Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security (TRANSPORT-LEVEL SECURITY)

Published byHelga Koch Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Security (TRANSPORT-LEVEL SECURITY)"— Presentation transcript:

1 Web Security (TRANSPORT-LEVEL SECURITY)
Secure Socket Layer Transport Layer Security

2 Web Security ◆ Secure Socket Layer (SSL) provides security services between TCP and applications that use TCP. The Internet standard version is called Transport Layer Service (TLS). ◆ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a message authentication code. ◆ SSL/TLS includes protocol mechanisms to enable two TCP users to determine the security mechanisms and services they will use.

3 Web Security Threats

4 Web Traffic Security Approaches

5 1. SECURE SOCKET LAYER Two important SSL concepts are the SSL session and the SSL connection, which are defined in the specification as follows. • Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer-to-peer relationships. The connections are transient. Every connection is associated with one session. • Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters which can be shared among multiple connections

6 session state A session state is defined by the following parameters. • Session identifier • Peer certificate • Compression method • Cipher spec • Master secret • Is resumable

7 connection state A connection state is defined by the following parameters. Server and client random Server write MAC secret Client write MAC secret Server write key Client write key Initialization vectors Sequence numbers

8 SSL Architecture

9 SSL Record Protocol The SSL Record Protocol provides two services for SSL connections: • Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. • Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC).

10 SSL Record Protocol Operation

11 SSL Record Protocol header
• Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment. • Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3. • Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0. • Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed fragment if compression is used)

12 SSL Record Format

13 SSL Record Protocol Payload

14 Alert Protocol Messages
• unexpected_message • bad_record_mac • decompression_failure • handshake_failure • illegal_parameter • close_notify • no_certificate • bad_certificate • unsupported_certificate • certificate_revoked • certificate_expired • certificate_unknown:

15 Handshake Protocol

16 2. TRANSPORT LAYER SECURITY
Version Number Message Authentication Code Pseudorandom Function Alert Codes Cipher Suites Client Certificate Types Cryptographic Computations Padding

17 Pseudorandom Function

18 Alert Codes record_overflow unknown_ca access_denied decode_error
protocol_version insufficient_security unsupported_extension internal_error decrypt_error

Download ppt "Web Security (TRANSPORT-LEVEL SECURITY)"

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security

Cryptography and Network Security
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.

Chapter 8 Web Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google