Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall 2014 Dr. Faisal Kakar

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
SET – Secure Electronic Transaction Setting The Stage For Safe Internet Shopping -Jignesh Shah- -Riyaz Malbari-
Chapter 8 Web Security.
EE579T/6 #1 Spring 2003 © , Richard A. Stanley EE579T / CS525T Network Security 6: SSL and SET Prof. Richard A. Stanley.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
1 Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats –integrity –confidentiality.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.
ECE Prof. John A. Copeland fax Office: GCATT.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Chapter 4 - X.509 Authentication TE-405 Network Security and Management Fall Dr. Faisal Kakar
IP Securty 1. Overview 2. Architecture 3. Authentication Header 4. Encapsulating Security Payload 5. Combining security Associations 6. Internet Key Exchange.
Gold Coast Campus School of Information Technology 2003/16216/3112INT Network Security 1Copyright © Griffith University, INT / 3112INT Network.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Henric Johnson1 Chapter 8 WEB Security //Modified by Prof. M. Singhal// Henric Johnson Blekinge Institute of Technology, Sweden
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
CS580 Internet Security Protocols
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
Henric Johnson1 Secure Electronic Transactions An open encryption and security specification. Protect credit card transaction on the Internet. Companies.
or call for office visit, or call Kathy Cheek,
Chapter 7 - Secure Socket Layer (SSL)
Cryptography and Network Security
Cryptography and Network Security
Cryptography and Network Security
Secure Electronic Transaction (SET) University of Windsor
Unit 8 Network Security.
Electronic Payment Security Technologies
Cryptography and Network Security
Presentation transcript:

Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar Office: Room no. 01, FICT Building

2 Application Transport Layer (TCP,UDP) Network Layer (IP) E'net Data Link Layer Ethernet Phys. Layer Network Layer E'net Data Link Layer E'net Phys. Layer Network Layer Process Router Buffers Packets that need to be forwarded (based on IP address). Application Transport Layer (TCP,UDP) Network Layer (IP) Token Ring Data-Link Layer Token Ring Phys. Layer Token Ring Data Link Layer Token Ring Phys. Layer IPsec SSL

HTTPS is HTTP with SSL (Secure Socket Layer). HTTPS uses the TLS/SSL default TCP port, port Encrypt HTTPS :"Network Security Essentials: Applications and Standards," Prentice Hall, by Wm. Stallings (ECE6612) Web Browser or Web Server

Fig. 7.3 SSL Record Protocol Operation 4 Record Header

SSL Handshake - First Part Time Gray areas are optional in some circumstances. 5

SSL Handshake - Second Part Time Gray areas are optional in some circumstances. 6 Client Server

7 SET (Secure Electronic Transactions) Provides a secure communications channel among all the parties involved in a transaction: Customer, Seller, Customer ’ s credit provider, Seller ’ s bank. Provides trust by the use of X.509v3 certificates. Ensures privacy because information is only made available to the parties that need it. * Cardholder account authentication to the Merchant (Cardholder must have a Certificate issued by the credit company). Merchant may issue a temporary Certificate to issue the session is not hijacked). * Verifies Merchant's relationship with financial institution. * Integrity of data customer sends to Merchant (order info tied to funds transfer).

8 SET - Steps in a Transaction 1. Customer opens account with credit company or bank. 2. Bank issues X.509 cert. to the Customer with RSA Keys. 3. Merchant has two certificates, signing and key exchange Customer places an order. 5. The Merchant sends the customer a copy of his certificate. 6. The Customer sends Order Information (OI) encrypted so the Merchant can read it, and Payment Information (PI) encrypted so the Merchant can not read it Merchant requests payment by sending PI to the “ Payment Gateway ” (who can decrypt it) and verifies Customer ’ s credit. 8. Merchant confirms the order to the Customer. 9. Merchant ships goods to Customer. 10. Merchant sends request for payment to the Payment Gateway which handles transfer of funds.

9 Secure Electronic Transactions (SET)

10 SET - Dual Signature The Dual signature allows proof that: 1. Merchant has received Order Information. 2. Bank has received Payment Information and verified the Customer signature. 3. Customer has linked OI and PI and can prove later that PI was not related to a different purchase. Dual-Sig = E cus-private [ H( H(PI) || H(OI) ) ] Bob orders a book and a TV from Scam, Inc. Scam, Inc ships Bob the book, and then sends the PI for the TV joined with the OI for the book to the Bank. How does Bob prove to the Bank that he did not order a book with a TV price, when Scam, Inc shows the Bank the OI for the book?

11

Customer ’ s Purchase Request 12 Encrypted with Bank’s Public Key

13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.