SlideShare a Scribd company logo

Network Security_Module_2.pdf

•
•
D
Dr. Shivashankar

Network Security VTU syllabus Module 2

Engineering
1 of 24
Download to read offline
NETWORK SECURITY (18EC821) Visvesvaraya Technological University Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 3/9/2023 1 Dr. Shivashankar, E&CE, RRIT
Course Outcomes After Completion of the course, student will be able to: â–ŞExplain network security services and mechanisms and explain security concepts. â–ŞUnderstand the concept of Transport Level Security and Secure Socket Layer. â–ŞExplain security concerns in Internet Protocol Security. â–ŞExplain Intruders, Intrusion detection and Malicious Software. â–ŞDescribe Firewalls, Firewall characteristics, Biasing and Configuration. â–ŞText Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. â–ŞReference: â–ŞCryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 3/9/2023 2 Dr. Shivashankar, E&CE, RRIT
MODULE-2 TRANSPORT LAYER SECURITY Web Security Considerations • Web Security deals with the security of data over the internet/network or web or while it is being transferred to the internet. • For e.g. when you are transferring data between client and server and you have to protect that data that security of data is your web security. • Web presents new challenges not generally appreciated in the context of computer and network security: ➢ The Internet is two-way. ➢ The Web is increasingly serving as a highly visible outlet for corporate and product information and as the platform for business transactions. ➢ Web browsers are very easy to use. ➢ • A Web server can be exploited as a launching pad into the corporation’s or agency’s entire computer complex. ➢ Casual and untrained (in security matters) users are common clients for Web- based services. 3/9/2023 3 Dr. Shivashankar, E&CE, RRIT
Web Security Threats • Web security threats are a form of internet- borne cybersecurity risk that could expose users to online harm and cause undesired actions or events. • Web security issues can severely damage businesses and individuals. • Common types of web security threats include computer viruses, data theft, and phishing attacks. • Classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server. 3/9/2023 4 Dr. Shivashankar, E&CE, RRIT
A Comparison of Threats on the Web 3/9/2023 5 Dr. Shivashankar, E&CE, RRIT Threats Consequences Countermeasures Integrity • Modification of user data • Trojan horse browser • Modification of memory • Modification of message traffic in transit • Loss of information • Compromise of machine • Vulnerabilty to all other threats Cryptographic Confidentiality • Theft of info from server • Theft of data from client • Info about network configuration • Info about which client talks to server • Loss of information • Loss of privacy Encryption, Web proxies Denial of Service • Killing of user threads • Filling up disk or memory • Isolating machine by DNS attacks • Disruptive • Annoying • Prevent user from getting work done Difficult to prevent Authentication • Impersonation of legitimate users • Data forgery • Misrepresentation of user • Belief that false information is valid Cryptographic techniques
Web Traffic Security Approaches â–ŞOne way to provide Web security is to use IP Security. The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. â–ŞFurther, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing. 3/9/2023 6 Dr. Shivashankar, E&CE, RRIT (a) Network level (b) Transport level (c) Application level
Secure Socket Layer (SSL) â–ŞProvides security to the data that is transferred between web browser and server. â–ŞSSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack. SSL Architecture â–ŞSSL is designed to make use of TCP to provide a reliable end-to-end secure service. 3/9/2023 7 Dr. Shivashankar, E&CE, RRIT Figure 16.2 SSL Protocol Stack
CONTI… ▪Two important SSL concepts are the SSL session and the SSL connection: • Connection: A connection is a transport that provides a suitable type of service. • Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters which can be shared among multiple connections. A session state is defined by the following parameters. • Session identifier: An arbitrary byte sequence chosen by the server. • Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null. • Compression method: The algorithm used to compress data prior to encryption. • Cipher spec: Specifies the bulk data encryption algorithm • Master secret: 48-byte secret shared between the client and server. • Is resumable: A flag indicating whether the session can be used to initiate new connections. • Server and client random: Byte sequences that are chosen by the server and client for each connection. • Server write MAC secret: The secret key used in MAC operations on data sent by the server. • Client write MAC secret: The secret key used in MAC operations on data sent by the client. 3/9/2023 8 Dr. Shivashankar, E&CE, RRIT
SSL Record Protocol ▪The SSL Record Protocol provides two services for SSL connections: • Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. • Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC). 3/9/2023 9 Dr. Shivashankar, E&CE, RRIT Figure 16.3 SSL Record Protocol Operation
CONTI… SSL Record Protocol processing is to prepare a header consisting of the following fields: • Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment. • Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3. • Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0. • Compressed Length (16 bits): The length in bytes of the plaintext fragment. The maximum value is . 3/9/2023 10 Dr. Shivashankar, E&CE, RRIT Figure 16.4 SSL Record Format
Handshake Protocol ▪The most complex part of SSL is the Handshake Protocol. ▪This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record. ▪The Handshake Protocol is used before any application data is transmitted. Each message has three fields: • Type (1 byte): Indicates one of 10 messages. Table 16.2 lists the defined message types. • Length (3 bytes): The length of the message in bytes. • Content ( ≥ 0 bytes): The parameters associated with this message. 3/9/2023 11 Dr. Shivashankar, E&CE, RRIT
Transport Layer Security â–ŞTransport Layer Securities (TLS) are designed to provide security at the transport layer. â–ŞTLS was derived from a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or tampers with any message. â–ŞTLS is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL â–ŞTLS is defined as a Proposed Internet Standard in RFC 5246. RFC 5246 is very similar to SSLv3. In this section, we highlight the differences. â–ŞVersion Number: â–ŞFor the current version of TLS, the major version is 3 and the minor version is 3. â–ŞMessage Authentication Code: â–ŞThere are two differences between the SSLv3 and TLS MAC schemes: the actual algorithm and the scope of the MAC calculation. TLS makes use of the HMAC algorithm defined in RFC 2104. 3/9/2023 12 Dr. Shivashankar, E&CE, RRIT
CONTI… ▪Pseudorandom Function TLS makes use of a pseudorandom function referred to as PRF to expand secrets into blocks of data for purposes of key generation or validation. ▪The objective is to make use of a relatively small shared secret value but to generate longer blocks of data in a way that is secure from the kinds of attacks made on hash functions and MACs. 3/9/2023 13 Dr. Shivashankar, E&CE, RRIT Figure 16.7 TLS Function P_hash(secret, seed)
CONTI… Alert Codes ▪TLS supports all of the alert codes defined in SSLv3 with the exception of no_certificate. • record_overflow: A TLS record was received with a payload (ciphertext) • unknown_CA: A valid certificate chain or partial chain was received • access_denied: A valid certificate was received. • decode_error: A message could not be decoded, because either a field was out of its specified range or the length of the message was incorrect. • protocol_version: The protocol version the client attempted to negotiate • insufficient_security: Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. • unsupported_extension: Sent by clients that receive an extended server hello containing an extension not in the corresponding client hello. • internal_error: An internal error unrelated to the peer or the correctoness of the protocol makes it impossible to continue. • decrypt_error: A handshake cryptographic operation failed, including being unable to verify a signature, decrypt a key exchange, or validate a finished message. 3/9/2023 14 Dr. Shivashankar, E&CE, RRIT
CONTI… Cipher Suites There are several small differences between the cipher suites available under SSLv3 and under TLS: • Key Exchange: TLS supports all of the key exchange techniques of SSLv3 with the exception of Fortezza. • Symmetric Encryption Algorithms: TLS includes all of the symmetric encrypotion algorithms found in SSLv3, with the exception of Fortezza. Client Certificate Types TLS defines the following certificate types to be requested in a certificate_request message: rsa_sign, dss_sign, rsa_fixed_dh, and dss_fixed_dh. These are all defined in SSLv3. 3/9/2023 15 Dr. Shivashankar, E&CE, RRIT
HTTP ▪HTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server. ▪The HTTPS capability is built into all modern Web browsers. Its use depends on the Web server supporting HTTPS communication. For example, search engines ▪https:// rather than http://. A normal HTTP connection uses port 80. If HTTPS is specified, port 443 is used, which invokes SSL. When HTTPS is used, the following elements of the communication are encrypted: ▪ URL of the requested document • Contents of the document • Contents of browser forms (filled in by browser user) • Cookies sent from browser to server and from server to browser •Contents of HTTP header HTTPS is documented in RFC 2818, HTTP Over TLS. There is no fundamental change in using HTTP over either SSL or TLS, and both implementations are referred to as HTTPS. 3/9/2023 16 Dr. Shivashankar, E&CE, RRIT
CONTI… Connection Initiation ▪For HTTPS, the agent acting as the HTTP client also acts as the TLS client. ▪The client initiates a connection to the server on the appropriate port and then sends the TLS ClientHello to begin the TLS handshake. ▪When the TLS handshake has finished, the client may then initiate the first HTTP request. All HTTP data is to be sent as TLS application data. Need to be clear that there are three levels of awareness of a connection in HTTPS. 1. At the HTTP level, an HTTP client requests a connection to an HTTP server by sending a connection request to the next lowest layer. 2. At the level of TLS, a session is established between a TLS client and a TLS server. This session can support one or more connections at any time. 3. A TLS request to establish a connection begins with the establishment of a TCP connection between the TCP entity on the client side and the TCP entity on the server side. 3/9/2023 17 Dr. Shivashankar, E&CE, RRIT
CONTI… Connection Closure ▪An HTTP client or server can indicate the closing of a connection by including the following line in an HTTP record: Connection: close. This indicates that the connection will be closed after this record is delivered. The closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection. 1. At the TLS level, the proper way to close a connection is for each side to use the TLS alert protocol to send a close_notify alert. 2. TLS implementations must initiate an exchange of closure alerts before closing a connection. 3. A TLS implementation may, after sending a closure alert, close the connection without waiting for the peer to send its closure alert, generating an “incomplete close” 3/9/2023 18 Dr. Shivashankar, E&CE, RRIT
SECURE SHELL (SSH) â–ŞSSH uses the client-server model, connecting a Secure Shell client application, which is the end where the session is displayed, with an SSH server, which is the end where the session runs. â–ŞSecure Shell (SSH) is a protocol for secure network communications designed to be relatively simple and inexpensive to implement. â–ŞSSH also provides a more general client/server capability and can be used for such network functions as file transfer and e-mail. â–ŞA new version, SSH2, fixes a number of security flaws in the original scheme. SSH2 is documented as a proposed standard in IETF RFCs 4250 through 4256. â–ŞSSH client and server applications are widely available for most operating systems. â–ŞIt has become the method of choice for remote login and X tunneling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems. 3/9/2023 19 Dr. Shivashankar, E&CE, RRIT
Conti… ▪ Figure 16.8 SSH Protocol Stack 3/9/2023 20 Dr. Shivashankar, E&CE, RRIT
Conti… ▪Transport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy. The transport layer may optionally provide compression. ▪User Authentication Protocol: Authenticates the user to the server. ▪Connection Protocol: Multiplexes multiple logical communications channels over a single, underlying SSH connection. 3/9/2023 21 Dr. Shivashankar, E&CE, RRIT Figure 16.10 SSH Transport Layer Protocol Packet Formation
Conti… ▪1. In the SSLv3 the padding bits are ____________ with the secret key. a)Padded b)XORed c)Concatenated d) ANDed 2. Which of the following is not a valid input to the PRF in SSLv3? a) secret value b) identifying label c) initialization vector d) secret value 3. Which of the following alert codes is not supported by SSLv3? a) record_overflow b) no_certificate c) internal_error d) decode_error 4. We encounter the record_overflow error when the payload length exceeds – a) 214 + 1024 b) 216 + 1024 c) 214 + 2048 d) 216 + 2048 6. Calculation of the certificate_verify in TLS involves the use of a finished_label. The finished_label is the string- a) client finished for the client b) client finished for the client, server finished for the server c) server finished for the server d) client finished for the server, server finished for the client 3/9/2023 22 Dr. Shivashankar, E&CE, RRIT
Conti… ▪7. In TLS padding cann be upto a maximum of – a) 79 bytes b) 127 bytes c) 255 bytes d) none of the mentioned 8. URL stands for – a) Universal Remote Locator b) Universal Resource Language c) Uniform Resource Locator d) Uniform Resource Language 9. HTTPS stands for Hypertext Transfer Protocol over TLS. a) True b) False 10. An HTTP connection uses port _________ whereas HTTPS uses port ____________ and invokes SSL. a) 40; 80 b) 60; 620 c) 80; 443 d) 620; 80 11. Which of the following are valid authentication methods? a) Public Key Based b) Password Based c) Host Based d) All of the mentioned 8.The SSH Connection Protocol runs on top of the SSH Transport Layer Protocol and assumes that a secure authentication connection is in use. a) True b) False 3/9/2023 23 Dr. Shivashankar, E&CE, RRIT
Thank you 3/9/2023 Dr. Shivashankar, E&CE, RRIT 24

Recommended

Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Unit 6
Unit 6Unit 6
Unit 6Vinod Kumar Gorrepati
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
Vtu network security(10 ec832) unit 5 notes.
Vtu network security(10 ec832) unit 5 notes.Vtu network security(10 ec832) unit 5 notes.
Vtu network security(10 ec832) unit 5 notes.Jayanth Dwijesh H P
 

Recommended

Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Unit 6
Unit 6Unit 6
Unit 6Vinod Kumar Gorrepati
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
Vtu network security(10 ec832) unit 5 notes.
Vtu network security(10 ec832) unit 5 notes.Vtu network security(10 ec832) unit 5 notes.
Vtu network security(10 ec832) unit 5 notes.Jayanth Dwijesh H P
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Secure socket later
Secure socket laterSecure socket later
Secure socket laterMuhammad Ahmad Nazar
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptxJenish Prajapati
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket LayerDr.Florence Dayana
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)BGSBU Rajouri
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSLRitaThakkar1
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final pptpriyanka Garg
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecuritySanjeev Kumar Jaiswal
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversalsKirti Ahirrao
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaSDr. Shivashankar
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdfDr. Shivashankar
 

More Related Content

Similar to Network Security_Module_2.pdf

VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptxJenish Prajapati
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket LayerDr.Florence Dayana
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)BGSBU Rajouri
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final pptpriyanka Garg
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversalsKirti Ahirrao
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 

Similar to Network Security_Module_2.pdf (20)

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA Algorithm
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Web security
Web securityWeb security
Web security
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Network Security- Secure Socket Layer
Network Security- Secure Socket LayerNetwork Security- Secure Socket Layer
Network Security- Secure Socket Layer
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 

More from Dr. Shivashankar

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaSDr. Shivashankar
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdfDr. Shivashankar
 
21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdfDr. Shivashankar
 
21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdfDr. Shivashankar
 
21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdfDr. Shivashankar
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfDr. Shivashankar
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfDr. Shivashankar
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 

More from Dr. Shivashankar (16)

21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
21 Scheme_21EC53_MODULE-5_CCN_Dr. ShivaS
 
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
21 SCHEME_21EC53_VTU_MODULE-4_COMPUTER COMMUNCATION NETWORK.pdf
 
21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf21 Scheme_ MODULE-3_CCN.pdf
21 Scheme_ MODULE-3_CCN.pdf
 
21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf21_Scheme_MODULE-1_CCN.pdf
21_Scheme_MODULE-1_CCN.pdf
 
21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf21 Scheme_MODULE-2_CCN.pdf
21 Scheme_MODULE-2_CCN.pdf
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdfWireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
Wireless Cellular Communication_Module 3_Dr. Shivashankar.pdf
 
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdfWireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
Wireless Cellular Communication_Mudule2_Dr.Shivashankar.pdf
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdf
 
MODULE-3_CCN.pptx
MODULE-3_CCN.pptxMODULE-3_CCN.pptx
MODULE-3_CCN.pptx
 
MODULE-1_CCN.pptx
MODULE-1_CCN.pptxMODULE-1_CCN.pptx
MODULE-1_CCN.pptx
 
MODULE-2_CCN.pptx
MODULE-2_CCN.pptxMODULE-2_CCN.pptx
MODULE-2_CCN.pptx
 
MODULE-5_CCN.pptx
MODULE-5_CCN.pptxMODULE-5_CCN.pptx
MODULE-5_CCN.pptx
 
MODULE-4_CCN.pptx
MODULE-4_CCN.pptxMODULE-4_CCN.pptx
MODULE-4_CCN.pptx
 

Recently uploaded

Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniquesugginaramesh
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 

Recently uploaded (20)

Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniques
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 

Network Security_Module_2.pdf

  • 1. NETWORK SECURITY (18EC821) Visvesvaraya Technological University Dr. Shivashankar Professor Department of Electronics & Communication Engineering RRIT, Bangalore 3/9/2023 1 Dr. Shivashankar, E&CE, RRIT
  • 2. Course Outcomes After Completion of the course, student will be able to: â–ŞExplain network security services and mechanisms and explain security concepts. â–ŞUnderstand the concept of Transport Level Security and Secure Socket Layer. â–ŞExplain security concerns in Internet Protocol Security. â–ŞExplain Intruders, Intrusion detection and Malicious Software. â–ŞDescribe Firewalls, Firewall characteristics, Biasing and Configuration. â–ŞText Book: 1. Cryptography and Network Security Principles and Practice, Pearson Education Inc., William Stallings 5th Edition, ISBN: 978-81-317-6166-3. 2. Cryptography and Network Security, Atul Kahate, TMH, 2003. â–ŞReference: â–ŞCryptography and Network Security, Behrouz A Forouzan, TMH, 2007. 3/9/2023 2 Dr. Shivashankar, E&CE, RRIT
  • 3. MODULE-2 TRANSPORT LAYER SECURITY Web Security Considerations • Web Security deals with the security of data over the internet/network or web or while it is being transferred to the internet. • For e.g. when you are transferring data between client and server and you have to protect that data that security of data is your web security. • Web presents new challenges not generally appreciated in the context of computer and network security: ➢ The Internet is two-way. ➢ The Web is increasingly serving as a highly visible outlet for corporate and product information and as the platform for business transactions. ➢ Web browsers are very easy to use. ➢ • A Web server can be exploited as a launching pad into the corporation’s or agency’s entire computer complex. ➢ Casual and untrained (in security matters) users are common clients for Web- based services. 3/9/2023 3 Dr. Shivashankar, E&CE, RRIT
  • 4. Web Security Threats • Web security threats are a form of internet- borne cybersecurity risk that could expose users to online harm and cause undesired actions or events. • Web security issues can severely damage businesses and individuals. • Common types of web security threats include computer viruses, data theft, and phishing attacks. • Classify Web security threats is in terms of the location of the threat: Web server, Web browser, and network traffic between browser and server. 3/9/2023 4 Dr. Shivashankar, E&CE, RRIT
  • 5. A Comparison of Threats on the Web 3/9/2023 5 Dr. Shivashankar, E&CE, RRIT Threats Consequences Countermeasures Integrity • Modification of user data • Trojan horse browser • Modification of memory • Modification of message traffic in transit • Loss of information • Compromise of machine • Vulnerabilty to all other threats Cryptographic Confidentiality • Theft of info from server • Theft of data from client • Info about network configuration • Info about which client talks to server • Loss of information • Loss of privacy Encryption, Web proxies Denial of Service • Killing of user threads • Filling up disk or memory • Isolating machine by DNS attacks • Disruptive • Annoying • Prevent user from getting work done Difficult to prevent Authentication • Impersonation of legitimate users • Data forgery • Misrepresentation of user • Belief that false information is valid Cryptographic techniques
  • 6. Web Traffic Security Approaches â–ŞOne way to provide Web security is to use IP Security. The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. â–ŞFurther, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing. 3/9/2023 6 Dr. Shivashankar, E&CE, RRIT (a) Network level (b) Transport level (c) Application level
  • 7. Secure Socket Layer (SSL) â–ŞProvides security to the data that is transferred between web browser and server. â–ŞSSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack. SSL Architecture â–ŞSSL is designed to make use of TCP to provide a reliable end-to-end secure service. 3/9/2023 7 Dr. Shivashankar, E&CE, RRIT Figure 16.2 SSL Protocol Stack
  • 8. CONTI… â–ŞTwo important SSL concepts are the SSL session and the SSL connection: • Connection: A connection is a transport that provides a suitable type of service. • Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters which can be shared among multiple connections. A session state is defined by the following parameters. • Session identifier: An arbitrary byte sequence chosen by the server. • Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null. • Compression method: The algorithm used to compress data prior to encryption. • Cipher spec: Specifies the bulk data encryption algorithm • Master secret: 48-byte secret shared between the client and server. • Is resumable: A flag indicating whether the session can be used to initiate new connections. • Server and client random: Byte sequences that are chosen by the server and client for each connection. • Server write MAC secret: The secret key used in MAC operations on data sent by the server. • Client write MAC secret: The secret key used in MAC operations on data sent by the client. 3/9/2023 8 Dr. Shivashankar, E&CE, RRIT
  • 9. SSL Record Protocol â–ŞThe SSL Record Protocol provides two services for SSL connections: • Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional encryption of SSL payloads. • Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a message authentication code (MAC). 3/9/2023 9 Dr. Shivashankar, E&CE, RRIT Figure 16.3 SSL Record Protocol Operation
  • 10. CONTI… SSL Record Protocol processing is to prepare a header consisting of the following fields: • Content Type (8 bits): The higher-layer protocol used to process the enclosed fragment. • Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3. • Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0. • Compressed Length (16 bits): The length in bytes of the plaintext fragment. The maximum value is . 3/9/2023 10 Dr. Shivashankar, E&CE, RRIT Figure 16.4 SSL Record Format
  • 11. Handshake Protocol â–ŞThe most complex part of SSL is the Handshake Protocol. â–ŞThis protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record. â–ŞThe Handshake Protocol is used before any application data is transmitted. Each message has three fields: • Type (1 byte): Indicates one of 10 messages. Table 16.2 lists the defined message types. • Length (3 bytes): The length of the message in bytes. • Content ( ≥ 0 bytes): The parameters associated with this message. 3/9/2023 11 Dr. Shivashankar, E&CE, RRIT
  • 12. Transport Layer Security â–ŞTransport Layer Securities (TLS) are designed to provide security at the transport layer. â–ŞTLS was derived from a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or tampers with any message. â–ŞTLS is an IETF standardization initiative whose goal is to produce an Internet standard version of SSL â–ŞTLS is defined as a Proposed Internet Standard in RFC 5246. RFC 5246 is very similar to SSLv3. In this section, we highlight the differences. â–ŞVersion Number: â–ŞFor the current version of TLS, the major version is 3 and the minor version is 3. â–ŞMessage Authentication Code: â–ŞThere are two differences between the SSLv3 and TLS MAC schemes: the actual algorithm and the scope of the MAC calculation. TLS makes use of the HMAC algorithm defined in RFC 2104. 3/9/2023 12 Dr. Shivashankar, E&CE, RRIT
  • 13. CONTI… â–ŞPseudorandom Function TLS makes use of a pseudorandom function referred to as PRF to expand secrets into blocks of data for purposes of key generation or validation. â–ŞThe objective is to make use of a relatively small shared secret value but to generate longer blocks of data in a way that is secure from the kinds of attacks made on hash functions and MACs. 3/9/2023 13 Dr. Shivashankar, E&CE, RRIT Figure 16.7 TLS Function P_hash(secret, seed)
  • 14. CONTI… Alert Codes â–ŞTLS supports all of the alert codes defined in SSLv3 with the exception of no_certificate. • record_overflow: A TLS record was received with a payload (ciphertext) • unknown_CA: A valid certificate chain or partial chain was received • access_denied: A valid certificate was received. • decode_error: A message could not be decoded, because either a field was out of its specified range or the length of the message was incorrect. • protocol_version: The protocol version the client attempted to negotiate • insufficient_security: Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. • unsupported_extension: Sent by clients that receive an extended server hello containing an extension not in the corresponding client hello. • internal_error: An internal error unrelated to the peer or the correctoness of the protocol makes it impossible to continue. • decrypt_error: A handshake cryptographic operation failed, including being unable to verify a signature, decrypt a key exchange, or validate a finished message. 3/9/2023 14 Dr. Shivashankar, E&CE, RRIT
  • 15. CONTI… Cipher Suites There are several small differences between the cipher suites available under SSLv3 and under TLS: • Key Exchange: TLS supports all of the key exchange techniques of SSLv3 with the exception of Fortezza. • Symmetric Encryption Algorithms: TLS includes all of the symmetric encrypotion algorithms found in SSLv3, with the exception of Fortezza. Client Certificate Types TLS defines the following certificate types to be requested in a certificate_request message: rsa_sign, dss_sign, rsa_fixed_dh, and dss_fixed_dh. These are all defined in SSLv3. 3/9/2023 15 Dr. Shivashankar, E&CE, RRIT
  • 16. HTTP â–ŞHTTPS (HTTP over SSL) refers to the combination of HTTP and SSL to implement secure communication between a Web browser and a Web server. â–ŞThe HTTPS capability is built into all modern Web browsers. Its use depends on the Web server supporting HTTPS communication. For example, search engines â–Şhttps:// rather than http://. A normal HTTP connection uses port 80. If HTTPS is specified, port 443 is used, which invokes SSL. When HTTPS is used, the following elements of the communication are encrypted: â–Ş URL of the requested document • Contents of the document • Contents of browser forms (filled in by browser user) • Cookies sent from browser to server and from server to browser •Contents of HTTP header HTTPS is documented in RFC 2818, HTTP Over TLS. There is no fundamental change in using HTTP over either SSL or TLS, and both implementations are referred to as HTTPS. 3/9/2023 16 Dr. Shivashankar, E&CE, RRIT
  • 17. CONTI… Connection Initiation â–ŞFor HTTPS, the agent acting as the HTTP client also acts as the TLS client. â–ŞThe client initiates a connection to the server on the appropriate port and then sends the TLS ClientHello to begin the TLS handshake. â–ŞWhen the TLS handshake has finished, the client may then initiate the first HTTP request. All HTTP data is to be sent as TLS application data. Need to be clear that there are three levels of awareness of a connection in HTTPS. 1. At the HTTP level, an HTTP client requests a connection to an HTTP server by sending a connection request to the next lowest layer. 2. At the level of TLS, a session is established between a TLS client and a TLS server. This session can support one or more connections at any time. 3. A TLS request to establish a connection begins with the establishment of a TCP connection between the TCP entity on the client side and the TCP entity on the server side. 3/9/2023 17 Dr. Shivashankar, E&CE, RRIT
  • 18. CONTI… Connection Closure â–ŞAn HTTP client or server can indicate the closing of a connection by including the following line in an HTTP record: Connection: close. This indicates that the connection will be closed after this record is delivered. The closure of an HTTPS connection requires that TLS close the connection with the peer TLS entity on the remote side, which will involve closing the underlying TCP connection. 1. At the TLS level, the proper way to close a connection is for each side to use the TLS alert protocol to send a close_notify alert. 2. TLS implementations must initiate an exchange of closure alerts before closing a connection. 3. A TLS implementation may, after sending a closure alert, close the connection without waiting for the peer to send its closure alert, generating an “incomplete close” 3/9/2023 18 Dr. Shivashankar, E&CE, RRIT
  • 19. SECURE SHELL (SSH) â–ŞSSH uses the client-server model, connecting a Secure Shell client application, which is the end where the session is displayed, with an SSH server, which is the end where the session runs. â–ŞSecure Shell (SSH) is a protocol for secure network communications designed to be relatively simple and inexpensive to implement. â–ŞSSH also provides a more general client/server capability and can be used for such network functions as file transfer and e-mail. â–ŞA new version, SSH2, fixes a number of security flaws in the original scheme. SSH2 is documented as a proposed standard in IETF RFCs 4250 through 4256. â–ŞSSH client and server applications are widely available for most operating systems. â–ŞIt has become the method of choice for remote login and X tunneling and is rapidly becoming one of the most pervasive applications for encryption technology outside of embedded systems. 3/9/2023 19 Dr. Shivashankar, E&CE, RRIT
  • 20. Conti… â–Ş Figure 16.8 SSH Protocol Stack 3/9/2023 20 Dr. Shivashankar, E&CE, RRIT
  • 21. Conti… â–ŞTransport Layer Protocol: Provides server authentication, data confidentiality, and data integrity with forward secrecy. The transport layer may optionally provide compression. â–ŞUser Authentication Protocol: Authenticates the user to the server. â–ŞConnection Protocol: Multiplexes multiple logical communications channels over a single, underlying SSH connection. 3/9/2023 21 Dr. Shivashankar, E&CE, RRIT Figure 16.10 SSH Transport Layer Protocol Packet Formation
  • 22. Conti… â–Ş1. In the SSLv3 the padding bits are ____________ with the secret key. a)Padded b)XORed c)Concatenated d) ANDed 2. Which of the following is not a valid input to the PRF in SSLv3? a) secret value b) identifying label c) initialization vector d) secret value 3. Which of the following alert codes is not supported by SSLv3? a) record_overflow b) no_certificate c) internal_error d) decode_error 4. We encounter the record_overflow error when the payload length exceeds – a) 214 + 1024 b) 216 + 1024 c) 214 + 2048 d) 216 + 2048 6. Calculation of the certificate_verify in TLS involves the use of a finished_label. The finished_label is the string- a) client finished for the client b) client finished for the client, server finished for the server c) server finished for the server d) client finished for the server, server finished for the client 3/9/2023 22 Dr. Shivashankar, E&CE, RRIT
  • 23. Conti… â–Ş7. In TLS padding cann be upto a maximum of – a) 79 bytes b) 127 bytes c) 255 bytes d) none of the mentioned 8. URL stands for – a) Universal Remote Locator b) Universal Resource Language c) Uniform Resource Locator d) Uniform Resource Language 9. HTTPS stands for Hypertext Transfer Protocol over TLS. a) True b) False 10. An HTTP connection uses port _________ whereas HTTPS uses port ____________ and invokes SSL. a) 40; 80 b) 60; 620 c) 80; 443 d) 620; 80 11. Which of the following are valid authentication methods? a) Public Key Based b) Password Based c) Host Based d) All of the mentioned 8.The SSH Connection Protocol runs on top of the SSH Transport Layer Protocol and assumes that a secure authentication connection is in use. a) True b) False 3/9/2023 23 Dr. Shivashankar, E&CE, RRIT
  • 24. Thank you 3/9/2023 Dr. Shivashankar, E&CE, RRIT 24