Presentation is loading. Please wait.

Presentation is loading. Please wait.

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No-130420107036.

Published byFlorence Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No-130420107036."— Presentation transcript:

1 SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No-130420107036 Sub- Basic Electronics

2 the Hackers to hack all the personal information of the users. Different type of security measures are used to provide the security to the internet technology, one of them is the SSL or the secure socket layer.

3 History Need for secure web communication Need for secure web communication Netscape Netscape Worried especially about credit card transaction over the web Worried especially about credit card transaction over the web Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary Also worried about ease of implementation since they wanted this to be industry-standard, not proprietary SSLv1 - 1994 SSLv1 - 1994

4 SSLv2 SSLv2 also released in 1994 SSLv2 also released in 1994 SSLv1 wasn’t widely implemented SSLv1 wasn’t widely implemented Rules for establishing secure connection Rules for establishing secure connection Rules for public key encryption Rules for public key encryption Optional certificate-based authentication for servers and even clients Optional certificate-based authentication for servers and even clients Flexible Flexible No specifically required encryption, compression, or key generation algorithm No specifically required encryption, compression, or key generation algorithm

5 SSL Roles Two roles Two roles Client Client Initiates communication, lists possibilities for choices Initiates communication, lists possibilities for choices Server Server Listens for client connections, chooses from possibilities sent from clients Listens for client connections, chooses from possibilities sent from clients Both roles simply add Secure Sockets Layer to protocol stack Both roles simply add Secure Sockets Layer to protocol stack

6 The Four Upper Layer Protocols Handshaking Protocol Handshaking Protocol Establish communication variables Establish communication variables ChangeCipherSpec Protocol ChangeCipherSpec Protocol Alert to a change in communication variables Alert to a change in communication variables Alert Protocol Alert Protocol Messages important to SSL connections Messages important to SSL connections Application Encryption Protocol Application Encryption Protocol Encrypt/Decrypt application data Encrypt/Decrypt application data

7 Record Layer Frames and encrypts upper level data into one protocol for transport through TCP Frames and encrypts upper level data into one protocol for transport through TCP 5 byte frame 5 byte frame 1 st byte protocol indicator 1 st byte protocol indicator 2 nd byte is major version of SSL 2 nd byte is major version of SSL 3 rd byte is minor version of SSL 3 rd byte is minor version of SSL Last two bytes indicate length of data inside frame, up to 2 14 Last two bytes indicate length of data inside frame, up to 2 14 Message Authentication Code (MAC) Message Authentication Code (MAC) MAC secures connection in two ways MAC secures connection in two ways Ensure Client and Server are using same encryption and compression methods Ensure Client and Server are using same encryption and compression methods

8 The Process Begins Client Sends ClientHello Client Sends ClientHello Highest SSL version supported Highest SSL version supported 32-byte random number 32-byte random number List of supported encryption & compression methods List of supported encryption & compression methods The Server Responds The Server Responds Server Sends ServerHello Server Sends ServerHello SSL version that will be used SSL version that will be used 32-byte random number 32-byte random number Encryption & Compression method that will be used Encryption & Compression method that will be used

9 Server Authentication To authenticate Server, Server sends Certificate To authenticate Server, Server sends Certificate Server’s public key certificate Server’s public key certificate Issuing authority’s root certificate Issuing authority’s root certificate When Client receives Certificate, it decides whether or not to trust Server When Client receives Certificate, it decides whether or not to trust Server This is the only step that might involve User if User never specified whether or not to trust issuing authority before This is the only step that might involve User if User never specified whether or not to trust issuing authority before

10 Client Responds Client sends ClientKeyExchange Client sends ClientKeyExchange Information necessary for public key encryption system Information necessary for public key encryption system Encrypted with Server’s public key Encrypted with Server’s public key Compute secret keys using Key Derivation Function such as Diffie-Hellman Compute secret keys using Key Derivation Function such as Diffie-Hellman If Client is being authenticated, Client sends CertificateVerify If Client is being authenticated, Client sends CertificateVerify Digest of previous messages encrypted with Client’s private key Digest of previous messages encrypted with Client’s private key

11 ChangeCipherSpec Protocol Special protocol with only one message Special protocol with only one message When Client processes encryption information, it sends ChangeCipherSpec message When Client processes encryption information, it sends ChangeCipherSpec message Signals all following messages will be encrypted Signals all following messages will be encrypted ChangeCipherSpec is always followed by Finished message ChangeCipherSpec is always followed by Finished message

12 The End of the Beginning Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages Upon receipt of ChangeCipherSpec, Server sends its own ChangeCipherSpec and Finished messages After both Client and Server receive Finish messages, Handshaking phase is over After both Client and Server receive Finish messages, Handshaking phase is over All following communication is encrypted All following communication is encrypted Encryption and compression methods can be changed with new ChangeCipherSpec messages Encryption and compression methods can be changed with new ChangeCipherSpec messages

13 Alert and Application Protocols Alert protocol always two byte message Alert protocol always two byte message First byte indicates severity of message First byte indicates severity of message Warning or Fatal Warning or Fatal A Fatal alert will terminate the connection A Fatal alert will terminate the connection Second byte indicate preset error code Second byte indicate preset error code Secure connection end alert not always used Secure connection end alert not always used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used Application Protocol is HTTP, POP3, SMTP, or whatever application is being used Simply give a datagram to the Record Layer Simply give a datagram to the Record Layer

14 Benefits Ease of implementation Ease of implementation For network application developers For network application developers As easy as implementing unsecured Sockets As easy as implementing unsecured Sockets For network implementation developers For network implementation developers Simply add layer to established network protocol stack Simply add layer to established network protocol stack For Users For Users Only need to authorize certificates Only need to authorize certificates

15 Drawbacks More bandwidth needed More bandwidth needed Slower Slower Needs a dedicated port – 443 for HTTPS Needs a dedicated port – 443 for HTTPS Assumes reliable transport for underlying transport protocol Assumes reliable transport for underlying transport protocol No UDP No UDP Implications for streaming media, VoIP Implications for streaming media, VoIP

16 Summary Need for secure communication Need for secure communication Netscape issues SSL spec Netscape issues SSL spec The 4 SSL protocols The 4 SSL protocols Message Authentication Code Message Authentication Code Alert and Application messages Alert and Application messages Benefits and Drawbacks Benefits and Drawbacks

Download ppt "SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No-130420107036."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 8 Web Security.

Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Similar presentations

Ads by Google