SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Slides:



Advertisements
Similar presentations
CP3397 ECommerce.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.
Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.
SSL Technology Overview and Troubleshooting Tips.
CSCI 6962: Server-side Design and Programming
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Public Key Encryption.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Setting and Upload Products
SSL Certificates for Secure Websites
Cryptography and Network Security
Secure Sockets Layer (SSL)
How to Check if a site's connection is secure ?
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

SSL By: Anthony Harris & Adam Shkoler

What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications on the Internet for such things as web browsing, e- mail, Internet faxing, and other data transfers. SSL is a part of the application layer.

Who invented the SSL? SSL v.3.0 was created by Netscape in Major corporations such as Visa and Mastercard have endorsed SSL for commerce over the internet. SSL led to the development of TLS v.1.0 or Transport Layer Security.

SSL technology relies on the concept of “public key cryptography” to accomplish its tasks. In normal encryption, two communicating parties each share a password or key, and this is used to both encrypt and decrypt messages. In public key cryptography, each party has two keys, a public key and a private key. Information encrypted with a person’s public key can only be decrypted with the private key and vice versa. Each user publicly tells the world what his public key is but keeps his private key for himself.

Weak points in SSL history Early implementations used 40-bit symmetric keys because of government cryptographic restrictions. This made SSL vulnerable to brute force attacks. However, the government enforced this policy on purpose, so law enforcement could monitor traffic while keeping less equipped civilians out. Modern implementations now use 128-bit cryptographic keys.

Incorrect Uses Some websites only secure the form submission page rather than the login page. Securing the login page but having non- secure media present. This leaves you open to man in the middle attacks.

Commercial websites that have dropped the Ball Bank of America Washington Mutual JPMorgan Chase & Co. Paypal

How it works 1.A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with " instead of just " or by a message from the browser).

Obtaining an SSL Certificate XYZ Inc., intends to secure their customer checkout process, account management, and internal employee correspondence on their website, xyz.com. Step 1: XYZ creates a Certificate Signing Request (CSR) and during this process, a private key is generated. Step 2: XYZ goes to a trusted, third party Certificate Authority, such as XRamp. XRamp takes the certificate signing request and validates XYZ in a two step process. XRamp validates that XYZ has control of the domain xyz.com and that XYZ Inc. is an official organization listed in public government records.

Obtaining a certificate cont’d Step 3: When the validation process is complete, XRamp gives XYZ a new public key (certificate) encrypted with XRamp’s private key. Step 4: XYZ installs the certificate on their webserver/s.

Crypto-licious!!! How Customers Communicate with the Server using SSL Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http. Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed. the xyz.com public key must NOT be expired the xyz.com public key must be for xyz.com only client must have XRamp public key for XRamp installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the XRamp root certificate. The customer has XRamp trusted public key, then they can trust that they are really communicating with XYZ, Inc.

Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key. Step 4: xyz.com will next create a unique hash and encrypt it using both the customer’s public key and xyz.com’s private key, and send this back to the client. Step 5: Customer’s browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it. Step 6: Customer and website can now securely exchange information.

Handshake phases

SSL Messages OFFER CIPHER SUITE MENU TO SERVER SELECT A CIPHER SUITE SEND CERTIFICATE AND CHAIN TO CA ROOT CLIENT SIDE SERVER SIDE SEND PUBLIC KEY TO ENCRYPT SYMM KEY SERVER NEGOTIATION FINISHED SEND ENCRYPTED SYMMETRIC KEY ACTIVATE ENCRYPTION CLIENT PORTION DONE ( SERVER CHECKS OPTIONS ) ACTIVATESERVER ENCRYPTION SERVER PORTION DONE ( CLIENT CHECKS OPTIONS ) NOW THE PARTIES CAN USE SYMMETRIC ENCRYPTION

A scenario for SSL SSL can be thought of as a conversation on the phone. 1.) Who are you speaking with? How do you know you are talking to an authorized person if you’ve never talked to them before? 2.) Is Someone Listening to Your Conversation? Wire tapping is common practice. Are you sure someone isn’t listening in and gathering information about you? (e.g., bank account, phone number, how you secretly enjoy celine dion)

Two very real security issues for Internet correspondence arise. 1.) Being sure you are connected to the right computers; are you really on your bank’s website or is it a phisher’s scam website? 2.) Keeping your data safe and out of malicious hands during transit on the Internet.

A world without SSL is illustrated below

References!! workshttp:// works

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.