Using SSL – Secure Socket Layer

Slides:



Advertisements
Similar presentations
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Advertisements

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Chapter 8 Web Security.
Cryptography 101 Frank Hecker
CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Masud Hasan Secue VS Hushmail Project 2.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
1 Internet data security (HTTPS and SSL) Ruiwu Chen.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
TOPIC: HTTPS (Security protocol)
Web Security CS-431.
Unit 3 Section 6.4: Internet Security
SSL Certificates for Secure Websites
Cryptography and Network Security
Secure Sockets Layer (SSL)
Information Security message M one-way hash fingerprint f = H(M)
SSL Implementation Guide
How to Check if a site's connection is secure ?
Information Security message M one-way hash fingerprint f = H(M)
12 E-Commerce Overview.
Cryptography and Network Security
Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure
Pooja programmer,cse department
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Cryptography and Network Security
SSL (Secure Socket Layer)
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Information Security message M one-way hash fingerprint f = H(M)
Lecture 4 - Cryptography
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
The Secure Sockets Layer (SSL) Protocol
From Web Security by Lincoln pp – 35-51
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Transport Layer Security (TLS)
CDK: Chapter 7 TvS: Chapter 9
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

Using SSL – Secure Socket Layer Chapter 4 – pp 63 - 86 2018/9/19

Basic Encryption lab 4 using ABI software In order to protect the message (like word document), the sender and receiver will encrypt and decrypt the message based on the agreed method such as Data Encryption Standard (DES) at application level. However, there is still a drawback. The hacker cannot see the word document, but still can see the other messages such as messages to establish the protocols over the network. lab 4 using ABI software 2018/9/19

Basic - With and without SSL With SSL on I can see the contents using Sniffer (lab 7) I cannot see the contents as it has been encrypted. 2018/9/19

Example – CityU home, we can see the contents 2018/9/19

CityU, when you login, it change to https https:// 2018/9/19

Overview SSL at work Site Certificates Personal Certificates Establishing an SSL connection Encryption automatic between two machines over the network Site Certificates Personal Certificates VeriSign personal Certificates Browser SSL setting 2018/9/19

The rationale of using SSL Network eavesdropping (monitor) is a problem on the Internet. Packet sniffers as demonstrated in the laboratory seven is easy to tap the information. Using SSL can reduce the risk of being monitored as the data is encrypted automatically. FOR MORE INFO... SSL: Secure Socket Layer is a generic protocol in the transport layer and is automatic once it is “on”. 2018/9/19

Establishing an SSL connection To use the SSL, simply access URL https://www.fedex.com/track_it_adv.html and fill out a form. Please note that the URL starts with https, not traditional http You must have a valid certificate in your browser. 2018/9/19

The screen of fedex using SSL You must have a certificate. 2018/9/19

NO certificate It will redirect you to other site using http if you don’t have. FOR MORE INFO... List location or contact for competitive analysis (or other related documents) here 2018/9/19

How to get a certificate from VeriSign Access http://www.verisign.com/ 2018/9/19

Fill in the form 2018/9/19

Things to Watch Site name Mismatches Mixed Pages Export and Domestic grade Cryptography Certificate Revocation and Expiration CA and Site Certificates 2018/9/19

Site Name Mismatches When a Web browser connects to an SSL server, it does some basic validation of the sites’ certificate. It checks whether the name listed on the certificate matches the sites’ URL. If the two do not match, the browser presents a warning. 2018/9/19

Mixed Pages It is possible for HTML pages to contain a mixture of encrypted and unencrypted information. The main page may have been fetched using SSL, but others might from different servers which are not encrypted. 2018/9/19

Export and Domestic Grade Cryptography Some browser might use less key lengths such as 40 bits, which is insecure. (SSL version 2, 40 bits, SSL version 3, 128 bits) This key length is sufficient to deter causal nosiness but insufficient to protect valuable secrets. Check your session key length version 2 version 3 2018/9/19

Certificate Revocation and Expiration Under certain circumstances, a sites’ certificate may be revoked (reactivated). If a remote server offers the browser certificate that is past its expiration date, the browser will present a warning and might disconnect the connection. 2018/9/19

CA and Site Certificates Each browser that is shipped comes with the public keys of several certifying authorities (CA) preinstalled. The public keys are installed in the form of self-signed certificates, digital certificates. 2018/9/19

CA supports by Netscape Communicator  tools  security info  signers 2018/9/19

CA in IE Explorer 2018/9/19

Certificates – is also called digital ID There are two types: Personal certificate- is used when you send personal information over the Internet to a Web site that requires a certificate verifying your identity. Site Certificate – specifies that a web site is genuine and secure 2018/9/19

Personal Certificates Get one from Hong Kong Post Office Personal Certificates In addition to the site certificates, we can apply for certificate to prove our identity. Some browser have incorporated the digital identity (digital ID means certificate) into the standard installation script. Personal certificates contain the name, e-mail address, and the public-key-half of a public/private key pair. 2018/9/19

VeriSign Personal Certificates VeriSign offers two types of certificates: Class 1 and Class 2 Class 1: We need to complete a form on VeriSign’s Web site. The application is processed automatically without any attempt to validate the information. Class 2: We must provide detailed information such as driver’s license and a social security number (applies to US citizen). The information will be sent using surface mail. (In Hong Kong, you need to show your HKID.) 2018/9/19

How CA works – from http://www. verisign No need to memorise Legend in CA 2018/9/19

Step – Send “Server hello” Firstly, the client application tries to connect to a secure page. The application first sends a random challenge string to the server, then chooses-on behalf of the user-which suite of encryption protocols to use. The client application must choose a session key exchange (server authentication) algorithm (such as DES), a private key encryption algorithm (such as RC2 or RC4), and a message integrity (hashing) algorithm (such as MD5) to use during the secure transaction. 2018/9/19

Step 2 – server hello The server asserts its identity by returning its secure server certificate plus an acknowledgment that it can support the set of algorithms chosen by the client. It also generates a random connection identifier to be used throughout the communications phase. 2018/9/19

Step 3 –client master key The client application verifies the server certificate by comparing the signature of the certification authority (CA) in the server's certificate to the public key of the CA embedded in the client application. If the client does not have a CA key, or the client CA certificate does not match the server CA, the user receives a message warning that this server contains a certificate not known by the client application. 2018/9/19

Step 4 – Accept Certificate Assuming the web site is configured to accept client certificates, the server now requests that the client present a valid client Digital ID, and sends the client a new challenge phrase, encrypted using the server-write key. 2018/9/19

Example – using PC at home –SSL version 3 2018/9/19

Summary SSL in Netscape and IE Explorer Sequence for exchanging the certificate with Verisign Personal and site certificates. 2018/9/19

Next Week Web Security Linux Security 2018/9/19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.