Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Internet data security (HTTPS and SSL) Ruiwu Chen.

Published byGordon Henry Modified over 7 years ago

Similar presentations

Presentation on theme: "1 Internet data security (HTTPS and SSL) Ruiwu Chen."— Presentation transcript:

1 1 Internet data security (HTTPS and SSL) Ruiwu Chen

2 2 Introduction: 4 When you are surfing the web especially a shopping site, Some times a pop-up window like following window will appear

3 3 Introduction: 4 Why any information you exchange with this site cannot be viewed by anyone else on the Web? 4 If you look carefully, you will find the web site’s address begins with HTTPS:// instead of HTTP:// 4 What is HTTPS

4 4 HTTPS 4 HTTPS stands for Secure Hypertext Transfer Protocol, which provides increased security for information exchanged in the World Wide Web by transferring encrypted information between computers. 4 HTTPs =Encryption+ HTTP. HTTPS is a version of HTTP using a Secure Socket Layer (SSL)

5 5 SSL 4 SSL is the base of HTTPs - the secure World-Wide Web protocol. 4 SSL was designed by Netscape using algorithms invented by RSA (Rivest- Shamir-Adelman). 4 Commercial implementations may be purchased from RSA. A free and robust implementation called SSLeay is also internationally available.

6 6 Why need data security? ( Post card problem) 4 When you send a postcard. The card contains your address and a destination address. 4 The post office will deliver it to the destination.You do not know the route of delivery. Any one in the middle can see all content of the post card. 4 That is why we do not put private information on post card

7 7 Why need data security? 4 HTTP is similar to post card problem 4 When you send a message over internet using HTTP. The TCP/IP will pack your message in packets(add source and destination address to them). 4 The TCP/IP can not protect the packet from being eavesdropped by the middle-man. 4 It is possible for a third party to access the information you sent.

8 8 Solution to the insecure Internet 4 encryption - encoding the message so that it is unintelligible to the intruder. 4 Only the receiver can decrypt the message to the original form. 4 The internet protocol deal with encryption is HTTPS and it is implemented by using SSL 4 Your your credit card number will been protected over internet

9 9 Why still using HTTP 4 Internet connection is slow now 4 HTTPS will adds more overhead 4 Most of the data is not sensitive 4 So: –HTTP for most data –HTTPS for sensitive data like credit card number

10 10 Encryption 4 Encryption is the science of secret writing with a long history. 4 It was mainly used in the military for the protection of sensitive communication. 4 Encryption is the transformation of data into a form that is impossible to read without the appropriate knowledge ( a key ).

11 11 single (or symmetric) key algorithm 4 the same key is used for encryption and decryption. 4 In this case security relies on the secrecy of the key

12 12 Chain Block Cipher (CBC) mode

13 13 two key (or asymmetric) algorithm 4 different (but paired) keys are used for encryption and decryption. 4 Commonly known as public key algorithms: –the key used for encryption is the public key and is not kept secret. –The decryption key (private key) is kept secret.

14 14 two key (or asymmetric) algorithm 4

15 15 Problems with the two algorithms 4 single (or symmetric) key encryption has the problem of keeping the key secret during delivering. two key (or asymmetric) encryption is much slower than single key encryption. Solution: Hybrid System

16 16 Hybrid System The combination of the two algorithm Using the single key encryption to achieve the high speed encryption. Using asymmetric key encryption to guarantee the secret delivery of the single- key

17 17 How secure is the Encryption 4 In 1998, a team lead by John Gilmore spent $220,000 built a machine that cracked a 56-bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and is capable of testing 90 billion keys a second. 4 For an 128-bit key, it will need 10 billion “deep Crack” more than 1 billion years to crack that encrypted message 4 Encryption algorithm with key length less than 64-bit length is considered to be weak encryption. key length of 128-bit is strong encryption.

18 18 symmetric versus asymmetric encryption algorithms with respect to key length. Symmetric Key LengthPublic-key Key Length 56 bits384 bits 64 bits512 bits 80 bits768 bits 112 bits1792 bits 128 bits2304 bits

19 19 Authentication 4 is the process of confirming the identity of a party with whom one is communicating. 4 You cannot always be sure that the entity with whom you are communicating is really who you think it is 4 The server presents its public key certificate to the client. If this certificate is valid, the client can be sure of the identity of the server

20 20 Certificate A certificate is a digitally signed statement vouching for the identity and public key of an entity (person, company, etc.). Certificates can either be self-signed or issued by a Certification Authority (CA). Certification Authorities are entities that are trusted to issue valid certificates for other entities. Well-known CAs include VeriSign, Entrust, and GTE CyberTrust. X509 is a common certificate format

21 21 Implementation of HTTPS 4 Install a digital certificate from a certificate authority on the central server 4 4 Don’t use old browser like Netscape version 2.X or Internet explorer version 2.X

22 22 Determining the security level of an HTTPS connection 4 From the browser’s View menu, select Page Info. 4 This will display information about the quality of the HTTPS connection, and it will also show you the identity of the certificate authority (CA) who issued the server's certificate.

23 23 Summery 4 Client hello - The client sends the server information about the highest version of SSL it supports 4 Server hello - The server chooses the highest version of SSL and sends this information to the client. 4 Certificate - The server sends the client a certificate 4 Server key exchange(optional) - The server sends the client a server key exchange message when the public key information sent is not sufficient. 4 verification-The client check the validation of certification 4 Client key exchange(optional) -If the server ask for key exchange. 4 Encrypted data - communicate with encryption

24 24 Reference: 4 Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, New York, 1996. 4 http://www.austprojects.com.au/ http://www.austprojects.com.au/ 4 http://people.cs.uchicago.edu/~cbarnard/pgptalk/i ndex.html http://people.cs.uchicago.edu/~cbarnard/pgptalk/i ndex.html 4 http://developer.netscape.com/docs/manuals/secu rity/pkin/ http://developer.netscape.com/docs/manuals/secu rity/pkin/ 4 http://www.cs.bris.ac.uk/LocalHome.html http://www.cs.bris.ac.uk/LocalHome.html 4 http://www.oyster.world.net/encrypt.html http://www.oyster.world.net/encrypt.html

Download ppt "1 Internet data security (HTTPS and SSL) Ruiwu Chen."

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures. Anononymity and the Internet.

Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
SSL Technology Overview and Troubleshooting Tips.

SSL Technology Overview and Troubleshooting Tips.

Similar presentations

Ads by Google