Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Web security: SSL and TLS
CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Secure Socket Layer.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 8 Web Security.
Cryptography 101 Frank Hecker
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Secure Socket Layer (SSL)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
The Secure Sockets Layer (SSL) Protocol
Security Outline Encryption Algorithms Authentication Protocols
Cryptography and Network Security
Secure Sockets Layer (SSL)
Cryptography and Network Security
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Presentation transcript:

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd) Advanced Technical Support Gaithersburg, MD

Washington System Center © 2005 IBM Corporation 2August 25, 2005 Purpose Provide a communication protocol ●allows a session to be established between two parties, a client and a server  provide privacy (encryption), authentication of the communicating partner and data integrity of the information exchanged on the connection ♦ security is based on negotiated agreement between these two parties ●may be used on an application-by-application basis

Washington System Center © 2005 IBM Corporation 3August 25, 2005 Server 1. provides information and data to the client at the client's request 2. decides what data should be protected 3. is usually an application written to provide data services outbound 4. has the responsibility to protect its identity (will prove its identity via a certificate) 1. initiates the communications 2. generally selects the data to be provided by the Server 3. most are browsers but not necessarily 4. can prove its identity by also having a certificate Client SSL/TLS : Functions

Washington System Center © 2005 IBM Corporation 4August 25, 2005 The SSL/TLS Session Client Hello, my cipher info, etc. Server Hello, my cipher info, key exchange, etc. Client response: key exchange, ciphers, etc. Server response: change cipher and finish Server/Client: Encrypted data SSL Handshake or Hello Phase SSL Session

Washington System Center © 2005 IBM Corporation 5August 25, 2005 Certificates Certificates are a way of securely identifying someone ●most are based on the standard structure X.509 v3 ●certificates are encoded using DER rules (X.209) ●Contains;  Owner’s distinguished name  Owner’s public key ♦ Signature algorithm with which the public key is used  issuers distinguished name ♦ issuers signature V#, SN, CA's signature, sgn-alg Issuer name: CAxyz Validity Dates and Time type Subject name: Greg Subject's Public Key, AlgoID SignAlgo: RSA with SHA-1 Extensions

Washington System Center © 2005 IBM Corporation 6August 25, 2005 Certificate Authorities Certificate authorities are trusted organizations who vouch for public keys ●a CA is an entity trusted by both the client and the owner ●CA issues a credential (a certificate) to the owner, that associates the owner’s name with the owner’s public key  client trusts that the CA will not issue a certificate to an imposter  public keys are delivered via certificates, which are signed with the private key of the certificate authority ● client can validate the certificate at any time  validating a certificate proves that it’s authentic and has not been modified. (to be signed)

Washington System Center © 2005 IBM Corporation 7August 25, 2005 Public Key Cryptography – Mathematically Related Generate 2 prime numbersP = 7Q = 17 (each over 100 digits long) Multiply primes to get modulus, NN = 7 x 17 = 119 Select odd number, E, that will E = 5 be the second part of the public key Public Key (N E)119 5 Compute second part of private key, D (P-1) x (Q-1) x (E-1)(7-1) x (17-1) x (5-1) = 384 Add 1 to result = 385 Divide by E to get DD = 385/5 = 77 Private Key (N D)119 77

Washington System Center © 2005 IBM Corporation 8August 25, 2005 Encipher Message – ‘SELL’ P = 7; Q = 17; N = 119; E = 5; D = 77 Public Key (N E)119 5 Private Key (N D) Convert characters to numeric ●E.g. a=1, b=2, c=3 …. ●Plaintext ‘SELL’ becomes Raise that character value to power E (‘S’ => 19**5 => ) Divide by first part of Public Key / 119 = And get the remainder66 = eKP(S) Ciphertext

Washington System Center © 2005 IBM Corporation 9August 25, 2005 Decipher Message – ’ ’ P = 7; Q = 17; N = 119; E = 5; D = 77 Public Key (N E)119 5 Private Key (ND) Raise to power D66 ** 77 = 1273….. Divide result by modulus N1273….. / 119 = 1069 And get remainder 19 Remainder is numeric equivalent of19 = “S” character sent Plaintext or C’S E L L’

Washington System Center © 2005 IBM Corporation 10August 25, 2005 Functionz800/z900z890/z990z9 109 Handshake Phase CSNDPKD – Public Key Decrypt PCICA, PCICC, CCFPCICA, Crypto Express2, Software Crypto Express2 (Accelerator/Coprocessor), Software CSNDPKE – Public Key Encrypt PCICC, CCFPCICA, Crypto Express2, Software Crypto Express2 (Accelerator/Coprocessor), Software CSNDDSV – Digital Signature Verify PCICC, CCFPCICA, Crypto Express2, PCIXCC, Crypto Express2 (Accelerator/Coprocessor), Software Record Layer DES/TDESCCFCPACF or Software AESSoftware Software or CPACF with z/OS V1R8 RC2 or RC4Software SHA-1 (Hash)SoftwareCPACF MD5 (Hash)Software Where are the SSL functions executed? Could be lots of different places

Washington System Center © 2005 IBM Corporation 11August 25, 2005 Hardware Decisions Some IBM product code that can take advantage of cryptographic hardware includes a software crypto engine. If the hardware is not properly installed and setup the software will be used to perform the encryption. ●code is written to detect whether there is crypto hardware and if ICSF is active  check is done at session startup time  when base hardware crypto and ICSF conditions are met, an indicator is set ♦ examples of products; IBM WebSphere, System SSL, TN3270 Products that optionally allow cryptographic functions usually do not provide a software crypto engine and require the presence of active IBM base crypto and ICSF ●example: VTAM Session Level Encryption

Washington System Center © 2005 IBM Corporation 12August 25, 2005 SSL Exploiters CICS LDAP Firewall Technologies WebSphere MQ Series Tivoli Access Manager for Business Integration Host Edition Policy Director Authorization Services Secure TN3270 IMS PKI Services EIM Sendmail Secure FTP IBM HTTP Server

Washington System Center © 2005 IBM Corporation 13August 25, 2005 References SSL, Secure Sockets Layer TLS, Transport Layer Security Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRI Profile (RFC 3279) X.509 certificate, certificate revocation list, and certificate extensions Signatures ● (DSS) ● (RSA) Hashing ● (SHA-1) ● (MD5) Key Exchange ●

Washington System Center © 2005 IBM Corporation 14August 25, 2005 Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.