Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Published byRamiro Carmon Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies."— Presentation transcript:

1 An Introduction to Secure Sockets Layer (SSL)

2 Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies

3 Types of Encryption Symmetric Key –Algorithm uses one key that is shared by sending and receiving parties –Key is assumed to be transferred over a secure means Not very useful for internet communication –General fast execution of algorithms

4 Types of Encryption Asymmetric Key –Algorithms use multiple keys that are shared by sending and receiving parties –Keys are assumed to be transferred over a insecure means –General slower execution of algorithms –Keys can only decode text encoded with its pair (Public – Private)

5 SSL – History Netscape defines SSL protocol(flaws) 1994 SSL v2.0 published early 1995 V2.0 Implemented in Netscape products 1995 Microsoft variation(PCT) mid 1995 SSL v3.0 published end 1995 V3.0 Implemented in Netscape products mid 1996 with client authentication

6 SSL – Design Goals Secure transmission between client and server at the lowest level – socket level –Protocol sits on top of TCP Peer Authentication –Server is automatically authenticated, client is optionally Efficiency –Session caching Extensible –Can use numerous cipher algorithms

7 SSL – Design Goals – cont. User transparent Data integrity –Message Authentication Code

8 SSL v3.0 Protocol Overview –SSL is a layered protocol –SSL takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result –Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients. –Connects on port 443 by default –session-identifier cache timeout value of 100 seconds

9 SSL v3.0 Protocol Stack Telnet SSL Alert Protocol SSL Change Cipher Spec SSL Handshake Protocol SSL Record Protocol TCP IP HTTP

10 SSL Protocol – cont. Alert layer –Alert messages convey the severity of the message and a description of the alert close_notify –Properly ends a session (avoids truncation error) All other types of error messages

11 SSL Protocol – cont. Change Cipher Spec –Used to change the cipher algorithm –The protocol consists of a single message, which is encrypted and compressed under the current (not pending) cipher Copies pending to current cipher –Client and Server both send message to notify the receiver that the cipher should be changed

12 SSL Protocol – cont. Record Layer Protocol –Header contains three parts, MAC, Actual Data and Padding Data MAC – Message Authentication Code insures data integrity –Like a checksum Padding – used to make data integral size for block ciphers –Fragments data Restriction, 2^14 bytes or less –Compresses fragments Restriction, never more than 2^14 + 1024 bytes

13 SSL Protocols – cont. Handshaking Protocol –cryptographic parameters of the session state are produced by the SSL Handshake Protocol protocol version cryptographic algorithms optionally authenticate each other use public-key encryption techniques to generate shared secrets

14 Handshaking Protocol client server client Server replies with a hello message with its own protocols, random message, its certificate and requests for client certificate if necessary Client send hello message including a random message and its protocol version, session ID, cipher suite, and compression method Client authenticates server, then creates a pre-master secret for the session and encrypts the message with the servers public key (may send its certificate also) server Server authenticates the client if necessary, and uses its private key to decode the message and the pre-master secret, then creates a master secret key for the session and tells the client that it will use the master key for the session client server Client decodes the master key and tells the server that it will use the key to encode the session also. Handshake is done

15 Certificate SubjectDistinguished Name, Public Key Extended Info Administrative InfoVersion, Serial Number Period of ValidityNot Before Date, Not After Date IssuerDistinguished Name, Signature

16 SSL Problems People have been able to crack SSL encryption to find the key Many users currently use SSL 2.0 instead of the version 3.0 –Version 2.0 does not authenticate the handshake Firewalls can’t regulate data Proxies can’t cache information

17 Recent Netscape Problem Communicator 4.72, 4.61 –Man-in-the-middle attack –correctly checks the certificate conditions at the beginning of a SSL session –while this SSL session is still alive, all HTTPS connections to that server’s ip address are assumed to be a part of this session (and therefore certificate conditions are not checked again) The host name should also be checked in accordance with the SSL specification

18 Competing Technologies Transport Layer Security (TLS) –Internet Engineering Task Force (IETF) based on SSL Secure Electronic Transactions (SET) – Visa and Mastercard for bankcard transactions Makes sure that card holder and certificate holder are the same Digital Envelope ( generate rand. Key and sign with recipient’s public key) PCT (Private Communications Technology) –Microsoft has a second key specifically for authentication and a more robust random number generator

19 RSA Cipher Suite Strongest cipher –Triple DES 168-bit and SHA-1 message authentication (3.7 * 10 50 ) Strong ciphers –RC4 128-bit and MD5 (3.4 * 10 38 possible keys) –RC2 128-bit and MD5 –DES 56-bit and SHA-1 (7.2 * 10 16 possible keys) Exportable cipher suites (France accepts them only with ssl) –RC4 40-bit and MD5 (1.1 * 10 12) –RC2 40-bit and MD5 RC2 is block cipher and RC4 is a stream cipher MD5. Message Digest algorithm developed by Rivest SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government

20 Fortezza Cipher Suite Strong FORTEZZA ciphers suites –RC4 128-bit and SHA-1 (3.4 * 10 38 ) RC4 with SKIPJACK 80-bit encryption and SHA-1 –The SKIPJACK cipher is a classified symmetric-key cryptographic algorithm implemented in FORTEZZA-compliant hardware

21 Some Links to SSL Protocol explanations –http://home.netscape.com/eng/ssl3/ssl-toc.htmlhttp://home.netscape.com/eng/ssl3/ssl-toc.html

Download ppt "An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google