Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Published byNaomi Eggett Modified over 9 years ago

Similar presentations

Presentation on theme: "CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."— Presentation transcript:

1 CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

2 CS470, A.SelcukSSL/TLS & SET2 Brief History of SSL/TLS SSLv2 –Released in 1995 with Netscape 1.1 –Key generation algorithm kept secret –Reverse engineered & broken by Wagner & Goldberg SSLv3 –Fixed and improved, released in 1996 –Public design process PCT: Microsoft’s version of SSL TLS: IETF’s version; the current standard

3 CS470, A.SelcukSSL/TLS & SET3 SSL Architecture Record Protocol: Message encryption/authentication Handshake P.: Identity authentication & key exchange Alert P.: Error notification (cryptographic or otherwise) Change Cipher P.: Activate the pending crypto suite IP TCP SSL Record Protocol HTTP, etc. SSL Alert Protocol SSL Change Cipher Spec. Protocol SSL Handshake Protocol

4 CS470, A.SelcukSSL/TLS & SET4 Basic SSL/TLS Handshake Protocol Alice Bob hello, crypto offered, R A certificate, crypto selected, R B {S} Bob, {keyed hash of messages} session keys derived from K (K = f(S, R A, R B )) {keyed hash of messages}

5 CS470, A.SelcukSSL/TLS & SET5 SSL Session Establishment Client authentication: Bob can optionally send “certificate request” in message 2. Session vs. Connection: “Sessions” are relatively long-lived. Multiple “connections” (TCP) can be supported under the same SSL session. (designed for HTTP 1.0) To start a connection, Alice can send an existing session ID. If Bob doesn’t remember the session ID Alice sent, he responds with a different value.

6 CS470, A.SelcukSSL/TLS & SET6 Session Resumption (“Connection”) Alice Bob session-id, crypto offered, R A session-id, crypto selected, R B, {keyed hash of msgs} {keyed hash of messages} session keys derived from K, R A, R B

7 CS470, A.SelcukSSL/TLS & SET7 Key Computation “pre-master key”: S “master key”: K = f(S, R A, R B ) For each connection, 6 keys are generated from K and the nonces. (3 keys for each direction: encryption, authentication/integrity, IV)

8 CS470, A.SelcukSSL/TLS & SET8 Negotiating Crypto Suites Crypto suite: A complete package specifying the crypto to be used. (encryption algorithm, key length, integrity algorithm, etc.) ~30 predefined standard cipher suites. 256 values reserved for private use. Selection: –v2: Alice proposes a set of suites; Bob returns a subset of them; Alice selects one. (which doesn’t make much sense) –v3: Alice proposes a set of suites; Bob selects one.

9 CS470, A.SelcukSSL/TLS & SET9 The Trust Model PKI: Oligarchy model with X.509 certificates Browsers come configured with a set of trusted root CAs (VeriSign, AT&T, Entrust/Nortel, etc.) Additions to the root CA list by user is possible. Typically, only the server is authenticated. Client authentication is optional. Certificate revocation is not used in practice. Even expiration dates are not enforced.

10 CS470, A.SelcukSSL/TLS & SET10 Secure Electronic Transaction (SET) Application-layer e-commerce protocol Developed by Visa & MasterCard consortium, 1996 Provides security, authentication, order transaction, payment authorization, etc. Both the merchant & customer are authenticated by X.509 certificates

11 CS470, A.SelcukSSL/TLS & SET11 SET Problems of e-commerce over SSL/TLS: –malicious merchants (stealing credit card numbers) –malicious customers (using stolen credit card no.s) SET solution: –Bank (B) acts as an intermediary between the customer (C) & the merchant (M) –M forwards C’s info. to B, encrypted with B’s key –B does: authenticate C’s public key signature decrypt the transaction info. (amount, card number, etc.) issue payment authorization & send it to B

12 CS470, A.SelcukSSL/TLS & SET12 SET & 3D-Secure SET problem: All users are required to have public keys & “wallets”. –difficult to deploy & expensive –not convenient (user access from a single terminal) 3D-Secure solution: –No wallets required –B authenticates C by password (or, SMS-OTP) –M directs C to B, to which password is SSL-encrypted. (Problem: Malicious merchants can do m.i.t.m. attack, directing C to a fake page it controls.) –Officially launched in 2003, supported by Visa & MC.

Download ppt "CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google