Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security Chapter 16
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
Cryptography and Network Security Chapter 17
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Network Security Essentials Chapter 5
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
December 2008Prof. Reuven Aviv, SSL1 Web Security with SSL Network Security Prof. Reuven Aviv King Mongkut’s University of Technology Faculty of information.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Network Security Gene Itkis
Cryptography and Network Security
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
Cryptography and Network Security Chapter 16
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
Cryptography and Network Security
SSL (Secure Socket Layer)
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Unit 8 Network Security.
Cryptography and Network Security
Presentation transcript:

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS Overview

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez Problem Problem: Creating applications which can communicate securely over the Internet TLS: Transport Layer Security (SSL) Certificates Related technology: S-HTTP, IPSec, SET, SASL References

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez What is SSL/TLS SSL (Secure Socket Layer) is an encryption protocol designed by Netscape, and TLS (Transport Level Security) is the successor protocol designed by the IETF. The protocols are designed to fit between the TCP/IP layer and the application layer(HTTP, SMTP). The most common uses of SSL/TLS are HTTP(web) and SMTP(mail), and like PGP, SSL/TLS uses public key cryptography.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS: Overview Establish a session –Agree on algorithms –Perform authentication –Share secrets Transfer application data –Ensure privacy and integrity

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez What is TLS? Protocol layer Requires reliable transport layer (e.g. TCP) Supports any application protocols IP TCP TLS HTTPTelnetFTPLDAP

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez Changes from SSL 3.0 to TLS Additional Alerts added Modification to hash calculations Protocol version 3.1 in ClientHello, ServerHello

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS: HTTP Application HTTP most common TLS application – Requires TLS-capable web server Requires TLS-capable web browser –Netscape Navigator –Internet Explorer –Cryptozilla Netscape Mozilla sources with SSLeay

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS Architecture

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS: Record Protocol

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS Handshake Protocol

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS Handshake: Three Goals 1.Negotiate Cipher-Suite Algorithms –Symmetric cipher to use –Key exchange method –Message digest function 2.Optionally authenticate server and/or client 3.Establish and share master secret

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez Handshake Phases Hello messages Certificate and Key Exchange messages Change CipherSpec and Finished messages

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez TLS: Hello Client “ Hello ” - initiates session –Propose protocol version –Propose cipher suite –Server chooses protocol and suite Client may request use of cached session –Server chooses whether to honor request

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez References Stallings, William Cryptography and Network Security: Principles and Practice, 2nd Edition, Prentice Hall, Wagner, David, Schneier, Bruce “Analysis of the SSL 3.0 Protocol” Internet Drafts and RFCs.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.