Secure Socket Layer.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Advertisements

Cryptography and Network Security Chapter 16
Web security: SSL and TLS
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)
Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security
Cryptography and Network Security Chapter 17
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Web Security Network Systems Security
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Executive Director and Endowed Chair
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Cryptography and Network Security Chapter 16
Virtual Private Networks (VPN)
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Web Security (TRANSPORT-LEVEL SECURITY)
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Transport Layer Security (TLS)
Cryptography and Network Security
Presentation transcript:

Secure Socket Layer

Overall What is Secure Socket Layer? SSL Protocol Stack SSL Protocol and its Components

What is Secure Socket Layer ? Secure Socket Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. The SSL Security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. SSL is built into all major browsers and web servers.

What is SSL? (cont’d) Both Netscape Navigator and Internet Explorer support SSL, and many websites use the protocol to obtain confidential user information, such as credit card numbers. The primary goal of SSL is to provide privacy and reliability between two communicating applications.

SSL Protocol Stack The SSL Protocol Stack is composed of two layers. The first layer is the higher layer which is composed of SSL Handshake Protocol, SSL Change Cipher Spec Protocol, SSL Alert Protocol, and HTTP, which are used in the management of SSL exchanges. The second layer is the lower layer composed of the SSL Record Protocol, TCP, and IP.

SSL Protocol Stack Table SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP SSL Record Protocol TCP IP

SSL Protocol SSL is layered protocol. At each layer, message may include field for length, description and content. SSL takes the messages to be transmitted, fragments the data into blocks, encrypts, and transmit the result. The received data is decrypted, verified, reassembled, and then delivered to the client.

SSL Protocol Components Session and connection states Record Protocol Change Cipher Spec Protocol Alert Protocol Handshake Protocol

Session and Connection states Session - An SSL session is an connection between a client and server. In addition, parties may have multiple sessions. Connection – A connection is a transport that provides a type of service. Connections are peer-to-peer relationship.

Session state The session state includes the following elements: session identifier - A byte sequence chosen by the server to identify an active or resumable session state peer certificate - X509.v3[X509] certificate of the peer. This element of the state may be null. compression method - the algorithm used to compress data prior to encryption.

Session state (cont’d) cipher spec - Specifies the bulk data encryption algorithm (such as DES, etc.) and a MAC (Message Authentication Code) algorithm. It also defines cryptographic attributes such as the hash_size. master secret - 48-byte secret shared between the client and server. is resumable - A flag indicating whether the session can be used to initiate new connections.

Connection state The connection state includes the following elements: server and client random - Byte sequences that are chosen by the server and client for each connection. server write MAC secret - The secret used in MAC operations on data written by the server. client write MAC secret -The secret used in MAC operations on data written by the client. server write key - The bulk cipher key for data encrypted by the server and decrypted by the client.

Connection state (cont’d) client write key - The bulk cipher key for data encrypted by the client and decrypted by the server. initialization vectors - When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for each key. sequence numbers - Each party maintains separate sequence numbers for transmitted and received messages for each connection. When a party sends or receives a change cipher spec message, the appropriate sequence number is set to zero.

SSL Record Protocol The Record Protocol takes an application message to be transmitted, fragments the data into blocks, compresses the data (optionally), applies a MAC, encrypts, adds a header and transmits the resulting unit.

Steps of SSL Record Protocol Fragmentation:The record layer fragments information blocks into SSLPlaintext records of 214 bytes or less. Compression: All records are compressed using the compression algorithm. The compression algorithm translates an SSLPlaintext structure into an SSLCompressed structure. Compute a MAC – All records are protected using the encryption and MAC algorithms defined in the current CipherSpec. A shared secret key is used.

SSL Record Protocol Steps (cont’d) Null or standard stream cipher - Stream ciphers convert SSLCompressed fragment structures to and from stream SSL Ciphertext CBC block cipher - For block ciphers (such as DES), the encryption and MAC functions convert SSLCompressed fragment structures to and from block SSLCiphertext fragment structures. Record header

SSL Record Protocol Operation

Change Cipher Spec Protocol The change cipher spec protocol exists to signal transitions in ciphering strategies. The protocol consists of a single message, which is encrypted and compressed under the current CipherSpec. The message consists of a single byte of value 1. The change cipher spec message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the just-negotiated CipherSpec and keys.

Change Cipher Spec Protocol (Cont’d) When the client or server receives a change cipher spec message, it copies the pending read state into the current read state. When the client or server writes a change cipher spec message, it copies the pending write state into the current write state. The client sends a change cipher spec message following handshake key exchange and certificate verify messages (if any), and the server sends one after successfully processing the key exchange message it received from the client.

Alert Protocol The Alert Protocol is used to convey SSL-related alerts to the peer entity. Alert messages are encrypted and compressed, as specified by the current connection state. Alert messages with a level of fatal, result in the immediate termination of the connection. In this case, other connections corresponding to the session may continue, however the session identifier must be cancel, preventing the failed session from being used to establish new connections.

Handshake Protocol This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.

How Handshake Protocol works The client sends a client hello message to which the server must respond with a server hello message. The client hello and server hello are used to establish security enhancement capabilities between client and server. The client hello and server hello establish the following attributes: protocol version, session ID, cipher suite, and compression method. After the hello messages, the server will send its certificate. A server key exchange message may be sent. If the server is authenticated, it may request a certificate from the client, if that is appropriate to the cipher suite selected.

Handshake Protocol works (cont’d) Now the server will send the server hello done message, indicating that the hello-message phase of the handshake is complete. The server will then wait for a client response. If the server has sent a certificate request message, the client must send the certificate message. The client key exchange message is sent, and the content of that message will depend on the public key algorithm selected between the client hello and the server hello. If the client has sent a certificate with a digitally-signed certificate, then a verify message is sent to explicitly verify the certificate.

Handshake Protocol works (cont’d) At this point, a change cipher spec message is sent by the client, and the client copies the pending Cipher Spec into the current Cipher Spec. The client then immediately sends the finished message under the new algorithms, keys, and secrets. In response, the server will send its own change cipher spec message, transfer the pending to the current Cipher Spec, and send its Finished message under the new Cipher Spec. At this point, the handshake is complete and the client and server may begin to exchange application layer data.

References Network Security Essentials by Williams Stallings http://home.netscape.com/eng/ssl3/3-SPEC.HTM#7-1 http://www.webopedia.com/TERM/S/SSL.html http://home.netscape.com/security/techbriefs/ssl.html http://developer.netscape.com/docs/manuals/security/sslin/contents.htm

HAVE A NICE DAY! NO QUESTIONS THANK YOU 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.