Introduction to Secure Sockets Layer (SSL) Protocol Based on: https://developer.mozilla.org/En/Introduction_to_SSL#The_SSL_Protocol.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
OPeNDAP Hyrax Back-End Server (BES) Authentication and Authorization Patrick West
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
1 Web Server Security Determine What Is Running on Your Machine Determine Which Ports Accept Connections. Set up a Safe User to Run the Web Server Modify.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Unit 1: Protection and Security for Grid Computing Part 2
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
UDG Prof. Dr Milan Marković, dipl.inž. Prezentacija 6 Osnove IT sigurnosti.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Secure Sockets Layer (SSL)
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Cryptography and Network Security
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

SSL: A New Layer Developed by Netscape for secure data communication on the Web A new layer of protocol which runs above the TCP/IP suite but below the application layer

SSL Functions Server authentication Uses standard techniques of public-key cryptography to check that a server's certificate and public ID are valid that have been issued by a certificate authority (CA) listed in the client's list of trusted CAs Client authentication (optional) Server software can check that a client's certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the server's list of trusted CAs. Encrypted SSL connection All information sent between a client and a server are encrypted by the sending software and decrypted by the receiving software

SSL Sub-Protocols Two sub-protocols SSL Record Protocol Defines the format used to transmit data SSL Handshake Protocol Involves using the SSL record protocol to exchange a series of messages initially between an SSL- enabled server and an SSL-enabled client to establish an SSL connection

Exchange of Handshaking Messages Authenticate the server to the client Allow the client and server to select a cipher that they both support Optionally authenticate the client to the server Use public-key encryption techniques to generate share secrets Establish an encrypted SSL connection

Ciphers Used with SSL Uses a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys SSL handshake protocol determines how the server and client negotiate which cipher suites they will use to authenticate each other, to transmit certificates, and to establish session keys Key-exchange algorithms like KEA and RSA key exchange govern the way in which the server and client determine the symmetric keys they will both use during an SSL session. The most commonly used SSL cipher suites use RSA key exchange.

Cipher Suites With RSA Key Exchange Strongest Cipher Suite (within US only) Triple DES With 168-Bit Encryption and SHA-1 Message Authentication ( SSL 2.0 and SSL 3.0) Strong Cipher Suites (within US only) RC4 With 128-Bit Encryption and MD5 Message Authentication ( SSL 2.0 and SSL 3.0) RC2 With 128-Bit Encryption and MD5 Message Authentication ( SSL 2.0) DES With 56-Bit Encryption and SHA-1 Message Authentication ( SSL 2.0 and SSL 3.0) Exportable Cipher Suites ( SSL 2.0 and SSL 3.0) RC4 With 40-Bit Encryption and MD5 Message Authentication RC2 With 40-Bit Encryption and MD5 Message Authentication Weakest Cipher Suite (SSL 2.0) No Encryption, MD5 Message Authentication Only

Fortezza Cipher Suites Fortezza is an encryption system used by U.S. government agencies to manage sensitive but unclassified information Uses the Key Exchange Algorithm (KEA) instead of the RSA key- exchange algorithm Uses Fortezza cards and DSA for client authentication Strong Fortezza Cipher Suites (US only) RC4 With 128-bit Encryption and SHA-1 Message Authentication (SSL 3.0) RC4 With SKIPJACK 80-Bit Encryption and SHA-1 Message (SSL 3.0) Weakest Fortezza Cipher Suite No Encryption, SHA-1 Message Authentication Only

SSL Handshake Handshake Allows the server to authenticate itself to the client using public-key techniques Allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows Optionally, allows the client to authenticate itself to the server

SSL Handshake (cont’d) Exact detail steps depends on cipher suite used Assuming use of Cipher Suites With RSA Key Exchange the following are the general handshaking steps:Cipher Suites With RSA Key Exchange

SSL Handshake (cont’d) The client sends the server the client's SSL version number, cipher settings, randomly generated data, and other information the server needs to communicate with the client using SSL. The server sends the client the server's SSL version number, cipher settings, randomly generated data, and other information the client needs to communicate with the server over SSL. The server also sends its own certificate and, if the client is requesting a server resource that requires client authentication, requests the client's certificate. The client uses some of the information sent by the server to authenticate the server. If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client goes on to Step 4. Using all data generated in the handshake so far, the client (with the cooperation of the server, depending on the cipher being used) creates the premaster secret for the session, encrypts it with the server's public key (obtained from the server's certificate, sent in Step 2), and sends the encrypted premaster secret to the server. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case the client sends both the signed data and the client's own certificate to the server along with the encrypted premaster secret.

SSL Handshake (cont’d) If the server has requested client authentication, the server attempts to authenticate the client. If the client cannot be authenticated, the session is terminated. Otherwise, the server uses its private key to decrypt the premaster secret, then performs a series of steps (which the client also performs, starting from the same premaster secret) to generate the master secret. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity. The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. The SSL handshake is now complete, and the SSL session has begun.

Server Authentication

Client Authentication

Some SSL Sites OpenSSL ( Provides Information about a free, open-source implementation of SSL. Apache-SSL ( ssl.org/)-- Describes Apache-SSL, a secure Webserver, based on Apache and SSLesy/OpenSSL.

Some Implementations of SSL SSLeay (ftp://ftp.uni- mainz.de/pub/internet/security/ssl/SSL/ ) Planet SSL ( ssl/developers.html)-- provides C- programs and Java-programs of SSL.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.