SlideShare a Scribd company logo

SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf

N
NiharikaDubey17

SSL/TLS

Engineering
1 of 28
Download to read offline
1 SSL/TLS
2 Transport Layer Security Protocols • Secure Socket Layer (SSL) – Originally designed to by Netscape to secure HTTP – Version 2 is being replaced by version 3 – Subsequently became Internet Standard known as TLS – Use TCP to provide a reliable end-to-end service – Application independent • Can be used for any application protocol: telnet, ftp.. • Transport Layer Security (TLS) – SSL 3.0 is very similar to TLS (RFC 2246)
3 Location of SSL • SSL is build on top of TCP • Provides a TCP like interface • In theory can be used by all type of applications in a transparent manner
4 SSL Architecture • Rely on TCP for a reliable communication • Two Layers – SSL Record Protocol provides basic security services – Handshake, change cipher spec, Alert..
5 SSL Basic Protocol
6 SSL Session and Connection • Each SSL session can be used for multiple connections • SSL Session – An association between the client and the server – Are used to avoid negotiation of new security parameters for each connection • SSL Connection – A connection is a transport that provides a suitable type of service – Each connection is associated with one session
7 SSL Session • A SSL session consists of – Session ID – X.509 public-key certificate of peer (could be null) – Compression Algorithm – Cipher Spec: • Encryption Algorithm, Message Digest Algorithm, etc – Master Secret: 48 Byte secret shared between the client and the server
8 An X.509 Certificate
9 Data Transmission using SSL (SSL Record Protocol)
10 SSL Record Format
11 SSL Record Protocol • 2 services: – Confidentiality • Using symmetric encryption with a shared secret key defined by Handshake protocol – Message integrity • Using a MAC with a shared secret key • Layered protocol: – Fragmentation application data into blocks – Compression – MAC – Encryption – Transmit over TCP
12 SSL Record Protocol Payload
13 Handshake Protocol • Establish security capabilities – Protocol version, session ID, cipher suite, compression method, IV • Server authentication and key exchange – Send certificate, key exchange, request client certificate • Client authentication and key exchange – Send certificate, key exchange, certificate verification • Finish
14 SSL Change Cipher Spec Protocol • one of 3 SSL specific protocols which use the SSL Record protocol • a single message • causes pending state to become current • hence updating the cipher suite in use
15 SSL Alert Protocol • conveys SSL-related alerts to peer entity • severity • warning or fatal • specific alert • unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter • close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown • compressed & encrypted like all SSL data
16 Master Secret Creation • The master secret is a one-time 48-byte value – A Pre-master key is exchanged first • RSA or Diffie-Hellman – Master secret is computed from the pre-master secret, client random and server random
17 Generation of Cryptographic Parameters • Session Key: Generated from the master secret, client random, and server random – Client write MAC secret – Server write MAC secret – Client Write Key – Server Write Key – Client Write IV – Server Write IV
18 Application Ports used with SSL
19 Web Securities
20 How the Web Works - HTTP • Hypertext transfer protocol (http). • Clients request “documents” (or scripts) through URL. • Server response with “documents”. • Stateless protocol, requests are independent.
21 How the Web Works: Other Elements • Hyper-text markup language (html). • Other application specific document. – e.g., MIME, graphics, video/audio, postscript, Java applets, etc. • Browsers. – Display html documents and embedded graphics. – Run Java program. – Start helper applications. – ...
22 Web Vulnerabilities • http://www.w3.org/Security/Faq • Revealing private information on server • Intercept of client information • Execute unauthorized programs • Denial of service • ...
23 Web Security • Authentication: – Basic (username, password) • Can be used along with cookie – Digest • Access control via addresses • Multi-layered: – S-http (secure http), just for http • Proposed by CommerceNet, pretty much dead – SSL (TLS), generic for TCP • https: http over SSL – IPSec
24 HTTP Authentication - Basic • Client doesn’t know which method • Client attempts access (GET, PUT, …) normally • Server returns – “401 unauthorized” – Realm: protection space • Client tries again with (user:password) – Passwords in the clear – Repeated for each access
25 From Basic Authentication to Forms and Cookies • Not all sites use basic authentication • Many instead ask the user to type username/password into a HTML form • Server looks up the user and sends back a cookie • The browser (client) resends the cookie on subsequent requests
26 HTTP Access Control - Digest • Server sends www-authenticate parameters: – Realm – Domain – Nonce, new for each 401 response • e.g.. H(client-IP:timestamp:server-secret) – Algorithm • e.g., MD5
27 HTTP Access Control - Digest
28 HTTP Access Control - Digest

Recommended

SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
PranavUndre1
 
Unit08
Unit08Unit08
Unit08
Nurul Nadirah
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
Muhammad Ahmad Nazar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
rajakhurram
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 

Recommended

SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
PranavUndre1
 
Unit08
Unit08Unit08
Unit08
Nurul Nadirah
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
jithu26327
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
Muhammad Ahmad Nazar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
rajakhurram
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
ImXaib
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Unit -- 5.ppt
Unit -- 5.pptUnit -- 5.ppt
Unit -- 5.ppt
DHANABALSUBRAMANIAN
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
Sagar Mali
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
Application Layer and Protocols
Application Layer and ProtocolsApplication Layer and Protocols
Application Layer and Protocols
Rubal Sagwal
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
Sam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
Sam Bowne
 
Transportsec
TransportsecTransportsec
Transportsec
Bogdan Korniyenko
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
Sam Bowne
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
Hatem Mahmoud
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.ppt
SonukumarRawat
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
Nate Lawson
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
shashankmharse1533
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
Mohd Arif
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
Andrew S. Tanembaum, Computer Networks, 4th ed.ppt
Andrew S. Tanembaum, Computer Networks, 4th ed.pptAndrew S. Tanembaum, Computer Networks, 4th ed.ppt
Andrew S. Tanembaum, Computer Networks, 4th ed.ppt
NiharikaDubey17
 
researchconclavenitish-220715141929-be03069b (1).pptx
researchconclavenitish-220715141929-be03069b (1).pptxresearchconclavenitish-220715141929-be03069b (1).pptx
researchconclavenitish-220715141929-be03069b (1).pptx
NiharikaDubey17
 

More Related Content

Similar to SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf

BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
Sagar Mali
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
shashankmharse1533
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
Mohd Arif
 

Similar to SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf (20)

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Unit -- 5.ppt
Unit -- 5.pptUnit -- 5.ppt
Unit -- 5.ppt
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Application Layer and Protocols
Application Layer and ProtocolsApplication Layer and Protocols
Application Layer and Protocols
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
Transportsec
TransportsecTransportsec
Transportsec
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.ppt
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 

More from NiharikaDubey17

234-Article Text-423-1-10-20210316.pdf
234-Article Text-423-1-10-20210316.pdf234-Article Text-423-1-10-20210316.pdf
234-Article Text-423-1-10-20210316.pdf
NiharikaDubey17
 

More from NiharikaDubey17 (10)

Andrew S. Tanembaum, Computer Networks, 4th ed.ppt
Andrew S. Tanembaum, Computer Networks, 4th ed.pptAndrew S. Tanembaum, Computer Networks, 4th ed.ppt
Andrew S. Tanembaum, Computer Networks, 4th ed.ppt
 
researchconclavenitish-220715141929-be03069b (1).pptx
researchconclavenitish-220715141929-be03069b (1).pptxresearchconclavenitish-220715141929-be03069b (1).pptx
researchconclavenitish-220715141929-be03069b (1).pptx
 
Circuit and Packet Switching Methods Presentation
Circuit and Packet Switching Methods PresentationCircuit and Packet Switching Methods Presentation
Circuit and Packet Switching Methods Presentation
 
Packet Switching Technique in Computer Network
Packet Switching Technique in Computer NetworkPacket Switching Technique in Computer Network
Packet Switching Technique in Computer Network
 
ImageProcessing1-Introduction.ppt
ImageProcessing1-Introduction.pptImageProcessing1-Introduction.ppt
ImageProcessing1-Introduction.ppt
 
Basics Of Networking and routing.ppt
Basics Of Networking and routing.pptBasics Of Networking and routing.ppt
Basics Of Networking and routing.ppt
 
ch09.ppt
ch09.pptch09.ppt
ch09.ppt
 
Computer Science Proposal.pptx
Computer Science Proposal.pptxComputer Science Proposal.pptx
Computer Science Proposal.pptx
 
Computer Science Proposal Sample.pptx
Computer Science Proposal Sample.pptxComputer Science Proposal Sample.pptx
Computer Science Proposal Sample.pptx
 
234-Article Text-423-1-10-20210316.pdf
234-Article Text-423-1-10-20210316.pdf234-Article Text-423-1-10-20210316.pdf
234-Article Text-423-1-10-20210316.pdf
 

Recently uploaded

DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DrGurudutt
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
Kamal Acharya
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
Kamal Acharya
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 

Recently uploaded (20)

How to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdfHow to Design and spec harmonic filter.pdf
How to Design and spec harmonic filter.pdf
 
Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1Research Methodolgy & Intellectual Property Rights Series 1
Research Methodolgy & Intellectual Property Rights Series 1
 
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdfDR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
DR PROF ING GURUDUTT SAHNI WIKIPEDIA.pdf
 
Diploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdfDiploma Engineering Drawing Qp-2024 Ece .pdf
Diploma Engineering Drawing Qp-2024 Ece .pdf
 
Supermarket billing system project report..pdf
Supermarket billing system project report..pdfSupermarket billing system project report..pdf
Supermarket billing system project report..pdf
 
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
 
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
The battle for RAG, explore the pros and cons of using KnowledgeGraphs and Ve...
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
 
Operating System chapter 9 (Virtual Memory)
Operating System chapter 9 (Virtual Memory)Operating System chapter 9 (Virtual Memory)
Operating System chapter 9 (Virtual Memory)
 
Dairy management system project report..pdf
Dairy management system project report..pdfDairy management system project report..pdf
Dairy management system project report..pdf
 
ANSI(ST)-III_Manufacturing-I_05052020.pdf
ANSI(ST)-III_Manufacturing-I_05052020.pdfANSI(ST)-III_Manufacturing-I_05052020.pdf
ANSI(ST)-III_Manufacturing-I_05052020.pdf
 
Interfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfInterfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdf
 
Circuit Breaker arc phenomenon.pdf engineering
Circuit Breaker arc phenomenon.pdf engineeringCircuit Breaker arc phenomenon.pdf engineering
Circuit Breaker arc phenomenon.pdf engineering
 
Artificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian ReasoningArtificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian Reasoning
 
Intelligent Agents, A discovery on How A Rational Agent Acts
Intelligent Agents, A discovery on How A Rational Agent ActsIntelligent Agents, A discovery on How A Rational Agent Acts
Intelligent Agents, A discovery on How A Rational Agent Acts
 
ChatGPT Prompt Engineering for project managers.pdf
ChatGPT Prompt Engineering for project managers.pdfChatGPT Prompt Engineering for project managers.pdf
ChatGPT Prompt Engineering for project managers.pdf
 
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdfRESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
RESORT MANAGEMENT AND RESERVATION SYSTEM PROJECT REPORT.pdf
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptxROAD CONSTRUCTION PRESENTATION.PPTX.pptx
ROAD CONSTRUCTION PRESENTATION.PPTX.pptx
 

SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf

  • 2. 2 Transport Layer Security Protocols • Secure Socket Layer (SSL) – Originally designed to by Netscape to secure HTTP – Version 2 is being replaced by version 3 – Subsequently became Internet Standard known as TLS – Use TCP to provide a reliable end-to-end service – Application independent • Can be used for any application protocol: telnet, ftp.. • Transport Layer Security (TLS) – SSL 3.0 is very similar to TLS (RFC 2246)
  • 3. 3 Location of SSL • SSL is build on top of TCP • Provides a TCP like interface • In theory can be used by all type of applications in a transparent manner
  • 4. 4 SSL Architecture • Rely on TCP for a reliable communication • Two Layers – SSL Record Protocol provides basic security services – Handshake, change cipher spec, Alert..
  • 6. 6 SSL Session and Connection • Each SSL session can be used for multiple connections • SSL Session – An association between the client and the server – Are used to avoid negotiation of new security parameters for each connection • SSL Connection – A connection is a transport that provides a suitable type of service – Each connection is associated with one session
  • 7. 7 SSL Session • A SSL session consists of – Session ID – X.509 public-key certificate of peer (could be null) – Compression Algorithm – Cipher Spec: • Encryption Algorithm, Message Digest Algorithm, etc – Master Secret: 48 Byte secret shared between the client and the server
  • 9. 9 Data Transmission using SSL (SSL Record Protocol)
  • 11. 11 SSL Record Protocol • 2 services: – Confidentiality • Using symmetric encryption with a shared secret key defined by Handshake protocol – Message integrity • Using a MAC with a shared secret key • Layered protocol: – Fragmentation application data into blocks – Compression – MAC – Encryption – Transmit over TCP
  • 13. 13 Handshake Protocol • Establish security capabilities – Protocol version, session ID, cipher suite, compression method, IV • Server authentication and key exchange – Send certificate, key exchange, request client certificate • Client authentication and key exchange – Send certificate, key exchange, certificate verification • Finish
  • 14. 14 SSL Change Cipher Spec Protocol • one of 3 SSL specific protocols which use the SSL Record protocol • a single message • causes pending state to become current • hence updating the cipher suite in use
  • 15. 15 SSL Alert Protocol • conveys SSL-related alerts to peer entity • severity • warning or fatal • specific alert • unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter • close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown • compressed & encrypted like all SSL data
  • 16. 16 Master Secret Creation • The master secret is a one-time 48-byte value – A Pre-master key is exchanged first • RSA or Diffie-Hellman – Master secret is computed from the pre-master secret, client random and server random
  • 17. 17 Generation of Cryptographic Parameters • Session Key: Generated from the master secret, client random, and server random – Client write MAC secret – Server write MAC secret – Client Write Key – Server Write Key – Client Write IV – Server Write IV
  • 20. 20 How the Web Works - HTTP • Hypertext transfer protocol (http). • Clients request “documents” (or scripts) through URL. • Server response with “documents”. • Stateless protocol, requests are independent.
  • 21. 21 How the Web Works: Other Elements • Hyper-text markup language (html). • Other application specific document. – e.g., MIME, graphics, video/audio, postscript, Java applets, etc. • Browsers. – Display html documents and embedded graphics. – Run Java program. – Start helper applications. – ...
  • 22. 22 Web Vulnerabilities • http://www.w3.org/Security/Faq • Revealing private information on server • Intercept of client information • Execute unauthorized programs • Denial of service • ...
  • 23. 23 Web Security • Authentication: – Basic (username, password) • Can be used along with cookie – Digest • Access control via addresses • Multi-layered: – S-http (secure http), just for http • Proposed by CommerceNet, pretty much dead – SSL (TLS), generic for TCP • https: http over SSL – IPSec
  • 24. 24 HTTP Authentication - Basic • Client doesn’t know which method • Client attempts access (GET, PUT, …) normally • Server returns – “401 unauthorized” – Realm: protection space • Client tries again with (user:password) – Passwords in the clear – Repeated for each access
  • 25. 25 From Basic Authentication to Forms and Cookies • Not all sites use basic authentication • Many instead ask the user to type username/password into a HTML form • Server looks up the user and sends back a cookie • The browser (client) resends the cookie on subsequent requests
  • 26. 26 HTTP Access Control - Digest • Server sends www-authenticate parameters: – Realm – Domain – Nonce, new for each 401 response • e.g.. H(client-IP:timestamp:server-secret) – Algorithm • e.g., MD5