Presentation on theme: "Internet Security Protocols"— Presentation transcript:
1 Internet Security Protocols Chapter 8Internet Security Protocols
2 Basic Concepts Static Web Pages Figure 1: Static web PageDynamic Web Pages: the contents can vary all day depending on a number of parametersInvolves server-side programming.Tools to create: CGI, ASP, JSP.Figure 2: Dynamic web pageActive Web Pages:Figure 3: Active web pageJava applet: small program sent to the browser along the HTML page
3 Basic Concepts (cont’d) Figure 1: Static Web Page
4 Basic Concepts (cont’d) Figure 2: Dynamic Web Page
5 Basic Concepts (cont’d) Figure 3: Active Web Page
6 Basic Concepts (cont’d) ActiveX controlsDifference between Java applets and ActiveX controlsAn applet cannot write to the client’s hard disk, but an ActiveX controls has no such restrictionsAn applet is downloaded with an active web page, executed inside the browser, and destroyed when the user exits that Web page, but once downloaded, an ActiveX control remains on the client computer till it is explicitly deleted. Making applet quite slow as compared to ActiveX controls.
7 Basic Concepts (cont’d) Protocols and TCP/IPFigure 4: TCP/IP layers.Layered OrganizationFigure 5: Data exchange using TCP/IP layers.Figure 4: TCP/IP layers
8 Basic Concepts (cont’d) Figure 5: Data exchange using TCP/IP layers
9 Secure Socket Layer (SSL) An Internet protocol for secure exchange of information between a web browser and a web server.Provides 2 basic security services:AuthenticationConfidentialityPosition of SSL in TCP/IP Protocol SuiteFigure 6: Position of SSL in TCP/IPFigure 7: SSL is located between application and transport layers
10 Secure Socket Layer (SSL) (cont’d) Figure 6: Position of SSL in TCP/IP
11 Secure Socket Layer (SSL) (cont’d) Figure 7: SSL is located between application and transport layer
12 How SSL Works? SSL has three sub-protocols: Handshake ProtocolRecord ProtocolAlert ProtocolThe handshake protocol consists of a series of messages between the client and the server.Figure 8 shows format of the handshake protocol message.
13 Table 1: SSL handshake protocol message types How SSL Works? (cont’d)Figure 8: Format of the handshake protocol message.Table 1: SSL handshake protocol message types
14 How SSL Works? (cont’d)The handshake protocol is made up of 4 phases as shown in Figure 9.Phase 1: Establish security capabilitiesInitiate a logical connection and establish the security capabilities associated with the connection.Consists of 2 messages:The client helloThe server hello.Figure 10
16 How SSL Works? (cont’d)Figure 10: Phase 1 of SSL handshake protocol: Establish security capabilities
17 How SSL Works? (cont’d)Phase 2: Server authentication and key exchangeFigure 11Phase 3: Client authentication and key exchangeFigure 12Phase 4: FinishFigure 13
18 How SSL Works? (cont’d)Help client to authenticate the server using server’s public key from the server’s certificateOptional in case of server does not send its digital certificate, server send Public Key(Optional) Server request for the client’s digital certificateIndicate to the client that server’s portion of the hello message is completeFigure 11: Phase 2 of SSL handshake protocol: Server authentication and key exchange
19 How SSL Works? (cont’d)Allow the client to send information to the server.Client creates a 48-byte pre-master secret to encrypts it with the server’s public key and sends it to the server.Figure 12: Phase 2 of SSL handshake protocol: Client authentication and key exchange
20 Figure 13: Phase 2 of SSL handshake protocol: Finish How SSL Works? (cont’d)Figure 13: Phase 2 of SSL handshake protocol: Finish
21 How SSL Works? (cont’d) Record protocol Provides 2 services to an SSL connection:Confidentiality: achieve by using the secret key that is defined by the handshake protocolIntegrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the message integrity.
22 Figure 14: SSL record protocol How SSL Works? (cont’d)Figure 14: SSL record protocol
23 Figure 15 Alert protocol message format How SSL Works? (cont’d)Alert ProtocolWhen client or server detects an error, the detecting party sends an alert message to the other party.If the error is fatal, both the parties immediately close the SSL connectionOther error, which are not severe, do not result in the termination of the connection.SeverityCauseByte 1Byte 2Figure 15 Alert protocol message format
24 Closing and Resuming SSL connections Before ending their communication, the client and the server must inform each other that their side of the connection is ending.TSL (Transport Layer Security) is an IETF standardization initiative, whose goal is to come out with an Internet standard version of SSL.