Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Cryptography and Network Security
UNIT.4 IP Security.
Visit for more Learning Resources
Cryptography and Network Security Chapter 16
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Unit 8 Network Security.
Cryptography and Network Security
Presentation transcript:

Encryption protocols Monil Adhikari

What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating applications” In practice, used to protect information transmitted between browsers and Web servers Deployed in nearly every web browser

3 What are SSL and TLS? SSL – Secure Socket Layer TLS – Transport Layer Security Both provide a secure transport connection between applications (e.g., a web server and a browser) SSL was developed by Netscape SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet SSL v3.0 was specified in an Internet Draft (1996) it evolved into TLS specified in RFC 2246 TLS can be viewed as SSL v3.1

History of the Protocol SSL 1.0 Internal Netscape design, early 1994? Lost in the mists of time SSL 2.0 Published by Netscape, November 1994 Badly broken SSL 3.0 Designed by Netscape and Paul Kocher, November 1996 TLS 1.0 Internet standard based on SSL 3.0, January 1999 Not interoperable with SSL 3.0

Evolution of the SSL/TLS RFC

SSL and TLS in Real World

SSL and TLS in Real World (Contd.)

8 SSL architecture SSL Record Protocol SSL Handshake Protocol SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol SSL Alert Protocol applications (e.g., HTTP) applications (e.g., HTTP) TCP IP

9 SSL components SSL Handshake Protocol negotiation of security algorithms and parameters key exchange server authentication and optionally client authentication SSL Record Protocol fragmentation compression message authentication and integrity protection encryption SSL Alert Protocol error messages (fatal alerts and warnings) SSL Change Cipher Spec Protocol a single message that indicates the end of the SSL handshake

TLS Basics TLS consists of two protocols Handshake protocol Use public-key cryptography to establish a shared secret key between the client and the server Record protocol Use the secret key established in the handshake protocol to protect communication between the client and the server We will focus on the handshake protocol

TLS Handshake Protocol Two parties: client and server Negotiate version of the protocol and the set of cryptographic algorithms to be used Interoperability between different implementations of the protocol Authenticate client and server (optional) Use digital certificates to learn each other’s public keys and verify each other’s identity Use public keys to establish a shared secret

Abbreviated Handshake The handshake protocol may be executed in an abbreviated form to resume a previously established session No authentication, key material not exchanged Session resumed from an old state For complete analysis, have to model both full and abbreviated handshake protocol This is a common situation: many protocols have several branches, subprotocols for error handling, etc.

Client-Server Communication

Common TLS/SSL Scenarios Many people think of TLS and SSL as protocols that are used with Web browsers to browse the Internet more securely. However, they are also general purpose protocols that can be used whenever authentication and data protection are necessary. For example, you can use TLS/SSL for: SSL-secured transactions with an e-commerce Web site Authenticated client access to an SSL-secured Web site Remote access SQL access

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.