Presentation is loading. Please wait.

Presentation is loading. Please wait.

TLS and DLP Behind the green lock.

Published byTheophiel Vermeiren Modified over 6 years ago

Similar presentations

Presentation on theme: "TLS and DLP Behind the green lock."— Presentation transcript:

1 TLS and DLP Behind the green lock

2

3 Goals Encrypting Data Diffie Hellman Elliptical Curve Key Exchange
Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo

4 Web Browser Encryption
Negotiate Encryption Session TLS 1.2 and 1.3 Encryption Protocols

5 Web Browser Encryption
Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

6 Web Browser Encryption
Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

7 Web Browser Encryption
Negotiate Encryption Session Secure Socket Layer (SSL) Transport Layer Security (TLS) Encryption Protocols RSA 3DES Diffie Hellman AES ECDHE ChaCha20

8 SSL/TLS Versions TLS v1.2 TLS v1.3

9 Data Encryption Basics

10 Encrypting Communication
HTTPs Client HTTPs Server

11 Encrypting Communication
HTTPs Client HTTPs Server +

12 Encrypting Communication
HTTPs Client HTTPs Server +

13 Encrypting Communication
HTTPs Client HTTPs Server +

14 Encrypting Communication
HTTPs Client HTTPs Server

15 Encrypting Communication
HTTPs Client HTTPs Server

16 Encrypting Communication
HTTPs Client HTTPs Server +

17 Encrypting Communication
HTTPs Client HTTPs Server +

18 Encrypting Communication
HTTPs Client HTTPs Server +

19 Encrypting Communication
HTTPs Client HTTPs Server

20 Encrypting Communication
HTTPs Client HTTPs Server

21 TLS Encryption Data Encryption Key Exchange Handshake Integrity
AES (128 or 256 bits) Chacha20 Key Exchange Handshake Integrity

22 TLS Encryption Data Encryption Key Exchange AES (128 or 256 bits)
Chacha20 Key Exchange

23 TLS Encryption Key Exchange Data Encryption

24 TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA RSA
Handshake Integrity RSA Diffie Hellman Elliptical Curve RSA Diffie Hellman Elliptical Curve

25 TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA
Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

26 TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA
Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

27 TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption RSA
Handshake Integrity RSA Diffie Hellman Elliptical Curve Elliptical Curve Diffie Hellman

28 Elliptical Curve Diffie-Hellman Ephemeral

29 Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1
ffdhe2048 ffdhe3073

30 Elliptical Curve Curve Types x25519 secp256r1 secp284r1 fecp521r1
ffdhe2048 ffdhe3073

31 Elliptical Curve

32 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server Public Key

33 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
HTTPs Server Public Key

34 TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd + HTTPs Client HTTPs Server Public Key

35 TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client
HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

36 TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client
HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

37 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

38 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

39 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

40 TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

41 TLS 1.2 DHECE Key Exchange + Private Key Private Key HTTPs Client
HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd Public Key

42 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd

43 TLS 1.2 DHECE Key Exchange Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd

44 TLS 1.2 DHECE Key Exchange + + Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server

45 TLS 1.2 DHECE Key Exchange + + Private Key Private Key HTTPs Client
047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd 047d1bb98aa0d6b4a5a5cc4dba83df2c35ac2b7a63e973edae0f14d680d196b fe36426baffe67fa6048b2e989c48461f50449a83e563a0d84bdbfd HTTPs Client HTTPs Server

46 TLS Encryption TLS v1.2 TLS v1.3 Key Exchange Data Encryption
Handshake Integrity RSA Diffie Hellman Elliptical Curve RSA Diffie Hellman Elliptical Curve

47 TLS Encryption Key Exchange Data Encryption Handshake Integrity

48 TLS Encryption Key Exchange Data Encryption Handshake Integrity

49 TLS Encryption Key Exchange Data Encryption Handshake Integrity

50 Server Authenticity TLS Encryption Key Exchange Data Encryption
Handshake Integrity Server Authenticity

51 Certificates

52 Certificate Authority
Certificates Certificate Authority Server Intermediate Root

53 Certificate Authority
Certificates Certificate Authority Server Intermediate Root

54 Certificate Authority
Certificates Certificate Authority Server Intermediate Root

55 Certificate Authority
Certificates Certificate Authority Root Server Intermediate

56 Certificate Authority
Certificates Certificate Authority Root Intermediate Server

57 Certificate Authority
Certificates Certificate Authority Root Intermediate Server Validation

58 Certificate Authority
Certificates Certificate Authority Server Intermediate

59 Certificates Server Intermediate

60 Certificates Server Intermediate

61 Certificates Server Intermediate

62 But aren’t certificates used to encrypt?
Key Exchange Only RSA Diffie Hellman (p and g values)

63 But aren’t certificates used to encrypt?
Key Exchange Only RSA Diffie Hellman (p and g values)

64 Used for Server Authenticity
Certificates Used for Server Authenticity Independent from Certificate

65 Data Loss Prevention aka MITM or SSL intercept

66 Data Loss Prevention Client Server

67 Data Loss Prevention DLP Appliance Client Server

68 Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Server

69 Client Observes End to End
Data Loss Prevention DLP Appliance TLS Session TLS Session Client Client Observes End to End Server

70 Unencrypted Client/Server Data
Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server Unencrypted Client/Server Data

71 Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Trusted Certificate Server

72 ? Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Trusted Certificate Server

73 ? Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Trusted Certificate Server

74 Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Server Root Intermediate Server

75 Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Intermediate DLP Appliance TLS Session TLS Session Client Server Server

76 Data Loss Prevention DLP Appliance TLS Session TLS Session Client
Intermediate DLP Appliance TLS Session TLS Session Client Server Server

77 Client Observes End to End Encryption
Data Loss Prevention Intermediate DLP Appliance TLS Session TLS Session Client Client Observes End to End Encryption Server Server

78 Unencrypted Client/Server Data
Data Loss Prevention DLP Appliance TLS Session TLS Session Client Server Unencrypted Client/Server Data

79 Certificates

80 More Information https://sharkfestasia.wireshark.org/sf18asia
SSL/TLS Decryption: Uncovering the Secrets Peter Wu Wireshark Troubleshooting: Analyzing and Decrypting TLS Traffic Ross Bagurdes

81 Summary Encrypting Data Diffie Hellman Elliptical Curve Key Exchange
Validation and Encryption with Certificates Data Loss Prevention Wireshark Demo

Download ppt "TLS and DLP Behind the green lock."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Introduction to Secure Sockets Layer (SSL) Protocol Based on: https://developer.mozilla.org/En/Introduction_to_SSL#The_SSL_Protocol.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SSL(Secure Socket Layer) Guided By:- Presented By:- Richard Sinn Jimmy Mehta 005239638.

SSL(Secure Socket Layer) Guided By:- Presented By:- Richard Sinn Jimmy Mehta
Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.

Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.

- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Similar presentations

Ads by Google