Secure Socket Layer                  Presented By,             Raghavendra M Rao
SSL   Secure socket layer is security protocol to provide    privacy and reliability between two communicating    applica...
History   SSL – Secure Sockets Layer Version 2.0 Initially    developed by Netscape 1995. SSL 2.0 is sensitive to    man-...
Why and what is the use of SSL??Problem : Internet and the Web are extremely vulnerable tocompromises of various sorts. As...
Without SSL   Eavesdropping.   Tamper   Interception   No authentication
IMPLEMENTATION   Internet   Financial Institution   Insurance companies   Emails   Business to Business Networks- BtoB
SSL - Protocol Layers
How SSL Works!   SSL is a layered protocol it has 4 protocols in 2    layers.        1. SSL Record Protocol        2. SSL...
SSL Protocol Stack
SSL Procedures   SSL has three phase       Handshake       Key Derivation       Data Transfer
How SSL Works Cont.   A Connection   A Session
Handshake
   Step 1: A customer makes a connection to xyz.com on an SSL port, typically    443. This connection is denoted with htt...
ssl 2.0 vs. ssl 3.0   The major differences between the two protocols include is SSL    Version 3.0 handshake protocol fl...
TLS vs. SSL   The following is from RFC 2246:"The differences between this protocol and SSL 3.0are not dramatic, but they...
TLS 1.1 vs. TLS 1.2   The MD5/SHA-1 combination in the pseudorandom function (PRF) has been    replaced with cipher-suite...
Cont.   Addition of support for authenticated encryption with    additional data modes.   TLS Extensions definition and ...
SSL – Supported TCP-based ProtocolsServiceName   Port       Secured Servicehttps         443/tcp    http protocol over TLS...
Patents   Companies which provides SSL certificate.docx   SSL PATENTS.docxTransport Layer Security Version 1.0 http://w...
Upcoming SlideShare
Loading in...5
×

Sequere socket Layer

300

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
300
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sequere socket Layer

  1. 1. Secure Socket Layer Presented By, Raghavendra M Rao
  2. 2. SSL Secure socket layer is security protocol to provide privacy and reliability between two communicating applications. Confidentiality Integrity Authentication
  3. 3. History SSL – Secure Sockets Layer Version 2.0 Initially developed by Netscape 1995. SSL 2.0 is sensitive to man-in-the-middle attacks leading to the negotiation of weak 40-bit encryption keys. „ SSL – Secure Sockets Layer Version 3.0, Internet Draft authored by Netscape, November1996 IETF (Internet Engineering Task Force, the body in charge of the core internet protocols, including the TCP/IP protocol) made SSL Version 3 an open standard in 1999 and called it TLS(Transport Layer Security) Version 1. TLS 1.1 was defined in RFC 4346 in April 2006. TLS 1.2 was defined in RFC 5246 in August 2008
  4. 4. Why and what is the use of SSL??Problem : Internet and the Web are extremely vulnerable tocompromises of various sorts. As businesses utilize the Internet formore than information dissemination, they will need to use trustedsecurity mechanisms.Solution : implement security as a protocol that sits between theunderlying transport protocol (TCP) and the application. The foremostexample of this approach is the Secure Sockets Layer (SSL) and thefollow-on Internet standard of SSL known as Transport LayerSecurity(TLS).Original goals:  Had Web e-commerce transactions in mind  Encryption (especially credit-card numbers)  Web-server authentication  Optional client authentication  Minimum hassle in doing business with new merchant
  5. 5. Without SSL Eavesdropping. Tamper Interception No authentication
  6. 6. IMPLEMENTATION Internet Financial Institution Insurance companies Emails Business to Business Networks- BtoB
  7. 7. SSL - Protocol Layers
  8. 8. How SSL Works! SSL is a layered protocol it has 4 protocols in 2 layers. 1. SSL Record Protocol 2. SSL Handshake Protocol 3. SSL Cipher Change Protocol 4. SSL Alert Protocol
  9. 9. SSL Protocol Stack
  10. 10. SSL Procedures SSL has three phase Handshake Key Derivation Data Transfer
  11. 11. How SSL Works Cont. A Connection A Session
  12. 12. Handshake
  13. 13.  Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http. Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed. The xyz.com public key must NOT be expired The xyz.com public key must be for xyz.com only The client must have the public key for Trustwave installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave root certificate. If the customer has Trustwave trusted public key, then they can trust that they are really communicating with XYZ, Inc. Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key. Step 4: xyz.com will next create a unique hash and encrypt it using both the customers public key and xyz.coms private key, and send this back to the client. Step 5: Customers browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it. Step 6: Customer and website can now securely exchange information.
  14. 14. ssl 2.0 vs. ssl 3.0 The major differences between the two protocols include is SSL Version 3.0 handshake protocol flows are different than SSL Version 2.0 handshake flows. SSL Version 3.0 uses the BSAFE 3.0 implementation from RSA Data Security, Incorporated. BSAFE 3.0 includes a number of timing attack fixes and the SHA-1 hashing algorithm. The SHA-1 hashing algorithm is considered to be more secure than the MD5 hashing algorithm. SHA-1 allows SSL Version 3.0 to support additional cipher suites which use SHA-1 instead of MD5. SSL Version 3.0 protocol reduces man-in-the-middle (MITM) type of attacks from occurring during SSL handshake processing. In SSL Version 2.0, it was possible, though unlikely, that a MITM attack could accomplish cipher specification weakening. Weakening the cipher could allow an unauthorized person to break the SSL session key.
  15. 15. TLS vs. SSL The following is from RFC 2246:"The differences between this protocol and SSL 3.0are not dramatic, but they are significant enough thatTLS 1.0 and SSL 3.0 do not interoperate (althoughTLS 1.0 does incorporate a mechanism by which aTLS implementation can back down to SSL 3.0)."
  16. 16. TLS 1.1 vs. TLS 1.2 The MD5/SHA-1 combination in the pseudorandom function (PRF) has been replaced with cipher-suite-specified PRFs. All cipher suites in this document use P_SHA256. The MD5/SHA-1 combination in the digitally-signed element has been replaced with a single hash. Signed elements now include a field that explicitly specifies the hash algorithm used. Substantial cleanup to the clients and servers ability to specify which hash and signature algorithms they will accept. Note that this also relaxes some of the constraints on signature and hash algorithms from previous versions of TLS.
  17. 17. Cont. Addition of support for authenticated encryption with additional data modes. TLS Extensions definition and AES Cipher Suites were merged in from external [TLSEXT] and [TLSAES]. Tighter checking of Encrypted Pre-Master Secret version numbers tightened up a number of requirements. Verify data length now depends on the cipher suite (default is still 12). Cleaned up description of Bleichenbacher/Klima attack defenses.
  18. 18. SSL – Supported TCP-based ProtocolsServiceName Port Secured Servicehttps 443/tcp http protocol over TLS/SSL„ smtps 465/tcp smtp protocol over TLS/SSL„ nntps 563/tcp nntp protocol over TLS/SSL„ sshell 614/tcp SSLshell„ ldaps 636/tcp ldap protocol over TLS/SSL„ ftps-data 989/tcp ftp protocol, data, over TLS/SSL„ ftps 990/tcp ftp, control, over TLS/SSL„ telnets 992/tcp telnet protocol over TLS/SSL„ imaps 993/tcp imap4 protocol over TLS/SSL„ ircs 994/tcp irc protocol over TLS/SSL„ pop3s 995/tcp pop3 protocol over TLS/SSL
  19. 19. Patents Companies which provides SSL certificate.docx SSL PATENTS.docxTransport Layer Security Version 1.0 http://www.ietf.org/rfc/rfc2246.txtTransport Layer Security Internet draft 3.0 http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×