Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security Protocols

Published byDominique Symmonds Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Security Protocols"— Presentation transcript:

1 Internet Security Protocols
Chapter 8 Internet Security Protocols

2 Basic Concepts Static Web Pages
Figure 1: Static web Page Dynamic Web Pages: the contents can vary all day depending on a number of parameters Involves server-side programming. Tools to create: CGI, ASP, JSP. Figure 2: Dynamic web page Active Web Pages: Figure 3: Active web page Java applet: small program sent to the browser along the HTML page

3 Basic Concepts (cont’d)
Figure 1: Static Web Page

4 Basic Concepts (cont’d)
Figure 2: Dynamic Web Page

5 Basic Concepts (cont’d)
Figure 3: Active Web Page

6 Basic Concepts (cont’d)
ActiveX controls Difference between Java applets and ActiveX controls An applet cannot write to the client’s hard disk, but an ActiveX controls has no such restrictions An applet is downloaded with an active web page, executed inside the browser, and destroyed when the user exits that Web page, but once downloaded, an ActiveX control remains on the client computer till it is explicitly deleted. Making applet quite slow as compared to ActiveX controls.

7 Basic Concepts (cont’d)
Protocols and TCP/IP Figure 4: TCP/IP layers. Layered Organization Figure 5: Data exchange using TCP/IP layers. Figure 4: TCP/IP layers

8 Basic Concepts (cont’d)
Figure 5: Data exchange using TCP/IP layers

9 Secure Socket Layer (SSL)
An Internet protocol for secure exchange of information between a web browser and a web server. Provides 2 basic security services: Authentication Confidentiality Position of SSL in TCP/IP Protocol Suite Figure 6: Position of SSL in TCP/IP Figure 7: SSL is located between application and transport layers

10 Secure Socket Layer (SSL) (cont’d)
Figure 6: Position of SSL in TCP/IP

11 Secure Socket Layer (SSL) (cont’d)
Figure 7: SSL is located between application and transport layer

12 How SSL Works? SSL has three sub-protocols:
Handshake Protocol Record Protocol Alert Protocol The handshake protocol consists of a series of messages between the client and the server. Figure 8 shows format of the handshake protocol message.

13 Table 1: SSL handshake protocol message types
How SSL Works? (cont’d) Figure 8: Format of the handshake protocol message. Table 1: SSL handshake protocol message types

14 How SSL Works? (cont’d) The handshake protocol is made up of 4 phases as shown in Figure 9. Phase 1: Establish security capabilities Initiate a logical connection and establish the security capabilities associated with the connection. Consists of 2 messages: The client hello The server hello. Figure 10

15 Figure 9: SSL handshake phases
How SSL Works? (cont’d) Figure 9: SSL handshake phases

16 How SSL Works? (cont’d) Figure 10: Phase 1 of SSL handshake protocol: Establish security capabilities

17 How SSL Works? (cont’d) Phase 2: Server authentication and key exchange Figure 11 Phase 3: Client authentication and key exchange Figure 12 Phase 4: Finish Figure 13

18 How SSL Works? (cont’d) Help client to authenticate the server using server’s public key from the server’s certificate Optional in case of server does not send its digital certificate, server send Public Key (Optional) Server request for the client’s digital certificate Indicate to the client that server’s portion of the hello message is complete Figure 11: Phase 2 of SSL handshake protocol: Server authentication and key exchange

19 How SSL Works? (cont’d) Allow the client to send information to the server. Client creates a 48-byte pre-master secret to encrypts it with the server’s public key and sends it to the server. Figure 12: Phase 2 of SSL handshake protocol: Client authentication and key exchange

20 Figure 13: Phase 2 of SSL handshake protocol: Finish
How SSL Works? (cont’d) Figure 13: Phase 2 of SSL handshake protocol: Finish

21 How SSL Works? (cont’d) Record protocol
Provides 2 services to an SSL connection: Confidentiality: achieve by using the secret key that is defined by the handshake protocol Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the message integrity.

22 Figure 14: SSL record protocol
How SSL Works? (cont’d) Figure 14: SSL record protocol

23 Figure 15 Alert protocol message format
How SSL Works? (cont’d) Alert Protocol When client or server detects an error, the detecting party sends an alert message to the other party. If the error is fatal, both the parties immediately close the SSL connection Other error, which are not severe, do not result in the termination of the connection. Severity Cause Byte 1 Byte 2 Figure 15 Alert protocol message format

24 Closing and Resuming SSL connections
Before ending their communication, the client and the server must inform each other that their side of the connection is ending. TSL (Transport Layer Security) is an IETF standardization initiative, whose goal is to come out with an Internet standard version of SSL.

Download ppt "Internet Security Protocols"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.

Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Similar presentations

Ads by Google