CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Slides:

Advertisements

Similar presentations

Web security: SSL and TLS

Advertisements

CP3397 ECommerce.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Cryptography and Network Security

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

Cryptography and Network Security Chapter 17

Chapter 8 Web Security.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

CMSC 414 Computer and Network Security Lecture 27 Jonathan Katz.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.

CS580 Internet Security Protocols

Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

IT443 – Network Security Administration Instructor: Bo Sheng

Cryptography and Network Security

Secure Sockets Layer (SSL)

Cryptography and Network Security

CS 465 TLS Last Updated: Oct 31, 2017.

Cryptography and Network Security

The Secure Sockets Layer (SSL) Protocol

Transport Layer Security (TLS)

Cryptography and Network Security

Presentation transcript:

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

CS470, A.SelcukSSL/TLS & SET2 Brief History of SSL/TLS SSLv2 –Released in 1995 with Netscape 1.1 –Key generation algorithm kept secret –Reverse engineered & broken by Wagner & Goldberg SSLv3 –Fixed and improved, released in 1996 –Public design process PCT: Microsoft’s version of SSL TLS: IETF’s version; the current standard

CS470, A.SelcukSSL/TLS & SET3 SSL Architecture Record Protocol: Message encryption/authentication Handshake P.: Identity authentication & key exchange Alert P.: Error notification (cryptographic or otherwise) Change Cipher P.: Activate the pending crypto suite IP TCP SSL Record Protocol HTTP, etc. SSL Alert Protocol SSL Change Cipher Spec. Protocol SSL Handshake Protocol

CS470, A.SelcukSSL/TLS & SET4 Basic SSL/TLS Handshake Protocol Alice Bob hello, crypto offered, R A certificate, crypto selected, R B {S} Bob, {keyed hash of messages} session keys derived from K (K = f(S, R A, R B )) {keyed hash of messages}

CS470, A.SelcukSSL/TLS & SET5 SSL Session Establishment Client authentication: Bob can optionally send “certificate request” in message 2. Session vs. Connection: “Sessions” are relatively long-lived. Multiple “connections” (TCP) can be supported under the same SSL session. (designed for HTTP 1.0) To start a connection, Alice can send an existing session ID. If Bob doesn’t remember the session ID Alice sent, he responds with a different value.

CS470, A.SelcukSSL/TLS & SET6 Session Resumption (“Connection”) Alice Bob session-id, crypto offered, R A session-id, crypto selected, R B, {keyed hash of msgs} {keyed hash of messages} session keys derived from K, R A, R B

CS470, A.SelcukSSL/TLS & SET7 Key Computation “pre-master key”: S “master key”: K = f(S, R A, R B ) For each connection, 6 keys are generated from K and the nonces. (3 keys for each direction: encryption, authentication/integrity, IV)

CS470, A.SelcukSSL/TLS & SET8 Negotiating Crypto Suites Crypto suite: A complete package specifying the crypto to be used. (encryption algorithm, key length, integrity algorithm, etc.) ~30 predefined standard cipher suites. 256 values reserved for private use. Selection: –v2: Alice proposes a set of suites; Bob returns a subset of them; Alice selects one. (which doesn’t make much sense) –v3: Alice proposes a set of suites; Bob selects one.

CS470, A.SelcukSSL/TLS & SET9 The Trust Model PKI: Oligarchy model with X.509 certificates Browsers come configured with a set of trusted root CAs (VeriSign, AT&T, Entrust/Nortel, etc.) Additions to the root CA list by user is possible. Typically, only the server is authenticated. Client authentication is optional. Certificate revocation is not used in practice. Even expiration dates are not enforced.

CS470, A.SelcukSSL/TLS & SET10 Secure Electronic Transaction (SET) Application-layer e-commerce protocol Developed by Visa & MasterCard consortium, 1996 Provides security, authentication, order transaction, payment authorization, etc. Both the merchant & customer are authenticated by X.509 certificates

CS470, A.SelcukSSL/TLS & SET11 SET Problems of e-commerce over SSL/TLS: –malicious merchants (stealing credit card numbers) –malicious customers (using stolen credit card no.s) SET solution: –Bank (B) acts as an intermediary between the customer (C) & the merchant (M) –M forwards C’s info. to B, encrypted with B’s key –B does: authenticate C’s public key signature decrypt the transaction info. (amount, card number, etc.) issue payment authorization & send it to B

CS470, A.SelcukSSL/TLS & SET12 SET & 3D-Secure SET problem: All users are required to have public keys & “wallets”. –difficult to deploy & expensive –not convenient (user access from a single terminal) 3D-Secure solution: –No wallets required –B authenticates C by password (or, SMS-OTP) –M directs C to B, to which password is SSL-encrypted. (Problem: Malicious merchants can do m.i.t.m. attack, directing C to a fake page it controls.) –Officially launched in 2003, supported by Visa & MC.