SlideShare a Scribd company logo

ssl-tls-ipsec-vpn.pptx

Download as PPTX, PDF
J
jithu26327

Sdlvpn

Business
1 of 59
CIA TRAID • Confidentiality – Data is only accessible by client and server - Encryption • Integrity- Data is not modified between client and server- Hashing • Availability- Client/server are indeed who they say they are –PKI - Public key infrastructure, Digital certificate.
Transport Layer Security •Secure Socket Layer (SSL) •Secure Shell Protocol •SOCKS (socket secure)Protocol
What are SSL and TLS? • SSL – Secure Socket Layer • TLS – Transport Layer Security • Both provide a secure transport connection between applications (e.g., a web server and a browser) • SSLv1 was developed by Netscape. • SSlv2 in 1994, uses RC4 for encryption and MD5 for authentication • SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet, DSS for authentication and DH for key agreement • SSL v3.0 was specified in an Internet Draft (1996) • It evolved into TLS specified in RFC 2246 by IETF • TLS can be viewed as SSL v3.1 , DSS for authentication , DH for Key Exchange, 3DES for encryption. • Most recent TLS version 1.3 published in 2018
SSL • Intermediate security layer between the transport layer and the application layer • Based on connection-oriented and reliable service (e.g., TCP) • Able to provide security services for any TCP-based application protocol, e.g., HTTP, FTP, TELNET, POP3, etc. • Application independent
Figure :- Location of TLS /SSL in the Internet model SSL ARCHITECTURE SSL is designed to provide security and compression services to data generated from the application layer.
SSL Architecture IP SSL Record Protocol User Datagram P. Transport Control P. Handshake Chng. Ciph. Alert Appl. data … IMAPS FTPS HTTPS TELNETS Application Layer Intermediate Security Layer Transport Layer Internet Layer
Applications Using SSL/TLS
Advantages of SSL • The connection is private – Encryption is used after initial handshake to define a secret key – Encryption uses symmetric cryptography (DES or RC4) • Peer’s identity can be authenticated using asymmetric cryptography (RSA or DSS) • The connection is reliable – Message transport includes message integrity check using a keyed MAC. Secure hash functions (SHA or MD5) are used for MAC computation.
SSL components • Four Protocols • Handshake Protocol • Change Cipher Spec Protocol • Alert Protocol • Record Protocol
FOUR PROTOCOLS
HANDSHAKE PROTOCOL
HANDSHAKE PROTOCOL : Phase 1 Phase I of Handshake Protocol
HANDSHAKE PROTOCOL : Phase 1 • After Phase I, the client and server know the following: ❏ The version of SSL ❏ The algorithms for key exchange, message authentication, and encryption ❏ The compression method ❏ The two random numbers for key generation
HANDSHAKE PROTOCOL : Phase 2 Phase II of Handshake Protocol
HANDSHAKE PROTOCOL : Phase 2 • After Phase II, ❏ The server is authenticated to the client. ❏ The client knows the public key of the server if required.
HANDSHAKE PROTOCOL : Phase 3 Phase III of Handshake Protocol
HANDSHAKE PROTOCOL : Phase 3 • After Phase III, ❏ The client is authenticated for the server. ❏ Both the client and the server know the pre-master secret.
HANDSHAKE PROTOCOL : Phase 4 Phase IV of Handshake Protocol
HANDSHAKE PROTOCOL : Phase 4 • After Phase IV, • Client and server are ready to exchange data.
Alert protocol • SSL Alert Protocol • error messages (fatal alerts and warnings) • SSL-related alerts to the peer entity. • Each message in this protocol contains 2 bytes.
Alert protocol • Warning (level = 1): This Alert has no impact on the connection between sender and receiver. Some of them are: • Bad certificate: When the received certificate is corrupt. • No certificate: When an appropriate certificate is not available. • Certificate expired: When a certificate has expired. • Certificate unknown: When some other unspecified issue arose in processing the certificate, rendering it unacceptable. • Close notify: It notifies that the sender will no longer send any messages in the connection.
Alert protocol • Fatal Error (level = 2): • This Alert breaks the connection between sender and receiver. The connection will be stopped, cannot be resumed but can be restarted. Some of them are : • Handshake failure: When the sender is unable to negotiate an acceptable set of security parameters given the options available. • Decompression failure: When the decompression function receives improper input. • Illegal parameters: When a field is out of range or inconsistent with other fields. • Bad record MAC: When an incorrect MAC was received. • Unexpected message: When an inappropriate message is received. • The second byte in the Alert protocol describes the error.
Change Cipher Spec Protocol • SSL Change Cipher Spec Protocol • A single message that indicates the end of the SSL handshake
Change Cipher Spec Protocol • Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. • This protocol’s purpose is to cause the pending state to be copied into the current state.
Record Protocol •SSL Record Protocol • Fragmentation •Compression • Message Authentication And Integrity Protection • Encryption
Record Protocol
TLS
TLS
SSL TLS SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security. SSL (Secure Socket Layer) supports the Fortezza algorithm. TLS (Transport Layer Security) does not support the Fortezza algorithm. SSL (Secure Socket Layer) is the 3.0 version. TLS (Transport Layer Security) is the 1.0 version. In SSL( Secure Socket Layer), the Message digest is used to create a master secret. In TLS(Transport Layer Security), a Pseudo-random function is used to create a master secret. In SSL( Secure Socket Layer), the Message Authentication Code protocol is used. In TLS(Transport Layer Security), Hashed Message Authentication Code protocol is used. SSL (Secure Socket Layer) is more complex than TLS(Transport Layer Security). TLS (Transport Layer Security) is simple. SSL (Secure Socket Layer) is less secured as compared to TLS(Transport Layer Security). TLS (Transport Layer Security) provides high security. SSL is less reliable and slower. TLS is highly reliable and upgraded. It provides less latency. SSL has been depreciated. TLS is still widely used. SSL uses port to set up explicit connection. TLS uses protocol to set up implicit connection.
NETWORK LAYER Security 1. IPSEC is a suite of protocols for securing network connections. It is rather a complex mechanism, because instead of giving straightforward definition of a specific encryption algorithm and authentication function, • It provides a framework that allows an implementation of anything that both communicating ends agree upon. • Setting up an IPSEC connection involves all kinds of crypto choices. • Authentication: Verifying identity of a network entity like user/device by means of (PSK, RSA) • Integrity : Received message is same message that was sent is built on top of a cryptographic hash such as MD5 or SHA-1. • Confidentiality: Encryption algorithms are DES, 3DES, Blowfish, and AES being commonly used. • Key management: IKE (Internet Key Exchange), to agree on key used for authentication and other purpose • (269) IPsec - IKE Phase 1 | IKE Phase 2 - YouTube
IP SEC
Internet Engineering Task Force Standardization • IPv6 development requirements: Strong security features • Security features algorithm-independent • Must enforce wide variety of security policies • Avoid adverse impact on Internet users who do not need security • 1992: IPSEC WG (IETF) • Define security architecture • Standardize IP Security Protocol and Internet Key Management Protocol • 1998: revised version of IP Security Architecture • IPsec protocols (two sub-protocols AH and ESP) • Internet Key Exchange (IKE)
IP Security Architecture IPsec module 1 IPsec module 2 SPD SAD SAD SPD IKE IKE IPsec IPsec SA
IP SEC • IPSec operates in one of two different modes
IP SEC TRANSPORT MODE • IPSec in the transport mode does not protect the IP header, does not protect the whole IP packet; it only protects the information coming from the transport layer. • In this mode, the IPSec header and trailer are added to the information coming from the transport layer. The IP header is added later.
IP SEC TRANSPORT MODE • Used when we need host-to-host (end-to-end) protection of data. The sending host uses IPSec to authenticate and/or encrypt the payload delivered from the transport layer. • The receiving host uses IPSec to check the authentication and/or decrypt the IP packet and deliver it to the transport layer.
IPSEC TUNNEL MODE • IPSec protects the entire IP packet. It takes an IP packet, including the header, applies IPSec security methods to the entire packet, and then adds a new IP header.
IPSEC TUNNEL MODE • The tunnel mode is normally used between two routers, between a host and a router, or between a router and a host.
IPSEC PROTOCOLS
Authentication Header • (AH) Protocol is designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet. • It uses a hash function and a symmetric key to create a message digest; the digest is inserted in the authentication header. • The AH is then placed in the appropriate location based on the mode (transport or tunnel).
Authentication Header • The AH Protocol provides source authentication ,data integrity, but not privacy(confidentiality).
Encapsulation Security payload • Security service: confidentiality, authentication (optional) • Encryption algorithms: 3DES, RC5, IDEA, BLOWFISH,…….., CBC mode. • ESP can be used to provide only encryption; encryption and integrity protection; or only integrity protection. • The ESP procedure follows these steps: • an ESP trailer is added to the payload. • the payload and the trailer are encrypted. • the ESP header is added. • the ESP header, payload, and ESP trailer are used to create the authentication data. • the authentication data are added to the end of the ESP trailer. • the IP header is added after the protocol value is changed to 50. • Transport mode: confidentiality of packet between two hosts. • Tunnel mode: confidentiality of packet between two gateways or a host and a gateway.
Encapsulation Security payload • The protocol is provides source authentication, integrity, and privacy
Security Association • Associates security services and keys with the traffic to be protected • Identified by Security Parameter Index (SPI) • retrieve correct SA parameters from Security Association Database (SAD) • IPsec protocol identifier • Destination address (direction) • Simplex connection  need to establish two SAs for secure bidirectional communication
Security Association • Defines security services and mechanisms between two end points (or IPsec modules): • Hosts • Network security gateways (e.g., routers, application gateways) • Hosts and security gateways • Security service, parameters, mode of operation, and initialization vector • e.g., Confidentiality using ESP with DES in CBC mode with IV initialization vector
Encryption • Block ciphers in Cipher Block Chain (CBC) mode • Need • Padding at the end of data • Initialization vector (IV) – contained in the packet
Encryption and Compression • Interdependence between encryption and compression • When encryption is applied at Internet layer  prevents effective compression by lower protocol layers • IPsec: does not provide data compression
Key Management Protocols • IP security architecture supports manual and automated SA and key agreement • Key management protocol: e.g., IKE • Proposals for automated key management protocol
IPSec SSL Internet protocol security (IPsec) is a set of protocols that provide security for Internet Protocol. SSL is a secure protocol developed for sending information securely over the Internet. It Work in Internet Layer of the OSI model. It Work in Between the transport layer and application layer of the OSI model. Configuration of IPsec is Complex Configuration of SSL is Comparatively Simple IPsec is used to secure a Virtual Private Network. SSL is used to secure web transactions. Installation process is Vendor Non-Specific Installation process is Vendor Specific Changes are required to OS for implementation. NO Changes are required to the application No changes are required to OS for implementation but Changes are required to application IPsec resides in the for operating the system space SSL resides in user space IPsec has a pre-shared key. SSL does not have a pre-shared Key.

Recommended

Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
An Introduction to Hashing and Salting
An Introduction to Hashing and SaltingAn Introduction to Hashing and Salting
An Introduction to Hashing and SaltingRahul Singh
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 

Recommended

Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
An Introduction to Hashing and Salting
An Introduction to Hashing and SaltingAn Introduction to Hashing and Salting
An Introduction to Hashing and SaltingRahul Singh
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSDr Anjan Krishnamurthy
 
HTTPS
HTTPSHTTPS
HTTPSR.K. University
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
Encryption
EncryptionEncryption
EncryptionJadavsejal
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Ssh
SshSsh
SshRaghu nath
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Email security
Email securityEmail security
Email securitykumarviji
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 
Cryptography
CryptographyCryptography
CryptographyKural Amudhan
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Unit08
Unit08Unit08
Unit08Nurul Nadirah
 

More Related Content

What's hot

Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Networkshubham ghimire
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Email security
Email securityEmail security
Email securitykumarviji
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptographychauhankapil
 

What's hot (20)

Web application security
Web application securityWeb application security
Web application security
 
Authentication
AuthenticationAuthentication
Authentication
 
HTTPS
HTTPSHTTPS
HTTPS
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
HTTPS
HTTPSHTTPS
HTTPS
 
IPSec | Computer Network
IPSec | Computer NetworkIPSec | Computer Network
IPSec | Computer Network
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Encryption
EncryptionEncryption
Encryption
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Ssh
SshSsh
Ssh
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Email security
Email securityEmail security
Email security
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

Similar to ssl-tls-ipsec-vpn.pptx

Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]shashankmharse1533
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 

Similar to ssl-tls-ipsec-vpn.pptx (20)

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Unit08
Unit08Unit08
Unit08
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]Secure Socket Layer.ppt [ssl for websecurity]
Secure Socket Layer.ppt [ssl for websecurity]
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Ip sec
Ip secIp sec
Ip sec
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Web Security
Web SecurityWeb Security
Web Security
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS CS6004 CYBER FORENSICS
CS6004 CYBER FORENSICS
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 

Recently uploaded

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book nowPITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book nowkapoorjyoti4444
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...pr788182
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Availablepr788182
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Availablepr788182
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Puja Sharma
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowranineha57744
 
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableSolan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Availablepr788182
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 

Recently uploaded (20)

Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024Home Furnishings Ecommerce Platform Short Pitch 2024
Home Furnishings Ecommerce Platform Short Pitch 2024
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book nowPITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book now
PITHAMPUR 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableSolan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Solan Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 

ssl-tls-ipsec-vpn.pptx

  • 1. CIA TRAID • Confidentiality – Data is only accessible by client and server - Encryption • Integrity- Data is not modified between client and server- Hashing • Availability- Client/server are indeed who they say they are –PKI - Public key infrastructure, Digital certificate.
  • 2. Transport Layer Security •Secure Socket Layer (SSL) •Secure Shell Protocol •SOCKS (socket secure)Protocol
  • 3. What are SSL and TLS? • SSL – Secure Socket Layer • TLS – Transport Layer Security • Both provide a secure transport connection between applications (e.g., a web server and a browser) • SSLv1 was developed by Netscape. • SSlv2 in 1994, uses RC4 for encryption and MD5 for authentication • SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet, DSS for authentication and DH for key agreement • SSL v3.0 was specified in an Internet Draft (1996) • It evolved into TLS specified in RFC 2246 by IETF • TLS can be viewed as SSL v3.1 , DSS for authentication , DH for Key Exchange, 3DES for encryption. • Most recent TLS version 1.3 published in 2018
  • 4. SSL • Intermediate security layer between the transport layer and the application layer • Based on connection-oriented and reliable service (e.g., TCP) • Able to provide security services for any TCP-based application protocol, e.g., HTTP, FTP, TELNET, POP3, etc. • Application independent
  • 5. Figure :- Location of TLS /SSL in the Internet model SSL ARCHITECTURE SSL is designed to provide security and compression services to data generated from the application layer.
  • 6. SSL Architecture IP SSL Record Protocol User Datagram P. Transport Control P. Handshake Chng. Ciph. Alert Appl. data … IMAPS FTPS HTTPS TELNETS Application Layer Intermediate Security Layer Transport Layer Internet Layer
  • 8. Advantages of SSL • The connection is private – Encryption is used after initial handshake to define a secret key – Encryption uses symmetric cryptography (DES or RC4) • Peer’s identity can be authenticated using asymmetric cryptography (RSA or DSS) • The connection is reliable – Message transport includes message integrity check using a keyed MAC. Secure hash functions (SHA or MD5) are used for MAC computation.
  • 9.
  • 10.
  • 11. SSL components • Four Protocols • Handshake Protocol • Change Cipher Spec Protocol • Alert Protocol • Record Protocol
  • 13.
  • 15. HANDSHAKE PROTOCOL : Phase 1 Phase I of Handshake Protocol
  • 16. HANDSHAKE PROTOCOL : Phase 1 • After Phase I, the client and server know the following: ❏ The version of SSL ❏ The algorithms for key exchange, message authentication, and encryption ❏ The compression method ❏ The two random numbers for key generation
  • 17. HANDSHAKE PROTOCOL : Phase 2 Phase II of Handshake Protocol
  • 18. HANDSHAKE PROTOCOL : Phase 2 • After Phase II, ❏ The server is authenticated to the client. ❏ The client knows the public key of the server if required.
  • 19. HANDSHAKE PROTOCOL : Phase 3 Phase III of Handshake Protocol
  • 20. HANDSHAKE PROTOCOL : Phase 3 • After Phase III, ❏ The client is authenticated for the server. ❏ Both the client and the server know the pre-master secret.
  • 21. HANDSHAKE PROTOCOL : Phase 4 Phase IV of Handshake Protocol
  • 22. HANDSHAKE PROTOCOL : Phase 4 • After Phase IV, • Client and server are ready to exchange data.
  • 23. Alert protocol • SSL Alert Protocol • error messages (fatal alerts and warnings) • SSL-related alerts to the peer entity. • Each message in this protocol contains 2 bytes.
  • 24. Alert protocol • Warning (level = 1): This Alert has no impact on the connection between sender and receiver. Some of them are: • Bad certificate: When the received certificate is corrupt. • No certificate: When an appropriate certificate is not available. • Certificate expired: When a certificate has expired. • Certificate unknown: When some other unspecified issue arose in processing the certificate, rendering it unacceptable. • Close notify: It notifies that the sender will no longer send any messages in the connection.
  • 25. Alert protocol • Fatal Error (level = 2): • This Alert breaks the connection between sender and receiver. The connection will be stopped, cannot be resumed but can be restarted. Some of them are : • Handshake failure: When the sender is unable to negotiate an acceptable set of security parameters given the options available. • Decompression failure: When the decompression function receives improper input. • Illegal parameters: When a field is out of range or inconsistent with other fields. • Bad record MAC: When an incorrect MAC was received. • Unexpected message: When an inappropriate message is received. • The second byte in the Alert protocol describes the error.
  • 26. Change Cipher Spec Protocol • SSL Change Cipher Spec Protocol • A single message that indicates the end of the SSL handshake
  • 27. Change Cipher Spec Protocol • Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. • This protocol’s purpose is to cause the pending state to be copied into the current state.
  • 28. Record Protocol •SSL Record Protocol • Fragmentation •Compression • Message Authentication And Integrity Protection • Encryption
  • 30.
  • 31. TLS
  • 32. TLS
  • 33. SSL TLS SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security. SSL (Secure Socket Layer) supports the Fortezza algorithm. TLS (Transport Layer Security) does not support the Fortezza algorithm. SSL (Secure Socket Layer) is the 3.0 version. TLS (Transport Layer Security) is the 1.0 version. In SSL( Secure Socket Layer), the Message digest is used to create a master secret. In TLS(Transport Layer Security), a Pseudo-random function is used to create a master secret. In SSL( Secure Socket Layer), the Message Authentication Code protocol is used. In TLS(Transport Layer Security), Hashed Message Authentication Code protocol is used. SSL (Secure Socket Layer) is more complex than TLS(Transport Layer Security). TLS (Transport Layer Security) is simple. SSL (Secure Socket Layer) is less secured as compared to TLS(Transport Layer Security). TLS (Transport Layer Security) provides high security. SSL is less reliable and slower. TLS is highly reliable and upgraded. It provides less latency. SSL has been depreciated. TLS is still widely used. SSL uses port to set up explicit connection. TLS uses protocol to set up implicit connection.
  • 34.
  • 35. NETWORK LAYER Security 1. IPSEC is a suite of protocols for securing network connections. It is rather a complex mechanism, because instead of giving straightforward definition of a specific encryption algorithm and authentication function, • It provides a framework that allows an implementation of anything that both communicating ends agree upon. • Setting up an IPSEC connection involves all kinds of crypto choices. • Authentication: Verifying identity of a network entity like user/device by means of (PSK, RSA) • Integrity : Received message is same message that was sent is built on top of a cryptographic hash such as MD5 or SHA-1. • Confidentiality: Encryption algorithms are DES, 3DES, Blowfish, and AES being commonly used. • Key management: IKE (Internet Key Exchange), to agree on key used for authentication and other purpose • (269) IPsec - IKE Phase 1 | IKE Phase 2 - YouTube
  • 37.
  • 38. Internet Engineering Task Force Standardization • IPv6 development requirements: Strong security features • Security features algorithm-independent • Must enforce wide variety of security policies • Avoid adverse impact on Internet users who do not need security • 1992: IPSEC WG (IETF) • Define security architecture • Standardize IP Security Protocol and Internet Key Management Protocol • 1998: revised version of IP Security Architecture • IPsec protocols (two sub-protocols AH and ESP) • Internet Key Exchange (IKE)
  • 39. IP Security Architecture IPsec module 1 IPsec module 2 SPD SAD SAD SPD IKE IKE IPsec IPsec SA
  • 40.
  • 41. IP SEC • IPSec operates in one of two different modes
  • 42. IP SEC TRANSPORT MODE • IPSec in the transport mode does not protect the IP header, does not protect the whole IP packet; it only protects the information coming from the transport layer. • In this mode, the IPSec header and trailer are added to the information coming from the transport layer. The IP header is added later.
  • 43. IP SEC TRANSPORT MODE • Used when we need host-to-host (end-to-end) protection of data. The sending host uses IPSec to authenticate and/or encrypt the payload delivered from the transport layer. • The receiving host uses IPSec to check the authentication and/or decrypt the IP packet and deliver it to the transport layer.
  • 44. IPSEC TUNNEL MODE • IPSec protects the entire IP packet. It takes an IP packet, including the header, applies IPSec security methods to the entire packet, and then adds a new IP header.
  • 45. IPSEC TUNNEL MODE • The tunnel mode is normally used between two routers, between a host and a router, or between a router and a host.
  • 47.
  • 48. Authentication Header • (AH) Protocol is designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet. • It uses a hash function and a symmetric key to create a message digest; the digest is inserted in the authentication header. • The AH is then placed in the appropriate location based on the mode (transport or tunnel).
  • 49. Authentication Header • The AH Protocol provides source authentication ,data integrity, but not privacy(confidentiality).
  • 50. Encapsulation Security payload • Security service: confidentiality, authentication (optional) • Encryption algorithms: 3DES, RC5, IDEA, BLOWFISH,…….., CBC mode. • ESP can be used to provide only encryption; encryption and integrity protection; or only integrity protection. • The ESP procedure follows these steps: • an ESP trailer is added to the payload. • the payload and the trailer are encrypted. • the ESP header is added. • the ESP header, payload, and ESP trailer are used to create the authentication data. • the authentication data are added to the end of the ESP trailer. • the IP header is added after the protocol value is changed to 50. • Transport mode: confidentiality of packet between two hosts. • Tunnel mode: confidentiality of packet between two gateways or a host and a gateway.
  • 51. Encapsulation Security payload • The protocol is provides source authentication, integrity, and privacy
  • 52.
  • 53.
  • 54. Security Association • Associates security services and keys with the traffic to be protected • Identified by Security Parameter Index (SPI) • retrieve correct SA parameters from Security Association Database (SAD) • IPsec protocol identifier • Destination address (direction) • Simplex connection  need to establish two SAs for secure bidirectional communication
  • 55. Security Association • Defines security services and mechanisms between two end points (or IPsec modules): • Hosts • Network security gateways (e.g., routers, application gateways) • Hosts and security gateways • Security service, parameters, mode of operation, and initialization vector • e.g., Confidentiality using ESP with DES in CBC mode with IV initialization vector
  • 56. Encryption • Block ciphers in Cipher Block Chain (CBC) mode • Need • Padding at the end of data • Initialization vector (IV) – contained in the packet
  • 57. Encryption and Compression • Interdependence between encryption and compression • When encryption is applied at Internet layer  prevents effective compression by lower protocol layers • IPsec: does not provide data compression
  • 58. Key Management Protocols • IP security architecture supports manual and automated SA and key agreement • Key management protocol: e.g., IKE • Proposals for automated key management protocol
  • 59. IPSec SSL Internet protocol security (IPsec) is a set of protocols that provide security for Internet Protocol. SSL is a secure protocol developed for sending information securely over the Internet. It Work in Internet Layer of the OSI model. It Work in Between the transport layer and application layer of the OSI model. Configuration of IPsec is Complex Configuration of SSL is Comparatively Simple IPsec is used to secure a Virtual Private Network. SSL is used to secure web transactions. Installation process is Vendor Non-Specific Installation process is Vendor Specific Changes are required to OS for implementation. NO Changes are required to the application No changes are required to OS for implementation but Changes are required to application IPsec resides in the for operating the system space SSL resides in user space IPsec has a pre-shared key. SSL does not have a pre-shared Key.