Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

Published byEric Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan."— Presentation transcript:

1 Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan

2 The Plain Text HTTP Consider the following HTTP request passed in clear text: POST /search HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 71 credit_card_num=1234567890123456&exp_date=2006-05& name=Chris%20Shiflett

3 Security For HTTP We need a technology for HTTP that provides:  Server authentication Clients know they’re talking to the real server  Client authentication Servers know they’re talking to the real client  Integrity Servers & clients are safe from their data being altered  Encryption Clients & servers talk privately without fear of eavesdropping  Efficiency An algorithm fast enough for inexpensive clients and servers to use

4 Security For HTTP  Ubiquity Protocols are supported by virtually all clients and servers  Administrative scalability Instant secure communication for anyone, anywhere  Adaptibility Supports the best known security methods of the day

5 HTTPS Overview Stands for HTTP Secure HTTP sent over secure transport layer (Secure Socket Layer) The most popular secure form of HTTP Pioneered by Netscape Corp. In 1994, Netscape released the spec of Secure Socket Layer By 1995, version 3.0 of SSL was released Supported by all major browsers & servers Dramatically changed the way people used the web The URL will start with https:// instead of http://https://http:// Some browser also display iconic security cues

6 HTTPS Overview

7 Secure Socket Layer (SSL) provides:  Data Integrity Can help ensure that HTTP data can’t be changed while in transit  Data Confidentiality Provides strong cryptographic techniques used to encrypt HTTP messages  Identification Can offer reasonable assurance as to the identity of a Web Server Can also be used to validate the identity of a client, but this is less common

8 HTTPS Overview Compared with HTTP in TCP/IP Protocol Stack Server Port: 80 Server Port: 443

9 HTTP & HTTPS Transactions Initiate connection

10 HTTP & HTTPS Transactions Exchange data

11 HTTP & HTTPS Transactions Terminate connection

12 SSL Security Parameters Handshake

13 HTTPS Server Certificate

14 Site Certificate Validation SSL doesn’t require you to examine the web server But modern browser do some simple sanity checks on certificates, the steps are:  Date check Check start/end date, ensure cert is still valid  Signer trust check Cert is signed by well-known trusted Cerfiticate Authority  Signature check Check cert integrity by applying the signing CA’s public key to the signature and comparing it to the checksum  Site identity check Domain name in cert matches with the server they’re talking to

15 Certificate Authorities CA is used to assure that a particular public key belongs to a particular person (or domain name, for example: its-sby.edu) CA is a trusted 3 rd party that assures the identity of a public key’s owner with a digital certificate Digital cert is a document declaring a particular pub-key is owned by a particular web site CA’s role is very similar to a notary whose responsibility is to ensure the correct identity of people signing a legal document

16 Tunnelling Secure Traffic Through Proxies Corporate firewall proxy

17 Tunnelling Secure Traffic Through Proxies Proxy can’t read the encrypted HTTP header, so it won’t know where to forward the request A few modifications are needed to tell the proxy where to connect One popular technique is the HTTPS SSL tunnelling protocol

18 SSL Tunnelling To allow SSL traffic to flow through proxy firewalls, a tunnelling feature was added to HTTP Encrypted data is placed inside HTTP messages and sent through normal HTTP channels

19 SSL Tunnelling Tunnels let non-HTTP traffic flow through HTTP connections

20 SSL Tunnelling Direct SSL connection vs. tunnelled SSL connection

Download ppt "Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Similar presentations

Ads by Google