The Secure Sockets Layer (SSL) Protocol

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
Chapter 8 Web Security.
Cryptography 101 Frank Hecker
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Unit 3 Section 6.4: Internet Security
Cryptography and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
CSE 4095 Transport Layer Security TLS
12 E-Commerce Overview.
Cryptography and Network Security
CS 465 TLS Last Updated: Oct 31, 2017.
Cryptography and Network Security
SSL (Secure Socket Layer)
The Secure Sockets Layer (SSL) Protocol
Lecture 5: Transport layer (TLS / SSL) and Security ( PGP )
Transport Layer Security (TLS)
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

The Secure Sockets Layer (SSL) Protocol

Overview What is SSL? How does SSL work? How to implement SSL? Summary and Comments.

What is SSL? A protocol developed by Netscape. It is a whole new layer of protocol which operates above the Internet TCP protocol and below high-level application protocols.

What is SSL?

What Can SSL Do? SSL uses TCP/IP on behalf of the higher-level protocols. Allows an SSL-enabled server to authenticate itself to an SSL-enabled client; Allows the client to authenticate itself to the server; Allows both machines to establish an encrypted connection.

What Does SSL Concern? SSL server authentication. SSL client authentication. (optional) An encrypted SSL connection or Confidentiality. This protects against electronic eavesdropper. Integrity. This protects against hackers.

SSL includes two sub-protocols: the SSL Record Protocol and the SSL Handshake Protocol. Record Protocol -- defines the format used to transmit data. Handshake Protocol -- using the Record protocol to exchange messages b/t an SSL-enable server and an SSL- enable client.

The exchange of messages facilitates the following actions: Authenticate the server to the client; Allows the client and server to select a cipher that they both support; Optionally authenticate the client to the server; Use public-key encryption techniques to generate share secrets; Establish an encrypted SSL conn.

Two Useful Terms A certificate. A certificate has the following content: 1. The certificate issuer’s name 2. The entity for whom the certificate is being issued (aka the subject) 3. The public key of the subject 4. Some time stamps

Two useful Terms A digit signature -- A message digest derived from the original one, has following important properties: 1. The digest is difficult to reverse 2. It is hard to find a different message that computed to the same digest value.

How does SSL Work? How a client and a server create a secure connection? The SSL protocol uses RSA public key cryptography for Internet Security. Public key encryption uses a pair of asymmetric keys for encryption and decryption.

How does SSL Work? Each pair of keys consists of a public key and a private key. The public key is made public by distributing it widely; the private key is always kept secret. Data encrypted with the public key can be decrypted only with the private key, and vice versa.

How Does SSL Work? Server’s SSL version #, cipher settings, r.g. data, other inf. The client needs to comm with the server over SSL. Also send its own certificate Client’s SSL version #, cipher settings, r.g. data, other inf. the server needs to comm with the client Authenticate the server by some of the inf. If succeed use all data so far to create the premaster secret for the session, encrypts it with the server’s public key. If the server has requested client authentication (optional) the client also signs another piece of data known by both the client and the server.

If the server has requested client authen., the server attempts to authen the client. If succeed, uses its private key decrypt the premaster secret, then perform a series of steps to generate the master secret Use the master secret to generate the session keys. Also performs a series of steps, starting from the same premaster secret to generate the master secret. Use the master secret to generate the session keys Session keys are used to encrypt and decrypt information exchange during the SSL session and to verify its integrity. Master secrets protect session keys in transit.

that the future message from here will be encrypted with the Informing the client that the future message from here will be encrypted with the session key. Then sends a separate (encrypted) message indicating that the server portion of handshake is finished. Informing the server that the future message from here will be encrypted with the session key. Then sends a separate (encrypted) message indicating that the client portion of handshake is finished.

The SSL handshake is now complete. The server and the client use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity. Note that both client and server authentication involve encrypting some pieces of data with one key of a public- private key pair and decrypting it with the other key.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.