11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security.

Slides:



Advertisements
Similar presentations
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Advertisements

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Web Security Network Systems Security
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Secure Sockets Layer (SSL) Protocol by Steven Giovenco.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
Network Security Gene Itkis
Secure Sockets Layer (SSL)
CSCE 715: Network Systems Security
Visit for more Learning Resources
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CSE 4095 Transport Layer Security TLS
Security at the Transport Layer: SSL and TLS
CSCE 815 Network Security Lecture 16
SSL Protocol Figures used in the presentation
Transport Layer Security (TLS)
Presentation transcript:

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, University of Palestine Applied and Urban Engineering College Information Security Principles Prepared By : osama jaruor Supervised By : Ms. Eman Alajrami

12  History  SSL  SSL Roles  SSL and the Protocol Stack  The Four Upper Layer Protocols  Record Layer  Message Authentication Code  Handshaking Messages  Benefits  Drawbacks  References Outline

13 Need for secure web communication Netscape –Worried especially about credit card transaction over the web –Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary –SSLv History

14 SSLv2 also released in 1994 –SSLv1 wasn’t widely implemented Rules for establishing secure connection Rules for public key encryption Optional certificate-based authentication for servers and even clients Flexible –No specifically required encryption, compression, or key generation algorithm SSLv2

15 Two roles –Client Initiates communication, lists possibilities for choices –Server Listens for client connections, chooses from possibilities sent from clients Both roles simply add Secure Sockets Layer to protocol stack SSL Roles

16 SSL between Transmission Control Protocol (TCP) layer and Application layer Actually 2 layers –Record –Secure Application Can run under any protocol that relies on TCP, including HTTP, LDAP, POP3, FTP SSL and the Protocol Stack

17 Handshaking Protocol –Establish communication variables Change CipherSpec Protocol –Alert to a change in communication variables Alert Protocol –Messages important to SSL connections Application Encryption Protocol –Encrypt/Decrypt application data The Four Upper Layer Protocols

18 Message Authentication Code MAC secures connection in two ways –Ensure Client and Server are using same encryption and compression methods –Ensure messages sent were received without error or interference Both sides compute MACs to match them No match = error or attack

19 Handshaking Messages ClientHello ServerHello *Certificate ServerKeyExchange *CertificateRequest ServerHelloDone *Certificate *CertificateVerify ClientKeyExchange ChangeCipherSpec Finished *=optional

110 The Server Responds Server Sends ServerHello –SSL version that will be used –32-byte random number –SessionID –Encryption method that will be used –Compression method that will be used

111 Server Authentication To authenticate Server, Server sends Certificate –Server’s public key certificate –Issuing authority’s root certificate When Client receives Certificate, it decides whether or not to trust Server –This is the only step that might involve User if User never specified whether or not to trust issuing authority before

112 Still Shaking Hands Server Sends ServerKeyExchange –Any information necessary for public key encryption system If Sever wishes Client to be authenticated, Server sends CertificateRequest message –The client would respond to this with a Certificate message encrypted with Server’s public key Server sends ServerHelloDone

113 Client Responds Client sends ClientKeyExchange –Information necessary for public key encryption system –Encrypted with Server’s public key Compute secret keys using Key Derivation Function such as Diffie-Hellman If Client is being authenticated, Client sends CertificateVerify –Digest of previous messages encrypted with Client’s private key

114 ChangeCipherSpec Protocol Special protocol with only one message When Client processes encryption information, it sends ChangeCipherSpec message –Signals all following messages will be encrypted ChangeCipherSpec is always followed by Finished message

115 The End of the Beginning Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages After both Client and Server receive Finish messages, Handshaking phase is over All following communication is encrypted Encryption and compression methods can be changed with new ChangeCipherSpec messages

116 Alert and Application Protocols Alert protocol always two byte message –First byte indicates severity of message Warning or Fatal A Fatal alert will terminate the connection –Second byte indicate preset error code –Secure connection end alert not always used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used –Simply give a datagram to the Record Layer

117 Benefits Ease of implementation –For network application developers As easy as implementing unsecured Sockets –For network implementation developers Simply add layer to established network protocol stack –For Users Only need to authorize certificates

118 Drawbacks More bandwidth needed Slower Needs a dedicated port – 443 for HTTPS Assumes reliable transport for underlying transport protocol –No UDP –Implications for streaming media, VoIP

119 References Rescorla, Eric. SSL and TLS. Boston: Addison-Wesley, 2001 “Secure Sockets Layer.” Netscape Network Netscape Communications Corporation. 2 Nov 2004 “Secure Socket Layer.” WindowSecurity.com. 22 July WindowSecurity.com. 2 Nov 2004 Thomas, Stephen A. SSL and TLS Essentials. New York: Wiley Computer Publishing, 2000 “Transport Layer Security.” Wikipedia the Free Encyclopedia. 1 Nov Wikipedia. 2 Nov 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.