Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.

Published byIra Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope."— Presentation transcript:

1 1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope

2 Flash Back 2

3 3 Agenda SSL Basics SSL Basics Authentication in SSL Authentication in SSL

4 4 SSL Usage Authenticate the server to the clientAuthenticate the server to the client Allow the client and server to select cryptographic algorithms, or ciphers, that they both support using CipherSuites in Hello messageAllow the client and server to select cryptographic algorithms, or ciphers, that they both support using CipherSuites in Hello message E.g. SSL_RSA_With_RC4_128_MD5 Optionally authenticate the client to the serverOptionally authenticate the client to the server Use public key encryption techniques to generate shared secretUse public key encryption techniques to generate shared secret Establish an encrypted SSL connectionEstablish an encrypted SSL connection

5 5 Secure Socket Layer SSL is a secure protocol which runs above TCP/IP and allows users to encrypt data and authenticate servers/vendors identity securely Application layer Transport layer TCP/IP layer SMTPSFTPSHTTPS SECURE SOCKET LAYER

6 6 SSL Stack

7 7 SSL Handshake SSL handshake verifies the server and allows client and server to agree on an encryption set before any data is sent out

8 8 SSL Handshake

9 Understanding the Concept of Public Key Certificate 9

10 Public Key Certificates 10

11 11 SSL Handshake Server Client Public key Private key Client request Public key

12 Precisely 12

13 13 SSL Handshake SSL version number client supported (v2, v3) Ciphers supported client (DES, RC2, RC4) Client Random Number SSL version number server picked (v2, v3) Ciphers server picked (DES, RC2, RC4) Server Random Number Server Client Public key Private key Public key Certificate

14 14 Verify Certificate Checking Server Client Public key Private key Client request Certificate Valid Public key Certificate is Good and Valid Server/vendor has been verified and authenticated Client has vendor’s public key and can now encrypt pre-master to send to server/vendor

15 15 Verify Server Certificate

16 16 Not-recognizable Certificate

17 17 SSL Session Key Server Client Public key Private key Public keyPre-Master Session key

18 18 Secure Data on Network Server Client Public key Private key Session key Data Session key Data Session key Data

19 SSL Handshake - details Client Server Generate Challenge Return Server Certificate Decrypt pre-master session key Generates pre-master session key Encyrpt: pre-master session key Verify server certificate Encrypt random challenge phrase Decrypt and verify challenge phrase Hello, Challenge Server Cert {pre-master session Key} Server's public key {Client's Challenge}sessionKey Server Authentication

20 SSL Handshake Client Server Decrypt challenge Decrypt Message Digest Verify Client certificate and recompute message digest Done Calculate message digest on Challenge and Server certificate (Challenge phrase) Server private key [Message Digest ] Client private key Client Certificate (Session Identifier) sessionKey Client Authentication Generate new challenge Requests Client certificate

21 21 Client Certificate (optional) Client only sends a certificate upon the receipt of a certificate request –Sends after receiving server hello done –If the client does not have a suitable certificate, it sends a no certificate alert Server will respond with a fatal handshake failure if a client certificate is necessaryServer will respond with a fatal handshake failure if a client certificate is necessary

22 22 Verify Client Certificate

23 23 SSL Architecture

24 24 Change Cipher Spec Protocol The change cipher spec protocol is used to change the encryption being used by the client and server. It is normally used as part of the handshake process to switch to symmetric key encryption.The change cipher spec protocol is used to change the encryption being used by the client and server. It is normally used as part of the handshake process to switch to symmetric key encryption. Before the Finished messageBefore the Finished message

25 25 SSL Architecture

26 26 Alert Layer Explain severity of the message and a descriptionExplain severity of the message and a description –fatal Immediate terminationImmediate termination Other connections in session may continueOther connections in session may continue Session ID invalidated to prevent failed session to open new sessionsSession ID invalidated to prevent failed session to open new sessions Alerts are compressed same as other dataAlerts are compressed same as other data

27 27 SSL Architecture

28 28 SSL Record Protocol Operation

29 29 Record Layer Compression and decompressionCompression and decompression A MAC is applied to each record using the MAC algorithm defined in the current cipher specA MAC is applied to each record using the MAC algorithm defined in the current cipher spec Encryption occurs after compressionEncryption occurs after compression May need fragmentationMay need fragmentation

30 30 Review the SSL Handshake

31 31 SSL Handshake Client hello Server hello Present Server Certificate *Request Client Certificate Server Key Exchange Client Finish *Present Client Certificate Client Key Exchange *Certificate Verify Change Cipher Spec Server Finish Change Cipher Spec Client Server Application Data

32 For any Query Please email me: prosanta.nitdgp@gmail.com prosanta.nitdgp@gmail.com 32

33 33 古早密碼學 古典密碼學 資安號 Privacy Integrit y Authentication Network Security Services Authentication

34 34 Thanks!

Download ppt "1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Web security: SSL and TLS

Web security: SSL and TLS
1 Secure Socket Layer Yu YangYu Yang Lilly WangLilly Wang.

1 Secure Socket Layer Yu YangYu Yang Lilly WangLilly Wang.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

Similar presentations

Ads by Google