Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Published byBenny New Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication."— Presentation transcript:

1 Securing Network Communication

2 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication  Not clear who you are talking with

3 Issues Capturing passwords Sniffing browsing sessions Hijacking TCP sessions Phishing

4 Solutions Securing existing applications without modifying them  Tunneling Developing secure applications  Using openSSL library

5 Tunneling Tunneling allows a secure connection between a client and server to be made first, then other network connections are forwarded or tunneled over that single connection.  openSSH  Stunnel

6 OpenSSH SSH protocol for accessing remote shell securely It uses password or public/private keys for authentication. One can set up a secure connection with a SSH daemon.

7 OpenSSH

8 Stunnel Uses openSSL library Works on top of TCP

9 9 TLS: Transport Layer Security Previously known as SSL: Secure Sockets Layer Addresses issues of privacy, integrity and authentication  What is it?  How does it address the issues?  How is it used

10 10 What is TLS? Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols IP TCP TLS HTTPTelnetFTPLDAP

11 11 TLS: Privacy Encrypts message so that it cannot be read Uses conventional cryptography with shared key  DES, 3DES  RC2, RC4  IDEA A Message B $%&#!@

12 12 TLS:Key Exchange Needs secure method to exchange secret key Use public key encryption for this  “key pair” is used - either one can encrypt and then the other can decrypt  slower than conventional cryptography  share one key, keep the other private Choices are RSA or Diffie-Hellman

13 13 TLS: Integrity Compute fixed-length Message Authentication Code (MAC)  Includes hash of message  Includes a shared secret  Include sequence number Transmit MAC with message

14 14 TLS: Integrity Receiver creates new MAC  should match transmitted MAC TLS allows MD5, SHA-1 AB Message’ MAC’ MAC =? Message MAC

15 15 TLS: Authentication Verify identities of participants Client authentication is optional Certificate is used to associate identity with public key and other attributes A Certificate B

16 16 TLS: Overview Establish a session  Agree on algorithms  Share secrets  Perform authentication Transfer application data  Ensure privacy and integrity

17 17 TLS: Architecture TLS defines Record Protocol to transfer application and TLS information A session is established using a Handshake Protocol TLS Record Protocol Handshake Protocol Alert Protocol Change Cipher Spec

18 18 TLS “Alternatives” S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction  Protocol and infrastructure for bank card payments SASL: Simple Authentication and Security Layer (RFC 2222)

19 19 TLS: Record Protocol

20 20 OpenSSL Open source, based on SSLeay Structures  SSL_METHOD: encryption method  SSL_CTX:context of communication  SSL: maintains info. About a given connection. One to one correspondence with sockets.

21 OpenSSL SSLv2_client_method() ctx=SSL_CTX_new(method) ssl=SSL_new(ctx) SSL_set_fd(ssl, fd) SSL_connect() SSL_read(ssl, buf, sizeof(buf)) SSL_write()

22 OpenSSL SSLv2_server_method() ctx=SSL_CTX_new(method) SSL_CTX_use_certficate_file() SSL_CTX_use_Privatekey_file() SSL_CTX_check_private_key() SSL ssl=SSL_new(ctx) SSL_set_fd(ssl, fd) SSL_accept() SSL_read(ssl, buf, sizeof(buf)) SSL_write()

Download ppt "Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
WTLS (Wireless Transport Layer Security) Youngho Choung

WTLS (Wireless Transport Layer Security) Youngho Choung
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17

Similar presentations

Ads by Google