Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

CP3397 ECommerce.

Cryptography and Network Security

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

Electronic Transaction Security (E-Commerce)

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

SSL Technology Overview and Troubleshooting Tips.

1 Web Developer Foundations: Using XHTML Chapter 12 Key Concepts.

1 6 Chapter 6 Implementing Security for Electronic Commerce.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

CIS 1310 – HTML & CSS 12 E-Commerce Overview. CIS 1310 – HTML & CSS Learning Outcomes  Define E-commerce  Identify Benefits & Risks of E-Commerce 

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Linux Networking and Security Chapter 8 Making Data Secure.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Learning Aid Type Text Page 206 MGS GROUP C Svitlana Panasik.

Material being covered 3/9 Remainder of Text Chapter 6 (Q5, 6) Text Chapter 6A Material Posted 3/9 Midterm Information Introduction to Text Chapter 7.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Facilities for Secure Communication The Internet is insecure The Internet is a shared collection of networks. Unfortunately, that makes it insecure An.

McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Web Development & Design Foundations with XHTML Chapter 12 Key Concepts.

1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

1 Internet data security (HTTPS and SSL) Ruiwu Chen.

Setting and Upload Products

Digital Signatures.

SSL Certificates for Secure Websites

How to Check if a site's connection is secure ?

Using SSL – Secure Socket Layer

Pooja programmer,cse department

Electronic Payment Security Technologies

Presentation transcript:

Secure Sockets Layer

SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security between browser and server Encryption is used to guarantee secure communication in an insecure environment All security operations are transparent at both ends of the communication SSL uses public-key cryptography

Mortice-lock cryptography Ordinary encryption is like sending messages in a box that is locked with a mortice lock Both the sender of the message and the recipient must share a secret –they must each have a copy of the key to the lock the sender needs a copy of the key to lock the box the recipient needs a copy of the key to open the box However, we don’t have to use mortice locks –we can use Yale locks

Yale lock cryptography Consider a box with a Yale lock If the box is open, anybody can put a message inside and lock the box –no key is needed to lock the box However, only the person who has the key of the Yale lock can open the box and read the message The owner of the key can make many copies of the lock and send them to anybody who wants to send him a message –these people need never see the owner’s private key

Public-key cryptography Public-key cryptography is also known as asymmetric key cryptography It allows users to communicate securely without having prior access to a shared secret key Instead, it uses a pair of keys which are related mathematically –a message encoded with Key1 can only be decoded by using Key2 –a message encoded with Key2 can only be decoded by using Key2

Public-key cryptography (contd.) Typically, one key is called a public key and the other is called a private key The public key can be regarded as like a Yale lock –many copies of it can be made –they can be given to everybody who asks for one The private key can be regarded as like the key to a Yale lock –the owner of the key does not share it with anybody else –he can use it to open locked boxes that people send to him

Public Key certificates Suppose you want to send a secure message to somebody and ask him to send you a Yale lock in the post Suppose a Yale lock arrives in the post How do you know the Yale lock is really from the person to whom you want to send your secure message? You would require some guarantee In public-key cryptography, this guarantee is called a public-key certificate

Public-key certificates (contd.) A public-key certificate binds a public key with a name –it guarantees that the public key is indeed owned by the person/organization/program with the given name –thus, it guarantees that any message encoded with the public key will only be readable by that person/organization/program To increase the credibility of a public-key certificate, it is often signed by a trusted organization known as a Certification Authority (CA)

Unidirectional versus bi-directional cryptography Sometimes, both parties to a conversation need to send secret information –bi-directional cryptography is needed –each party must send his public key to the other Sometimes, only one party to a conversation needs to send secret information –only unidirectional cryptography is needed –only the recipient of the secret information needs to own a public key which he must send to sender of the secret information

Much e-Commerce involves only unidirectional cryptography A customer making an online purchase needs to send secret information, such as a credit card number, to the company The company does not need to send any secret information to the customer In this case, only unidirectional cryptography is needed Thus, the customer need not own any cryptographic key, but the company must –the server will have to send its public key to the customer’s browser

An example Consider buying a ticket from Aer Lingus Initially, no secret information is being exchanged –Aer Lingus merely lists flight availability –the customer selects flights Then, however, the customer must provide credit card details –before that can happen, Aer Lingus must send its public key to the customer

Customer specifies Cork-Heathrow itinerary http protocol in use; no lock on status bar

Customer selects flights still http protocol; no lock on status bar

Customer is warned that SSL communication is about to start

Customer is being asked for credit card details protocol is now https; there is a lock on the status bar

HTTPS and lock

What happened when user agreed to secure connection The Aer Lingus server sent its certificate to the user’s browser The browser decided that the CA on the certificate was trustworthy and that the public key really was for Aer Lingus Henceforth, all information sent by the user would be encoded using the public key

Sometimes, a browser needs to receive secrets from a server If a browser needs to receive secrets from a server, the browser must be able to provide a public-key certificate to the server There are freely-available utilities, such as OpenSSL, which enable you to –select a public+private key combination –get a signed certificate for your public key –import the certificate into your browser, so that it can send this to servers who request it

openSSL Available on cosmos.ucc.ie It provides a great many options Too many to consider here today