Presentation is loading. Please wait.

Presentation is loading. Please wait.

How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK.

Published byIra Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK."— Presentation transcript:

1 How HTTPS Works J. David Giese

2 Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK HEADERS BODY Response Request edge-effect.github.io Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

3 Hyper Text Transfer Protocol Visiting a webpage … Application LayerHTTP Transport LayerTCP Internet LayerIP Link LayerEthernet, etc. BrowserHTTP Server edge-effect.github.io Visiting a webpage … Application LayerHTTP TLS – Transport Layer Security Transport LayerTCP Internet LayerIP Link LayerEthernet, etc. HTTPS == HTTP + TLS

4 Transport Layer Security Developed by Netscape in early 1990s. Used to be called secure socket layer (SSL) Can be used with other application layer protocols Provides: –Privacy: Can anyone overhear “us”? –Authentication: Do I know who sent the message? –Non-repudiation: Can I prove who the sender was? –Integrity: Was the message tampered with? Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.

5 Cryptographic Primitives the building blocks of TLS

6 Cryptographic Primitives: Cryptographic Hash Function A normal hash function with extra requirements: infeasible to generate a message with a given digest infeasible to change a message without modifying the digest find two messages with the same digest

7 Also know as “conventional cryptography” Same key used for encryption and decryption Simplistic example: Cryptographic Primitives: Symmetric Cryptography HELLO ALL M PPAHQPP KEY A  Q E  _ H  M L  P O  A _  H … encrypt HELLO ALL M PPAHQPP decrypt send across internet CLIENT SERVER KEY A  Q E  _ H  M L  P O  A _  H … Problem: How to share the key?

8 Also know as “public key cryptography” Two keys; Each decrypts what the other encrypts Cryptographic Primitives: Asymmetric Cryptography HELLO ALL 125134223 Server’s Public KEY Encrypt With Server’s Public Key HELLO ALL 125134223 Decrypt With Server’s Private Key send across internet CLIENT SERVER Server’s Private KEY

9 Example of Asymmetric Encryption: RSA 1.Generate special numbers e, d, and n 2.Represent message as a series of integers between 0 and n – 1 3.Encrypt each integer, M, using: C = Encrypt(M) = M e mod n 4.Decrypt each integer using: M = Decrypt(C) = M d mod n R. Rivest, A. Shamir, and L. M. Adleman, ”A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120-126.

10 You can’t just pick any e, d, and n Let d = 39, e = 11, n = 35 MC = M e mod n 00 11 28 327 429 …… 328 3327 34

11 How to pick d, e, and n 1.Pick two large primes, p and q 2.Let n = p * q 3.Pick d such that: GCD(d, (p – 1) * (q – 1)) = 1 4.Pick e such that: e * d = 1 mod (p – 1) * (q – 1)

12 Simplistic example of RSA keys Let d = 157, e = 17, n = 2773 H e mod nH = M d mod nMC = M e mod nC d mod n 00000 11111 2103727412 3441315533 422184274 …………… 27702332277023322770 27711736277117362771 2772

13 Cryptographic Primitives: Problem with Asymmetric Cryptography HELLO ALL 125134223 Server’s Public KEY Encrypt With Server’s Public Key HELLO ALL 125134223 Decrypt With Server’s Private Key send across internet CLIENT SERVER Problem: How can the server know who sent the message? Server’s Private KEY

14 Ensures that you, and only you, could have sent the message (assuming your private key is secure) Anyone can verify the signature Cryptographic Primitives: Digital Signature 1.Hash the message 2.Encrypt hash with your private key 3.Attach to message

15 Review of Cryptographic Primitives Cryptographic hash function arbitrary length data  fixed length hash Symmetric (or conventional) cryptography one key is used for encryption and decryption Asymmetric (or “public key”) cryptography two keys: each key decrypts the what the other encrypts Digital Signature hash of a message encrypted with a private key

16 Certificate Authority A “trusted” third party that associates a public key with an identity. Public keys of common CAs are distributed with browsers. Need to register with a CA to setup HTTPS for your website.

17 Details about TLS Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. Certificate Authority 3’

18 Details about TLS Certificate Authority 3’ 1.CLIENT: I want to start a connection; here are the cipher suites I support 2.SERVER: Ok use this cipher suite; here is my certificate (and public key) 3.CLIENT: You checked out with the CA; here is a “secret” so we can switch to a faster symmetric encryption algorithm 4.SERVER: Ok, here is a small encrypted token to proove we are on the same page 5. … Send HTTP Messages …

19 Perfect Forward Secrecy Using a key pair over extended periods of time is dangerous. Use Different Keys for each connection, and use public key only for “authentication”

20 Thanks! Discussion Question: Who is concerned or not concerned about the NSA bulk collecting data?

21 More Reading What is the difference between a hash, a MAC, and a digital signature?What is the difference between a hash, a MAC, and a digital signature?

22 Any weakness that can be exploited faster than brute force. Cryptography Basics: Cryptographic Break

Download ppt "How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/1.1 200 OK."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
CP3397 ECommerce.

CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Similar presentations

Ads by Google