Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Published byMitchell Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1."— Presentation transcript:

1 Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1

2 We have learned … Symmetric encryption: DES, 3DES, AES, RC4 Public-key encryption: RSA Hash: SHA-1 MAC: CBC-MAC, CMAC, HMAC Digital signature: RSA Entity authentication: challenge and response Key agreement: Diffie-Hellman, RSA Certicificate 2

3 SSL-Secure Socket Layer

4 SSL (Secure Socket Layer) TCP: provides a reliable end-to-end service. TCP & SSL: provides a reliable & secure end-to-end service. HTTPS: HTTP over SSL (or TLS) – Typically on port 443 (regular http on port 80) SSL originally developed by Netscape subsequently became Internet standard known as TLS (Transport Layer Security) SSL has two layers of protocols

5 SSL Architecture

6 SSL Record Protocol Services SSL Record Protocol provides two services. Message integrity –using a MAC with a shared secret key –similar to HMAC but with different padding –hash functions: MD5, SHA-1 Message confidentiality –using symmetric encryption with a shared secret key –Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128

7 SSL Record Protocol Operation (optional; default: null) ≤ 2 14 bytes

8

9 SSL Handshake Protocol Allows server & client to: –authenticate each other –to negotiate encryption & MAC algorithms and keys Comprises a series of messages exchanged in phases: 1.Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms) 2.Server Authentication and Key Exchange 3.Client Authentication and Key Exchange 4.Finish

10 Stallings Figure 17.6

11

12

13

14

15

16

17

18

19 Client Authentication The server may request a certificate from the client. The client will send a certificate message or a no_certificate alert.

20

21

22

23

24 SSL Session and Connection SSL was designed to work with HTTP 1.0 which tended to open a lot of TCP connections between the same client and server. SSL assumes a session is a relatively long- lived thing from which many (transient) connections can be cheaply derived. 1 session = 1 or more connections 24

25 SSL Session Created by the Handshake Protocol. Parameters: –Session ID –Compression method –Cipher spec (encryption and hash algorithm) –Master secret –Is resumable 25

26 SSL Connection Based on an underlying TCP connection Associated with a session Parameters: –Server and client random –Server and client write MAC secret –Server and client write secret –Server and client IV (if CBC is used) –Sequence number Closed by a close_notify from each side 26

27 Session Resumption In handshaking, the client_hello contains a session ID: –If session ID = 0, start a new session –If session ID = x (and session x is resumable): start a new connection of session x (or change parameters of a current connection of session x) Skip key exchange Use the session’s master secret to generate keys 27

28 Master secret vs. pre-master secret Why? Note: even if we use pre_master_secret to generate keys, each connection will have its own set of keys. 28

29 Pre_master_secret –computed for each session during handshaking –could be the same for all sessions –is not stored (so safe) Master_secret – is stored for the lifetime of the session – may be compromised – If compromised, damage limited to a session What if pre_master_secret is used to generate keys? 29

Download ppt "Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1."

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.

Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Similar presentations

Ads by Google