• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SSL/TLS
 

SSL/TLS

on

  • 3,029 views

An introduction to secure socket layer and its implemntation strategy using Java's JCE and JSSE

An introduction to secure socket layer and its implemntation strategy using Java's JCE and JSSE

Statistics

Views

Total Views
3,029
Views on SlideShare
3,009
Embed Views
20

Actions

Likes
5
Downloads
0
Comments
0

2 Embeds 20

http://www.slideshare.net 10
https://bb.csueastbay.edu 10

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SSL/TLS SSL/TLS Presentation Transcript

    • MaxQDPro Team Anjan.K Harish.R II Sem M.Tech CSE MaxQDPro : SSL & TLS 05/22/09 1
    •  Approaches for Security  Security Services in Network  SSL/TLS Overview  SSL Protocol  Cryptography Concepts- A refresher  JSSE Overview  JSSE Features  JSSE Architecture/Implementation  References 05/22/09 2 MaxQDPro : SSL & TLS
    •  Security in Digital environment can be imparted in mainly two ways ◦ As Algorithm that finally turns out to be software  Cryptographic Algorithm  Stegnography  Anagram ◦ As an Hardware  Smart Card  Locks  Flash Card  Biometric Sensors MaxQDPro : SSL & TLS 05/22/09 3
    •  Separate Security protocol ◦ SSL/TLS  Application-Specific Security ◦ HTTPs  Security within Core protocol ◦ IPsec  Parallel Security Protocol Focus on SSL/TLS ◦ Kerberos SSL X.509= TLS 1.0 ◦ 3.0 MaxQDPro : SSL & TLS 05/22/09 4
    •  SSL (Secured Socket Layer) was created by Netscape Communication Corporation in 1994  SSL provides a standard protocol operating over TCP/IP  SSL provides secured services: confidentiality through encryption, integrity via a MAC algorithm, optional authenticity and non-repudiation of both a socket client and a socket server. MaxQDPro : SSL & TLS 05/22/09 5
    •  SSL also operates under other TCP based protocols such as HTTP, NNTP, ...  SSL is the most widely used protocol for implementing cryptography on the web.  SSL v3 is the most current SSL standard.  TLS (Transport Security Protocol) defined by IETF, in 1999, extends SSL v3 with enhancements to the authentication aspects of the SSL algorithms.  RFC2246 is the TLS document MaxQDPro : SSL & TLS 05/22/09 6
    •  SSL connection is divided in to two phases: Handshake and Data Transfer  During handshake: - client and server agree on a set of algorithms - client and server establish a set of cryptographic keys - server optionally authenticates client  Data Transfer occurs after handshake is complete. Data (with MAC) is encrypted (secret key). Each data fragment has a Record header. MaxQDPro : SSL & TLS 05/22/09 7
    • Client Server (1) Supported ciphers, Random (2) Chosen cipher, Random, Certificate (3) Encrypted Master Secret (4)Compute keys (4) Compute keys (5) MAC of handshake messages (6) MAC of handshake messages MaxQDPro : SSL & TLS 05/22/09 8
    • 1. The client sends the server a list of algorithms it’s willing to support, along with a random number used as input to the key generation process 2. The server chooses a cipher out of that list and sends it back along with a certificate containing the server’s public key. The certificate also provides the server’s identity for authentication purposes and the server supplies a MaxQDPro : SSL & TLS 05/22/09 9
    • random number which is used as part of the key generation process 2. The client verifies the server’s certificate and extracts the server’s public key. The client then generates a random secret string called the pre_master_secret and encrypts it using the server’s public key. It sends the encrypted public key to the server. MaxQDPro : SSL & TLS 05/22/09 10
    • 1. The client and server independently compute the encryption and MAC keys from the pre_master_secret and the client and server’s random values. 2. The client sends a MAC of all the handshake messages to the server 3. The server sends a MAC of all the handshake messages to the client MaxQDPro : SSL & TLS 05/22/09 11
    •  Secret Key (Symmetric Key) Algorithms  Public Key (Asymmetric Key) Algorithms  Message Digest  Message Authentication Code (MAC)  Digital Signature  Digital Certificate MaxQDPro : SSL & TLS 05/22/09 12
    • Symmetric Key Algorithm Key Plain Text Cipher Text Plain Text Sender Receiver MaxQDPro : SSL & TLS 05/22/09 13
    • Public Key Encryption Step Receiver’s public key One Sender Receiver Plain Text Cipher Text Plain Text Step Two Sender Receiver Receiver’s Receiver’s public key private key MaxQDPro : SSL & TLS 05/22/09 14
    •  JSSE is a Java package that enables secure network communications: ◦ Data encryption, Authentication, Message integrity  Implements java version of SSL and TLS (Transport Layer Security) protocols  Using JSSE, we can provide secure transfer of data over TCP/IP and other protocols such as HTTP, Telnet, NNTP, IMAP, LDAP, FTP that runs over TCP/IP.  JSSE encompasses many of the same concepts and algorithms as those in JCE (Java Cryptography Extension) but automatically applies them underneath a simple stream socket API extension. Latest release is JSSE 1.0.2. This is & TLS a non- MaxQDPro : SSL 05/22/09 15 
    •  Pure Java implementation  Exportable  Supports for SSL v2 & v3, TLS1.0  Classes to create secure channels  Cipher suite negotiation  Client and Server authentication  Server session management APIs  Runs on Personal Java 3.1  HTTPS Support  RSA Cryptography Algorithms  Basic utilities for key and certificate management  Cryptographic suites, including: - RSA, RC4, DES, Triple DES, Diffie- Hellman, DSA etc MaxQDPro : SSL & TLS 05/22/09 16
    •  JSSE is based on the same design principles found else where in the Java Cryptography Architecture, such as: - Implementation Independence - Algorithm Independence - “Provider” architecture MaxQDPro : SSL & TLS 05/22/09 17
    •  javax.net.ssl - contains the set of core classes and interfaces for the JSSE APIs.  javax.net - this is not specific to the JSSE, but it is needed to support basic client socket and server socket factory functionality.  javax.security.cert - is also not specific to the JSSE, but it is needed to support basic certificate MaxQDPro : SSL & TLS 05/22/09 18
    •  com.sun.net.ssl Provides classes related to creating and configuring secure socket factories. These classes are provided with the Reference implementation of JSSE. They are not part of JSSE1.0.2 standard API, and thus may not be available with other implementations MaxQDPro : SSL & TLS 05/22/09 19
    • MaxQDPro : SSL & TLS 05/22/09 20
    •  SSLSocket - A socket that supports SSL, TLS secure socket protocols  SocketFactory - A factory for socket objects  SSLSocketFactory - A factory for ServerSocket objects  SSLServerSocket - A server socket that supports SSL, TLS secure socket protocols  ServerSocketFactory - A factory for ServerSocket objects MaxQDPro : SSL & TLS 05/22/09 21
    •  SSLServerSocketFactory - A factory for SSLServerSocket objects  SSLSession - An interface to an object encapsulating an SSL session  SSLSessionContext - An interface to an object encapsulating a collection of SSL sessions identified with a session ID  SSLBindingEvent - An event class encapsulating SSL session binding and unbinding events 05/22/09 22 MaxQDPro : SSL & TLS
    •  SSLBindingListener - A listener interface implemented by objects wanting to be made aware of SSL session binding and unbinding events  HandshakeCompletedEvent - An event class encapsulating the fact that an SSL handshake has completed  HandshakeCompletedListener - A listener interface implemented by objects wanting to be made aware of SSL handshke 05/22/09 23 MaxQDPro : SSL & TLS
    •  JSSE follows the same provider configuration scheme as in JCA - to configure statically, add a line in the [JRE-HOME]libsecurityjava.security file: security.provider.x=com.sun.net.ssl.internal.ssl.Provider - to configure dynamically, java.security.Provider provider = new com.sun.net.ssl.internal.ssl.Provider(); java.security.Security.addProvider(provider); MaxQDPro : SSL & TLS 05/22/09 24
    •  Approaches for Security  Security Services in Network  SSL/TLS – Separate Security Protocol  SSL Protocol  Cryptography Concepts- A refresher ◦ Symmetric Key ◦ Public Key  JSSE Overview  JSSE Features  JSSE Architecture/Implementation ◦ Classes and Packages MaxQDPro : SSL & TLS 05/22/09 25
    •  Java Secured Socket Extension 1.0.2 API User’s Guide  Java Security Handbook - Jamie Jaworski & Paul Perrone  java-security@sun.com archives  SSL and TLS Essentials: Securing the web - Stephen Thomas  SSL and TLS – Designing and Building Secured Systems - Eric Rescorla MaxQDPro : SSL & TLS 05/22/09 26
    •  http://java/sun.products/jsse  http://archives.java.sun.com/archives/java-security  http://home.netscape.com/eng/ssl3/ssl-toc.html  http://developer.netscape.com/docs/manuals/secu  http://www.iplanet.com/developer/docs/articles/se  http://www.ietf.org/rfc/rfc2246.txt MaxQDPro : SSL & TLS 05/22/09 27