SSl and certificates


Published on

Published in: Technology, Education
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SSl and certificates

  1. 1. Topic: Implementation of SSL & TLS for Application servers 03/19/08
  2. 2. Introduction: <ul><li>Internet - network for everyone. </li></ul><ul><li>Everyone and everything open. </li></ul><ul><li>Highly insecure Internet </li></ul><ul><li>Thus, Netscape Corporation -protocol SSL. </li></ul><ul><li>For secure Transactions. </li></ul>03/19/08
  3. 3. <ul><li>SSL – Secured Socket Layer </li></ul><ul><li>Protocol for data encryption . </li></ul><ul><li>Open & nonproprietary protocol . </li></ul><ul><li>Current implementation-OpenSSL </li></ul><ul><li>used for: </li></ul><ul><ul><ul><ul><li>data-encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>server authentication </li></ul></ul></ul></ul><ul><ul><ul><ul><li>data integrity </li></ul></ul></ul></ul><ul><ul><ul><ul><li>client authentication </li></ul></ul></ul></ul>03/19/08
  4. 4. <ul><li>  </li></ul><ul><li>Enhance and ensure transactional data </li></ul><ul><li>Securing transactions on the Web using Apache-SSL. </li></ul><ul><li>Securing user access for remote access </li></ul><ul><li>Securing e-mail services (IMAP, POP3)   </li></ul>03/19/08
  5. 5. TLS: <ul><li>Transport Layer Security(TLS)‏ </li></ul><ul><li>Provides security at transport layer. </li></ul><ul><li>Non –proprietory version of SSL. </li></ul><ul><li>Allows two parties to exchange messages in secure environment. </li></ul>03/19/08
  6. 6. Position of TLS: 03/19/08
  7. 7. TLS requirements : <ul><li>Protocols: </li></ul><ul><li>* entity authentication protocol </li></ul><ul><li>*message authentication protocol </li></ul><ul><li> *encryption/decryption protocol </li></ul><ul><li>Each party uses a predefined function to create session keys. </li></ul><ul><li>Digest calculated & appended to each message . </li></ul><ul><li>Message & digest are encrypted using encryption /decryption protocols. </li></ul><ul><li>Each party extracts necessary keys and parameters for message authentication & encryption/decryption . </li></ul>03/19/08
  8. 8. * In Greek means “secret writing.” *Refers to the science and art of transforming messages to make them secure and immune to attacks. Types of Cryptography: Symmetric-Key Cryptography Asymmetric-Key Cryptography
  9. 9. Symmetric-key cryptography
  10. 10. Asymmetirc Cryptography: <ul><li>Use two keys – public & private key. </li></ul><ul><li>keys -completely independent . </li></ul><ul><li>a private key cannot be deduced from a public one. </li></ul><ul><li>sign a message using public key, only the holder of the private key can read it. </li></ul><ul><li>public key is open. </li></ul><ul><li>Private key is secret. </li></ul>03/19/08
  11. 11. Asymmetric-key encryption
  12. 12. 03/19/08 Asymmetric Encryption/Decryption
  13. 13. <ul><li> Asymmetric cryptography </li></ul><ul><li>Simulate the security properties of a handwritten signature </li></ul><ul><li>Two algorithms- 1. for signing which involves the user' private key , </li></ul><ul><li> 2. for verifying signatures which involves the user's public key . </li></ul>03/19/08
  14. 14. TCP/IP Protocol Suite Hash function
  15. 15. TCP/IP Protocol Suite Sender site
  16. 16. Receiver site
  17. 17. 03/19/08 <ul><li>Your public key: </li></ul><ul><li>Your name & e-mail address: </li></ul><ul><li>Expiration date of the public key: </li></ul><ul><li>Name of the company: </li></ul><ul><li>Serial number of the Digital ID </li></ul>
  18. 18. 03/19/08 Bob’s private key Bob’s public key Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself Bob’s Co-workers Pat Doug Susan
  19. 19. 03/19/08 &quot;Hey Bob, how about lunch at Taco Bell. I hear they have free refills!&quot; HNFmsEm6UnBejhhyCGKOKJUxhiygSBCEiC0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A <ul><ul><li>HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A </li></ul></ul>Susan Bob &quot; Hey Bob, how about lunch at Taco Bell. I hear they have free refills!&quot;
  20. 20. 03/19/08 Bob prepares a message Digest using Hash function
  21. 21. 03/19/08 Bob encrypts the digest with his private key. Digital Signature Created
  22. 22. 03/19/08 Digital Signature Appended to the Original document & Sent to Susan
  23. 23. 03/19/08 Separates Original Document & Digital signature
  24. 24. TCP/IP Protocol Suite Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Note:
  25. 25. Important tools: 1. GNUPG: <ul><li>Stands for GNU privacy guard . </li></ul><ul><li>Used for: </li></ul><ul><li>* encrypt data </li></ul><ul><li>*create digital signatures </li></ul><ul><li>*help authenticating using Secure Shell </li></ul><ul><li> * provide a framework for public key cryptography. </li></ul>03/19/08
  26. 26. <ul><li>OpenPGP part of the GNU Privacy Guard (GnuPG). </li></ul><ul><ul><li>provide digital encryption and signing services using the OpenPGP standard. </li></ul></ul><ul><li>2 </li></ul>03/19/08
  27. 27. 03/19/08 <ul><li>Standard sponsored by ITU </li></ul><ul><li>International standard for digital certificates used to authenticate digital signatures. </li></ul>X.509:
  28. 28. X.509 fields
  29. 29. 03/19/08 <ul><li>Certificate: </li></ul><ul><li>body of data placed in a message to serve as </li></ul><ul><li>Proof of the sender’s authenticity. </li></ul><ul><li>consists of encrypted information that associates </li></ul><ul><li>a public key with the true identity of an individual </li></ul><ul><li>Includes the identification and electronic signature of </li></ul><ul><li>Certificate Authority (CA). </li></ul><ul><li>Includes serial number and period of time when the </li></ul><ul><li>certificate is Valid </li></ul>
  30. 30. <ul><li>Why do I need Digital certificate ? </li></ul><ul><li>Authentication </li></ul><ul><li>Privacy </li></ul><ul><li>Integrity </li></ul><ul><li>Nonrepudiation </li></ul>03/19/08
  31. 31. Certificate Signing Request : <ul><li>Request made to a CA from an organization to obtain a digital certificate. </li></ul><ul><li>Requesting party includes information that proves its identity and digitally signs the CSR with the private key. </li></ul>03/19/08
  32. 32. 03/19/08 <ul><li>Certificate Authority : </li></ul><ul><li>trusted organization that issues certificates for </li></ul><ul><li>both servers and clients. </li></ul><ul><li>create digital certificates that securely bind the names of users to their public keys. </li></ul>Two types of CA: * Commercial CA * Self-certified private CA
  34. 34. Self-certified CA: <ul><li>Root-level commercial CA: </li></ul><ul><li>It’s self-certified. </li></ul><ul><li>Typically used in a LAN or WAN environment </li></ul>03/19/08
  35. 35. Public-key infrastructure(PKI)‏ <ul><li>provides public-key encryption & digital signature services. </li></ul><ul><li>Manage keys and certificates- organization establishes and maintains a trustworthy networking environment. </li></ul>03/19/08
  36. 36. E-mail server security: <ul><li>Biggest problem- unsolicited mail or spam. </li></ul><ul><li>Simple Mail Transport Protocol (SMTP) -simple & insecure. </li></ul><ul><li>biggest abuse of e-mail service- open mail relay. </li></ul>03/19/08
  37. 37. . 03/19/08 <ul><li>Open mail Relay: </li></ul><ul><ul><li>send unwanted emails to people </li></ul></ul><ul><ul><li>Waste resources. </li></ul></ul><ul><ul><li>legal problems for companies that leave their email system open. </li></ul></ul>
  38. 38. Web-server security <ul><li>The Web site hacked because holes in applications or scripts are exploited. </li></ul><ul><li>protecting Web site - understanding & identifying security risks. </li></ul>03/19/08
  39. 39. Conclusion <ul><li>Secure Digital transactions- an important part of electronic commerce in the future. </li></ul><ul><li>Privacy of transactions, and authentication of all parties, is important for achieving the level of trust. </li></ul><ul><li>encryption algorithms and key-sizes must be robust enough to prevent observation by hostile entities </li></ul>03/19/08
  40. 40. Thank you