Presentation is loading. Please wait.

Presentation is loading. Please wait.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Published byEverett Horace Modified over 9 years ago

Similar presentations

Presentation on theme: "BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3."— Presentation transcript:

1 BASIC CRYPTOGRAPHY CONCEPT

2 Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.  Uses TCP to provide reliable end-to-end secure service.  In general, SSL can be used for secure data transfer for any network service running over TCP/IP.

3  What is HTTP?  Protocol for communication between a web browser and a web server.  What is LDAP?  An Internet directory service which is typically used by email systems to find more information about a user  What is POP3?  A protocol using which email systems retrieve mails from the mail server.

4 HTTPLDAP POP3 SSL TCP/IP Application Layer Network Layer

5  SSL Record Protocol provides basic security services to various higher level protocols.  HTTP can work on top of SSL, for instance.  Almost all HTTP servers support SSL sessions.  All popular browsers come with SSL-enabled client software.

6 Basic Objectives of SSL  The main objectives are:  Authenticate the client and server to each other.  Ensure data integrity.  Ensure data privacy. Required for both the protocol data and also the application data.

7 SSL Architectureion  SSL consists of two layers of protocols:  SSL Record Protocol Ensures data security and integrity.  Protocols required to establish SSL connect. Three protocols used in this layer: SSL Handshake Protocol SSL ChangeCipherSpec Protocol SSL Alert Protocol

8 SSL Handshake Protocol SSL CHangeCipherSpec Protocol SSL Alert Protocol Application Protocol (HTTP, etc.) SSL Record Protocol TCP IP

9 SSL Record Protocol  Mainly responsible for data encryption and integrity.  Also used to encapsulate data sent by other higher level SSL protocols.  Take an application message to be sent.  Fragment the application message data. 16 Kbytes or smaller.  Encapsulate it with appropriate headers and create an object called a record.  Encrypt the record and forward it to TCP

10 Application Data Fragments Compressed data Add MAC Encrypt data TCP packet MAC H: SSL record Header H

11  SSL record header consists of:  Content type: Identifies the type of payload (that is, the higher level protocol being used)  Major version: For SSL 3.0, the value is 3.  Minor version: For SSL 3.0, the value is 0.  Compressed length: Size of the compressed data in bytes.

12 The Higher Layer Protocol  SSL Alert Protocol  Used to send session messages associated with data exchange and function of the protocol.  Each message consists of two bytes: First byte is either 1 (warning) or 2 (fatal). If “fatal”, the SSL session is terminated. Second byte contains one of the defined error codes.

13  SSL ChangeCipherSpec Protocol  Consists of a single message that carries the value of 1.  Purpose of this message is to cause the pending session state to be established as a fixed state. Define the set of protocol to be used. Must be sent from client to server, and vice versa.

14  SSL Handshake Protocol  Used to initiate a session between the server and client.  Within the application data, algorithms and keys used for data encryption can be negotiated.  Provides mutual authentication.  Process of negotiation divided into four phases.

15  Client sends to the server  SSL version  Random (used to protect key exchange)  Session ID  CipherSuite  Server sends back  SSL version  Random (a different number is generated)  Session ID  CipherSuite

16 Some SSL Based Services  HTTPS  Port number 443  LDAP  Port number 646  SMTP  Port number 465  POP3  Port number 995

17 Transport Layer Security (TLS)  Extension of SSL  Aim is to provide security and data integrity features at the transport layer between two web applications.  Supported my most web servers and browsers today

18 IP Security (IPSec)

19 Introduction  Security built into the IP layer.  Provides host-to-host (or firewall-to-firewall) encryption and authentication.  Required for IPv6, but optional for IPv4.  Consists of two parts:  IPSec proper (for encryption and authentication).  IPSec key management

20 IPSec  Provides two modes of protection  Tunnel mode  Transport mode  Authentication and integrity  Confidentiality  Replay Protection

21 Tunnel Mode  Encapsulates the entire IP packet within IPSec protection.  Tunnel can be created between several different node types:  Firewall to firewall  Host to firewall  Host to host

22 Transport Mode  Encapsulates only the transport layer information within IPSec protection.  Can only be created between host nodes.

23 Authentication and integrity  Verifies the origin of data.  Assures that data sent is the data received.  Assures that the network headers have not changed since the data was sent.

24 Confidentiality  Encrypts data to protect against eavesdropping.  Can hide data source when encryption is used over a tunnel.

25 Replay Prevention  Causes retransmitted packets to be dropped.

26 Problems with IPSec  Excessively complex and difficult to use.  Does now allow use of NAT  Routers need to be made IPSec aware.

Download ppt "BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Encryption techniques in online transaction via credit card Submitted by Deepika Dash Information and Communication technology Roll No:- 10IT61B02.

Encryption techniques in online transaction via credit card Submitted by Deepika Dash Information and Communication technology Roll No:- 10IT61B02.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Similar presentations

Ads by Google