Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

Published byLoreen Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one."— Presentation transcript:

1 Certificates ID on the Internet

2 SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one was buying stuff from Amazon using credit cards, so the potential for serious fraud was low. Plus, grad students (who ran the systems) are inherently trustworthy You can still see some unencrypted traffic with wireshark if you go to an http site

3 SSL Secure Sockets Layer (SSL, sometimes called TLS for Transport Layer Security) addresses this by encrypting the payloads of packets sent on the wire. Sometimes described as a “shim” between the application and transport layer – First, establish a TCP socket – Then, conduct an additional negotiation to do things like securely exchange session encryption keys – Finally, exchange payload data in encrypted format

4 SSL Remember, the payload is encrypted, but the IP and TCP headers are not. This means an attacker can still do traffic analysis on you; they may not be able to tell what the content is, but they can tell you’re communicating with the site and can see source and destination Ips

5 Certificates How do you know the server you’re talking to really belongs to, for example, NPS? – Somebody subverts DNS and when you type in www.nps.edu it goes to their IP www.nps.edu – Man-in-the-middle attack: there’s someone between you and the real server, talking to both sides To prevent this (to an extent) we can use certificates

6 Certificates How do you know Joe Blow you see on the street is who he says he is? You can ask for his driver’s license – Issued by a trusted third party – Somewhat difficult to forge

7 Certificates A certificate is a “driver’s license” form of ID— a trusted third party (called the certificate authority) does some amount of due diligence and confirms you are who you say you are, then issues you a cryptographically signed certificate For a web server, this includes the server name, institution information, and the public half of a public/private key pair

8 Certificate Info

9 Issued by: GoDaddy Information about the server Public key for the server Signed by GoDaddy (hash of certificate created, then encrypted with the CA’s private key). The encrypted hash can be decoded with the CA’s public key and compared to your own hash of the information in the certificate to confirm the certificate has not been altered

10 Certificates The certificate is placed on your web server configuration, with access to your private key The web server distribution (eg, Firefox, IE Explorer, Safari, etc) have a list of trusted CAs with predefined CA certificates preloaded These are the “state DMVs” that issue driver’s licenses that we are willing to recognize as valid identification You can also load your own CAs, for example for DoD, which is not preloaded on most commercial web browsers

11 Certificates You go to a web site. It uses https and has a cert. Your browser downloads the cert and checks to see if it is signed by an approved CA. If so, the access is allowed If not, the browser will usually present you with a dialog that asks whether you want to accept the cert For development work, many people use “self signed certs,” or set up their own CA and sign the cert themselves.

12 How Secure? Sort of! A number of CAs trusted by web browsers (“DMVs”) have been shown to have lax security measures and their private signing keys were compromised, for example DigiNotar by Iranian authorities Some CAs are owned by, for example, the PLA. In a more secure environment you’d want to remove these CAs from your browser Against a state actor relying on the public CAs is risky— stick with the NSA for defense against that Even sophisticated private actors can sometimes subvert certificate-based security

Download ppt "Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
SSL Serguei Mokhov SOEN321, Fall 2004. Contents Background SET SSL –origins –protocol.

SSL Serguei Mokhov SOEN321, Fall Contents Background SET SSL –origins –protocol.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google