Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Published byBruno Gafford Modified over 9 years ago

Similar presentations

Presentation on theme: "SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad."— Presentation transcript:

1 SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad

2 Overview Brief Introduction to Public-Key Infrastructure Brief Introduction to Public-Key Infrastructure Public-keys, Certificates & Digital Signatures Public-keys, Certificates & Digital Signatures Relevance to Electronic Commerce Relevance to Electronic Commerce SSL SSL Protocol details Protocol details Cryptographic details Cryptographic details

3 Internet Threats Weak security in TCP/IP Weak security in TCP/IP Eavesdropping Eavesdropping Theft of valuable information Theft of valuable information Fraud Fraud Authentication Authentication Non-repudiation Non-repudiation Difficult to transform normal business practices into Internet usable form with such issues

4 Small Intro to PKI Problem Solved by PKI? Problem Solved by PKI? Secure communication over an insecure channel Secure communication over an insecure channel Confidentiality, authentication, non-repudation and Integrity Confidentiality, authentication, non-repudation and Integrity Asymmetric key cryptography: one (public) key encrypts, the other (private) decrypts Asymmetric key cryptography: one (public) key encrypts, the other (private) decrypts The whole technique is public-key cryptography The whole technique is public-key cryptography Solutions: RSA, El-Gamal, ECC Solutions: RSA, El-Gamal, ECC Issues with PKI Issues with PKI Verifying the ownership and security of public-keys Verifying the ownership and security of public-keys High cost of computation when sending bulk data (RSA exponentiation) High cost of computation when sending bulk data (RSA exponentiation)

5 Addressing Issues in PKI Digital signatures: encryption with private key, un- forgeable in real-time; verifiable with public-keys Digital signatures: encryption with private key, un- forgeable in real-time; verifiable with public-keys Other critical uses as well : non-repudiation Other critical uses as well : non-repudiation Certificates: Public-keys that are digitally signed by a trusted-third party, e.g., a certifying authority (CA) Certificates: Public-keys that are digitally signed by a trusted-third party, e.g., a certifying authority (CA) Catch22: Need the Public-key of the CA to verify! Catch22: Need the Public-key of the CA to verify! Certificate hierarchy: A method used to verify certificates issued by CAs whose public-keys are not known Certificate hierarchy: A method used to verify certificates issued by CAs whose public-keys are not known CAs sign exchange and sign each other’s public-keys securely CAs sign exchange and sign each other’s public-keys securely To reduce computational overhead PKI is generally used in as a vehicle to convey session keys To reduce computational overhead PKI is generally used in as a vehicle to convey session keys Reducing the overhead further without too many modifications to current PKI-based protocols is an open area Reducing the overhead further without too many modifications to current PKI-based protocols is an open area

6 X.509 v3 Certificate Attributes version (v3) serial number signature algorithm id issuer name validity period subject name subject public key info issuer unique identifier subject unique identifier CA’s signature extensions extn.a cf value extnb cf value extn.c cf value criticality flag Can include any data, including graphics (GIF), video, audio, etc. Can include any data, including graphics (GIF), video, audio, etc. Sharath Jeppu

7 Relevance to E-Commerce Business model in electronic world Business model in electronic world Customer shops for product using e-carts Customer shops for product using e-carts Makes a payment in credit card Makes a payment in credit card Gets confirmation of payment and delivery Gets confirmation of payment and delivery Problems Problems How to secure the credit-card information when sent over a public network like Internet? How to secure the credit-card information when sent over a public network like Internet? How to trust that the merchant has not charged more than what you ordered? How to trust that the merchant has not charged more than what you ordered? How to make the merchant is liable if the delivery is not made? How to make the merchant is liable if the delivery is not made? PKI solves these problems PKI solves these problems Need appropriate protocols that work in real-time Need appropriate protocols that work in real-time And hence, SSL & SET And hence, SSL & SET

8 SSL: Secure Sockets Layer Runs above TCP/IP below application layer Runs above TCP/IP below application layer Purpose Purpose Provide secure & authenticated communication between client & server Provide secure & authenticated communication between client & server Services Services Authenticates server to client Authenticates server to client Negotiation of cryptographic parameters Negotiation of cryptographic parameters Session key establishment & encrypted communication Session key establishment & encrypted communication Connection reliability is maintained via message integrity checks (message authentication codes MAC) Connection reliability is maintained via message integrity checks (message authentication codes MAC) Optional: authenticate client to server (often, not possible; password authentication is current default) Optional: authenticate client to server (often, not possible; password authentication is current default)

9 Protocol Details SSL Record Layer SSL Record Layer This lies below SSL handshake and encapsulates the handshake data This lies below SSL handshake and encapsulates the handshake data Alert protocol Alert protocol Closure, error, unsupported certificate etc Closure, error, unsupported certificate etc SSL Handshake SSL Handshake Sets up the connection between client and server Sets up the connection between client and server Negotiates cryptographic parameters Negotiates cryptographic parameters Provides confidentiality, authentication, reliability and integrity of data Provides confidentiality, authentication, reliability and integrity of data Change cipher Change cipher Signals change in ciphering strategies Signals change in ciphering strategies

10 SSL States Session State characterized by Session State characterized by session identifier session identifier peer certificate peer certificate compression method compression method cipher spec (DES, MD5 etc) cipher spec (DES, MD5 etc) master secret (shared secret between server and client) master secret (shared secret between server and client) flag (is resumable) flag (is resumable)

11 SSL States Connection State Connection State server and client random byte sequences server and client random byte sequences MAC secret used by server MAC secret used by server MAC secret used by client MAC secret used by client encryption key used by server encryption key used by server encryption key used by client encryption key used by client initialization vector for CBC mode initialization vector for CBC mode sequence numbers sequence numbers

12 SSL Handshake

13

14 References William Stallings: Cryptography and Network Security William Stallings: Cryptography and Network Security Sun Website: http://docs.sun.com/source/816-6156- 10/contents.htm Sun Website: http://docs.sun.com/source/816-6156- 10/contents.htm http://docs.sun.com/source/816-6156- 10/contents.htm http://docs.sun.com/source/816-6156- 10/contents.htm Netscape SSL Specification V3: http://wp.netscape.com/eng/ssl3/3- SPEC.HTM Netscape SSL Specification V3: http://wp.netscape.com/eng/ssl3/3- SPEC.HTM http://wp.netscape.com/eng/ssl3/3- SPEC.HTM http://wp.netscape.com/eng/ssl3/3- SPEC.HTM

Download ppt "SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google