SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang.

Slides:



Advertisements
Similar presentations
CP3397 ECommerce.
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Chapter 8 Web Security.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
Cryptography CSS 329 Lecture 13:SSL.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Secure Sockets Layer (SSL)
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS, Part II
Cryptography and Network Security
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang

E- COMMERCE Part of our life now US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007

E- COMMERCE S ECURITY I SSUE Security issue is the top concern in the e- commerce Most people tend to fear that the website compromise their personal information. People may not use e-commerce websites just because of the worry about security and privacy

T HREE K INDS OF S ECURITY T HREATS Server part Client part Network part

S ECURITY I SSUES OF S ERVERS Server install important software and store valuable information. Firewall is used

S ECURITY I SSUES OF C LIENTS The systems of clients have inherent insecurity. Virus problem Trojan problem fatal to e-commerce

S ECURITY I SSUES OF N ETWORK The information transmitted can be viewed by others The information can be modified during transmission The two sides of the transaction don’t meet with each other SSL can solve these problems

SSL I NTRODUCTION Secure Sockets Layer It has another name now, TSL Transport Layer Security Cryptographic protocols that provide securities for communications over the network

Cite from "Inside SSL: the secure sockets layer protocol“ by Chou, W

F EATURES OF SSL Application protocol independent Does not specify the detailed mechanism

R ESPONSIBILITIES OF SSL Authenticate Server Authenticate Client(Optional) Encrypt the message sent between the client and the server. Detect tampering data

T WO S UB P ROTOCOLS SSL record protocol Defines the format used to transmit data SSL handshake protocol Establish an SSL connection. Negotiate the encryption mechanism

R ECORD P ROTOCOL AND H ANDSHAKE P ROTOCOL

SSL R ECORD P ROTOCOL When transmitting message, it fragments, compresses and encrypts the data, and transmit it. When receiving message, it decrypts, verifies, decompress, and reassembles the data, then delivered to the higher level

SSL H ANDSHAKE P ROTOCOL Change cipher spec protocol notify the recipient there is transition in ciphering strategies Alert protocol warning and fatal Handshake protocol How messages are exchanged to establish a SSL connection

SSL AND E NCRYPTION Chou, W. "Inside SSL: the secure sockets layer protocol"

C OMPARISON OF TWO ALGORITHMS asymmetric encryption public key needn’t to be encrypted based on mathematical problems that are easier to generate rather than to solve symmetric encryption private key needs to be kept secret Public KeyPrivate Key

H ISTORY OF SSL TLS 1.1 was released in April TLS 1.2 was released in August 2008

K EEP SECRET

V ERIFY INFORMATION

C HECK IDENTITY

O THER APPROACHES TO NETWORK SECURITIES Application- Specific Security Security within Core Protocols Parallel Security Protocol

SSL L IMITATION Doesn’t protect the IP or TCP headers Manipulating users, SSL cannot guarantee that the person using the certificate is the person to whom the certificate was issued. Cannot support UDP protocol Depend on whether encryption algorithms themselves have weaknesses Cannot provide an important service called nonrepudiation. (Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. This is part of the digital signature. )

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.