.Analysis of an SSL Session 4.Applications of SSL 5.Implementation of SSL 6.Winning Features 7.References 2

3 1. Introduction What are SSL and TLS 3  Secure Socket Layer (SSL) and it's successor Transport Layer Security (TLS) are cryptographic protocols meant for secure data transmission across the internet.  Prevent eavesdropping, tampering and message forgery within the transport framework.  Provides endpoint authentication and communications privacy.  Used for web browsing, email, instant messaging, etc. Multitude of uses, as we shall see later.  Used for both – Client-to-server communication – Server to server communication

4 1. Introduction  Typically, only the server is authenticated, client remains un-authenticated.  Sometimes both parties are authenticated. This is called "Mutual Authentication“. Manner of Usage 4

5 1. Introduction  Developed by Netscape as SSL 1.0 in 1996 for use with HTTP only, to secure communications between browser and client.  SSL has been endorsed by leading financial institutions (e.g. Visa, Master Card, etc) for commerce over the internet.  Still being updated and maintained by Netscape as SSL 2.0 and SSL 3.0, with endorsement from IETF and leading commercial bodies.  SSL 3.0 was used as basis for TLS 1.0 in 1999, an IETF standard protocol.  Specifications for TLS 1.1 were released in April 2006. It is a minor upgrade to TLS 1.0  SSL continues to be used alongside TLS, due to widespread support and legacy implementation. History of SSL, TLS 5

6 1. Introduction  SSL and TLS - Twin brothers.  Both protocols are so similar we can refer to them as one name, e.g.. SSL/TLS only.  They are similar, but they are not interchangeable.  Important difference is that TLS 1.0 applies a Keyed-Hashing for Message Authentication Code (HMAC) algorithm, whereas SSL 3.0 applies the Message Authentication Code (MAC) algorithm for authenticating messages. Pair of Twins 6

7 1. Introduction  SSL 1.0 has been deprecated.  SSL 2.0 (Mainly Legacy support).  SSL 3.0 (Current, being replaced by TLS for new projects).  TLS 1.0 (Current).  TLS 1.1 (Newly Introduced, not widely supported). Prevalent Versions 7

8 2. Architecture 2. SSL ARCHITECHTURE 8

9 2. Architecture SSL/TLS Protocol Stack 9 ISO Open Systems Interconnect model SSL runs beneath application layers. E.g. HTTP, FTP, SMTP etc SSL runs above transport protocols such as TCP.

10 2. Architecture SSL/TLS can be used with any application based over TCP. It’s applications are endless! 10

11 3. Analysis of SSL/TLS Session 3. Analysis of an SSL/TLS Session 11

12 3. Analysis of SSL/TLS Session 1.Peer negotiation for algorithm support  The two communicating parties negotiate a suitable cryptographic algorithm which they both support.  The most secure algorithm supported by both parties is chosen. 2.Public Key Encryption based key exchange, and Certificate based authentication.  E.g. RSA, Diffie-Hellman, DSA, etc. 3.Symmetric cipher-based traffic encryption.  E.g. RC2, RC4, DES, 3DES, etc. Three Basic Phases 12

13 3. Analysis of SSL/TLS Session Lifecycle of an SSL/TLS Session (Server only Authentication) 13

14 3. Analysis of SSL/TLS Session  An SSL session is basically an exchange of records of different types.  Each record may be compressed, encrypted and signed with a Message Authentication Code (MAC).  Each record has a content_type field that specifies which protocol is being used.  Some SSL protocols and their Content_type 20 : ChangeCipherSpec 21 : Alert 22 : Handshake Protocol. 22 : Record Layer Protocol. 23 : Application protocol. Simplistic Description 14

15 4. Applications of SSL/TLS Applications of SSL/TLS 15

16 4. Applications of SSL/TLS  Securing HTTP connections, also referred to as HTTPS.  Identified by HTTPS:// prefix to the URL (within the address bar).  Is also indicated by padlock symbol at the status bar of a browser.  Implemented by installing an SSL certificate at the server. Secure connection over - HTTPS 16

17 4. Applications of SSL/TLS  SSL is not just for the web, it is a suite of cryptographic protocols meant to be used in various ways.  Thus, HTTPS is different from just SSL.  Other ways SSL is commonly implemented in Client-Server mode: – File Transfer Protocol Secure (FTPS) – SSL over Database connections to SQL Server, Oracle, etc. – Secure email.  Peer-to-peer or Server-to-Server (mutual authentication ) uses: – Secure Web services – Semantic Web – Virtual Private Network – Session Initiation Protocol (SIP) applications such as Internet Telephony using VoIP. 17 Secure connection over - HTTPS

18 4. Applications of SSL/TLS  Default Outlook express port configuration:  Outlook express configured to use SSL (With Gmail POP3/SMTP settings): Example – SSL over POP3/SMTP 18

19 4. Applications of SSL/TLS SSL also has a place within the proposed Semantic Web. 19 The trust architecture is based around SSL/TLS.

20 5. Implementation Implementation of SSL 20

21 5. Implementation  On the server, a Certificate Signing Request (CSR) is generated. This creates two cryptographic keys: – Public Key : used to encrypt message to the server. This is sent to the Certificate Authority (CA) and gets downloaded by browser clients. It is then used to encrypt message to server. – Private Key : Stored on server, used to decrypt secure messages encrypted using the public key.  This CSR is then submitted to a relevant CA, along with relevant legal organisational details – E.g. Thawte, Verisign, GoDaddy.  CA verifies that details provided by organisation are correct, and issues a certificate file.  This file is copied and installed on the server, and it is ready to accept secure connections. SSL certificate on Server 21

22 5. Implementation  SSL mechanisms need to be enabled within the web server. – E.g. Apache, Internet Information Server.  Apache web server has ‘modules’ that implement SSL: – OpenSSL – ModSSL – Apache-SSL Enabling SSL within Web Server 22

23 5. Implementation  A typical browser come pre-installed with a list of Certificate Authorities SSL on client (Browser) 23 Mozilla Firefox

24 5. Implementation  Browsers support a variety of SSL/TLS versions: Support for SSL/TLS versions 24 Mozilla Firefox

25 5. Implementation  Browser can download and display (when asked) complete certificate details of the server: Certificate Details 25 Mozilla Firefox displaying Gmail’s SSL Certificate

26 5. Implementation  The browser will connect to relevant CA and verify a number of details, and perform separate checks. It will usually issue warnings explaining the severity of discrepancies, if any: Security Checks by Client 26 Mozilla Firefox detects inconsistencies with Gmail.com’s SSL certificate.

27 6. Winning Features Winning Features of SSL/TLS 27

28 6. Winning Features  Integrity – No one tampers with the contents during transport. E.g. Man-in-the-middle attacks.  Privacy – Prevent eavesdropping by encrypting messages.  Authentication – Verify remote party’s identity. – YOU ARE who you say YOU ARE.  Non-repudiation – Digital signature prove that a message was actually sent by a party. Prime Features 28

29 6. Winning Features  Asymmetric Public-Private key structure alleviates need for special setup for each session.  Depends on Public Key Infrastructure (PKI) implemented via Certificate Authorities (CA).  Conventions followed by manufacturers to pre-set software and appliances with globally agreed data. No setup per session or machine! 29

30 6. Winning Features  Uses X.509 certificate  OpenPGP certificates have been proposed for inclusion. Certificates 30

31 6. Winning Features  Previously limited to 40-bit symmetric keys by US govt restrictions  Now, 56-bit, 128-bit, 256-bit keys are commercially available, very easily.  2048-bit and 4096-bit keys are also supported by some products.  SSL/TLS itself does not restrict key size, but products and technologies on place have their own restrictions. Large key sizes 31

32 6. Winning Features  Cryptographic Algorithms can be rendered obsolete.  Extensible and upgradeable structure ensures latest and strongest cryptographic algorithms are used always.  Current supports includes – RSA, Diffie-Hellman, DSA (for Public Key cryptography). – RC2, RC4, IDEA, DES, 3DES (for Symmetric Ciphers). – MD2, MD4, MD5, SHA (One Way hash functions).  …. And more will come. Future-Proofing 32

33 References Thawte (2006). Securing your Online Data Transfer with SSL - A guide to understanding SSL Certificates [online]. Available from: http://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/ [Accessed 2 April 2007]http://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/ IETF (2006). RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1. Bussler, C. et al (2002) A conceptual architecture for Semantic Web Enabled Services. Special section on semantic web and data management. [Pages 24 – 29]. Thawte (2006). Enrolment guide for thawte SSL Web Server Certificates and SGC Supercerts [online]. Available from: http://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/ [April 2, 2007]http://www.thawte.com/ssl-digital-certificates/free-guides-whitepapers/ Wikipedia (2007a). Transport Layer Security [online]. Available from: http://en.wikipedia.org/wiki/Transport_Layer_Security [April 02, 2007]http://en.wikipedia.org/wiki/Transport_Layer_Security Wikipedia (2007b). Semantic Web [online]. Available from: http://en.wikipedia.org/wiki/Semantic_web [Jan 2, 2007]http://en.wikipedia.org/wiki/Semantic_web Minai, A. (2007) Internet Security, Msc Internet Computing, CSYM020. University of Northampton, 2007. 33

34 Thank you! 34

Download ppt "Presented By: Atish Baul Module: CSYM020, Internet Security Course: MSc Internet Computing."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
© 2004, The Technology Firm WWW.THETECHFIRM.COM SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Similar presentations

Ads by Google