TLS and DLP Behind the green lock.

Slides:



Advertisements
Similar presentations
Web security: SSL and TLS
Advertisements

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SSL(Secure Socket Layer) Guided By:- Presented By:- Richard Sinn Jimmy Mehta
Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
The Secure Sockets Layer (SSL) Protocol
Chapter 7 - Secure Socket Layer (SSL)
Web Security CS-431.
Setting and Upload Products
Digital Signatures.
Virtual Private Network (VPN)
Cryptography and Network Security
Secure Sockets Layer (SSL)
Review Video Dina Dwi Maharani 3 D3 IT A
CSCE 715: Network Systems Security
BINF 711 Amr El Mougy Sherif Ismail
CIPHER SUITE Each name has an algorithm divided into four parts: protocol, key exchange algorithm, encryption algorithm, and checksum. For example, the.
How to Check if a site's connection is secure ?
Topic 1: Data, information, knowledge and processing
CSE 4095 Transport Layer Security TLS, Part II
CS 142 Lecture Notes: Network Security
Using SSL – Secure Socket Layer
CSE 4095 Transport Layer Security TLS
Public-Key Cryptography
Cryptography and Network Security
Cryptography and Network Security Chapter 16
CS 142 Lecture Notes: Network Security
MIDP Application Security
CS 465 TLS Last Updated: Oct 31, 2017.
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Web Security (TRANSPORT-LEVEL SECURITY)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Security at the Transport Layer: SSL and TLS
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
CS 142 Lecture Notes: Securing the Connection
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Secure Socket Layer (SSL) Transport Layer Security (TLS)
CS 142 Lecture Notes: Network Security
Transport Layer Security (TLS)
SSL/TLS.
Building Security into Your System
Unit 8 Network Security.
Advanced Computer Networks
Electronic Payment Security Technologies
Cryptography and Network Security
Integrated Security System
Cryptography Lecture 27.
TLS Encryption and Decryption
Presentation transcript:

TLS and DLP Behind the green lock

www.pluralsight.com

Goals Encrypting Data Diffie Hellman Elliptical Curve Key Exchange Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo

Web Browser Encryption Negotiate Encryption Session TLS 1.2 and 1.3 Encryption Protocols

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

SSL/TLS Versions TLS v1.2 TLS v1.3

Data Encryption Basics

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server

TLS Encryption Data Encryption Key Exchange Handshake Integrity AES (128 or 256 bits) Chacha20 Key Exchange Handshake Integrity

TLS Encryption Data Encryption Key Exchange AES (128 or 256 bits) Chacha20 Key Exchange

TLS Encryption Key Exchange Data Encryption

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA RSA Handshake Integrity RSA Diffie Hellman Elliptical Curve RSA Diffie Hellman Elliptical Curve

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

Elliptical Curve Diffie-Hellman Ephemeral

Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1 ffdhe2048 ffdhe3073

Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1 ffdhe2048 ffdhe3073

Elliptical Curve

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server Public Key

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client HTTPs Server Public Key

TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd + HTTPs Client HTTPs Server Public Key

TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd

TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd

TLS 1.2 DHECE Key Exchange + + Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server

TLS 1.2 DHECE Key Exchange + + Private Key Private Key HTTPs Client 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b942494490803fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve RSA Diffie Hellman Elliptical Curve

TLS Encryption Key Exchange Data Encryption Handshake Integrity

TLS Encryption Key Exchange Data Encryption Handshake Integrity

TLS Encryption Key Exchange Data Encryption Handshake Integrity

Server Authenticity TLS Encryption Key Exchange Data Encryption Handshake Integrity Server Authenticity

Certificates

Certificate Authority Certificates Certificate Authority Server Intermediate Root

Certificate Authority Certificates Certificate Authority Server Intermediate Root

Certificate Authority Certificates Certificate Authority Server Intermediate Root

Certificate Authority Certificates Certificate Authority Root Server Intermediate

Certificate Authority Certificates Certificate Authority Root Intermediate Server

Certificate Authority Certificates Certificate Authority Root Intermediate Server Validation

Certificate Authority Certificates Certificate Authority Server Intermediate

Certificates Server Intermediate

Certificates Server Intermediate

Certificates Server Intermediate

But aren’t certificates used to encrypt? Key Exchange Only RSA Diffie Hellman (p and g values)

But aren’t certificates used to encrypt? Key Exchange Only RSA Diffie Hellman (p and g values)

Used for Server Authenticity Certificates Used for Server Authenticity Independent from Certificate

Data Loss Prevention aka MITM or SSL intercept

Data Loss Prevention Client Server

Data Loss Prevention DLP Appliance Client Server

Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server

Client Observes End to End Data Loss Prevention DLP Appliance TLS Session TLS Session Client Client Observes End to End Server

Unencrypted Client/Server Data Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server Unencrypted Client/Server Data

Data Loss Prevention DLP Appliance TLS Session TLS Session Client Trusted Certificate Server

? Data Loss Prevention DLP Appliance TLS Session TLS Session Client Trusted Certificate Server

? Data Loss Prevention DLP Appliance TLS Session TLS Session Client Trusted Certificate Server

Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server Root Intermediate Server

Data Loss Prevention DLP Appliance TLS Session TLS Session Client Intermediate DLP Appliance TLS Session TLS Session Client Server Server

Data Loss Prevention DLP Appliance TLS Session TLS Session Client Intermediate DLP Appliance TLS Session TLS Session Client Server Server

Client Observes End to End Encryption Data Loss Prevention Intermediate DLP Appliance TLS Session TLS Session Client Client Observes End to End Encryption Server Server

Unencrypted Client/Server Data Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server Unencrypted Client/Server Data

Certificates

More Information https://sharkfestasia.wireshark.org/sf18asia SSL/TLS Decryption: Uncovering the Secrets Peter Wu https://www.pluralsight.com/ Wireshark Troubleshooting: Analyzing and Decrypting TLS Traffic Ross Bagurdes

Summary Encrypting Data Diffie Hellman Elliptical Curve Key Exchange Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.