ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

Slides:

Advertisements

Similar presentations

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Advertisements

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Web services security I

Cryptography 101 Frank Hecker

Digital Certificates. What is a Digital Certificate? A digital certificate is the equivalent of your business card in the e-commerce world. It says who.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Supporting Technologies III: Security 11/16 Lecture Notes.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Types of Electronic Infection

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Public Key Encryption.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

Can SSL and TOR be intercepted? Secure Socket Layer.

Public Key Encryption, Secure WWW Transactions & Digital Signatures.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

1 Internet data security (HTTPS and SSL) Ruiwu Chen.

The Secure Sockets Layer (SSL) Protocol

Chapter 40 Internet Security.

TOPIC: HTTPS (Security protocol)

SSL Certificates for Secure Websites

Secure Sockets Layer (SSL)

Topic 1: Data, information, knowledge and processing

12 E-Commerce Overview.

The Secure Sockets Layer (SSL) Protocol

Chapter 4 Cryptography / Encryption

The Internet: Encryption & Public Keys

Unit 8 Network Security.

Electronic Payment Security Technologies

Introduction to Cryptography

Presentation transcript:

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY

OVERVIEW Encryption Encryption example SSL How SSL Works SSL Certificates How to get a Certificate Man in the Middle Attacks

ENCRYPTION Best way to ensure data security Also referred to as cipher text Not easily understood by anyone other than authorized parties Main purpose is to protect confidentiality of digital data Key Elements Authentication Integrity Non-repudiation

HISTORY OF ENCRYPTION Ancient Greeks Used scytale to encrypt their messages Caesar’s Cipher Shifted letters left or right by a certain number of characters WWII Enigma machine Cracked by the Polish Modern Encryption Symmetric encryption Asymmetric encryption

EXAMPLE OF ENCRYPTION

SSL Secure Sockets Layer Establishes an encrypted link between the browser and the website Used to secure transactions, logins, and data transfers Ensures data is private and integral Prevents eavesdropping

SSL CERTIFICATES Also known as Digital Certificates Used to establish a secure encrypted connection between browser and server Three keys Public Private Session Anything encrypted with the public key can only be decrypted with the private key

KEYS Public key - A publicly viewable key Private key - Only viewable by the owner Encrypting and decrypting take a lot of processing power Creates a symmetric session key during “SSL Handshake” The session key is used to encrypt all transmitted data

HOW TO GET A SSL CERTIFICATE Create a Certificate Signing Request on your server Creates a private key and public key on your server Install the SSL Certificate on your server Digitally signed by a trusted Certificate Authority DigiCert GoDaddy Pay $300 annual fee

CERTIFICATE AUTHORITY Entity that issues digital certificates Responsible for making sure website is valid Top Certificate Authorities by market share, 2016 Comodo - 40% Symantic - 26% GoDaddy - 11% GlobalSign - 9%

SSL HOW IT WORKS

MAN IN THE MIDDLE ATTACKS Also referred to as MITM or MIM Cyber attack where a malicious actor places themselves into a conversation Tries to impersonate both parties to gain information Might happen on Financial sites Connections meant to be secured by public or private key Sites that require login where there is information to be gained

MAN IN THE MIDDLE ATTACKS

OTHER FORMS OF MITM ATTACKS Evil Twin Rogue wifi network that appears to be legitimate When the user joins the attacker uses a MITM attack to intercept data Sniffing Uses software to intercept data being sent from, or to, your device