TLS Encryption and Decryption

Slides:



Advertisements
Similar presentations
Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)
Advertisements

Web security: SSL and TLS
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Cryptography and Network Security (SSL)
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
The Secure Sockets Layer (SSL) Protocol
Chapter 7 - Secure Socket Layer (SSL)
TOPIC: HTTPS (Security protocol)
Web Security CS-431.
IT443 – Network Security Administration Instructor: Bo Sheng
Digital Signatures.
SSL/TLS configuration in OpenEdge
Network Security Gene Itkis
Reviews Rocky K. C. Chang 20 April 2007.
Virtual Private Network (VPN)
Tutorial on Creating Certificates SSH Kerberos
Cryptography and Network Security
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
Chapter 8 Network Security.
BINF 711 Amr El Mougy Sherif Ismail
CIPHER SUITE Each name has an algorithm divided into four parts: protocol, key exchange algorithm, encryption algorithm, and checksum. For example, the.
Private Key Algorithms Key Exchange Protocols SSL
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
CS 142 Lecture Notes: Network Security
CSE 4095 Transport Layer Security TLS
Public-Key Cryptography
Cryptography and Network Security
Cryptography and Network Security Chapter 16
CS 142 Lecture Notes: Network Security
MIDP Application Security
CS 465 TLS Last Updated: Oct 31, 2017.
SSL – Secure Socket Layer and TLS – Transport Layer Security
TLS 1.3: What has changed Dmitry Belyavskiy Cryptocom.
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Chapter 7 WEB Security.
Web Security (TRANSPORT-LEVEL SECURITY)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
TLS and DLP Behind the green lock.
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Chapter 7 WEB Security.
CS 142 Lecture Notes: Network Security
Transport Layer Security (TLS)
SSL/TLS.
Unit 8 Network Security.
Advanced Computer Networks
Cryptography and Network Security
Integrated Security System
Cryptography Lecture 27.
A General Introduction to Modern Cryptography
Presentation transcript:

TLS Encryption and Decryption What every IT engineer should know about TLS Ross Bagurdes Data network Engineer @bagurdes

https://www.pluralsight.com

Goals A Brief History Encrypting Data Key Exchange Data Encryption Protocols TLS 1.2 and 1.3 Handshakes Decrypting TLS in Wireshark

The public key encrypts the data. The private key decrypts the data.

Web Browser Encryption

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

Web Browser Encryption Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

SSL/TLS Version History 1994 SSLv2 Netscape Navigator 1999 TLSv1.0 RFC 2246 2008 TLSv1.2 RFC 5246 2018 TLSv1.3 Prop. Standard TLS v1.3 1995 SSLv3 resolved serious v2 issues 2006 TLSv1.1 RFC 4346 2013 Microsoft/Apple Enable support for TLSv1.2 TLS v1.2

SSL/TLS Versions TLS v1.2 TLS v1.3

Data Encryption Basics

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server secretkey secretkey

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server +

Encrypting Communication HTTPs Client HTTPs Server

Encrypting Communication HTTPs Client HTTPs Server

TLS Encryption Data Encryption Key Exchange Handshake Integrity

TLS Encryption Key Exchange Data Encryption Handshake Integrity

Diffie-Hellman Key Exchange HTTPs Client HTTPs Server

Diffie-Hellman Key Exchange HTTPs Client HTTPs Server

Diffie-Hellman Key Exchange HTTPs Client HTTPs Server p = 149 g = 17

Diffie-Hellman Key Exchange HTTPs Client HTTPs Server p = 149 g = 17

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server Public Key a = 8 Private Key

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 Private Key

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 ga MOD p = encrypted key Private Key

Quick Math Lesson

95/8

95/8 “95 divided by 8”

95/8 “95 divided by 8” 8 95

95/8 “95 divided by 8” 8 95

95/8 “95 divided by 8” 1 8 95

95/8 “95 divided by 8” 1 8 95 8

95/8 “95 divided by 8” 1 8 95 8 15

95/8 “95 divided by 8” 1 1 8 95 8 15

95/8 “95 divided by 8” 1 1 8 95 8 15 8

95/8 “95 divided by 8” 1 1 8 95 8 15 8 7

95/8 “95 divided by 8” 1 1 .#### 8 95 8 15 8 7 7

95/8 “95 divided by 8” 1 1 R 7 7 8 95 8 15 8 7

95/8 “95 divided by 8” Modulus R 7

95/8 “95 divided by 8” Modulus 7

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 ga MOD p = encrypted key Private Key

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 ga MOD p = encrypted key Private Key 178 MOD 149 = 5

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 5 Private Key

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 5 Private Key

Diffie-Hellman Key Exchange Private Key p = 149 g = 17 HTTPs Client HTTPs Server 5

Diffie-Hellman Key Exchange 5 a = 8 Private Key Encrypted Key p = 149 g = 17 HTTPs Client HTTPs Server b = 6 Private Key

Diffie-Hellman Key Exchange 5 a = 8 Private Key Encrypted Key p = 149 g = 17 HTTPs Client HTTPs Server b = 6 gb MOD p = encrypted key Private Key

Diffie-Hellman Key Exchange 5 a = 8 Private Key Encrypted Key p = 149 g = 17 HTTPs Client HTTPs Server b = 6 gb MOD p = encrypted key Private Key 176 MOD 149 = 16

Diffie-Hellman Key Exchange 5 a = 8 Private Key Encrypted Key p = 149 g = 17 HTTPs Client HTTPs Server 16 b = 6 Private Key

Diffie-Hellman Key Exchange 5 a = 8 Private Key Encrypted Key p = 149 g = 17 HTTPs Client HTTPs Server 16 b = 6 Private Key Encrypted Key

Diffie-Hellman Key Exchange p = 149 g = 17 HTTPs Client HTTPs Server a = 8 16 5 b = 6 Private Key Encrypted Key Encrypted Key Private Key

16 5 (enc key)a MOD p = key (enc key)b MOD p = key p = 149 g = 17 HTTPs Client HTTPs Server a = 8 16 5 b = 6 Private Key Encrypted Key Encrypted Key Private Key (enc key)a MOD p = key (enc key)b MOD p = key

16 5 (enc key)a MOD p = key (enc key)b MOD p = key 168 MOD 149 = 129 g = 17 HTTPs Client HTTPs Server a = 8 16 5 b = 6 Private Key Encrypted Key Encrypted Key Private Key (enc key)a MOD p = key (enc key)b MOD p = key 168 MOD 149 = 129

16 5 (enc key)a MOD p = key (enc key)b MOD p = key 168 MOD 149 = 129 g = 17 HTTPs Client HTTPs Server a = 8 16 5 b = 6 Private Key Encrypted Key Encrypted Key Private Key (enc key)a MOD p = key (enc key)b MOD p = key 168 MOD 149 = 129 56 MOD 149 = 129

129 129 16 5 p = 149 g = 17 a = 8 b = 6 Private Key Encrypted Key HTTPs Client HTTPs Server a = 8 16 5 b = 6 Private Key Encrypted Key Encrypted Key Private Key 129 129 Key Key

Diffie-Hellman Key Exchange HTTPs Client HTTPs Server 129 129

TLS Encryption Key Exchange Data Encryption Handshake Integrity

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve RSA Diffie Hellman Elliptical Curve

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

Elliptical Curve Diffie-Hellman Ephemeral

Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1 ffdhe2048 ffdhe3073

Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1 ffdhe2048 ffdhe3073

Elliptical Curve

TLS 1.3 DHECE Key Exchange Private Key HTTPs Client HTTPs Server Enc.

TLS 1.3 DHECE Key Exchange Private Key Enc. Key Enc. Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange + Private Key Enc. Key Enc. Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange + Private Key Enc. Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange Private Key Enc. Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange Private Key Private Key Enc. Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange Enc. Key Private Key Private Key Enc. Key HTTPs Client HTTPs Server

TLS 1.3 DHECE Key Exchange + Enc. Key Private Key Private Key Enc. Key HTTPs Client HTTPs Server

TLS 1.3 DHECE Key Exchange + Enc. Key Private Key Private Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange Enc. Key Private Key Private Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange Enc. Key Private Key Private Key HTTPs Client HTTPs Server Enc. Key

TLS 1.3 DHECE Key Exchange + + Private Key Private Key Enc. Key Enc. HTTPs Client HTTPs Server

TLS 1.3 DHECE Key Exchange + + Private Key Private Key Enc. Key Enc. HTTPs Client HTTPs Server

TLS 1.3 DHECE Key Exchange + + Private Key Private Key Enc. Key Enc. HTTPs Client HTTPs Server

TLS Encryption Key Exchange Data Encryption Handshake Integrity

Data Encryption Protocols Ciphers 3DES (168 bits) AES (128 or 256 bits) GCM CBC Chacha20 Poly1305

TLS Encryption Key Exchange Data Encryption Handshake Integrity

TLS Encryption Key Exchange Data Encryption Handshake Integrity

Handshake Integrity SHA SHA-256 SHA-384

Server Authenticity TLS Encryption Key Exchange Data Encryption Handshake Integrity Server Authenticity

Server Authenticity TLS Encryption Key Exchange Data Encryption Handshake Integrity Server Authenticity

Certificates

Server Certificates RSA Encryption Public Key (DH) p and g Verification information Certificate Chain ”Signed” certificates

TLS Handshake

Goals A Brief History Encrypting Data Key Exchange Data Encryption Protocols TLS 1.2 and 1.3 Handshakes Decrypting TLS in Wireshark

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.