SSL is a secure protocol that runs above TCP/IP and allows users to encrypt data and authenticate servers securely. It was first developed by Netscape in 1994 to provide server authentication, encryption of messages, and message integrity. SSL establishes an encrypted connection between a client and server through a handshake process that verifies servers, negotiates encryption, and generates symmetric keys to encrypt subsequent communication. It has become the standard security technology for web servers and browsers to protect online transactions and sensitive data transmission over the internet.
Securing TCP connections using SSL
Originally developed by Netscape
Communications to allow secure access of a
browser to a Web server, Secure Sockets
Layer (SSL) has become the accepted
standard for Web security.1 The first version
of SSL was never released because of
problems regarding protection of credit
card transactions on the Web. In 1994,
Netscape created SSLv2, which made it
possible to keep credit card numbers
confidential and also authenticate the Web
server with the use of encryption and digital
certificates. In 1995, Netscape strengthened
the cryptographic algorithms and resolved
many of the security problems in SSLv2
with the release of SSLv3. SSLv3 now
supports more security algorithms
than SSLv2.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Securing TCP connections using SSL
Originally developed by Netscape
Communications to allow secure access of a
browser to a Web server, Secure Sockets
Layer (SSL) has become the accepted
standard for Web security.1 The first version
of SSL was never released because of
problems regarding protection of credit
card transactions on the Web. In 1994,
Netscape created SSLv2, which made it
possible to keep credit card numbers
confidential and also authenticate the Web
server with the use of encryption and digital
certificates. In 1995, Netscape strengthened
the cryptographic algorithms and resolved
many of the security problems in SSLv2
with the release of SSLv3. SSLv3 now
supports more security algorithms
than SSLv2.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
3. 3
SSL Facts
• SSL was first developed by Netscape in 1994
and became an internet standard in 1996 (
RFC 2246 – TLS V1.0)
• SSL is a cryptographic protocol to secure
network across a connection-oriented layer
• Any program using TCP can be modified to
use SSL connection
4. 4
SSL Facts
• SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
• SSL is flexible in choice of which symmetric
encryption, message digest, and authentication can
be used
• SSL provides built in data compression
5. 5
SSL Usage
• Authenticate the server to the client
• Allow the client and server to select cryptographic
algorithms, or ciphers, that they both support
• Optionally authenticate the client to the server
• Use public key encryption techniques to generate
shared secret key
• Establish an encrypted SSL connection
6. 6
Secure Socket Layer
SSL is a secure protocol which runs above TCP/IP
and allows users to encrypt data and authenticate
servers/vendors identity securely
Application
layer
Transport
layer
TCP/IP layer
SMTPS
FTPS
HTTPS
SECURE SOCKET LAYER
16. 16
Key exchange and certificate
SSL version number client supported
(v2, v3)
Ciphers supported client
(DES, RC2, RC4)
Client Random Number
SSL version number server picked
(v2, v3)
Ciphers server picked
(DES, RC2, RC4)
Server Random Number
Server
Client
Public
key
Private
key
Public key
Certificate
20. 20
SSL Handshake
Client hello
Server hello
Present Server Certificate
*Request Client Certificate
Server Key Exchange
Client Finish
*Present Client Certificate
Client Key Exchange
*Certificate Verify
Change Cipher Spec
Server Finish
Change Cipher Spec
Client
Server
Application Data
21. 21
Server Hello Request
• Notifies the client that they should send a client hello
message to begin the negotiation process
• Sent by the server at any time
• After the server sends a request, it does not send
another one until a handshake has been completed
• Client can choose to ignore them or send a Client
Hello
22. 22
Client Hello
• Sent by the client
–When first connecting to a server
–In response to a hello request or on its own
• Contains
–32 bytes random number created by a
secure random number generator
–Protocol version
–Session ID
–A list of supported ciphers
–A list of compression methods
23. 23
Server Hello
• Sent as response if client hello is accepted
– If not, a handshake failure alert is sent
• Contains
– 32 bytes random number created by a secure random
number generator
– Protocol version
– Session ID
– Cipher suite chosen
– Compression method selected
24. 24
Server Certificates
• Immediately following the server hello, the
server sends its certificate
– Generally an X.509.v3 certificate
• Server sends server hello done message
26. 26
Client Certificate (optional)
Client only sends a certificate upon the receipt of
a certificate request
– Sends after receiving server hello done
– If the client does not have a suitable
certificate, it sends a no certificate alert
• Server will respond with a fatal handshake failure
if a client certificate is necessary
28. 28
Key Exchange
• Client sends 48-bytes pre-master, encrypted
using server’s public key, to the server
• Both server and client use the pre-master to
generate the master secret
• A same session key is generated on both
client and server side using the master secret
29. 29
Final Steps
• Client sends change_cipher_spec
• Client sends finished message
• Server sends change_cipher_spec
• Server sends finished message
31. 31
Record Layer
• Compression and decompression
• A MAC is applied to each record using the MAC
algorithm defined in the current cipher spec
• Encryption occurs after compression
• May need fragmentation
33. 33
Alert Layer
• Explain severity of the message and a description
–fatal
•Immediate termination
•Other connections in session may continue
•Session ID invalidated to prevent failed session to open new
sessions
• Alerts are compressed same as other data
35. 35
Change Cipher Spec Protocol
• Notify the other party to use the new
cipher suite
• Before the Finished message
36. 36
Comparison of SSL V2.0 and
V3.0
• SSL 2.0 is vulnerable to “man-in-the-
middle” attack. The hello message can
be modified to use 40 bits encryption.
SSL 3.0 defends against this attack by
having the last handshake message
include a hash of all the previous
handshake message
37. 37
Comparison of SSL V2.0 and V3.0
• SSL 2.0 uses a weak MAC construction
• In SSL 3.0, the Message Authentication
Hash uses a full 128 bits of key material
for Export cipher, while SSL 2.0 uses
only 40 bits
38. 38
Comparison of SSL V2.0 and V3.0
• SSL 2.0 only allows a handshake at the beginning of
the connection. In 3.0, the client can initiate a
handshake routine any time
• SSL 3.0 allows server and client to send chains of
certificate
• SSL 3.0 has a generalized key exchange protocol. It
allows Diffie-Hellman and Fortezza key exchange
• SSL 3.0 allows for record compression and
decompression
39. 39
Problem Free?
• Side channel attack – discovered by Swiss Federal
Institute of Technology in Lausanne
http://www.newsfactor.com/perl/story/20843.html
• Information leak in encrypted connections. Vulnerable
openssl versions do not perform a MAC computation if
an incorrect block cipher padding is used. An active
attacker who can insert data into an existing encrypted
connection is then able to measure time differences
between the error messages the server sends. This
information can make it easier to launch cryptographic
attacks that rely on distinguishing between padding and
MAC verification errors, possibly leading to extraction of
the original plaintext.
42. 42
WTLS Facts
•Mainly used to secure data transport between
wireless device and gateway
•Built on top of datagram (UDP) instead of
TCP
•WTLS provides full, optimized and abbreviated
handshake to reduce roundtrips in high-latency
networks
43. 43
WTLS Facts
• WTLS uses different format of certificates, mainly
WTLS certificate, X509v1 and 968. It also supports
additional cipher suites, such as RC5, short hashes,
ECC, etc;
• WTLS provides built-in key-refresh mechanism for
renegotiation;
• WTLS can also set session resumable to continue
on a previous session.
45. 45
Comparison of Traditional Web
Application and Web Service
• Client-server system vs multi-party
• Simple protocol sets vs complicated
protocol sets
48. 48
WS-Security
• A“ what” not “how”
• Security token is embedded inside
SOAP headers
• Message integrity is provided by XML
Signature and security tokens
• Message confidentiality is provided by
XML Encryption with security tokens
