VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
Chapter 8 Web Security.
By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.
CSCI 6962: Server-side Design and Programming
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Cryptography CSS 329 Lecture 13:SSL.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
TOPIC: HTTPS (Security protocol)
Secure Sockets Layer (SSL)
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
The Secure Sockets Layer (SSL) Protocol
Unit 8 Network Security.
Cryptography and Network Security
Presentation transcript:

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E. Wang Second Reader: Prof. Richard Smith

Voyager: Yet Another Secure Web Browser2 Scope of the Project Study of Secure Socket Layer(SSL) Protocol SSL Handshake Protocol SSL Record Protocol Demonstrate how SSL can be used to make clients secure against a secure server Keys and Digital Certificates Role of Gateways in SSL communication

Voyager: Yet Another Secure Web Browser3 Requirement Specification 1. Introduction to SSL 1. What is SSL and how SSL works 2. Client and Server Authentication 3. SSL Handshake Protocol 4. SSL Record Protocol 2. Difference between http and https 1. Demonstrated by developing a Browser that understands http and https. 3. Certificates and Digital Signatures 4. Role of Gateways in SSL communication

Voyager: Yet Another Secure Web Browser4 1. Difference between http and https http Stateless protocol Non secure connection Non Secure Sockets https Session based protocol Secure connection Secure Sockets

Voyager: Yet Another Secure Web Browser5 2. Introduction to SSL SSL- Developed by Netscape Communication SSL – accepted universally on the World Wide Web for AUTHENTICATED and ENCRYPTED communication between clients and servers IETF standard called Transport Layer Security is based on SSL SSL protocol runs above TCP/IP and below higher level protocols such as HTTP Uses TCP/IP to authenticate itself to an SSL enabled client

Voyager: Yet Another Secure Web Browser6 What does SSL actually do? Fragments messages to be transmitted into manageable blocks Compresses the data Encrypts and transmits the data Received data is decrypted Verified, decompressed Reassembled and transmitted to higher layers

Voyager: Yet Another Secure Web Browser7 SSL in TCP/IP Protocol Stack

Voyager: Yet Another Secure Web Browser8 SSL Record Layer  Receives uninterrupted data from upper layers  Fragmentation / Reassemble data  Compresses/Decompress data  Encrypt/Decrypt and verification of data

Voyager: Yet Another Secure Web Browser9 SSL Handshake Protocol  Maintains information about the current state and next state called the pending state  Once the handshake is complete, the two parties have shared secrets used to encrypt records and compute keyed messages authentication codes on their contents.  Maintains the handshake state information of the client and server and ensures that the protocol state machines of client and server work consistently

Voyager: Yet Another Secure Web Browser10 SSL Record Protocol  Receives uninterrupted data from upper layers  Fragmentation / Reassemble data  Compresses/Decompress data  Encrypt/Decrypt and verification of data

Voyager: Yet Another Secure Web Browser11 Design:Secure Library Class Diagram

Voyager: Yet Another Secure Web Browser12 http connection sequence diagram

Voyager: Yet Another Secure Web Browser13 https connection sequence diagram

Voyager: Yet Another Secure Web Browser14 How/Why Gateways use SSL SSL designed to provide security between client and server and avoid man-in-the-middle attack SSL considers a proxy server as a middleman Gateways act as clients and authenticate servers. Client authentication is not possible. Gateway/proxy can internally authenticate client within the firewall Packet Filtering by allowing specific ports for specific traffic. 443 in case of SSL SSL can works with gateways that support SOCKS. SOCKS is a networking proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP-reach ability. SOCKS is often used as a network firewall, redirecting connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes requests, establishes a proxy connection, and relays data between hosts.

Voyager: Yet Another Secure Web Browser15 Gateways and SSL Proxy Server should support SOCKS to support SSL With SOCKS, DNS is the responsibility of the client SSL tunneling, DNS is the responsibility of the proxy Proxy Server can spoof mock on behalf of internal client. Makes connection faster

Voyager: Yet Another Secure Web Browser16 Implementation Details Client/Server setup for development Voyager Front-end: Developed Using Java Swing. JRE:1.3.1_02 Secure Library: Developed using Java and JSSE. Testing: Running Apache Tomcat as a Secure Web Server on Local System on port #: 8443 JSSE is Java implementation of SSL developed by SUN Key/certificate generation Key/certificate generation using Keytool RSA algorithm used for key generation X.509v3 certificates generated Import/Export certificate to make certificate available for authentication

Voyager: Yet Another Secure Web Browser17 Voyager Snapshots

Voyager: Yet Another Secure Web Browser18 Securely Accessing Tomcat Apache Default page though Voyager

Voyager: Yet Another Secure Web Browser19 Accessing Golden-1 web site through Voyager

Voyager: Yet Another Secure Web Browser20 Conclusion Opportunity to learn about network security How SSL works/implemented Setting up client servers for secure communications Thanks to Dr. Wang and Prof. Dick Smith

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.