Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.
Cryptography 101 Frank Hecker
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
CSCI 6962: Server-side Design and Programming
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
ClientServer ClientID, E(x, CHK) E(x+1, SHK), E(y, SHK) E(y+1, CHK) E(SK, SHK) Three-way handshake Authentication Protocols CHK, SHK are keys known by.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
BINF 711 Amr El Mougy Sherif Ismail
Using SSL – Secure Socket Layer
CSE 4095 Transport Layer Security TLS
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Advanced Computer Networks
Electronic Payment Security Technologies
Presentation transcript:

Secure Socket Layer SSL and TLS

SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and certificate-based authentication Symmetric cipherSymmetric cipher -based traffic encryption

TLS,SSL,HTTPS Transport Layer Security, Secure Socket Layer

SSL Each browser is configured with a root CA https connects to a different port (443 instead of 80) When a session is initiated, server and client agree on security capabilities. (most clients are 40 bit encryption, but 128 bit encryption is available on many strong servers The server is authenticated by the certificate authority Using the server public key from the CA, the client sends a DES key to the server The DES key is used to encrypt the session

How it Works The client sends and receives several handshake structures: It sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. It also sends random bytes which will be used later Then it receives a ServerHello, in which the server chooses the connection parameters from the choices offered by the client earlier. When the connection parameters are known, the client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there is also a draft specifying the use of OpenPGP based certificates.X.509OpenPGP The server can request a certificate from the client, so that the connection can be mutually authenticated. The client and server negotiate a common secret called the "master secret", possibly using the result of a Diffie-Hellman exchange, or simply encrypting a secret with a public key that is decrypted with the peer's private key. All other key data is derived from this "master secret" (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".Diffie-Hellmanpseudorandom

Certificates Certified Entity CA Verifier Decrypt senders public key using CA- publickey Albert Levi Albert Levi Register with CA, send client Public Key CA-Publickey and Certificate with RSA(client Public Key,CA-privatekey) Certificate

Hierarchical PKI Example RSA(UserPubK,CAPriK) RSA(CAPubK.UCAPriK) RSA(UCAPubK,RootCAPriK)

How does this impact web apps No changes should be necessary, just include the https URL You will have to set up your server to perform the handshake, but it probably already has the capabilities Performance will suffer, the initial handshake is expensive Web servers must have a certificate for each IP address they serve

Common Mistakes Put the login form on an unencrypted http page, but send the data to a https cgi script A man in the middle can spoof the page, then replace the https URL with a server he controls The user will have no UI clues that would allow him to know that the submit button goes to a secure site If the login page is https, then a man-in-the-middle cant read and spoof the form as easily

Common Mistakes Mixing secure and insecure data The users learn to ignore the “this form contains secure and insecure data …” very quickly The user has no way of knowing which parts are being sent securely

Another Encryption Example Privacy Enhanced Mail (PEM) Decrypt message using DES with secret keyk DecryptE(k) using RSA with my private key ->k Convert ASCII message Encryptk using RSA with recipient’s public key Encode message +E(k) in ASCII for transmission Encrypt message using DES with secret keyk Create a random secret keykOriginal message Transmitted message

PEM message integrity and authentication Sender identity and message integrity confirmed if checksums match Calculate MD5 checksum on received message and compare against received value Decrypt signed checksum with sender’s public key Calculate MD5 checksum over message contents Sign checksum using RSA with sender’s private key Transmitted message m+E(MD5(m),private sender )

PEM Certificates User CA PCA1PCA2 IPRA PCA3 CA IPRA=Internet Policy Registration Authority (root) PCAn=policy certification authority CA=certification authority

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.