Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien."— Presentation transcript:

1 Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien

2 Abstract: Security is very important topic in computer science and in networks. Security is very important topic in computer science and in networks. SSL and Certificate is one way to secure sensitive data from attackers. SSL and Certificate is one way to secure sensitive data from attackers. In this report we will show how administrator or software developer can provide secure communication using SSL and Certificate. In this report we will show how administrator or software developer can provide secure communication using SSL and Certificate.

3 The overall picture of this process is that the administrator should generate a certificate and has it signed by a Certificate Authority. The overall picture of this process is that the administrator should generate a certificate and has it signed by a Certificate Authority. The CA verifies that the administrator legitimately owns the URL in the CN field, signs the certificate, and gives it back. The CA verifies that the administrator legitimately owns the URL in the CN field, signs the certificate, and gives it back. SSL protocol will be used by both the client and the server to encrypt the data. SSL protocol will be used by both the client and the server to encrypt the data.

4 Motivation for Cert. Public key is an extremely powerful technology but it depends on the distribution of the public key. Public key is an extremely powerful technology but it depends on the distribution of the public key. The problem of getting keys to people who need them can be solved by using digital certificate. The problem of getting keys to people who need them can be solved by using digital certificate.

5 Public Key Certificates

6 A public key certificate provides a way to associate a public key with the name of its owner. A public key certificate provides a way to associate a public key with the name of its owner. A public key certificate is a data structure that contains: A public key certificate is a data structure that contains: owner's name, e-mail address owner's name, e-mail address a public key a public key validity dates validity dates location of revocation information location of revocation information location of the issuer's policies location of the issuer's policies Others (optional) Others (optional)

7 A public key certificate is issued by a trusted organization known as a certificate authority (CA), and provides identification for the entity. A public key certificate is issued by a trusted organization known as a certificate authority (CA), and provides identification for the entity. One must provide proof of identity in order to obtain a certificate from a CA. One must provide proof of identity in order to obtain a certificate from a CA.

8 CA is a public certificate authority that is widely trusted. CA is a public certificate authority that is widely trusted. Information including the CA's public key for several root CAs is typically stored in the client's Internet Browser. Information including the CA's public key for several root CAs is typically stored in the client's Internet Browser. Well-known CAs: Well-known CAs: VeriSign, Entrust, and GTE CyberTrust.

9 Certificate Process

10

11 Steps to generate a certificate for authentication on a web server: Steps to generate a certificate for authentication on a web server: 1. The web server has to generate a key pair and create a request for certificate. 2. The request submits to certificate authority server. 3. The owner of the certificate server will check if the request belongs to a party requesting.

12 1. The certificate is acquired by web server. 2. The certificate is used in the configuration of the web server. 3. A client can now access the site securely.

13 Demo: How we doing Certificate in Windows

14 Steps in securing communication using certificate: Steps in securing communication using certificate: 1. Create a certificate request.

15 1. submit the certificate request

16 1. submit the certificate request (continued)

17

18 1. Issue the certificate.

19 1. Download the certificate. 2. Configure the web site to use the SSL certificate. 3. Configure the web site to use SSL.

20 Packets captured with Ethereal Packets captured with Ethereal

21 SSL is considered a layer on the top of TCP/IP that provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. SSL is considered a layer on the top of TCP/IP that provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications.

22 The SSL Process

23 SSL Handshake SSL process begins with an exchange of information between the two communicating parties which is called SSL handshake. SSL process begins with an exchange of information between the two communicating parties which is called SSL handshake. handshake is done by: 1. Negotiate the cipher suite 2. Authenticate identity (optional) 3. Establish information security by agreeing on encryption mechanisms

24 Negotiating the Cipher Suite The client and the server, begin negotiating which cipher suite they will use. The client and the server, begin negotiating which cipher suite they will use. Cipher suite: a set of cryptographic algorithms and key sizes that a computer can use to encrypt data. Cipher suite: a set of cryptographic algorithms and key sizes that a computer can use to encrypt data. figure 1.1 (next page) figure 1.1 (next page)

25

26 Java provides secure socket framework that enables secure Internet communications. Java provides secure socket framework that enables secure Internet communications. The JSSE (Java Secure Socket Extension) API is capable of supporting SSL versions 2.0 and 3.0 and Transport Layer Security (TLS) 1.0. The JSSE (Java Secure Socket Extension) API is capable of supporting SSL versions 2.0 and 3.0 and Transport Layer Security (TLS) 1.0.

27 SSL and Certificate Programming Using Java

28 How to program SSL in java SSL uses certificates for authentication so we need to create certificates for our clients and servers. SSL uses certificates for authentication so we need to create certificates for our clients and servers. JSSE can use certificates created by the java keytool JSSE can use certificates created by the java keytool

29 Java keytool key and certificate management tool can: Java keytool key and certificate management tool can: create public and private key pairs create public and private key pairs issue certificate requests issue certificate requests import certificate replies import certificate replies designate public keys belonging to other parties as trusted designate public keys belonging to other parties as trusted manage keystore manage keystore

30 Keystore is a special file that holds keys and certificates and encrypts them all with a password Keystore is a special file that holds keys and certificates and encrypts them all with a password When a server sets up SSL session, it will retrieve its certificates and keys from its keystore. When a server sets up SSL session, it will retrieve its certificates and keys from its keystore. when a client wants to verify the identities of servers, it will retrieve trusted certification authority (CA) certificates from its truststores. when a client wants to verify the identities of servers, it will retrieve trusted certification authority (CA) certificates from its truststores.

31 In order to program SSL sockets in java, it is important to know the main packages that are part of the JSSE API: javax.net package which provides the SocketFactory and ServerSocketFactory classes, which are used to replace normal TCP sockets with SSL sockets. javax.net package which provides the SocketFactory and ServerSocketFactory classes, which are used to replace normal TCP sockets with SSL sockets. javax.net.ssl package provides classes and interfaces for establishing and managing an SSL session javax.net.ssl package provides classes and interfaces for establishing and managing an SSL session

32 Generating a Server Certificate Keytool can be used to create server certificate. We used the following command to create an RSA certificate, referenced by the alias of Ahmed, and stored in a new created keystore named servercerts. Keytool can be used to create server certificate. We used the following command to create an RSA certificate, referenced by the alias of Ahmed, and stored in a new created keystore named servercerts. keytool -genkey -keystore servercerts -keyalg rsa -alias Ahmed -storepass 123456 -keypass 123456 keytool -genkey -keystore servercerts -keyalg rsa -alias Ahmed -storepass 123456 -keypass 123456

33 Creating an SSL Client Socket An example on how to create a client socket and specify a truststore that contains the certificates needed to validate any server's certificate received from the server. An example on how to create a client socket and specify a truststore that contains the certificates needed to validate any server's certificate received from the server. To do so, run the example below with the following command:

34 java -Djavax.net.ssl.trustStore=mytruststore - Djavax.net.ssl.trustStorePassword=mytruststorepw MyClient java -Djavax.net.ssl.trustStore=mytruststore - Djavax.net.ssl.trustStorePassword=mytruststorepw MyClient /** * SSL Client * * This program uses SSL socket * and certificate * * Copyright: Copyright (c) 2005 * * School: Western Michigan University * * @author: Ahmed Muaydh * @version 1.0 */ import javax.net.*; import java.net.*; import javax.net.ssl.*; import java.io.*;

35 class MyClient{ public static void main(String str[]) { try { int port = 443; int i; String hostname = "localhost"; InetAddress ina = InetAddress.getLocalHost() ; //Create secure SSL socket SocketFactory socketFactory = SSLSocketFactory.getDefault(); Socket socket = socketFactory.createSocket(ina, port); System.out.println(InetAddress.getLocalHost()); // Create streams to securely send and receive data to the server InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream(); // Read from in and write to out... DataInputStream dataIn = new DataInputStream (in); System.out.println(dataIn.readUTF()); // BufferedOutputStream buffOut = new BufferedOutputStream (out); DataOutputStream data = new DataOutputStream (out); data.writeUTF("Hello There from the client"); // Close the socket in.close(); out.close(); } catch(IOException e) { System.out.println(e); }

36 Creating an SSL Server Socket Now assume that a keystore is created. Now assume that a keystore is created. To specify the keystore of certificates for an SSL server socket, we can use the javax.net.ssl.keyStore system property. To specify the keystore of certificates for an SSL server socket, we can use the javax.net.ssl.keyStore system property. To do so, run the example below with the following command:

37 java -Djavax.net.ssl.keyStore=Ahmed - Djavax.net.ssl.keyStorePassword=123456 MyServer java -Djavax.net.ssl.keyStore=Ahmed - Djavax.net.ssl.keyStorePassword=123456 MyServer /** * SSL Server * * This program uses SSL socket * and certificate * * Copyright: Copyright (c) 2005 * * School: Western Michigan University * * @author: Ahmed Muaydh * @version 1.0 */ import javax.net.*; import java.net.*; import javax.net.ssl.*; import java.io.*;

38 class MyServer{ public static void main(String str[]) { try { int port = 443; ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault(); ServerSocket ssocket = ssocketFactory.createServerSocket(port); // Listen for connections Socket socket = ssocket.accept(); System.out.println("Client got connected"); // Create streams to securely send and receive data to the client InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream(); // Read from in and write to out... // BufferedOutputStream buffOut = new BufferedOutputStream (out); DataOutputStream data = new DataOutputStream (out); data.writeUTF("Hello There from the Server"); //BufferedInputStream buffIn = new BufferedInputStream (in); DataInputStream dataIn = new DataInputStream (in); System.out.println(dataIn.readUTF()); // Close the socket in.close(); out.close(); } catch(IOException e) { System.out.println(e); }

39 IP sec IPsec is a protocol which sits on top of the Internet Protocol (IP) layer. It allows two or more hosts to communicate in a secure way.

40 ● IPSec in Windows consists of three main components ● Policy Agent("IPSec Policy Agent" in Windows 2000): acquire and distribute the IPSec policies that the administrator has defined ● Internet Key Exchange (IKE) module : (Its function is to negotiate Security Associations (SA). ● IPSec driver is responsible for exercising the filters, and maintaining the stateful status of connections ● To secure the link we will be using IPsec in VPN

41 To enable audit policy

Download ppt "Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
SSL (Secure Socket Layer)

SSL (Secure Socket Layer)
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Secure Sockets SSL/TLS ICW: Lecture 6 Tom Chothia.

Secure Sockets SSL/TLS ICW: Lecture 6 Tom Chothia.

Similar presentations

Ads by Google