Internet Security Protocols

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Advertisements

Web security: SSL and TLS
Lecture 6: Web security: SSL
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Cryptography CSS 329 Lecture 13:SSL.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Executive Director and Endowed Chair
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
Cryptography and Network Security
Web Security (TRANSPORT-LEVEL SECURITY)
SSL (Secure Socket Layer)
Web Security (TRANSPORT-LEVEL SECURITY)
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Transport Layer Security (TLS)
Presentation transcript:

Internet Security Protocols Chapter 8 Internet Security Protocols

Basic Concepts Static Web Pages Figure 1: Static web Page Dynamic Web Pages: the contents can vary all day depending on a number of parameters Involves server-side programming. Tools to create: CGI, ASP, JSP. Figure 2: Dynamic web page Active Web Pages: Figure 3: Active web page Java applet: small program sent to the browser along the HTML page

Basic Concepts (cont’d) Figure 1: Static Web Page

Basic Concepts (cont’d) Figure 2: Dynamic Web Page

Basic Concepts (cont’d) Figure 3: Active Web Page

Basic Concepts (cont’d) ActiveX controls Difference between Java applets and ActiveX controls An applet cannot write to the client’s hard disk, but an ActiveX controls has no such restrictions An applet is downloaded with an active web page, executed inside the browser, and destroyed when the user exits that Web page, but once downloaded, an ActiveX control remains on the client computer till it is explicitly deleted. Making applet quite slow as compared to ActiveX controls.

Basic Concepts (cont’d) Protocols and TCP/IP Figure 4: TCP/IP layers. Layered Organization Figure 5: Data exchange using TCP/IP layers. Figure 4: TCP/IP layers

Basic Concepts (cont’d) Figure 5: Data exchange using TCP/IP layers

Secure Socket Layer (SSL) An Internet protocol for secure exchange of information between a web browser and a web server. Provides 2 basic security services: Authentication Confidentiality Position of SSL in TCP/IP Protocol Suite Figure 6: Position of SSL in TCP/IP Figure 7: SSL is located between application and transport layers

Secure Socket Layer (SSL) (cont’d) Figure 6: Position of SSL in TCP/IP

Secure Socket Layer (SSL) (cont’d) Figure 7: SSL is located between application and transport layer

How SSL Works? SSL has three sub-protocols: Handshake Protocol Record Protocol Alert Protocol The handshake protocol consists of a series of messages between the client and the server. Figure 8 shows format of the handshake protocol message.

Table 1: SSL handshake protocol message types How SSL Works? (cont’d) Figure 8: Format of the handshake protocol message. Table 1: SSL handshake protocol message types

How SSL Works? (cont’d) The handshake protocol is made up of 4 phases as shown in Figure 9. Phase 1: Establish security capabilities Initiate a logical connection and establish the security capabilities associated with the connection. Consists of 2 messages: The client hello The server hello. Figure 10

Figure 9: SSL handshake phases How SSL Works? (cont’d) Figure 9: SSL handshake phases

How SSL Works? (cont’d) Figure 10: Phase 1 of SSL handshake protocol: Establish security capabilities

How SSL Works? (cont’d) Phase 2: Server authentication and key exchange Figure 11 Phase 3: Client authentication and key exchange Figure 12 Phase 4: Finish Figure 13

How SSL Works? (cont’d) Help client to authenticate the server using server’s public key from the server’s certificate Optional in case of server does not send its digital certificate, server send Public Key (Optional) Server request for the client’s digital certificate Indicate to the client that server’s portion of the hello message is complete Figure 11: Phase 2 of SSL handshake protocol: Server authentication and key exchange

How SSL Works? (cont’d) Allow the client to send information to the server. Client creates a 48-byte pre-master secret to encrypts it with the server’s public key and sends it to the server. Figure 12: Phase 2 of SSL handshake protocol: Client authentication and key exchange

Figure 13: Phase 2 of SSL handshake protocol: Finish How SSL Works? (cont’d) Figure 13: Phase 2 of SSL handshake protocol: Finish

How SSL Works? (cont’d) Record protocol Provides 2 services to an SSL connection: Confidentiality: achieve by using the secret key that is defined by the handshake protocol Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the message integrity.

Figure 14: SSL record protocol How SSL Works? (cont’d) Figure 14: SSL record protocol

Figure 15 Alert protocol message format How SSL Works? (cont’d) Alert Protocol When client or server detects an error, the detecting party sends an alert message to the other party. If the error is fatal, both the parties immediately close the SSL connection Other error, which are not severe, do not result in the termination of the connection. Severity Cause Byte 1 Byte 2 Figure 15 Alert protocol message format

Closing and Resuming SSL connections Before ending their communication, the client and the server must inform each other that their side of the connection is ending. TSL (Transport Layer Security) is an IETF standardization initiative, whose goal is to come out with an Internet standard version of SSL.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.