SSL with New Client Authentication Takuya Yahagi, S1090215 University of Aizu Performance Evaluation Lab.

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

Web security: SSL and TLS

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Secure Socket Layer.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

Class on Security Raghu. Current state of Security Cracks appear all the time Band Aid solutions Applications are not designed properly OS designs are.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

IEEE Wireless Local Area Networks (WLAN’s).

Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.

Guide to Operating System Security Chapter 10 Security.

CSCI 6962: Server-side Design and Programming

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Wireless and Security CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Secure Socket Layer (SSL)

May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Private Key Algorithms RSA SSL

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Tunneling and Securing TCP Services Nathan Green.

Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

SSL/TLS How to send your credit card number securely over the internet.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Computer Communication & Networks

Using SSL – Secure Socket Layer

Amit Kulkarni February 17, 2004

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

SSL Protocol Figures used in the presentation

The Secure Sockets Layer (SSL) Protocol

Transport Layer Security (TLS)

Presentation transcript:

SSL with New Client Authentication Takuya Yahagi, S University of Aizu Performance Evaluation Lab.

Purpose To evaluate performance of SSL with client authentication with waiting time and probability of finding malicious user point of view.

Spoofing Uses other ’ s or non-existent mail address to send phishing mail, spam and some kind of virus mail. Sender ID (1) Problem  If IP address is also forged, Sender ID can ’ t prevent spoofing. SenderReceiverDNS Domain(2) IP address(3)

SSL Client hello(1) Random value Used to create common key Cryptography algorithms list Server hello(2) Random value Used to create common key Selected algorithm Server certificate(2) Public key Server hello done(2) Client key exchange(3) Premaster secret Used to create common key Change cipher spec(3),(4) Signal of encryption Finished(3),(4)  Problem There is no client authentication. Client hello (1) Client certificate Server hello Server certificate(2) Server hello done Client key exchange Change cipher spec Finished (3) Change cipher spec Finished (4) ServerClient

Feige-Fiat-Shammir Identification Protocol Prove identity via demonstration of knowledge of secret without revealing even a single bit of secret. Malicious person, Mallory has 50% chance of passing this trial without secret number by guessing that Bob will send c = 0 or 1. AliceBob w c r

Waiting time of SSL and SSL with authentication Waiting time of SSL Waiting time of SSL with authentication S1S2S3 C1C2 S4S5 C3C4C5 W2 W1W3W4 W5 C: Client W: Waiting time of SSL S: Service time of SSL S1S3 A1A2M1A3A4 W2 W1W3W4 W5 A: Alice M: Mallory W: Waiting time of SSL with authentication S: Service time of SSL with authentication S2S4S5

Waiting Time of SSL Expectation of number of SSL clients:

Waiting Time of SSL with Authentication(1) Expectation value and variance of Mallory ’ s number of trials: Expectation value and variance of Alice ’ s number of trials: Expectation value and variance of Mallory ’ s and Alice ’ s service time of SSL with authentication:

Waiting Time of SSL with Authentication(2) Expectation of number of SSL with authentication clients: Expectation value of waiting time of SSL with authentication:

Waiting Time l Waiting time n = 20 n = 15 n = 5 No auth

Probability of Miss n p(n) Probability of missing Mallory in n trials:

Conclusion and Future Works Using the feature of this authentication, client can prove identity more securely. This method is solution to IP address spoofing. However, service time of authentication and probability of Mallory is not accurate value.