Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009.

Published byBarrie Harvey Modified over 8 years ago

Similar presentations

Presentation on theme: "PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009."— Presentation transcript:

1 PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009

2 2 CONTENTS  Definition  Brief History  Services  Position of SSL in TCP/IP  Communication between layers  Working of SSL  Details of handshake protocol  Details of record protocol  Details of alert protocol  Closing & resuming SSL connections  References

3 3 DEFINITION Internet protocol for secure exchange of information between the web browser and the web server Web browser Web server

4 4 HISTORY  Developed by Netscape corporation in 1994  Versions – 2,3,3.1  Popular version – 3, released in 1995

5 5 SERVICES Provides 2 basic security services : 1. Authentication 2. Confidentiality  Logically it provides a secure pipe between the web browser and the web server.

6 6 POSITION OF SSL IN TCP/IP PROTOCOL SUITE  Located between the application layer and the transport layer Application layer SSL layer Transport layer Network layer Data link layer Physical layer

7 7 COMMUNICATION BETWEEN VARIOUS LAYERS x L5 data L5 data SH L5 data H4 L4 data H3 L3 data H2 01010101001101011 L5 data L5 data SH L5 data H4 01010101001101011 Y Transmission medium Application SSL Transport Network Data link Physical L4 data H3 L3 data H2

8 8 HOW SSL WORKS ? Has 3 sub protocols : 1.Handshake protocol 2.Record protocol 3.Alert protocol

9 9 1. THE HANDSHAKE PROTOCOL  First sub protocol used by client and the server to communicate using SSL enabled connections  Consists of series of messages between the client and the server

10 10 MESSAGE FORMAT OF HANSHAKE PROTOCOL Has 3 fields : 1.Type (1 byte) : indicates message types 2.Length (3 bytes) : indicates the length of message. 3. Content (1 or more byte) : contains the parameters associated with message Type Length Contents 1 byte3 byte 1 or more bytes

11 11 PHASES OF HANDSHAKE PROTOCOL There are 4 phases of handshake protocol : 1.Establish security capabilities 2.Server authentication & key exchange 3.Client authentication & key exchange 4.Finish Web browser Web server 1.Establish security capabilities 2. Server authentication &key exchange 3.Client authentication & key exchange 4.Finish

12 12 Phase 1: Establish security capabilities  Initiate a logical connection & establish the security capabilities  Consists of two messages : client hello & server hello Web browser Web server Step 1: Client hello Step 2 : Server hello

13 13 CLIENT HELLO Consists of following parameters : 1.Version : indicates the highest version of SSL the client can support 2.Random : used for actual communication. It consists of 2 sub fields :  32-bit date-time field that identifies current system date & time on the client computer  28-byte random number generated by the random number generator software built inside the client computer

14 14 CLIENT HELLO CONT. 3. Session id : variable length session identifier It has two values : 3.1. Non zero value : shows that a connection already exists between the client and the server 3.2. Zero value :indicates that the client wants to create a new connection with the server 4. Cipher suite : contains list of cryptographic algorithms supported by client 5. Compression method : contains list of compression algorithms supported by client

15 15 SERVER HELLO Contains the same fields as that of client but with different purpose : 1.Version : identifies the lower of the versions suggested by the client & the highest supported by the server 2.Random : same structure as that of client 3.Session id : for non zero value - server uses the same value sent by client For zero value – server creates a new session id & puts it in this field 4.Cipher suite : contains single cipher suite selected from the list sent by client 5.Compression method : contains a compression algorithm selected from the list sent by client

16 16 PHASE 2 : SERVER AUTHENTICATION & KEY EXCHANGE  Server initiates this phase of SSL handshake  Server is the only sender & the client is the only receiver. This phase contains 4 steps: 1.Certificate 2.Server key exchange 3.Certificate request 4.Server hello done

17 17 1.CERTIFICATE  Server sends its digital certificate to the client  This helps client to authenticate the server using server’s public key from server’s certificate. 2. SERVER KEY EXCHANGE  Optional step & is used if the sender doesn’t send its digital certificate to the client  Server sends its public key to the client

18 18 3. CERTIFICATE REQUEST  Server can request for the client’s digital signatures  This step is optional because the client authentication in SSL is optional. 4. SERVER HELLO DONE  Indicates the client that its portion of hello message is complete  The client can verify the certificates sent by the server  After sending this message the server waits for the client’s response

19 19 PHASE 3: CLIENT AUTHENTICATION & KEY EXCHANGE  The client initiates this phase.  Client is the sender & the server is the receiver. This phase consists of 3 steps: 1.Certificate 2.Client key exchange 3.Certificate verify

20 20 1. CERTIFICATE  Optional step  Performed only if the server had requested for the client’s certificate  If the client sends no certificate instead of a certificate message then its upto server if it still wants to continue. 2. CLIENT KEY EXCHANGE  Allows the client to send information to the server based on the symmetric key  Client creates a 48-byte pre-master secret & encrypts it with the server’s public key & sends this pre-master secret to the server.

21 21 3. CERTIFICATE VERIFY  Necessary only if the server had demanded client authentication  The client combines the pre-master secret with the random numbers exchanged by the client & server after hashing them together.

22 22 PHASE 4 : FINISH  Client initiates this phase and the server ends.  This consists of 4 steps: The first two masseges are from client : 1.Change cipher specs 2.Finished The server responds back with the two same identical messages Web browse r Web server 1. Change cipher specs 2. Finished 3. Change cipher specs 4. Finished

23 23 MASTER KEY GENERATION CONCEPT  Based on pre-master secret, both the server and the client create a 48-byte quantity called the master secret  Master key is calculated after computing message digests of pre-master secret, client random & server random. Pre-master secret Client random Server random Message digest algorithm Master secret

24 24 SYMMETRIC KEY GENERATION CONCEPT  Finally symmetric keys to be used by the client & server are generated. Master secret Server random Client random Message digest algorithms Symmetric key

25 25 2. RECORD PROTOCOL Provides 2 services : 1.Confidentiality : achieved by the secret key defined by handshake protocol 2.Integrity : shared secret key is used to ensure the message integrity

26 26 OPERATION OF RECORD PROTOCOL Application data Fregmentation Compression Addition of MAC Encryption Append header

27 27 DETAILS OF THE STEPS 1.Fregmentation: original message is broken into blocks of size less than or equal to 16,384 bytes 2.Compression: fregmented blocks are compressed optionally with loss less compression mechanism 3.Addition of MAC: MAC is calculated for each block using the shared secret key. 4.Encryption: using the symmetric key the output is encrypted

28 28 5. Append header: header is added to the encrypted block. The header contains the following fields :  Content type(8 bits): specifies the protocol used for processing the record in next higher level  Major version(8 bits): specifies the major version of SSL protocol in use  Minor version(8 bits):specifies the minor version of SSL protocol in use  Compressed length(16 bits): specifies the length of the original plain text block

29 29 3. ALERT PROTOCOL  When either the client or the server detects an error, the detecting party sends an alert message to the other party  For fatal error : SSL connection is immediately closed, session identifiers, secrets & keys are destroyed  For non fatal errors :parties handle the errors & continue

30 30 ALERT PROTOCOL MESSAGE FORMAT Alert message contains 2 bytes : 1.Severity : signifies the type of error. If it is a warning,this byte contains 1. If it is fatal, this contains 2. 2.Cause : specifies the actual errors SeverityCause Byte 1 Byte 2

31 31 CLOSING AND RESUMING SSL CONNECTIONS  Before ending communication, the client & the server must inform each other  Each party sends a close notify alert to ensure graceful closure  If the SSL connection ends without a close notify alert it cant be resumed  Any SSL connection can’t be reused after 24 hours

32 32 REFERENCES  Cryptography and network security by Atul Kahate.  Ahuja, Vijay, Network and internet security  Comer, Douglas, Computer networks and internets.  Kaufman, Charlie, network security  Web refrences.

33 33 THANKS

Download ppt "PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH - 2009."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google