Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security.

Published byEmma Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security."— Presentation transcript:

1 11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security Principles Prepared By : osama jaruor Supervised By : Ms. Eman Alajrami

2 12  History  SSL  SSL Roles  SSL and the Protocol Stack  The Four Upper Layer Protocols  Record Layer  Message Authentication Code  Handshaking Messages  Benefits  Drawbacks  References Outline

3 13 Need for secure web communication Netscape –Worried especially about credit card transaction over the web –Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary –SSLv1 - 1994 History

4 14 SSLv2 also released in 1994 –SSLv1 wasn’t widely implemented Rules for establishing secure connection Rules for public key encryption Optional certificate-based authentication for servers and even clients Flexible –No specifically required encryption, compression, or key generation algorithm SSLv2

5 15 Two roles –Client Initiates communication, lists possibilities for choices –Server Listens for client connections, chooses from possibilities sent from clients Both roles simply add Secure Sockets Layer to protocol stack SSL Roles

6 16 SSL between Transmission Control Protocol (TCP) layer and Application layer Actually 2 layers –Record –Secure Application Can run under any protocol that relies on TCP, including HTTP, LDAP, POP3, FTP SSL and the Protocol Stack

7 17 Handshaking Protocol –Establish communication variables Change CipherSpec Protocol –Alert to a change in communication variables Alert Protocol –Messages important to SSL connections Application Encryption Protocol –Encrypt/Decrypt application data The Four Upper Layer Protocols

8 18 Message Authentication Code MAC secures connection in two ways –Ensure Client and Server are using same encryption and compression methods –Ensure messages sent were received without error or interference Both sides compute MACs to match them No match = error or attack

9 19 Handshaking Messages ClientHello ServerHello *Certificate ServerKeyExchange *CertificateRequest ServerHelloDone *Certificate *CertificateVerify ClientKeyExchange ChangeCipherSpec Finished *=optional

10 110 The Server Responds Server Sends ServerHello –SSL version that will be used –32-byte random number –SessionID –Encryption method that will be used –Compression method that will be used

11 111 Server Authentication To authenticate Server, Server sends Certificate –Server’s public key certificate –Issuing authority’s root certificate When Client receives Certificate, it decides whether or not to trust Server –This is the only step that might involve User if User never specified whether or not to trust issuing authority before

12 112 Still Shaking Hands Server Sends ServerKeyExchange –Any information necessary for public key encryption system If Sever wishes Client to be authenticated, Server sends CertificateRequest message –The client would respond to this with a Certificate message encrypted with Server’s public key Server sends ServerHelloDone

13 113 Client Responds Client sends ClientKeyExchange –Information necessary for public key encryption system –Encrypted with Server’s public key Compute secret keys using Key Derivation Function such as Diffie-Hellman If Client is being authenticated, Client sends CertificateVerify –Digest of previous messages encrypted with Client’s private key

14 114 ChangeCipherSpec Protocol Special protocol with only one message When Client processes encryption information, it sends ChangeCipherSpec message –Signals all following messages will be encrypted ChangeCipherSpec is always followed by Finished message

15 115 The End of the Beginning Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages After both Client and Server receive Finish messages, Handshaking phase is over All following communication is encrypted Encryption and compression methods can be changed with new ChangeCipherSpec messages

16 116 Alert and Application Protocols Alert protocol always two byte message –First byte indicates severity of message Warning or Fatal A Fatal alert will terminate the connection –Second byte indicate preset error code –Secure connection end alert not always used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used –Simply give a datagram to the Record Layer

17 117 Benefits Ease of implementation –For network application developers As easy as implementing unsecured Sockets –For network implementation developers Simply add layer to established network protocol stack –For Users Only need to authorize certificates

18 118 Drawbacks More bandwidth needed Slower Needs a dedicated port – 443 for HTTPS Assumes reliable transport for underlying transport protocol –No UDP –Implications for streaming media, VoIP

19 119 References Rescorla, Eric. SSL and TLS. Boston: Addison-Wesley, 2001 “Secure Sockets Layer.” Netscape Network. 2004. Netscape Communications Corporation. 2 Nov 2004 “Secure Socket Layer.” WindowSecurity.com. 22 July 2004. WindowSecurity.com. 2 Nov 2004 Thomas, Stephen A. SSL and TLS Essentials. New York: Wiley Computer Publishing, 2000 “Transport Layer Security.” Wikipedia the Free Encyclopedia. 1 Nov 2004. Wikipedia. 2 Nov 2004

Download ppt "11 Secure Sockets Layer (SSL) Protocol (SSL) Protocol Saturday, 08.05. 2010 University of Palestine Applied and Urban Engineering College Information Security."

Similar presentations

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? 1.2.3.4 Get index.htm from 1.2.3.4 Response from 1.2.3.4.

Web security (Spoofing & TLS & DNS) Ge Zhang. Web surfing yahoo IP of yahoo? Get index.htm from Response from
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.

Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –

Similar presentations

Ads by Google