Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362.

Published byAnis Norris Modified over 8 years ago

Similar presentations

Presentation on theme: "ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362."— Presentation transcript:

1 ECE-6612 http://www.csc.gatech.edu/copeland/jac/6612/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: Klaus 3362 email or call for office visit, 404 894-5177 Chapter 7a - Secure Socket Layer (SSL) and Secure Electronic Transactions (SET)

2 2 Application Transport Layer (TCP,UDP) Network Layer (IP) E'net Data Link Layer Ethernet Phys. Layer Network Layer E'net Data Link Layer E'net Phys. Layer Network Layer Process Router Buffers Packets that need to be forwarded (based on IP address). Application Transport Layer (TCP,UDP) Network Layer (IP) Token Ring Data-Link Layer Token Ring Phys. Layer Token Ring Data Link Layer Token Ring Phys. Layer IPsec SSL

3 TLS is Transport Layer Security (is not “ IPsec Transport Level Security ” ) TLS is used for email (SMTP/TLS or POP/TLS or IMAP/TLS) SSL is used for secure Web access (HTTPS) (now uses TLS v.3) Secure Shell, SSH, is Telnet + SSL + other features Secure Copy, SCP, copies files using SSH (SFTP has FTP functions) 3 The combinations are called: HTTPS SFTP ESMTP SSH SSL and TLS are above the TCP Socket, so it is part of the Application Layer (a “shim”)

4 HTTPS is HTTP with SSL (Secure Socket Layer). HTTPS uses the TLS/SSL default TCP port, port 443 4 Encrypt HTTPS :"Network Security Essentials: Applications and Standards," Prentice Hall, by Wm. Stallings (ECE6612) Web Browser or Web Server

5 Fig. 7.3 SSL Record Protocol Operation 5 Record Header

6 SSL Handshake - First Part Time Gray areas are optional in some circumstances. 6

7 SSL Handshake - Second Part Time Gray areas are optional in some circumstances. 7 Client Server

8 WireShark* View of HTTPS (TLS = SSL) Connection *Capture Filter: ether host 00:30:65:1e:8a:8c

9 NAME [from UNIX “ #man ssl ” ] SSL - OpenSSL SSL/TLS library DESCRIPTION The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1.0, v1.1, v1.2) protocols. It provides a rich API which is documented here. [Only TLS v.1.2 is safe today] At first the library must be initialized; see SSL_library_init(3). [(3) ->use #man 3...] Then an SSL_CTX object is created as a framework to establish TLS/SSL enabled connections (see SSL_CTX_new(3)). Various options regarding certificates, algorithms etc. can be set in this object. When a network connection has been created, it can be assigned to an SSL object. After the SSL object has been created using SSL_new(3), SSL_set_fd(3) or SSL_set_bio(3) can be used to associate the network connection with the object. Then the TLS/SSL handshake is performed using SSL_accept(3) or SSL_con- nect(3) respectively. SSL_read(3) and SSL_write(3) are used to read and write data on the TLS/SSL connection. SSL_shutdown(3) can be used to shut down the TLS/SSL connection. Programming with SSL 9

10 10 SET (Secure Electronic Transactions) Provides a secure communications channel among all the parties involved in a transaction: Customer, Seller, Customer ’ s credit provider, Seller ’ s bank. Provides trust by the use of X.509v3 certificates. Ensures privacy because information is only made available to the parties that need it. * Cardholder account authentication to the Merchant (Cardholder must have a Certificate issued by the credit company). Merchant may issue a temporary Certificate to issue the session is not hijacked). * Verifies Merchant's relationship with financial institution. * Integrity of data customer sends to Merchant (order info tied to funds transfer).

11 11 SET - Steps in a Transaction 1. Customer opens account with credit company or bank. 2. Bank issues X.509 cert. to the Customer with RSA Keys. 3. Merchant has two certificates, signing and key exchange. ---- 4. Customer places an order. 5. The Merchant sends the customer a copy of his certificate. 6. The Customer sends Order Information (OI) encrypted so the Merchant can read it, and Payment Information (PI) encrypted so the Merchant can not read it. --- 7. Merchant requests payment by sending PI to the “ Payment Gateway ” (who can decrypt it) and verifies Customer ’ s credit. 8. Merchant confirms the order to the Customer. 9. Merchant ships goods to Customer. 10. Merchant sends request for payment to the Payment Gateway which handles transfer of funds.

12 12 Secure Electronic Transactions (SET)

13 13 SET - Dual Signature The Dual signature allows proof that: 1. Merchant has received Order Information. 2. Bank has received Payment Information and verified the Customer signature. 3. Customer has linked OI and PI and can prove later that PI was not related to a different purchase. Dual-Sig = E cus-private [ H( H(PI) || H(OI) ) ] Bob orders a book and a TV from Scam, Inc. Scam, Inc ships Bob the book, and then sends the PI for the TV joined with the OI for the book to the Bank. How does Bob prove to the Bank that he did not order a book with a TV price, when Scam, Inc shows the Bank the OI for the book?

14 14

15 Customer ’ s Purchase Request 15 Encrypted with Bank’s Public Key

16 16

17 Threats to the Net Host Control (botnets) All of the above, spamming, DDoS, … Anti-malware, out- and in- bound firewalls, network IDS. (incomplete, and always will be)

Download ppt "ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 8 Web Security.

Chapter 8 Web Security.
EE579T/6 #1 Spring 2003 © 2000-2003, Richard A. Stanley EE579T / CS525T Network Security 6: SSL and SET Prof. Richard A. Stanley.

EE579T/6 #1 Spring 2003 © , Richard A. Stanley EE579T / CS525T Network Security 6: SSL and SET Prof. Richard A. Stanley.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Similar presentations

Ads by Google