Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang.

Published byDimitri Avery Modified over 9 years ago

Similar presentations

Presentation on theme: "SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang."— Presentation transcript:

1 SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang

2 E- COMMERCE Part of our life now US e-Commerce and Online Retail sales projected to have reached $204 billion, an increase of 17 percent over 2007

3 E- COMMERCE S ECURITY I SSUE Security issue is the top concern in the e- commerce Most people tend to fear that the website compromise their personal information. People may not use e-commerce websites just because of the worry about security and privacy

4 T HREE K INDS OF S ECURITY T HREATS Server part Client part Network part

5 S ECURITY I SSUES OF S ERVERS Server install important software and store valuable information. Firewall is used

6 S ECURITY I SSUES OF C LIENTS The systems of clients have inherent insecurity. Virus problem Trojan problem fatal to e-commerce

7 S ECURITY I SSUES OF N ETWORK The information transmitted can be viewed by others The information can be modified during transmission The two sides of the transaction don’t meet with each other SSL can solve these problems

8 SSL I NTRODUCTION Secure Sockets Layer It has another name now, TSL Transport Layer Security Cryptographic protocols that provide securities for communications over the network

9 Cite from "Inside SSL: the secure sockets layer protocol“ by Chou, W

10 F EATURES OF SSL Application protocol independent Does not specify the detailed mechanism

11 R ESPONSIBILITIES OF SSL Authenticate Server Authenticate Client(Optional) Encrypt the message sent between the client and the server. Detect tampering data

12 T WO S UB P ROTOCOLS SSL record protocol Defines the format used to transmit data SSL handshake protocol Establish an SSL connection. Negotiate the encryption mechanism

13 R ECORD P ROTOCOL AND H ANDSHAKE P ROTOCOL

14 SSL R ECORD P ROTOCOL When transmitting message, it fragments, compresses and encrypts the data, and transmit it. When receiving message, it decrypts, verifies, decompress, and reassembles the data, then delivered to the higher level

15 SSL H ANDSHAKE P ROTOCOL Change cipher spec protocol notify the recipient there is transition in ciphering strategies Alert protocol warning and fatal Handshake protocol How messages are exchanged to establish a SSL connection

16

17 SSL AND E NCRYPTION Chou, W. "Inside SSL: the secure sockets layer protocol"

18 C OMPARISON OF TWO ALGORITHMS asymmetric encryption public key needn’t to be encrypted based on mathematical problems that are easier to generate rather than to solve symmetric encryption private key needs to be kept secret Public KeyPrivate Key

19 H ISTORY OF SSL TLS 1.1 was released in April. 2006 TLS 1.2 was released in August 2008

20 K EEP SECRET

21 V ERIFY INFORMATION

22 C HECK IDENTITY

23 O THER APPROACHES TO NETWORK SECURITIES Application- Specific Security Security within Core Protocols Parallel Security Protocol

24 SSL L IMITATION Doesn’t protect the IP or TCP headers Manipulating users, SSL cannot guarantee that the person using the certificate is the person to whom the certificate was issued. Cannot support UDP protocol Depend on whether encryption algorithms themselves have weaknesses Cannot provide an important service called nonrepudiation. (Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. This is part of the digital signature. )

25

Download ppt "SSL AND E- COMMERCE S ECURITY gz2155 Guangwei Zhang."

Similar presentations

CP3397 ECommerce.

CP3397 ECommerce.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google