1 Internet data security (HTTPS and SSL) Ruiwu Chen.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures. Anononymity and the Internet.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Computer Science Public Key Management Lecture 5.
SSL Technology Overview and Troubleshooting Tips.
Cryptography 101 Frank Hecker
CSCI 6962: Server-side Design and Programming
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Linux Networking and Security Chapter 8 Making Data Secure.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
The Secure Sockets Layer (SSL) Protocol
TOPIC: HTTPS (Security protocol)
Web Security CS-431.
Digital Signatures.
SSL Certificates for Secure Websites
Cryptography and Network Security
Cryptography Why Cryptography Symmetric Encryption
Computer Communication & Networks
Cryptography Reference: Network Security
Cryptography Reference: Network Security
Secure Sockets Layer (SSL)
Web Development & Design Foundations with HTML5 8th Edition
Using SSL – Secure Socket Layer
12 E-Commerce Overview.
Cryptography and Network Security
Cryptography and Network Security
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
CS – E-commerce Technologies – Lecture 07
Cryptography and Network Security
Presentation transcript:

1 Internet data security (HTTPS and SSL) Ruiwu Chen

2 Introduction: 4 When you are surfing the web especially a shopping site, Some times a pop-up window like following window will appear

3 Introduction: 4 Why any information you exchange with this site cannot be viewed by anyone else on the Web? 4 If you look carefully, you will find the web site’s address begins with instead of 4 What is HTTPS

4 HTTPS 4 HTTPS stands for Secure Hypertext Transfer Protocol, which provides increased security for information exchanged in the World Wide Web by transferring encrypted information between computers. 4 HTTPs =Encryption+ HTTP. HTTPS is a version of HTTP using a Secure Socket Layer (SSL)

5 SSL 4 SSL is the base of HTTPs - the secure World-Wide Web protocol. 4 SSL was designed by Netscape using algorithms invented by RSA (Rivest- Shamir-Adelman). 4 Commercial implementations may be purchased from RSA. A free and robust implementation called SSLeay is also internationally available.

6 Why need data security? ( Post card problem) 4 When you send a postcard. The card contains your address and a destination address. 4 The post office will deliver it to the destination.You do not know the route of delivery. Any one in the middle can see all content of the post card. 4 That is why we do not put private information on post card

7 Why need data security? 4 HTTP is similar to post card problem 4 When you send a message over internet using HTTP. The TCP/IP will pack your message in packets(add source and destination address to them). 4 The TCP/IP can not protect the packet from being eavesdropped by the middle-man. 4 It is possible for a third party to access the information you sent.

8 Solution to the insecure Internet 4 encryption - encoding the message so that it is unintelligible to the intruder. 4 Only the receiver can decrypt the message to the original form. 4 The internet protocol deal with encryption is HTTPS and it is implemented by using SSL 4 Your your credit card number will been protected over internet

9 Why still using HTTP 4 Internet connection is slow now 4 HTTPS will adds more overhead 4 Most of the data is not sensitive 4 So: –HTTP for most data –HTTPS for sensitive data like credit card number

10 Encryption 4 Encryption is the science of secret writing with a long history. 4 It was mainly used in the military for the protection of sensitive communication. 4 Encryption is the transformation of data into a form that is impossible to read without the appropriate knowledge ( a key ).

11 single (or symmetric) key algorithm 4 the same key is used for encryption and decryption. 4 In this case security relies on the secrecy of the key

12 Chain Block Cipher (CBC) mode

13 two key (or asymmetric) algorithm 4 different (but paired) keys are used for encryption and decryption. 4 Commonly known as public key algorithms: –the key used for encryption is the public key and is not kept secret. –The decryption key (private key) is kept secret.

14 two key (or asymmetric) algorithm 4

15 Problems with the two algorithms 4 single (or symmetric) key encryption has the problem of keeping the key secret during delivering. two key (or asymmetric) encryption is much slower than single key encryption. Solution: Hybrid System

16 Hybrid System The combination of the two algorithm Using the single key encryption to achieve the high speed encryption. Using asymmetric key encryption to guarantee the secret delivery of the single- key

17 How secure is the Encryption 4 In 1998, a team lead by John Gilmore spent $220,000 built a machine that cracked a 56-bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and is capable of testing 90 billion keys a second. 4 For an 128-bit key, it will need 10 billion “deep Crack” more than 1 billion years to crack that encrypted message 4 Encryption algorithm with key length less than 64-bit length is considered to be weak encryption. key length of 128-bit is strong encryption.

18 symmetric versus asymmetric encryption algorithms with respect to key length. Symmetric Key LengthPublic-key Key Length 56 bits384 bits 64 bits512 bits 80 bits768 bits 112 bits1792 bits 128 bits2304 bits

19 Authentication 4 is the process of confirming the identity of a party with whom one is communicating. 4 You cannot always be sure that the entity with whom you are communicating is really who you think it is 4 The server presents its public key certificate to the client. If this certificate is valid, the client can be sure of the identity of the server

20 Certificate A certificate is a digitally signed statement vouching for the identity and public key of an entity (person, company, etc.). Certificates can either be self-signed or issued by a Certification Authority (CA). Certification Authorities are entities that are trusted to issue valid certificates for other entities. Well-known CAs include VeriSign, Entrust, and GTE CyberTrust. X509 is a common certificate format

21 Implementation of HTTPS 4 Install a digital certificate from a certificate authority on the central server 4 4 Don’t use old browser like Netscape version 2.X or Internet explorer version 2.X

22 Determining the security level of an HTTPS connection 4 From the browser’s View menu, select Page Info. 4 This will display information about the quality of the HTTPS connection, and it will also show you the identity of the certificate authority (CA) who issued the server's certificate.

23 Summery 4 Client hello - The client sends the server information about the highest version of SSL it supports 4 Server hello - The server chooses the highest version of SSL and sends this information to the client. 4 Certificate - The server sends the client a certificate 4 Server key exchange(optional) - The server sends the client a server key exchange message when the public key information sent is not sufficient. 4 verification-The client check the validation of certification 4 Client key exchange(optional) -If the server ask for key exchange. 4 Encrypted data - communicate with encryption

24 Reference: 4 Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, New York, ndex.html ndex.html 4 rity/pkin/ rity/pkin/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.