SlideShare a Scribd company logo

Lecture #22 : Web Privacy & Security Breach

D
Dr. Ramchandra Mangrulkar

ASSDF: Module 3

Engineering
1 of 15
Download to read offline
Lecture #21: HTTPS , SSL & TLS Dr.Ramchandra Mangrulkar September 17, 2020 Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 1 / 15
Contents HTTPS SSL Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 2 / 15
Contents Who developed HTTP Protocol? What are the basic components of First version of HTTP Protocol developed? What was the First version of HTTP Protocol called? Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 3 / 15
HTTP and HTTPS HTTP is the secured version of HTTP: HyperText Transfer Protocol. Web browser is the client. browser sends a request message to the HTTP server for the requested objects. HTTPS is the secured version of HTTP SSL/TLS When that exchange of data is encrypted with SSL/TLS, HTTPS HTTP opens a connection between the client and server through TCP. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 4 / 15
HTTP Connections Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 5 / 15
HTTP Vs HTTPS 1 1 https://www.suntech.org.ng/ Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 6 / 15
Secure Socket Layer (SSL) HTTPS established an encrypted link between the browser and the web server using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. can be browser to server, server to server or client to server. SSL establishes an encrypted link using an SSL certificate which is also known as a digital certificate. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 7 / 15
SSL Working The attacker presents a page with a desirable and seemingly innocuous program for the user to download, for example, a browser toolbar or a photo organizer utility. Attack also defeats users’ access controls that would normally block software downloads and installations, because the user intentionally accepts this software. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 8 / 15
SSL Working SSL fundamentally works with Asymmetric and Symmetric Cryptography Protocols. SSL handshake is an asymmetric cryptography which allows the browser to verify the web server, get the public key and establish a secure connection Both the client and the server have a valid session key which they will use to encrypt or decrypt actual data. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 9 / 15
SSL Handshake Steps The client sends a ”client hello” message. - client’s SSL version number, -cipher settings, -session-specific data and -other information, the server needs. The server responds - server’s SSL version number, -cipher settings, -session-specific data, an- SSL certificate with a public key - other information that the client needs to communicate The client verifies the server’s SSL certificate from -CA (Certificate Authority) and -authenticates the server. - authentication fails, then the -throws an exception. - authentication succeeds, - step 4. The client creates a session key, encrypts it with the server’s public key and sends it to the server. -if server has requested client authentication - then the client sends his own certificate to the server. The server decrypts the session key with its private key - sends the acknowledgement to the client encrypted with the session key. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 10 / 15
SSL Data Transfer The client and the server now use a shared session key to encrypt and decrypt actual data and transfer it. This is done using the same session key at both ends and so, it is a symmetric cryptography. There are certain infrastructures involved in achieving SSL communication in real life, which are called Public Key Infrastructure. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 11 / 15
SSL Certificates What are the types of SSL certificates? Single-domain -only one domain Wildcard -Like a single-domain certificate -it also includes that domain’s subdomains. -e.g. www.cloudflare.com, blog.cloudflare.com, and developers.cloudflare.com, Multi-domain- - can apply to multiple unrelated domains. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 12 / 15
SSL Validation Levels Domain Validation: This is the least-stringent level of validation, and the cheapest. All a business has to do is prove they control the domain. Organization Validation: This is a more hands-on process: The CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users. Extended Validation: This requires a full background check of an organization before the SSL certificate can be issued. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 13 / 15
TLS Security protocol designed to facilitate privacy and data security for communications over the Internet. Aencrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). TLS, IETF in 1999. Recent version is TLS 1.3, which was published in 2018. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 14 / 15
TLS What is the difference between TLS and SSL? TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. What does TLS do? -Encryption: hides the data being transferred from third parties. -Authentication: ensures that the parties exchanging information are who they claim to be. -Integrity: verifies that the data has not been forged or tampered with. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 15 / 15

Recommended

Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
Dr. Ramchandra Mangrulkar
 
Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)
Dr. Ramchandra Mangrulkar
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
Worteks
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
Internet banking applications' security
Internet banking applications' securityInternet banking applications' security
Internet banking applications' security
SecuRing
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
Https interception
Https interceptionHttps interception
Https interception
Andrey Apuhtin
 

Recommended

Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
Dr. Ramchandra Mangrulkar
 
Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)
Dr. Ramchandra Mangrulkar
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
Worteks
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
Internet banking applications' security
Internet banking applications' securityInternet banking applications' security
Internet banking applications' security
SecuRing
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
Https interception
Https interceptionHttps interception
Https interception
Andrey Apuhtin
 
Cryptography in Blockchain
Cryptography in BlockchainCryptography in Blockchain
Cryptography in Blockchain
EC-Council
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
IRJET Journal
 
Ppt
PptPpt
Ppt
Nidhi Bansal
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
Zied GUESMI
 
0011sas security whitepaper
0011sas security whitepaper0011sas security whitepaper
0011sas security whitepaper
CMR WORLD TECH
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET Journal
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
Laurentiu Meirosu
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
rahulmonikasharma
 
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL ClassifierAutomating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Roberto Sponchioni
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
Shakas Technologies
 
web security
web securityweb security
web security
Chirag Patel
 
IRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger TechnologyIRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger Technology
IRJET Journal
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
IJERD Editor
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
RAHUL126667
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
EMC
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Audit free cloud storage via deniable attribute-based encryption
Audit free cloud storage via deniable attribute-based encryptionAudit free cloud storage via deniable attribute-based encryption
Audit free cloud storage via deniable attribute-based encryption
Shakas Technologies
 
Asymmetric cryptography
Asymmetric cryptographyAsymmetric cryptography
Asymmetric cryptography
Service_supportAssignment
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 

More Related Content

What's hot

Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
IJNSA Journal
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Asymmetric cryptography
Asymmetric cryptographyAsymmetric cryptography
Asymmetric cryptography
Service_supportAssignment
 

What's hot (20)

Cryptography in Blockchain
Cryptography in BlockchainCryptography in Blockchain
Cryptography in Blockchain
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
 
Ppt
PptPpt
Ppt
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
 
0011sas security whitepaper
0011sas security whitepaper0011sas security whitepaper
0011sas security whitepaper
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
 
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL ClassifierAutomating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
Automating your SOC/CSIRT - The case study: Pescatore a real time URL Classifier
 
Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...Identity based proxy-oriented data uploading and remote data integrity checki...
Identity based proxy-oriented data uploading and remote data integrity checki...
 
web security
web securityweb security
web security
 
IRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger TechnologyIRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger Technology
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
 
Frost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed CryptographyFrost & Sullivan: Moving Forward with Distributed Cryptography
Frost & Sullivan: Moving Forward with Distributed Cryptography
 
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONSECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTION
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Audit free cloud storage via deniable attribute-based encryption
Audit free cloud storage via deniable attribute-based encryptionAudit free cloud storage via deniable attribute-based encryption
Audit free cloud storage via deniable attribute-based encryption
 
Asymmetric cryptography
Asymmetric cryptographyAsymmetric cryptography
Asymmetric cryptography
 

Similar to Lecture #22 : Web Privacy & Security Breach

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docx
todd401
 

Similar to Lecture #22 : Web Privacy & Security Breach (20)

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
Https presentation
Https presentationHttps presentation
Https presentation
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docx
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
SSL-image
SSL-imageSSL-image
SSL-image
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 

More from Dr. Ramchandra Mangrulkar

More from Dr. Ramchandra Mangrulkar (20)

Blockchain#2.pdf
Blockchain#2.pdfBlockchain#2.pdf
Blockchain#2.pdf
 
Blockchain#1.pdf
Blockchain#1.pdfBlockchain#1.pdf
Blockchain#1.pdf
 
Blockchain#3.pdf
Blockchain#3.pdfBlockchain#3.pdf
Blockchain#3.pdf
 
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
 
Lecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationLecture #32: Forensic Duplication
Lecture #32: Forensic Duplication
 
Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingLecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
 
LEcture #28-#30
LEcture #28-#30LEcture #28-#30
LEcture #28-#30
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 
Lecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security BreachLecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security Breach
 
Lecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityLecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application Security
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
 
Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part I
 
Lecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity ManagementLecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity Management
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
 
Lecture #6: Multilevel Security Models
Lecture #6: Multilevel Security ModelsLecture #6: Multilevel Security Models
Lecture #6: Multilevel Security Models
 
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel SecurityLecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
 
Lecture #4: Access Control Policies
Lecture #4: Access Control PoliciesLecture #4: Access Control Policies
Lecture #4: Access Control Policies
 
Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II
 
Lecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part ILecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part I
 

Recently uploaded

Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
Kamal Acharya
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
Kamal Acharya
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
Kamal Acharya
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
AbrahamGadissa
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
Kamal Acharya
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
Kamal Acharya
 

Recently uploaded (20)

Arduino based vehicle speed tracker project
Arduino based vehicle speed tracker projectArduino based vehicle speed tracker project
Arduino based vehicle speed tracker project
 
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES INTRODUCTION UNIT-IENERGY STORAGE DEVICES INTRODUCTION UNIT-I
ENERGY STORAGE DEVICES INTRODUCTION UNIT-I
 
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWINGBRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
BRAKING SYSTEM IN INDIAN RAILWAY AutoCAD DRAWING
 
Online blood donation management system project.pdf
Online blood donation management system project.pdfOnline blood donation management system project.pdf
Online blood donation management system project.pdf
 
Introduction to Casting Processes in Manufacturing
Introduction to Casting Processes in ManufacturingIntroduction to Casting Processes in Manufacturing
Introduction to Casting Processes in Manufacturing
 
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
NO1 Pandit Amil Baba In Bahawalpur, Sargodha, Sialkot, Sheikhupura, Rahim Yar...
 
Scaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltageScaling in conventional MOSFET for constant electric field and constant voltage
Scaling in conventional MOSFET for constant electric field and constant voltage
 
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data StreamKIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
KIT-601 Lecture Notes-UNIT-3.pdf Mining Data Stream
 
İTÜ CAD and Reverse Engineering Workshop
İTÜ CAD and Reverse Engineering WorkshopİTÜ CAD and Reverse Engineering Workshop
İTÜ CAD and Reverse Engineering Workshop
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
 
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
NO1 Pandit Black Magic Removal in Uk kala jadu Specialist kala jadu for Love ...
 
Laundry management system project report.pdf
Laundry management system project report.pdfLaundry management system project report.pdf
Laundry management system project report.pdf
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Digital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdfDigital Signal Processing Lecture notes n.pdf
Digital Signal Processing Lecture notes n.pdf
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission line
 
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdfONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
ONLINE VEHICLE RENTAL SYSTEM PROJECT REPORT.pdf
 
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptxCloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
 
Democratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek AryaDemocratizing Fuzzing at Scale by Abhishek Arya
Democratizing Fuzzing at Scale by Abhishek Arya
 
A case study of cinema management system project report..pdf
A case study of cinema management system project report..pdfA case study of cinema management system project report..pdf
A case study of cinema management system project report..pdf
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 

Lecture #22 : Web Privacy & Security Breach

  • 1. Lecture #21: HTTPS , SSL & TLS Dr.Ramchandra Mangrulkar September 17, 2020 Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 1 / 15
  • 2. Contents HTTPS SSL Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 2 / 15
  • 3. Contents Who developed HTTP Protocol? What are the basic components of First version of HTTP Protocol developed? What was the First version of HTTP Protocol called? Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 3 / 15
  • 4. HTTP and HTTPS HTTP is the secured version of HTTP: HyperText Transfer Protocol. Web browser is the client. browser sends a request message to the HTTP server for the requested objects. HTTPS is the secured version of HTTP SSL/TLS When that exchange of data is encrypted with SSL/TLS, HTTPS HTTP opens a connection between the client and server through TCP. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 4 / 15
  • 5. HTTP Connections Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 5 / 15
  • 6. HTTP Vs HTTPS 1 1 https://www.suntech.org.ng/ Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 6 / 15
  • 7. Secure Socket Layer (SSL) HTTPS established an encrypted link between the browser and the web server using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. can be browser to server, server to server or client to server. SSL establishes an encrypted link using an SSL certificate which is also known as a digital certificate. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 7 / 15
  • 8. SSL Working The attacker presents a page with a desirable and seemingly innocuous program for the user to download, for example, a browser toolbar or a photo organizer utility. Attack also defeats users’ access controls that would normally block software downloads and installations, because the user intentionally accepts this software. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 8 / 15
  • 9. SSL Working SSL fundamentally works with Asymmetric and Symmetric Cryptography Protocols. SSL handshake is an asymmetric cryptography which allows the browser to verify the web server, get the public key and establish a secure connection Both the client and the server have a valid session key which they will use to encrypt or decrypt actual data. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 9 / 15
  • 10. SSL Handshake Steps The client sends a ”client hello” message. - client’s SSL version number, -cipher settings, -session-specific data and -other information, the server needs. The server responds - server’s SSL version number, -cipher settings, -session-specific data, an- SSL certificate with a public key - other information that the client needs to communicate The client verifies the server’s SSL certificate from -CA (Certificate Authority) and -authenticates the server. - authentication fails, then the -throws an exception. - authentication succeeds, - step 4. The client creates a session key, encrypts it with the server’s public key and sends it to the server. -if server has requested client authentication - then the client sends his own certificate to the server. The server decrypts the session key with its private key - sends the acknowledgement to the client encrypted with the session key. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 10 / 15
  • 11. SSL Data Transfer The client and the server now use a shared session key to encrypt and decrypt actual data and transfer it. This is done using the same session key at both ends and so, it is a symmetric cryptography. There are certain infrastructures involved in achieving SSL communication in real life, which are called Public Key Infrastructure. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 11 / 15
  • 12. SSL Certificates What are the types of SSL certificates? Single-domain -only one domain Wildcard -Like a single-domain certificate -it also includes that domain’s subdomains. -e.g. www.cloudflare.com, blog.cloudflare.com, and developers.cloudflare.com, Multi-domain- - can apply to multiple unrelated domains. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 12 / 15
  • 13. SSL Validation Levels Domain Validation: This is the least-stringent level of validation, and the cheapest. All a business has to do is prove they control the domain. Organization Validation: This is a more hands-on process: The CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users. Extended Validation: This requires a full background check of an organization before the SSL certificate can be issued. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 13 / 15
  • 14. TLS Security protocol designed to facilitate privacy and data security for communications over the Internet. Aencrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). TLS, IETF in 1999. Recent version is TLS 1.3, which was published in 2018. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 14 / 15
  • 15. TLS What is the difference between TLS and SSL? TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. What does TLS do? -Encryption: hides the data being transferred from third parties. -Authentication: ensures that the parties exchanging information are who they claim to be. -Integrity: verifies that the data has not been forged or tampered with. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 17, 2020 15 / 15