Secure Socket Layer (SSL) Transport Layer Security (TLS)

Slides:



Advertisements
Similar presentations
CP3397 ECommerce.
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter 8 Web Security.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
CSCI 6962: Server-side Design and Programming
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Supporting Technologies III: Security 11/16 Lecture Notes.
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography (confidentiality) 8.3 Message integrity 8.4 End-point authentication.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
Chapter 7 - Secure Socket Layer (SSL)
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Cryptography Reference: Network Security
Cryptography Reference: Network Security
Secure Sockets Layer (SSL)
Using SSL – Secure Socket Layer
CSE 4095 Transport Layer Security TLS
12 E-Commerce Overview.
Cryptography and Network Security
Pooja programmer,cse department
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
The Secure Sockets Layer (SSL) Protocol
Lecture 5: Transport layer (TLS / SSL) and Security ( PGP )
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Secure Electronic Transactions (SET)
Transport Layer Security (TLS)
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Integrated Security System
Presentation transcript:

Secure Socket Layer (SSL) Transport Layer Security (TLS)

Introduced in the Nescape browser in 1995 Introduced in the Nescape browser in 1995. Secure connection between two socket with the following properties (secure channel): Parameters negotiation between client and server Client and server authentication Secret communication Data integrity protection It may be considered as a layer between the application layer and the transport layer. HTTP used with SSL is called HTTPS( Secure HTTP)

On the sender site, SSL receives the data from an application, encrypts and sends them to a TCP socket. On the receiver site, SSL reads the data from the TCP socket, decrypts and sends them to the application.

HTTPS. Secure web. Use of the HTTP application protocol on a secure channel Secure channel creation between two networks nodes. The channel is used by a specific transaction or communication session The informations are encrypted when they leave the node and decrypted when they are received by the other node. The operation is transparent to the application

SSL Widely used in the electronic commerce being implemented in the majority of web browsers and servers. It provides the following functions: -Server authentication. It allows a user to confirm the server identity. -Client authentication. It allows a server to confirm the user identity. - SSL session encrypted. All the informations sent from the client and the server are encrypted by the sending software (browser or server )and decrypted by the receiving software (browser or server)

Autenticazione del server Un browser SSL compatibile mantiene un elenco di fidate autorità di certificazione (CA) assieme alle chiavi pubbliche delle CA. Quando il browser vuole contattare un web server SSL-compatibile, ottiene un certificato del server contenente la sua chiave pubblica. Il certificato è rilasciato (firmato digitalmente) sa un’autorità di certificazione (CA). L’autenticazione del server consente a Bob di verificare che egli sta davvero spedendo il suo numero di carta di credito alla Alice Incorporated e non a qualcun altro che si spaccia per essa.

Handsake protocol The protocol allows the server and the client to authenticate each other and to negotiate an encryption and hash algorithm and criyptographic keys to be used to protect data sent in a SSL record. The handsake protocol is used before any application data is transmitted.

1.The client sends the highest SSL version and its preference for the kind of symmetric key algorithm to be used. 2.The server sends to the client the number of its SSL version, its preferences for the kind of symmetric key algorithm and its digital certificate. The certificate contains the RSA public key of the server and it is signed with the private key of a CA. 3.The client knows the public key of some CA. It controls if the server CA is present in its list. In the positive case the client uses the CA public key in order to decrypt the certificate and obtain the server public key. (server authentication).

Client authentication Client certificates released by a CA are used (as in the case of server auythentication). This authentication is important if the server is, for example , a bank that is sending confidential financial informations to a client and it wants to check the receiver identity.. The client authentication, although supported by SSL, is optional.

4. The client creates a session symmetric key, encrypts it with the server public key and sends it to the server. 5. The client sends a message to the server to comunicate that the following messages will be encrypted with the session key. Then, sends an encrypted message to indicate the conclusion of the client handsake. 6. The server sends a message to the browser to comunicate that the following messages will be encrypted with the session key. Then, sends an encrypted message to indicate the conclusion of the server handsake. 7. Client and server utilize the session key to encrypt and decrypt the sent messages and to validate their integrity.

SSL limits in e-commerce applications SSL was thought for secure communication between a client and a server. It not allows a secure credit card utilization. The certificate that Bob receives from Alice assures him that he is negotiating with Alice Incorporated and that Alice Incorporated is a reliable company. However, the certificate does not indicate if Alice Incorporated is authorized to accept the payment with credit cards . The same is valid for the client authorization. The certificate does not establish if the Bob credit card is valid.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.