Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from.

Published byVirgil Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from."— Presentation transcript:

1 1 Secure HTTP Herng-Yow Chen

2 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from eavesdropping and tampering? Using digital cryptography.

3 3 HTTPS https scheme security icon

4 4 HTTPS (cont.) Network interfaces I P T C P H T T P Application layer Transport layer Network layer Data link layer (a) HTTP H T T P Application layer Security layer SSL or TLS T C P Transport layer I P Network layer Network interfaces Data link layer (b) HTTPS

5 5 Digital cryptography Ciphers Keys Symmetric-key cryptosystems Asymmetric-key cryptosystems Public-key cryptography Digital signatures Digital certificates

6 6 Plaintext and Ciphertext Meet me at the pier at midnight Plaintext Encoder Phhw ph dw wkh slhu dw plgqljkw Decoder Ciphertext Meet me at the pier at midnight Plaintext

7 7 Rotate-by-3 cipher example Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ ABCDEFGHI JKLMNOPQRSTUVWXYZABC PlaintextMEET ME AT THE AT PIRE AT MIDNIGHT Ciphertext PHHW PH DW WKH DW SLHU DW PLGQLJKW

8 8 Keyed Ciphers (rotate-by-n), using different keys Meet me at the pier at midnight Plaintext nffu nf bu uif qjfs bu njeojhiu Ciphertext (a) Key=1 Meet me at the pier at midnight Plaintext oggv og cv vjg rkgt cv okfpkijv Ciphertext (b) Key=2 Rotate(n) encoder Meet me at the pier at midnight Plaintext phhw ph dw wkh slhu dw plgqlijkw Ciphertext (c) Key=3 Rotate(n) encoder

9 9 Digital Ciphers

10 10 Plaintext is encoded with encoding key e Ciphertext C Key=e Encoder E Plaintext P C = E (P, e)

11 11 Symmetric-Key Cryptography Plaintext P Key=d Decoder D Ciphertext C P = D (C, d) If d = e Popular symmetric-key cryptography algorithm are DES, Triple-DES, RC2, and RC4.

12 12 Key Length and Enumeration Attacks Attack cost40-bit key 56-bit key64-bit key80-bit key128-bit key $100,0002 secs35 hours1 years70,000 years 10 19 years $1,000,000200 msecs 3.5 hours37 days7,000 years10 18 years $10,000,00020 msecs 21 mins4 days700 years10 17 years $100,000,0002msecs2 mins9 hours70 years10 16 years $1,000,000,000200 usecs 13 secs1 hours7 years10 15 years

13 13 Public-Key Cryptography Public key=es Private key=ds server Plaintext Internet Encrypted ciphertext client Plaintext Using different keys for encoding and decoding

14 14 Public-Key cryptography assigns a single, public encoding key to each host A BD C kBX kAX kCX kDX (a) Symmetric-key cryptography A BD C ex (b) Public-key cryptography ex

15 15 Signatures Are Cryptographic Checksums Plaintext message Signature A Message digest Private key=dA D B Public key=eA E Same? Message digest Message digest

16 16 The Guts of a Certificate

17 17 X.509 v3 Certificates

18 18 Verifying that a signature is real Signing authority ’ s public key E Same? B Message digest Message digest

19 19 HTTPS Overview Network interfaces I P T C P H T T P Application layer Transport layer Network layer Data link layer (a) HTTP H T T P Application layer Security layer SSL or TLS T C P Transport layer I P Network layer Network interfaces Data link layer (b) HTTPS

20 20 HTTPS Schemes client Server (a) HTTP request 80 HTTP client Secure Server (b) HTTPS request 443 HTTPS client Secure Server (C) HTTPS over HTTP tunnel 443 HTTPS Proxy 8080 HTTP tunnel

21 21 Secure Transport Setup

22 22 Secure Transport Setup (cont.) (a) Unencrypted HTTP transaction (b) Enencrypted HTTPS transaction

23 23 SSL Handshake (simplified)

24 24 Server Certificates client Server Internet Server Certificate Certificate serial number35:DE:F4:CF Certificate expiration dateWed, Sep 17, 2003 Site ’ s organization nameJoe ’ s Hardware Online Site ’ s DNS hostnamewww.joes-hardware.com Site ’ s public key Certificate issuer nameRSA Data Security Certificate issuer signature Jone doe HTTPS certificates are X.509 certificates with site information

25 25 Virtual Hosting and Certificates Certificate name mismatches bring up certificate error dialog boxes

26 26 Virtual Hosting and Certificates (cont.)

27 27 Tunneling Secure Traffic Through Proxies client Public Internet Firewall proxy Security perimeter Corporate firewall proxy

28 28 Tunneling Secure Traffic Through Proxies (cont.) www.cajun-gifts.com proxy.ncnu.edu.tw client.ncnu.edu.tw bdfwr73ytr6ouydoiw687eqidfjwvd76weti76fig287hdi9 8r82yr87pfdy72y87193836PDUyqe719eyty3gee98y8787 Proxy cannot proxy an encrypted request

29 29 Reference HTTP Security Web Security, Privacy & Commerce Simson Garfinkel, O ’ reilly & Associates, Inc. This is one of the best, most readable introductions to web security and the use of SSL/TLS and digital certificates. http://www.ietf.org/rfc/rfc2818.txt RFC 2818, “ HTTP Over TLS, ” specifies how to implement secure HTTP over Transport Layer Security (TLS), the modern successor to SSL. http://www.ietf.org/rfc/rfc2246.txt RFC 2817, “ Upgrading to TLS Within HTTP/1.1, ” explains hoe to use the Upgrade mechanism in HTTP/1.1 to initiate TLS over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well-known port (in this case, http: at 80 rather than https: at 443). It also enables virtual hosting, so a single HTTP+TLS server can disambiguate traffic intended for several hostnames at a single IP address.

30 30 Reference (cont.) SSL and TLS http://ww.ietf.org/rfc/rfc2246.txt RFC 2246, “ The TLS Protocol Version 1.0, ” specifies Version 1.0 of the TLS protocol (the successor to SSL). TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. http://developer.netscape.com/docs/manuals/security /sslin/contents.htm http://developer.netscape.com/docs/manuals/security /sslin/contents.htm “ Introduction to SSL ” introduces the Secure Sockets Layer (SSL) protocol. Originally developed by Netscape, SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. http://www.netscape.com/eng/ssl3/draft302.txt “ The SSL Protocol Version 3.0 ” is Netscape ’ s 1996 specification for SSL.

31 31 Reference (cont.) http://developer.netscape.com/tech/security/s sl/howitworks.html http://developer.netscape.com/tech/security/s sl/howitworks.html “ How SSL Works ” is Netscape ’ s introduction to key cryptography. http://www.openssl.org The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general-purpose cryptography library.

Download ppt "1 Secure HTTP Herng-Yow Chen. 2 Outline When digest authentication is not strong enough? How a more complicated technology secures HTTP transactions from."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
© 2004, The Technology Firm WWW.THETECHFIRM.COM SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
Lecture 22 Internet Security Protocols and Standards

Lecture 22 Internet Security Protocols and Standards
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

Similar presentations

Ads by Google