Secure Sockets SSL/TLS ICW: Lecture 6 Tom Chothia.

Slides:

Advertisements

Similar presentations

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Advertisements

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Cryptography and Network Security

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Transport Layer Security (TLS) Bill Burr November 2, 2001.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

SSL (Secure Socket Layer)

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

The Internet and Java Sockets ICW Lecture 5 Tom Chothia.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Cryptography and Network Security Chapter 17

Distributed Systems1 Lecture 12: RSA Distributed Systems2 Plan for today: Introduce RSA and a toy example using small numbers. This is.

The Java Crypto API ICW Lecture 3 Tom Chothia. Reminder of Last Time: Your programs defines “Classes”. Each class defines “Objects”. An Object is defined.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

1 Internet and Intranet Protocols and Applications Lecture 9b: How Java Supports SSL March, 2004 Arthur Goldberg Computer Science Department New York University.

Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Chapter 8 Web Security.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.

SSL Technology Overview and Troubleshooting Tips.

JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.

CS 255 – Cryptography & Computer Security Programming Project 2 – Winter 04 Priyank Patel

Softsmith Infotech Secure Socket Layer (SSL) and Tomcat.

CSCI 6962: Server-side Design and Programming

Web Technologies Computer Security Lecture 9 Tom Chothia.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Secure Socket Layer (SSL)

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

1 Apache and Virtual Sites and SSL Dorcas Muthoni.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Cryptography and Network Security (SSL)

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

TIBCO BusinessWorks.  Generating the key   You will have to create a certificate as you own the server.  The ‘Keytool’ is a utility provided in the.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Understand Internet Security LESSON Security Fundamentals.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.

Data Virtualization Tutorial… SSL with CIS Web Data Sources

The Secure Sockets Layer (SSL) Protocol

Unit 8 Network Security.

SSL certificates TIBCO BusinessWorks.

Presentation transcript:

Secure Sockets SSL/TLS ICW: Lecture 6 Tom Chothia

Last Lecture How to make socket connections between computers. Socket = (IP_from,port_from,IP_to,port_to) java.io.Socket java.io.ServerSocket

Introduction Why sockets aren't secure. How to make secure socket connections. The TLS/SSL protocol. TLS/SSL in Java javax.net.ssl.SSLSocket javax.net.ssl.SSLServerSocket Authenticating the Server.

The SSL/TLS Protocol The Secure Sockets Layer (SSL) protocol has been renamed the Transport Layer Security (TLS). It provides encrypted socket communication and optionally authentication. It may use a range of ciphers (RSA,DES,DH,..) These are negotiation at the start of the run.

The Internet Protocol Stack, (Most of the Time): Stuff that you write TCP or UDP IP Ethernet or Application Transport Network Link/Hardware

The Internet Protocol Stack with TLS Application Transport Network Link/Hardware The TLS layer runs between the Application layer and the Transport layer. Once the socket is open the encryption is transparent to the Application layer. The normal TCP and IP protocols etc. can be used at the low layers TLS

TLS in Java

TLS with no Authentication Create a SSLServerSocketFactory using sockFact = SSLServerSocketFactory.getDefault(); Create a SSLServerSocket: secSock=sockFact.createServerSocket(portNo) Set the Ciphers: secSocket.setEnabledCipherSuites(ciphers); Listen on the socket for an encrypted connection: socket = (Socket) secSocket.accept();

Verifying Identity A private key can be used “sign” a message. The public key can be used to verify this signature. If I have someone's public key, I can use it to make sure I'm talking to them.

Cipher Suites Cipher Suites with encryptions and authentication: SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA... Cipher Suites with just authentication: SSL_RSA_WITH_NULL_MD5 SSL_RSA_WITH_NULL_SHA Cipher Suites with just encryptions: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA

TLS in Java

SSL/TLS contexts and Trust SSL/TLS can set up a secure connection with someone if we have their public key. The SSL context can be loaded with the keys used to identify yourself. the public keys of people we trust.

Keystores: a Reminder We saw keystores in the Crypto Lecture. The Keystore stores password protected keys and certifications. Use “java.security.KeyStore” or the “keytool” from the command line.

keytool Generate and show a key for the server: keytool -genkey -alias serverKey -keystore server.jks keytool -list -keystore server.jks -storepass password Export a certification for the key: keytool -export -alias serverKey -file server.crt -keystore server.jks Import and show the certificate, at the client end: keytool -import -keystore client.jks -alias serverCert -file server.crt keytool -list -keystore client.jks -storepass password

Certificate Chains The public keys are stored as certificates. If we have someone's public key we can use it to check their identity. But we can't have the public key of everyone on the Internet. :-(

Certificate Chains If someone we trust signs someone else's public key, we can trust them. There are a number of companies that check peoples identity and will sign their public key. e.g. Versign. These companies certificates are embedded in most browsers.

Summary SSL/TLS is the most common way to secure connections – javax.net.ssl.SSLSocket – javax.net.ssl.SSLServerSocket To Authenticate someone, you must have a certificate/certificate chains for the server. Browsers come with certificates of Versign, etc. they will check your IS and sign your key for a fee.

Next Time: XML and Java XML tools. XML is the default file format of Internet systems. The next lecture will tell you what XML is and how to manipulate XML in Java.