Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Cryptography and Network Security Chapter 17
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
CSCI 6962: Server-side Design and Programming
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Secure Socket Layer (SSL)
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
The Secure Sockets Layer (SSL) Protocol
Secure Sockets Layer (SSL)
COMP3220 Web Infrastructure COMP6218 Web Architecture
The Secure Sockets Layer (SSL) Protocol
Unit 8 Network Security.
Cryptography and Network Security
Presentation transcript:

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands

Mar 28, 2003Mårten Trolin2 Previous lecture New assignment Generating keys Distributing keys –Key splitting Master key and derived keys Key lengths –Symmetric keys –Asymmetric keys

Mar 28, 2003Mårten Trolin3 Key management – getting a certificate The applicant generates a key pair (public key and private key). The public key is sent to the Certificate Authority (CA) together with identifying data. The CA verifies the data and signs it with its private key (creating a certificate). The signed certificate is sent back to the issuer. Note: No secret information is ever transmitted!

Mar 28, 2003Mårten Trolin4 Key managent – getting a certificate Server Certificate Authority Private key Public key Public key and request information Certificate Verifies that the information in the request is correct Generates key pair

Mar 28, 2003Mårten Trolin5 Verifying a certificate The user needs to know the public key of the CA –Web browser come with certain CA public keys installed. To verify the validity of a certificate, the user must –verify the digital signature in the certificate with the CA public key –verify that the identifying information is what it should be.

Mar 28, 2003Mårten Trolin6 Certificate chains Certificates can be chained –Each certificate in the chain is signed with the private key of the certificate above. If the user knows the root certificate, he can verify that each step is valid. Using chains, the CA can outsource signing to other organizations it trusts without giving away its private key.

Mar 28, 2003Mårten Trolin7 Certificate chains The end user certificates are verified by following the chain up to the root certificate authority (CA) –If every step in the chain is valid, the end user certificate is considered valid.

Mar 28, 2003Mårten Trolin8 Encrypting documents So far, we have mainly been discussing encryption in interactive protocols (e.g., TLS). In many cases, there is no interaction between the sender and the recipient – –Fax –Encrypted backups – in this case the sender and the receiver is the same. All these systems have in common that encryption and decryption take place at different times.

Mar 28, 2003Mårten Trolin9 Non-interactive protocols For interactive protocols, the symmetric key is decided in the handshake. For non-interactive protocols, this must be solved in another way. –The key cannot be negotiated. Different possibilities –Exchange a symmetric key. –Encrypt only using a public-key scheme. –Encrypt a session key using the recipients public key.

Mar 28, 2003Mårten Trolin10 Session key in non-interactive protocols For non-interactive protocols, the sender generates a session key. The session key is encrypted using the recipient’s public key. –Recipient’s public key must be known in advance. The message is encrypted with the (symmetric) session key. The encrypted message consists of the encrypted session key and the cipher text. The recipient decrypts the session key with his private key and decrypts the message.

Mar 28, 2003Mårten Trolin11 Key distribution The method is chosen in a way similar to interactive protocols –Symmetric key only when key exchange is possible, or when the person encrypting and decrypting is the same (e.g., for backups). –Asymmetric when no key exchange is possible. Public keys are preferably distributed in certificates. –Contains identifying information. –Either self-signed or signed by a CA.

Mar 28, 2003Mårten Trolin12 Encrypting and/or signing When encrypting documents, we can choose to –only encrypt. –encrypt and sign. –only sign. What we choose to do depends on the application. It is recommended to first sign and then encrypt.

Mar 28, 2003Mårten Trolin13 Signing before encrypting If both signing and encryption is used, it is recommended to sign first encrypt second. This way a third party can verify the signature without knowing the recipients key. –If the encrypted document is signed, the signature becomes specific to the recipient’s encrypted copy. The resulting message may or may not include the sender’s public key in a public key certificate.

Mar 28, 2003Mårten Trolin14 Signing and encrypting Document Signature Encrypted message Session key encrypted under Bob’s public key Session key encrypted under Clive’s public key Session key Message to be sent

Mar 28, 2003Mårten Trolin15 Pretty Good Privacy – PGP Pretty Good Privacy (PGP) is an encryption and signing system. –First version in Uses public key certificates for key distribution and symmetric encryption with a session key. Available for almost any environment. –Commercial and non-commercial versions exist.

Mar 28, 2003Mårten Trolin16 PGP trust model Since PGP originally was targeted at individual users when no major CA’s were active, a distributed trust model was chosen. For Alice to verify Bob’s signature on a message, Alice must know Bob’s public key. Alice can choose to explicitly trust Bob’s key. –Useful if Alice herself can verify that the key belongs to Bob. –Unpractical for large communities.

Mar 28, 2003Mårten Trolin17 PGP trust model – introducers To solve the practical problem with key distribution, PGP uses introducers. Introducers sign other certificates. Anyone who trusts the introducer also trusts the certificate he has signed. –A certificate can have an unlimited number of signatures. A large number of signatures makes it more likely that the certificate will be trusted. –The system with introducers makes every user a CA. –Every user must decide which decide which introducers to trust.

Mar 28, 2003Mårten Trolin18 Extending the concept – meta-introducers Since the model with introducers is effectivaly one-layer, it is inefficient in many cases. –Example: A company with several departments employing PGP internally may want each department to sign the certificates of the employees. Meta-introducers exist for this purpose. Meta-introducers sign keys of other introducers, giving a three-layer model.

Mar 28, 2003Mårten Trolin19 Web of trust The CA model is hierarchical, whereas the PGP model is not. The PGP rather resembles a web. Which model to choose very much depends on the application. The CA model is better suited for well- structured organizations. The web model works better for informal communities.

Mar 28, 2003Mårten Trolin20 Partial trust A problem with the PGP model is that one user that goes bad destroys the whole system. –If a widely trusted user starts signing bogus certificates, all these bogus certificates will be as widely trusted A natural extension to the PGP model is to require not only one, but several signatures on a certificate for it to be valid. –Taken to another level – a user can assign to each introducer a certain number of trust points, and require have signatures for a certain sum of trust points to be trusted.

Mar 28, 2003Mårten Trolin21 SSL/TLS SSL (Secure Socket Layer) and TLS (Transport Layer Security) are standards for how to secure TCP/IP communications –As of the latest revision, TLS is the official name for what used to be called SSL. However, SSL is still the word most frequently used. TLS is a layer on top of the TCP layer

Mar 28, 2003Mårten Trolin22 TLS IP TCP HTTPTLS IP TCP HTTP Not secureSecure

Mar 28, 2003Mårten Trolin23 TLS Uses public keys and certificates for key negotiation –Certificates in X.509 format Symmetric cryptography for actual communication –Exact cipher used decided during hand-shake. TLS standard defines certain commands that can be used in communication

Mar 28, 2003Mårten Trolin24 TLS roles TLS defines two roles, the server and the client. The client always initiates the communication. –Example: Web browser The server stands ready to respond to a request from the server –Example: Web server

Mar 28, 2003Mårten Trolin25 TLS messages TLS defines several messages The messages are used in different stages –Handshake Key establishment Authentication Resuming a session –Sending data –Closing a transaction

Mar 28, 2003Mårten Trolin26 Initiating a transaction without authentication Client Server ClientHello ServerHello ServerKeyExchange ClientKeyExchange ChangeCipherSpec Finished ChangeCipherSpec Finished ServerHelloDone

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.