Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Published byQuentin Quinn Modified over 8 years ago

Similar presentations

Presentation on theme: "SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003."— Presentation transcript:

1 SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003

2 Agenda Introduction to SSL/TLS Digital Certificates How SSL works SSL/TLS differences SSL/TLS jargon in ITDS Security in ITDS using SSL/TLS ldapsearch with SSL demystified Pointers and References

3 Introduction to SSL/TLS The Problem TCP/IP protocol does not provide any security. Any transactions have to be made over an insecure network by default. Everything that passes between server and client may be eavesdropped, altered and modified. The security problems have become the number one obstacle for expansion of Web.

4 Introduction cont… The Solution SSL and TLS can layer on top of any transport protocol, they are not TCP/IP dependant, and can run under application protocols such as HTTP, FTP and TELNET etc. Both SSL and TSL provide authentication, confidentiality and integrity. They give protection against message tampering, eavesdropping and spoofing. We can thus achieve secure communication over an insecure protocol in an application independent way.

5 SSL/TLS on the Stack

6 Digital Certificates (Quick Detour)‏ Digital certificates allow unique identification of an entity; they are, in essence, electronic ID cards issued by trusted parties. Digital certificates allow a user to verify to whom a certificate is issued as well as the issuer of the certificate. Digital certificates are the vehicle that SSL uses for public-key cryptography. A digital certificate serves two purposes: it establishes the owner’s identity, it makes the owner’s public key available. A digital certificate is issued by a trusted authority—a certificate authority (CA)—and it is issued only for a limited time.

7 Format of Digital Certificates The digital certificate contains specific pieces of information about the identity of the certificate owner and about the certificate authority: Owner’s distinguished name. Owner’s public key. Date the digital certificate was issued. Date the digital certificate expires. Issuer’s distinguished name. This is the distinguished name of the CA. Issuer’s digital signature.

8 Distinguished Names A distinguished name is the combination of the owner’s common name and its context (position) in the directory tree. In the simple directory tree shown in Figure 1, for example, LaurenA is the owner’s common name, and the context is OU=Engnring. O=XYZCorp; therefore, the distinguished name is: CN=LaurenA. OU=Engnring.O=XYZCorp

9 Simple Layout of a digital Certificate

10 How SSL works SSL is a protocol that provides privacy and integrity between two communicating applications using TCP/IP. The data going back and forth between client and server is encrypted using a symmetric algorithm such as DES or RC4. A public-key algorithm—usually RSA—is used for the exchange of the encryption keys and for digital signatures. The algorithm uses the public key in the server’s digital certificate.

11 The four principles of Security Confidentiality (privacy)‏ Authentication (who created or sent the data)‏ Integrity (has not been altered)‏ Non-repudiation (the order is final)‏ We will see how SSL achieves all of these !!!

12 A Simple SSL session

13 The details (Step 1)‏ Step 1 Client sends a client “hello” message with the version of SSL. the cipher suites supported by the client. the data compression methods supported by the client. a 28-byte random number.

14 Details Cont.. (Step 2)‏ Step 2 The server responds with a server “hello” message that contains the cryptographic method (cipher suite) the data compression method selected by the server the session ID another random number.

15 Details (Step 3)‏ Step 3 The server sends its digital certificate. If the server uses SSL V3, and if the server application requires a digital certificate for client authentication, the server sends a “digital certificate request” message. The server sends a server “hello done” message and waits for a client response.

16 Details Cont… (Step 4)‏ Step 4 Upon receipt of the server “hello done” message, the client verifies the validity of the server’s digital certificate and checks that the server’s “hello” parameters are acceptable. If the server requested a client digital certificate, the client sends a digital certificate, or if no suitable digital certificate is available, the client sends a “no digital certificate” alert.

17 Details Cont … (Step 5)‏ Step 5 The client sends a “client key exchange” message. This message contains the pre-master secret, a 46-byte random number used in the generation of the symmetric encryption keys the message authentication code (MAC) keys, This is encrypted with the public key of the server.

18 Details Cont …. (Step 5 cont)‏ Step 5 cont… If the client sent a digital certificate to the server, the client sends a “digital certificate verify” message signed with the client’s private key. By verifying the signature of this message, the server can explicitly verify the ownership of the client digital certificate.

19 Details Cont … (Step 6)‏ Step 6 The client uses a series of cryptographic operations to convert the pre-master secret into a master secret, from which all key material required for encryption and message authentication is derived. Then the client sends a “change cipher spec” message to make the server switch to the newly negotiated cipher suite.

20 Details … (Step 7)‏ Step 7 The next message sent by the client (the “finished” message) is the first message encrypted with this cipher method and keys The server responds with a “change cipher spec” and a “finished” message of its own. The SSL handshake ends, and encrypted application data can be sent.

Download ppt "SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Similar presentations

Ads by Google