Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SSl and certificates


Published on

Published in: Technology, Education
  • Be the first to comment

SSl and certificates

  1. 1. Topic: Implementation of SSL & TLS for Application servers 03/19/08
  2. 2. Introduction: <ul><li>Internet - network for everyone. </li></ul><ul><li>Everyone and everything open. </li></ul><ul><li>Highly insecure Internet </li></ul><ul><li>Thus, Netscape Corporation -protocol SSL. </li></ul><ul><li>For secure Transactions. </li></ul>03/19/08
  3. 3. <ul><li>SSL – Secured Socket Layer </li></ul><ul><li>Protocol for data encryption . </li></ul><ul><li>Open & nonproprietary protocol . </li></ul><ul><li>Current implementation-OpenSSL </li></ul><ul><li>used for: </li></ul><ul><ul><ul><ul><li>data-encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>server authentication </li></ul></ul></ul></ul><ul><ul><ul><ul><li>data integrity </li></ul></ul></ul></ul><ul><ul><ul><ul><li>client authentication </li></ul></ul></ul></ul>03/19/08
  4. 4. <ul><li>  </li></ul><ul><li>Enhance and ensure transactional data </li></ul><ul><li>Securing transactions on the Web using Apache-SSL. </li></ul><ul><li>Securing user access for remote access </li></ul><ul><li>Securing e-mail services (IMAP, POP3)   </li></ul>03/19/08
  5. 5. TLS: <ul><li>Transport Layer Security(TLS)‏ </li></ul><ul><li>Provides security at transport layer. </li></ul><ul><li>Non –proprietory version of SSL. </li></ul><ul><li>Allows two parties to exchange messages in secure environment. </li></ul>03/19/08
  6. 6. Position of TLS: 03/19/08
  7. 7. TLS requirements : <ul><li>Protocols: </li></ul><ul><li>* entity authentication protocol </li></ul><ul><li>*message authentication protocol </li></ul><ul><li> *encryption/decryption protocol </li></ul><ul><li>Each party uses a predefined function to create session keys. </li></ul><ul><li>Digest calculated & appended to each message . </li></ul><ul><li>Message & digest are encrypted using encryption /decryption protocols. </li></ul><ul><li>Each party extracts necessary keys and parameters for message authentication & encryption/decryption . </li></ul>03/19/08
  8. 8. * In Greek means “secret writing.” *Refers to the science and art of transforming messages to make them secure and immune to attacks. Types of Cryptography: Symmetric-Key Cryptography Asymmetric-Key Cryptography
  9. 9. Symmetric-key cryptography
  10. 10. Asymmetirc Cryptography: <ul><li>Use two keys – public & private key. </li></ul><ul><li>keys -completely independent . </li></ul><ul><li>a private key cannot be deduced from a public one. </li></ul><ul><li>sign a message using public key, only the holder of the private key can read it. </li></ul><ul><li>public key is open. </li></ul><ul><li>Private key is secret. </li></ul>03/19/08
  11. 11. Asymmetric-key encryption
  12. 12. 03/19/08 Asymmetric Encryption/Decryption
  13. 13. <ul><li> Asymmetric cryptography </li></ul><ul><li>Simulate the security properties of a handwritten signature </li></ul><ul><li>Two algorithms- 1. for signing which involves the user' private key , </li></ul><ul><li> 2. for verifying signatures which involves the user's public key . </li></ul>03/19/08
  14. 14. TCP/IP Protocol Suite Hash function
  15. 15. TCP/IP Protocol Suite Sender site
  16. 16. Receiver site
  17. 17. 03/19/08 <ul><li>Your public key: </li></ul><ul><li>Your name & e-mail address: </li></ul><ul><li>Expiration date of the public key: </li></ul><ul><li>Name of the company: </li></ul><ul><li>Serial number of the Digital ID </li></ul>
  18. 18. 03/19/08 Bob’s private key Bob’s public key Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself Bob’s Co-workers Pat Doug Susan
  19. 19. 03/19/08 &quot;Hey Bob, how about lunch at Taco Bell. I hear they have free refills!&quot; HNFmsEm6UnBejhhyCGKOKJUxhiygSBCEiC0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A <ul><ul><li>HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A </li></ul></ul>Susan Bob &quot; Hey Bob, how about lunch at Taco Bell. I hear they have free refills!&quot;
  20. 20. 03/19/08 Bob prepares a message Digest using Hash function
  21. 21. 03/19/08 Bob encrypts the digest with his private key. Digital Signature Created
  22. 22. 03/19/08 Digital Signature Appended to the Original document & Sent to Susan
  23. 23. 03/19/08 Separates Original Document & Digital signature
  24. 24. TCP/IP Protocol Suite Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Note:
  25. 25. Important tools: 1. GNUPG: <ul><li>Stands for GNU privacy guard . </li></ul><ul><li>Used for: </li></ul><ul><li>* encrypt data </li></ul><ul><li>*create digital signatures </li></ul><ul><li>*help authenticating using Secure Shell </li></ul><ul><li> * provide a framework for public key cryptography. </li></ul>03/19/08
  26. 26. <ul><li>OpenPGP part of the GNU Privacy Guard (GnuPG). </li></ul><ul><ul><li>provide digital encryption and signing services using the OpenPGP standard. </li></ul></ul><ul><li>2 </li></ul>03/19/08
  27. 27. 03/19/08 <ul><li>Standard sponsored by ITU </li></ul><ul><li>International standard for digital certificates used to authenticate digital signatures. </li></ul>X.509:
  28. 28. X.509 fields
  29. 29. 03/19/08 <ul><li>Certificate: </li></ul><ul><li>body of data placed in a message to serve as </li></ul><ul><li>Proof of the sender’s authenticity. </li></ul><ul><li>consists of encrypted information that associates </li></ul><ul><li>a public key with the true identity of an individual </li></ul><ul><li>Includes the identification and electronic signature of </li></ul><ul><li>Certificate Authority (CA). </li></ul><ul><li>Includes serial number and period of time when the </li></ul><ul><li>certificate is Valid </li></ul>
  30. 30. <ul><li>Why do I need Digital certificate ? </li></ul><ul><li>Authentication </li></ul><ul><li>Privacy </li></ul><ul><li>Integrity </li></ul><ul><li>Nonrepudiation </li></ul>03/19/08
  31. 31. Certificate Signing Request : <ul><li>Request made to a CA from an organization to obtain a digital certificate. </li></ul><ul><li>Requesting party includes information that proves its identity and digitally signs the CSR with the private key. </li></ul>03/19/08
  32. 32. 03/19/08 <ul><li>Certificate Authority : </li></ul><ul><li>trusted organization that issues certificates for </li></ul><ul><li>both servers and clients. </li></ul><ul><li>create digital certificates that securely bind the names of users to their public keys. </li></ul>Two types of CA: * Commercial CA * Self-certified private CA
  34. 34. Self-certified CA: <ul><li>Root-level commercial CA: </li></ul><ul><li>It’s self-certified. </li></ul><ul><li>Typically used in a LAN or WAN environment </li></ul>03/19/08
  35. 35. Public-key infrastructure(PKI)‏ <ul><li>provides public-key encryption & digital signature services. </li></ul><ul><li>Manage keys and certificates- organization establishes and maintains a trustworthy networking environment. </li></ul>03/19/08
  36. 36. E-mail server security: <ul><li>Biggest problem- unsolicited mail or spam. </li></ul><ul><li>Simple Mail Transport Protocol (SMTP) -simple & insecure. </li></ul><ul><li>biggest abuse of e-mail service- open mail relay. </li></ul>03/19/08
  37. 37. . 03/19/08 <ul><li>Open mail Relay: </li></ul><ul><ul><li>send unwanted emails to people </li></ul></ul><ul><ul><li>Waste resources. </li></ul></ul><ul><ul><li>legal problems for companies that leave their email system open. </li></ul></ul>
  38. 38. Web-server security <ul><li>The Web site hacked because holes in applications or scripts are exploited. </li></ul><ul><li>protecting Web site - understanding & identifying security risks. </li></ul>03/19/08
  39. 39. Conclusion <ul><li>Secure Digital transactions- an important part of electronic commerce in the future. </li></ul><ul><li>Privacy of transactions, and authentication of all parties, is important for achieving the level of trust. </li></ul><ul><li>encryption algorithms and key-sizes must be robust enough to prevent observation by hostile entities </li></ul>03/19/08
  40. 40. Thank you