CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

Slides:

Advertisements

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Cryptography and Network Security

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

Internet Security Protocols

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Cryptography and Network Security Chapter 17

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Chapter 8 Web Security.

DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Cryptography and Network Security (SSL)

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Tunneling and Securing TCP Services Nathan Green.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

KERBEROS SYSTEM Kumar Madugula.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

The Secure Sockets Layer (SSL) Protocol

Setting and Upload Products

Cryptography and Network Security

How to Check if a site's connection is secure ?

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

Cryptography and Network Security

The University of Adelaide, School of Computer Science

The Secure Sockets Layer (SSL) Protocol

Transport Layer Security (TLS)

Unit 8 Network Security.

Cryptography and Network Security

Presentation transcript:

CS682- Session 10 Prof. Katz

Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing

Sources for Information Vendor websites Hacker websites

How to protect Maintain the latest versions with the latest patches, with reservation. Have more than one layer of security Provide services only to those whom you intend to use your service

Some common attacks RedButton RPC BIND Vulnerabilities Apache Vulnerabilities Vulnerabilities

Who’s to blame Hackers Script-Kiddies Administrators Management Programmers Computers

SSL Encryption

What is SSL Now referred to as Transport Layer Security, it is more commonly known as Secure Sockets Layer Exists above TCP but below Application layer. It is an layer designed to encrypt the data section of a TCP packet without the ULP knowing

What is SSL used for Encryption of data between client and server Authentication of server to a client

What do we need for SSL? The client must support an encryption protocol and SSL Server must have an X.509v3 certificate issued by a source trusted by both client and server

Basic Procedure TCP Three way handshake Client issues a greeting listing available cyphers Server chooses cypher and sends it’s x.509v3 certificate including the public key. Client checks certificate for trust of issuance and expiration time then uses server’s public key to encrypt a ”premaster secret”, client then calculates session key based on the premaster secret Server decrypts premaster secret and calculates the same session key. Server then replies to the client with an encrypted message indicating completion.

Extensions to the Procedure After server is authenticated, it can request client authentication.