SSL/TLS How to send your credit card number securely over the internet.

Slides:



Advertisements
Similar presentations
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Advertisements

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Cryptography and Network Security Chapter 17
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
IEEE Wireless Local Area Networks (WLAN’s).
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Cryptography and Network Security (SSL)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Computer and Network Security
Cryptography and Network Security
Secure Sockets Layer (SSL)
Visit for more Learning Resources
BINF 711 Amr El Mougy Sherif Ismail
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
Cryptography and Network Security
Cryptography and Network Security
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
The Secure Sockets Layer (SSL) Protocol
Transport Layer Security (TLS)
Security at the Transport Layer
Cryptography and Network Security
Presentation transcript:

SSL/TLS How to send your credit card number securely over the internet

Breno de MedeirosFlorida State University Fall 2005 The security provided by SSL  SSL is implemented at level 4  The transport control layer  In practice, SSL uses TCP sockets  The underlying TCP implementation handles robustness of communication, such as replay of lost packets, buffering packets to re-order them correctly, etc.  SSL extends TCP interface for security

Breno de MedeirosFlorida State University Fall 2005 What does it entail?  To use SSL, applications must change.  They have to use the SSL API (application programming interface) and use SSL calls instead of TCP calls. Applications’ networking code must change  SSL may be deployed without making changes to the underlying Operating System, because it does not alter the implementation of the TCP protocol.

Breno de MedeirosFlorida State University Fall 2005 The rogue packet problem (1)  TCP uses checksums to ensure correctness of data.  but this checksum prevents only against random errors.  Suppose an attacker to SSL:  Forges the next TCP packet (in a TCP connection, packets are numbered).  Re-computes the TCP checksum  The TCP protocol accepts the corrupt packet, mark the packet number as delivered/received.

Breno de MedeirosFlorida State University Fall 2005 The rogue packet problem (2)  TCP relays the corrupted packet to SSL  SSL checks its cryptographic checksum -- a message authentication code (MAC) -- and realizes that the packet has been forged  TCP receives true packet from legitimate sender, sees that it has an already used number, and discards the packet as bad.  SSL cannot tell TCP to change its behavior, because it has not changed the TCP code. Only option for SSL is to hang up the connection.  The result is as if the connection had been cut, and the attacker does not need to be “in the middle.”

Breno de MedeirosFlorida State University Fall 2005 SSL as software only  Implementing SSL in hardware is unwieldy  It requires a TCP implementation to function  Therefore TCP has to be implemented in the same hardware  But TCP uses long buffers to ensure communication reliability. That means your hardware will require a lot of memory and be costly.  If SSL worked at a lower level, say level 3/ network layer, it could be coded in a net card.

Breno de MedeirosFlorida State University Fall 2005 Advantages of SSL  Allows for portable implementation, because it is an application-level process  Suitable for bundling with applications such as browsers, can be installed with user-privileges only, and minimum expertise in anything.  SSL can authenticate users (end-to-end authentication), not only machines or IP addresses (link-to-link authentication)

Breno de MedeirosFlorida State University Fall 2005 SSL/TLS: First Ingredients  SSL supports several “cipher suites”:  Algorithm sets for public key encryption, symmetric key encryption, and authentication (MACs).  Flexibility was needed because of export restrictions.  Client and Server must negotiate which algorithms are used in a session.  Client and server agree on a common secret:  Negotiated using public key cryptography  Incorporating challenges (nonces) from both parties.  From this common secret the symmetric keys are derived.

Breno de MedeirosFlorida State University Fall 2005 SSL/TLS: Ingredients (2)  SSL uses directional symmetric keys. After agreeing on common secret:  Client and server derive from it two IVs, encrypt and decrypt keys, as well as authentication and verification keys. A total of six secrets are derived from the agreed secret (pre-key).  Client read keys = Server write keys  Server IV = part of Server encryption parameters = part of client decryption parameters  Server encryption key = Client decryption key  Server authentication key = Client verification key  Client write keys = Server read keys  Client IV = part of Client encryption parameters = part of server decryption parameters  Client encryption key = Server decryption key  Client authentication key = Server verification key

Breno de MedeirosFlorida State University Fall 2005 SSL/TLS Basic Protocol Client Server Cipher suites supported, R 1 = R Client Create S; Derive K as f(S,R 1,R 2 ) Get S; Derive K as f(S,R 1,R 2 ) Choice of cipher suite, R 2 = R Server {S} Server, MAC CAK (handshake) MAC SAK (handshake) Enc., auth. data

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.