Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Published byJasmin Ellis Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and."— Presentation transcript:

1 Secure Socket Layer SSL and TLS

2 SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and certificate-based authentication Symmetric cipherSymmetric cipher -based traffic encryption

3 TLS,SSL,HTTPS Transport Layer Security, Secure Socket Layer

4 SSL Each browser is configured with a root CA https connects to a different port (443 instead of 80) When a session is initiated, server and client agree on security capabilities. (most clients are 40 bit encryption, but 128 bit encryption is available on many strong servers The server is authenticated by the certificate authority Using the server public key from the CA, the client sends a DES key to the server The DES key is used to encrypt the session

5 How it Works The client sends and receives several handshake structures: It sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. It also sends random bytes which will be used later Then it receives a ServerHello, in which the server chooses the connection parameters from the choices offered by the client earlier. When the connection parameters are known, the client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there is also a draft specifying the use of OpenPGP based certificates.X.509OpenPGP The server can request a certificate from the client, so that the connection can be mutually authenticated. The client and server negotiate a common secret called the "master secret", possibly using the result of a Diffie-Hellman exchange, or simply encrypting a secret with a public key that is decrypted with the peer's private key. All other key data is derived from this "master secret" (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".Diffie-Hellmanpseudorandom

6 Certificates Certified Entity CA Verifier Decrypt senders public key using CA- publickey Albert Levi Albert Levi Register with CA, send client Public Key CA-Publickey and Certificate with RSA(client Public Key,CA-privatekey) Certificate

7 Hierarchical PKI Example RSA(UserPubK,CAPriK) RSA(CAPubK.UCAPriK) RSA(UCAPubK,RootCAPriK)

8 How does this impact web apps No changes should be necessary, just include the https URL You will have to set up your server to perform the handshake, but it probably already has the capabilities Performance will suffer, the initial handshake is expensive Web servers must have a certificate for each IP address they serve

9 Common Mistakes Put the login form on an unencrypted http page, but send the data to a https cgi script A man in the middle can spoof the page, then replace the https URL with a server he controls The user will have no UI clues that would allow him to know that the submit button goes to a secure site If the login page is https, then a man-in-the-middle cant read and spoof the form as easily

10 Common Mistakes Mixing secure and insecure data The users learn to ignore the “this form contains secure and insecure data …” very quickly The user has no way of knowing which parts are being sent securely

11 Another Encryption Example Privacy Enhanced Mail (PEM) Decrypt message using DES with secret keyk DecryptE(k) using RSA with my private key ->k Convert ASCII message Encryptk using RSA with recipient’s public key Encode message +E(k) in ASCII for transmission Encrypt message using DES with secret keyk Create a random secret keykOriginal message Transmitted message

12 PEM message integrity and authentication Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Decrypt signed checksum with sender’s public key Calculate MD5 checksum over message contents Sign checksum using RSA with sender’s private key Transmitted message m+E(MD5(m),private sender )

13 PEM Certificates User CA PCA1PCA2 IPRA PCA3 CA IPRA=Internet Policy Registration Authority (root) PCAn=policy certification authority CA=certification authority

Download ppt "Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Similar presentations

Ads by Google