Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Cryptography by Afroz haider mir
Similar to Cryptography by Afroz haider mir (20)
Recently uploaded
Recently uploaded (20)
Cryptography by Afroz haider mir
- 1. BABA GHULAM SHAH BADSHAH UNIVERSITY 12/9/2016 1 AFROZ BGSBU NAME :- AFROZ HAIDER ROLL NO:- 08-MCA-2014 TOPIC NAME:-SECURE SOCKET LAYER(SSL) PRESENTED TO:- DR.SANJAY JAMWAL COURSE TITLE:- CRYPTOGRAPHY AND NETWORK SECURITY
- 2. • It is an Internet protocol for secure exchange of information between a web browser and a web server • It provides ▫ Authentication ▫ Confidentiality • Developed by Netscape Corporation in 1994 • Currently comes in three versions : 2, 3 and 3.1 2
- 3. 3
- 4. Application Layer Transport Layer Internet Layer Data Link Layer Physical Layer SSL Layer 4
- 5. X L5 data 010101010100010101010010 Transmission medium H4L5 data H3L4 data Application Transport Internet Physical H2L3 data Data Link Y L5 data 010101010100010101010010 H4L5 data H3L4 data H2L3 data 5
- 6. X L5 data 010101010100010101010010 Transmission medium H4L5 data H3L4 data Application Transport Internet Physical L5 data SSLSH H2L3 data Data Link Y L5 data 010101010100010101010010 H4L5 data H3L4 data L5 data SH H2L3 data 6
- 7. 7
- 8. 1 • Handshake protocol 2 • Record protocol 3 • Change Cipher protocol 4 • Alert protocol 8
- 9. Type Length Content 1 byte 3 bytes 1 or more bytes Message Format 9
- 10. Message Type Parameters Hello request None Client hello Version, Random number, Session id, Cipher suite, Compression method Server hello Version, Random number, Session id, Cipher suite, Compression method Certificate Chain of X.509V3 certificates Server key exchange Parameters, signature Certificate request Type, authorities Server hello done None Certificate verify Signature Client key exchange Parameters, signature Finished Hash value 10
- 11. 1 • Establish security capabilities 2 • Server authentication and key exchange 3 • Client authentication and key exchange 4 • Finish 11
- 12. • Used to initiate logical connection and establish security capabilities. • Consists of two messages ▫ Client hello ▫ Server hello 12
- 13. Web Browser Web Server Step 1: Client hello Step 2: Server hello 13
- 14. • Identifies highest version of SSL that client can supportVersion • 32 bit date time field • 28 byte random number Random • Variable length session identifier • Can be zero (new session) or non zero (connection exists) Session id • Contains list of cryptographic algorithms supported by the clientCipher suite • Contains list of compression algorithms supported by the client Compression method 14
- 15. • Identifies lower of version suggested by client and highest supported by serverVersion • Same structure as that in client hello • Random value independent of client’s value Random • Uses same value if client sends non zero value • Otherwise creates new session id Session id • Contains single cipher suite which server selects from the list sent by clientCipher suite • Contains single compression algorithm which server selects from the list sent by client Compression method 15
- 16. 16 Web Browser Web ServerStep 2: Server key exchange Step 3: Certificate request Step 4: Server hello done Step 1: Certificate
- 17. 17 • Server sends its Digital certificate • Helps the to authenticateCertificate • Sent only if the certificate does not contain enough information to complete the key exchange Server key exchange • Sent if the client needs to authenticate itself Certificate request • Sent to indicate that the server is finished its part of the key exchange • after sending this message the server waits for client response Server hello done
- 18. 18 Web Browser Web Server Step 1: Certificate Step 2: Client key exchange Step 3: Certificate verify
- 19. 19 • will send a certificate message or a no certificate alertCertificate • always sent • RSA encrypted pre-master secret Client key exchange • sent only if the client sent a certificate • provides client authentication • contains signed hash of all the previous handshake messages Certificate verify
- 20. 20 Web Browser Web Server Step 1: Change cipher specs Step2 : Finished Step 3: Change cipher specs Step 4: Finished
- 21. • Provide two services for SSL connections: Confidentiality: by encrypting application data. Message Integrity: by computing MAC over the compressed data. • Can be utilized by some upper-layer protocols of SSL.
- 22. 22 ≤ 214 bytes (optional; default: null)
- 23. 23
- 24. 24 IF THE ERROR IS FATAL ,BOTH THE PARTIES IMMEDIATELY CLOSE THE CONNECTION.BOTH THE PARTIES ALSO THE SESSION IDENTIFIERS,SECRET AND KEYS ASSOCAITED WITH THIS CONNECTION BEFORE IT IS TERMOINATED WHEN EITHER THE CLIENT OR SERVER DETECTS AN ERROR THE DETECTING PARTY SENDS AN ALERT MESSAGE TO THE OTHER PARTY. SEVERITY 1 BYTE CAUSE 2 BYTE ALERT PROTOCOL MESSAGE FORMAT
- 28. 28 Authentication of server – How does client know who they are dealing with? Information integrity – How do we know third party has not altered data en route? Bob’s web siteAlice thinks she is at Bob’s site, but Darth is spoofing it Bob’s web siteAddress information Change so item shipped to Darth
- 29. 29 There are several versions of the SSL protocol defined. The latest version, the Transport Layer Security Protocol (TLS), is based on SSL 3.0 SSL Version 1.0 SSL Version 2.0 SSL Version 3.0 TLS Version 1.0 TLS Version 1.0 with SSL Version 3.0
- 30. 30 www.aiub.edu
- 31. 31 www.gmail.com
- 33. 33
- 34. 34 https://www.digicert.com/ssl.htm http://www.webopedia.com/TERM/S/SSL.html http://en.wikipedia.org/wiki/Transport_Layer_Security
- 35. 35