ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
NPCSlli 1 DESIGN AND IMPLEMENTATION OF CONTENT SWITCH ON IXP1200EB Presenter: Longhua Li Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita Dr.
The Design and Implementation of a SSL Proxy For Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado.
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security.
Secure Socket Layer (SSL)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Web Security : Secure Socket Layer Secure Electronic Transaction.
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Executive Director and Endowed Chair
The Secure Sockets Layer (SSL) Protocol
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
COMP3220 Web Infrastructure COMP6218 Web Architecture
CSE 4095 Transport Layer Security TLS, Part II
The Design and Implementation of a Secure Content Switch
CSE 4095 Transport Layer Security TLS
MIDP Application Security
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security Chapter 16
Transport Layer Security (TLS)
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate Certificate Verify ChangeCipherSpec Handshake ChangeCipherSpec Handshake Optionally send server certificate and request client certificate Change CipherSpec and finish handshake. Send client certificate response if requested. Session Establishment ClientServer

ClientHello ServerHello Establish protocol version, session-id ( Including previous session info), cipher suite, compression method. ChangeCipherSpec Handshake ChangeCipherSpec Handshake Change CipherSpec and finish handshake. ClientServer If the Client wants to reuses the same session, if sends the previous session id in the clientHello message. If the servers wants to reuse the same session then it sends the same session id back in the serverHello Session Reusability

Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Child (Fork) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a b c e d f g In step (a & b) Web Browser(Client) establishes a connection with the Linux Application Content Switch (LACS). (c ) LACS forks and creates a new Process, the child process reads the HTTP request (d & e ) Child process establishes a connection with the rule matching module, the rule matching module sends back the information about the Real Server, that is going to serve the Request (f & g) Child process establishes a connection with the real Server and sends the Request to the Real Server Process Control for Dynamic Forking LACS

Process Control for Pre-forked LACS Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a d c e f Child nChild 1Child 2 b In the Pre-fork model of LACS, child Process are created ahead of time In step (a & b) Web Browser(Client) establishes a connection with the LACS child Process and sends an HTTP request (c & d ) child process reads the HTTP Request and establishes a connection with the rule matching module. The rule matching module sends back the information about the Real Server, that is going to serve the Request (e & f) Child process establishes a connection with the real Server and sends the Request to the Real Server

Dynamic Rule Update In the configuration section the following information is defined #define RULE_SERVER_NAME“abc.uccs.edu" #define RULE_SERVER_PORT4000 #define DEFAULT_RULE_SERVER_NAME“xyz.uccs.edu" #define DEFAULT_RULE_SERVER_PORT4000 The Rule Module can run on the same or different machine as the LACS. The Child process tries to establish a connection with the machine running the Rule Module. If the child process is unable to establish a connection it will route the rule matching information to the DEFAULT_RULE_SERVER_NAME. To UPDATE the Rule Module the user needs to –down/kill the rule matching module/process. –Update with the new rule matching information –compile and run the rule matching process When the rule matching process is down – Rule matching will be performed by the DEFAULT_RULE_SERVER_NAME When the rule matching process is back – Rule matching will be performed by the RULE_SERVER_NAME

Impact of Rules on the Performance of Dynamic LACS on 933 MHz, 512 MB Ram Clearly there is some impact of Rules on the the Performance of Dynamic Forking LACS –the lower the rules the better the performance N o heavy impact of the performance of the LACS with increase in the number of rules

Impact of Real Servers on the Performance of Dynamic SSL LACS on 933 MHz, 512 MB Ram Clearly there is no impact of Real Server on the the Performance of Dynamic Forking SSL LACS –LACS is the bottleneck ??

Performance of LACS on 512 MHz, 512MB RAM The performance of the Pre-forking SSLProxy is better than Dynamic Forking SSLProxy

Performance of LACS on 933 MHz, 512 MB Ram The performance of the Dynamic forking SSLProxy is better than Pre-forked SSLProxy.

Performance of LACS on 933 MHz, 512 MB Ram Rule Module running locally Pre-fork SSLProxy Overtakes Dynamic SSLProxy Dynamic SSLProxy Performance was degraded by 100% Others Variations of LACS did not suffer much

Performance of LACS on 933 MHz, 512 MB Ram, Rule Module running on 233 MHz, 96MB RAM No major change in performance w.r.t rule module running locally

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.