Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security.

Published byElinor White Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security."— Presentation transcript:

1 Secure Sockets Layer

2 SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security between browser and server Encryption is used to guarantee secure communication in an insecure environment All security operations are transparent at both ends of the communication SSL uses public-key cryptography

3 Mortice-lock cryptography Ordinary encryption is like sending messages in a box that is locked with a mortice lock Both the sender of the message and the recipient must share a secret –they must each have a copy of the key to the lock the sender needs a copy of the key to lock the box the recipient needs a copy of the key to open the box However, we don’t have to use mortice locks –we can use Yale locks

4 Yale lock cryptography Consider a box with a Yale lock If the box is open, anybody can put a message inside and lock the box –no key is needed to lock the box However, only the person who has the key of the Yale lock can open the box and read the message The owner of the key can make many copies of the lock and send them to anybody who wants to send him a message –these people need never see the owner’s private key

5 Public-key cryptography Public-key cryptography is also known as asymmetric key cryptography It allows users to communicate securely without having prior access to a shared secret key Instead, it uses a pair of keys which are related mathematically –a message encoded with Key1 can only be decoded by using Key2 –a message encoded with Key2 can only be decoded by using Key2

6 Public-key cryptography (contd.) Typically, one key is called a public key and the other is called a private key The public key can be regarded as like a Yale lock –many copies of it can be made –they can be given to everybody who asks for one The private key can be regarded as like the key to a Yale lock –the owner of the key does not share it with anybody else –he can use it to open locked boxes that people send to him

7 Public Key certificates Suppose you want to send a secure message to somebody and ask him to send you a Yale lock in the post Suppose a Yale lock arrives in the post How do you know the Yale lock is really from the person to whom you want to send your secure message? You would require some guarantee In public-key cryptography, this guarantee is called a public-key certificate

8 Public-key certificates (contd.) A public-key certificate binds a public key with a name –it guarantees that the public key is indeed owned by the person/organization/program with the given name –thus, it guarantees that any message encoded with the public key will only be readable by that person/organization/program To increase the credibility of a public-key certificate, it is often signed by a trusted organization known as a Certification Authority (CA)

9 Unidirectional versus bi-directional cryptography Sometimes, both parties to a conversation need to send secret information –bi-directional cryptography is needed –each party must send his public key to the other Sometimes, only one party to a conversation needs to send secret information –only unidirectional cryptography is needed –only the recipient of the secret information needs to own a public key which he must send to sender of the secret information

10 Much e-Commerce involves only unidirectional cryptography A customer making an online purchase needs to send secret information, such as a credit card number, to the company The company does not need to send any secret information to the customer In this case, only unidirectional cryptography is needed Thus, the customer need not own any cryptographic key, but the company must –the server will have to send its public key to the customer’s browser

11 An example Consider buying a ticket from Aer Lingus Initially, no secret information is being exchanged –Aer Lingus merely lists flight availability –the customer selects flights Then, however, the customer must provide credit card details –before that can happen, Aer Lingus must send its public key to the customer

12 Customer specifies Cork-Heathrow itinerary http protocol in use; no lock on status bar

13 Customer selects flights still http protocol; no lock on status bar

14 Customer is warned that SSL communication is about to start

15

16 Customer is being asked for credit card details protocol is now https; there is a lock on the status bar

17 HTTPS and lock

18 What happened when user agreed to secure connection The Aer Lingus server sent its certificate to the user’s browser The browser decided that the CA on the certificate was trustworthy and that the public key really was for Aer Lingus Henceforth, all information sent by the user would be encoded using the public key

19 Sometimes, a browser needs to receive secrets from a server If a browser needs to receive secrets from a server, the browser must be able to provide a public-key certificate to the server There are freely-available utilities, such as OpenSSL, which enable you to –select a public+private key combination –get a signed certificate for your public key –import the certificate into your browser, so that it can send this to servers who request it

20 openSSL Available on cosmos.ucc.ie It provides a great many options Too many to consider here today

Download ppt "Secure Sockets Layer. SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC

Z39.50 and Cryptography ZIG July 13 th 2000 Poul Henrik Jørgensen, DBC
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.

Encryption, SSL and Certificates BY JOSHUA COX AND RACHAEL MEAD.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Similar presentations

Ads by Google