Download presentation
Presentation is loading. Please wait.
1
SSL Trust Pitfalls Prof. Ravi Sandhu
2
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Protocol Record Protocol
3
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Protocol Record Protocol
4
SINGLE ROOT CA MODEL Root CA a b c d e f g h i j k l m n o p Root CA
User
5
SINGLE ROOT CA MULTIPLE RA’s MODEL
b c d e f g h i j k l m n o p User RA Root CA
6
MULTIPLE ROOT CA’s MODEL
b c d e f g h i j k l m n o p Root CA User Root CA User Root CA User
7
ROOT CA PLUS INTERMEDIATE CA’s MODEL
Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p
8
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p
9
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p
10
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p
11
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL
Essentially the model on the web today Deployed in server-side SSL mode Client-side SSL mode yet to happen
12
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Protocol Record Protocol
13
SERVER-SIDE MASQUARADING
Bob Web browser Web server Server-side SSL Ultratrust Security Services
14
SERVER-SIDE MASQUARADING
Bob Web browser Web server Server-side SSL Server-side SSL Ultratrust Security Services Mallory’s Web server BIMM Corporation
15
SERVER-SIDE MASQUARADING
Bob Web browser Web server Server-side SSL Server-side SSL Ultratrust Security Services BIMM Corporation Mallory’s Web server Ultratrust Security Services
16
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Protocol Record Protocol
17
MAN IN THE MIDDLE MASQUARADING PREVENTED
Client Side SSL end-to-end Ultratrust Security Services Bob Web browser Web server Bob Ultratrust Security Services Client-side SSL Client-side SSL BIMM Corporation BIMM Corporation Mallory’s Web server Ultratrust Security Services Ultratrust Security Services Bob
18
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services Ultratrust Security Services BIMM.com
19
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Web browser BIMM.com Web server Client-side SSL SRPC Ultratrust Security Services BIMM.com
20
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Web browser BIMM.com Web server Client-side SSL PPC Ultratrust Security Services BIMM.com
21
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Web browser BIMM.com Web server Client-side SSL SRPC Ultratrust Security Services PPC BIMM.com
22
PKI AND TRUST Got to be very careful Not a game for amateurs
Not many professionals as yet
Similar presentations
