SlideShare une entreprise Scribd logo
1  sur  17
Télécharger pour lire hors ligne
Demonstration of secure socket layer

(Synopsis)

1
INTRODUCTION
What is SSL?
Secure Socket Layer (SSL) is the predominant method of
securing Internet transactions over the World Wide Web (WWW).
Introduced in 1994, SSL was quickly incorporated into popular web
browsers, such as from Netscape and Microsoft, primarily to protect
the confidentiality of on-line purchases by consumers. In addition to
securing E-commerce, SSL has now evolved into the preferred way
of transferring many types of sensitive data such as bill payments,
banking statements, tax returns and stock purchases over the
Internet.
Through

the

many

forms

of

Internet

eavesdropping,

unauthorized people can steal credit card numbers, PIN numbers,
personal data, and other confidential information. To transfer
information privately and securely across the Internet, the Secure
Socket Layer (SSL) protocol was developed. SSL is placed between
Transport layer and application layer. Application protocols such as
HTTP, ftp, telnet, gopher, Network News Protocol (NTTP), and
Simple Mail Transport Protocol (SMTP) can be layered easily and
transparently on top of SSL, with the TCP/IP layered beneath it.

2
SSL Basics

SSL Elements
The main role of SSL is to provide security for Web traffic.
Security

includes

confidentiality,

message

integrity,

and

authentication. SSL achieves these elements of security through the
use of cryptography, digital signatures, and certificates.

Cryptography
SSL protects confidential information through the use of
cryptography. Sensitive data is encrypted across public networks to
achieve a level of confidentiality. There are two types of data
encryption: symmetric cryptography and asymmetric cryptography
(refer to Table 1).
Symmetric cryptography uses the same key for encryption
and decryption. An example of symmetric cryptography is a decoder
ring. Alice has a ring and Bob has the same ring. Alice can encode
messages to Bob using her ring as the cipher. Bob can then decode
the sent message using his ring. In cryptography, the "decoder
ring" is considered a preshared key. The key is agreed upon by both
sides and can remain static. Both sides must know each other
already and have agreed upon what key to use for the encryption
and decryption of messages. Remember that the same key is used
for encoding as well as decoding messages—thus the term
symmetric cryptography .

3
Asymmetric algorithms use one key for encryption of data,
and then a separate key for decryption. Asymmetric algorithms are
more favorable than symmetric algorithms because even if the
encryption key is learned in one direction, the third party still needs
to know the other key in order to decrypt the message in the other
direction.

Symmetric Cryptography
•
•
the key.

Symmetric cryptography
encryption and decryption.

uses

a

single

key

for

Symmetric cryptography requires that both parties have

•
Key distribution is the inherent weakness in symmetric
cryptography.
•

Minimal CPU cycles are required to verify keys.

•

Symmetric ciphers are fortified by algorithmic strength
and key lengths.

•

SSL symmetric key lengths range from 40 to 168 bits.

Asymmetric Cryptography (PKI)
•

Asymmetric cryptography was designed in response to
the limitations of symmetric cryptography.

•

Information encrypted with one key can be decrypted
only with another key.

•

Public key infrastructure (PKI) cryptography is up to
1000

times

more

CPU

intensive

than

symmetric

cryptography.

4
•

The Rivest, Shamir, Adelman (RSA) algorithm uses
modular arithmetic to enable the concept of public and
private keys.

•

All SSL transactions begin with an asymmetric key

exchange.
With asymmetric encryption, both sides can spontaneously
spawn a transaction without ever having met. This is achieved by
the use of a public and private key pair. The public key of the entity
is public knowledge and is used for encryption, whereas the private
key of the entity remains secret and is used for decryption. PKI is
the more common name for asymmetric cryptography. Although
PKI is more secure, it also is more expensive in terms of processing
speed. The encryption and decryption of the PKI can take up to
1000 times the processing than symmetric cryptography.

Digital Signatures
To ensure message integrity, each message exchanged in SSL
has a digital signature attached to it. A digital signature is a hashed
message digest with public key information. The message digest is
based on the checksum of the message. The message digest is
difficult to reverse. Both parties compute the message digest
separately and compare the hashed results. Matching results means
that the checksum was unaltered during transit, minimizing the
chance of a compromised message

5
FIG: 1.1

Working of DIGITAL SIGNATURE

1.

Client sends a message

2.

Client has message and a public key

3.

Client hashes message with public key

4.

Server takes random message and knows public
key

5.

Server hashes message with public key

6.

Server sends hashed message

7.

Client compares its own hashed message to
Server`s message

8.

If the two match, then the message has not been
tampered.

6
Certificates
How do you trust the person to whom you are sending your
message? SSL uses digital certificates to authenticate servers. (SSL
also includes an optional authentication for clients.) Certificates are
digital documents that will attest to the binding of a public key to an
individual or other entity. They allow verification of the claim that a
specific public key does, in fact, belong to the specified entity.
Certificates help prevent someone from impersonating the server
with a false key. SSL uses X.509 certificates to validate identities.
X.509 certificates contain information about the entity, including
public key and name. A certificate authority then validates this
certificate

Certificate Authority
Whenever you go to a place, where security checks are
available they check your ID to verify who you are. Your driver's
license validates your ability to drive; more importantly, however,
your driver's license is a trusted form of identity because your
license was issued by a trusted third party. In the same way, a
digital certificate is a mere statement of the identity of the body or
individual who wishes to be authenticated. A trusted third party
outside the server and client pair is needed to validate the
certificate. This third party is the certificate authority. Reputable
certificate authorities, such as VeriSign, are responsible for ensuring
the trust of all World Wide Web entities.

Certificate Chaining

7
In some cases it may be necessary to create a chain of
certificates, each one certifying the previous one until the parties
involved are confident of the identity in question. This process is
called certificate chaining. Certificate chaining is important in
situations where the first line of certificate authorities may not be as
well known or trusted as another certificate authority.

How SSL works
When a client and server communicate, SSL ensures that the
connection is private and secure by providing authentication and
encryption. Authentication confirms that the server and the client
are who they say they are. Encryption then creates a secure
“tunnel” between the two, which prevents any unauthorized system
from reading the data. SSLenabled clients (such as a Netscape or
Microsoft browser) and SSL-enabled servers (such as Apache or IIS)
confirm each other’s identities using digital certificates. Digital
certificates are issued by trusted third parties called Certificate
Authorities (or CAs) and provide information about an individual’s
claimed identity, as well as their public key. By validating digital
certificates both parties can ensure that an imposter has not
intercepted a transmission.
SSL uses both public-key and symmetric key encryption.. The
secure tunnel that SSL creates is an encrypted connection that
ensures that all information sent between an SSL enabled client and
an SSL-enabled server remains private. SSL also provides a
Demonstration of SSL May 2007 Page 12 of 105 mechanism for
detecting if someone has altered the data in transit. These message
integrity checks ensure that the connection is reliable. If, at any
point during a transmission, SSL detects that a connection is not

8
secure, it will terminate the connection and the client and server will
establish a new secure connection.
SSL Roles
SSL has two distinct entities, server and client. The client is
the entity that initiates the transaction, whereas the server is the
entity that responds to the client and negotiates which cipher suites
are used for encryption. In SSL, the Web browser is the client and
the Web-site server is the server.
Three protocols lie within SSL, the Handshake Protocol, the
Record Protocol, and the Alert Protocol. The client authenticates the
server during the Handshake Protocol. When the session is initiated
and the handshake is complete, the data transfer is encrypted
during the Record Protocol phase. If there are any alarms at any
point during the session, the alert is attached to the questionable
packet and handled according to the Alert Protocol
PROTOCOL STACK:

FIG 1.2

Protocol Stack of SSL PROTOCOL

SSL Handshake

9
The client always authenticates the server, and the server has
the option of also authenticating the client. In general, Web servers
do not authenticate the client during the Handshake Protocol
because the server has other ways to verify the client other than
SSL. For e-commerce, the Web-site server can verify the credit card
number externally from the SSL session. In this way, the server can
reserve precious processing resources for encrypted transactions.
During the Handshake Protocol, the following important steps
take place: the session capabilities are negotiated, meaning the
encryption (ciphers) algorithms are negotiated; and the server is
authenticated to the client.
SSL uses symmetric cryptography for the bulk data encryption
during the transfer phase; however, asymmetric cryptography,
(that is, PKI) is used to negotiate the key used for that symmetric
encryption. This exchange is critical to the Handshake Protocol.
Note that the server may optionally ask the client to authenticate
itself. However, it is not necessary to the protocol. The following are
the figure and steps that describes the function of the Handshake
Protocol.

Handshake Protocol:

1.

Client sends ClientHello message.

2.

Server acknowledges with ServerHello message

3.

Server sends its certificate

4.

Optional: Server requests client's certificate

5.

Optional: Client sends its certificate

10
6.

Client sends ClientKeyExhcange message

7.

Client sends Certificate Verify message

8.

Both send ChangeCipherSpec messages

9.

Both send Finished messages

FIG 1.3

Describing the function of HANDSHAKE PROTOCOL

SSL Records

11
The encryption for all messaging in SSL is handled in the
Record Protocol. This protocol provides a common format to frame
all Alert, ChangeCiperSpec, Handshake, and application protocol
messages. SSL records consist of the encapsulated data, digital
signature, message type, version, and length. SSL records are 8
bytes long. Because the record length is fixed, encrypted messages
sometimes include padding and pad length in the frame, (i.e..,
shown in the table below).
An Example of an SSL Record

Type

Version

Length

Data
Hashed-based message authentication code (HMAC) message digest
algorithm 5 (MD5)
Pad

Pad Length

8-byte Packet

FIG 1.4

An example of an FRAME format of SSL RECORD data
packet

SSL Alert Protocol
As

mentioned

earlier,

the

Alert

Protocol

handles

any

questionable packets. If either the server or client detects an error,
it sends an alert containing the error. There are three types of alert
messages: warning, critical, and fatal. Based on the alert message

12
received, the session can be restricted (warning, critical) or
terminated (fatal).

SSL Transactions
SSL is comprised of two protocols: the SSL Handshake
protocol and the SSL Record protocol. These protocols work
together to secure an SSL transaction. The SSL Handshake Protocol
handles key exchange and the SSL Record Protocol handles the bulk
data transfer. The SSL Handshake Protocol does the following: • authenticates the server to the client (optionally, the client
to the server)
• allows the client and server to negotiate the cipher suite to
be used
• allows the client and the server to generate symmetric
session keys
• establishes the encrypted SSL connection
Once the key exchange is complete, the client and the server
use this key to encrypt all communication between them. The
encryption is done with a symmetric key encryption algorithm, such
as RC4 or DES. This is the function of the SSL Record Protocol. To
illustrate how SSL works, assume a user wants to make a purchase
over the Internet and needs to send a credit card number to a
secure web site. The server sends its digital certificate which if
valid, results in the transmission of client’s credit card number.
Crypto Algorithms

13
SSL supports a variety of different cryptographic algorithms,
or

ciphers,

that

it

uses

for

authentication,

transmission

of

certificates, and establishing session keys. SSL-enabled devices can
be configured to support different sets of ciphers, called cipher
suites. If an SSL-enabled client and an SSL-enabled server support
multiple cipher suites, the client and server may negotiate which
cipher suites they will use in an attempt to use the strongest
possible security supported by both parties. SSL supports the
following cipher suites: Key exchange algorithms are: RSA (Rivest, Shamir and Adleman)
Fixed Diffie Hellman
Symmetric key algorithms:
DES (Data Encryption Standard)
3 DES (Data Encryption Standard)
Hash algorithms
MD5 (Message Digest)
SHA-1(Secure Hash Algorithm)
The key exchange algorithms are used to establish the master
secret, while the symmetric key algorithms are used for encryption
of

bulk

data.

The

hash

algorithms

are

used

for

message

authentication

Problem Definition

Information is now the most valuable resource in the world.
Whether it is a personal letter or an industrial secret, all information
has a worth to someone. This this is considers issues of security and
privacy for such information. It discusses the reasons for wishing to
protect data and the methods available for doing so.

14
For secure transferring of information between the sockets at
distant places which mainly requires security so that the message
may not be tampered while it has been transferred.
This project deals with the implementation of the Secure
Socket Layer protocol. Here we are mainly concerned with the
implementation of the client and server entities and the SSL
transaction between them. This transaction comprises of the
authentication,

key

exchange

and

bulk

data

transfer.

Our

implementation guarantees secure and reliable communication
(message exchange) and data transfer (files) between the two
entities.

REQUIREMENT ANALYSIS
Requirement analysis is to understand the problem and collect
the requirements to solve the problem. It results in a system
description and a set of requirements to solve the problem.
Requirement analysis is a communication intensive activity. If the
communication fails, even the rest technical approach will fail short.
Analysis is used to gain an understanding of an existing
system and what is acquired of it. It is very important in the
development of project life cycle. It helps us to develop a new
package, which satisfies all the necessary goals. The fundamental
activities of the system analysis phases are:•

Understanding the system clearly.

•

Analysis the needs and creating a design for the new
system.

•

Difficulties in the existing system.

15
•

Propose new system.

System analysis is an important activity that takes place when
we are building new information or changing the existing one. It is
therefore

necessary

to

spend

considerable

time

to

properly

understand the system and its problems.

16
SOFTWARE REQUIREMENTS:
Language : J2SDK 1.5.0 Version
Opertaing System : Windows XP

HARDWARE REQUIREMENTS:

LAN Requirements:
Connected with : D-Link cat 5 (Category 5)
LAN Configuration:

10/1000/10000

Each Terminal configuration:
Processor :

Intel

P-IV

based

system
Processor Speed :

250

MHZ

to

833 MHZ
RAM :
Hard Disk :
LAN Speed:

512 MB
40 GB

100 Mbps.

17

Contenu connexe

Tendances

Digital signature
Digital  signatureDigital  signature
Digital signatureAJAL A J
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signaturesMazin Alwaaly
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureRahul Yadav
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
C08 crypto-digital signature13
C08 crypto-digital signature13C08 crypto-digital signature13
C08 crypto-digital signature13ravik09783
 
Digital signatures - A mathematical scheme for demonstrating the authenticity...
Digital signatures - A mathematical scheme for demonstrating the authenticity...Digital signatures - A mathematical scheme for demonstrating the authenticity...
Digital signatures - A mathematical scheme for demonstrating the authenticity...Bitcoin Association of Australia
 
Digital signature introduction
Digital signature introductionDigital signature introduction
Digital signature introductionAsim Neupane
 
Digital signatures
 Digital signatures Digital signatures
Digital signaturesSTUDENT
 
What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?MSA Technosoft
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 

Tendances (19)

Digital signature
Digital  signatureDigital  signature
Digital signature
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Information and data security digital signatures
Information and data security digital signaturesInformation and data security digital signatures
Information and data security digital signatures
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
C08 crypto-digital signature13
C08 crypto-digital signature13C08 crypto-digital signature13
C08 crypto-digital signature13
 
Digital signatures - A mathematical scheme for demonstrating the authenticity...
Digital signatures - A mathematical scheme for demonstrating the authenticity...Digital signatures - A mathematical scheme for demonstrating the authenticity...
Digital signatures - A mathematical scheme for demonstrating the authenticity...
 
Digital signature introduction
Digital signature introductionDigital signature introduction
Digital signature introduction
 
Digital signatures
 Digital signatures Digital signatures
Digital signatures
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?What is a Digital Signature? | How Digital Signature work?
What is a Digital Signature? | How Digital Signature work?
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature Scheme
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 

Similaire à Demonstration of secure socket layer(synopsis)

Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL CertificateCheapSSLUSA
 
Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentationAmjad Bhutto
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications nishchal29
 
Https interception proxies
Https interception proxiesHttps interception proxies
Https interception proxiesgeeksec80
 

Similaire à Demonstration of secure socket layer(synopsis) (20)

Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentation
 
ssl
sslssl
ssl
 
ssl's guide
ssl's guidessl's guide
ssl's guide
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Cryptography
CryptographyCryptography
Cryptography
 
Ssl
SslSsl
Ssl
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
The world of encryption
The world of encryptionThe world of encryption
The world of encryption
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications
 
3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report
 
Https interception proxies
Https interception proxiesHttps interception proxies
Https interception proxies
 

Plus de Mumbai Academisc

Plus de Mumbai Academisc (20)

Non ieee java projects list
Non  ieee java projects list Non  ieee java projects list
Non ieee java projects list
 
Non ieee dot net projects list
Non  ieee dot net projects list Non  ieee dot net projects list
Non ieee dot net projects list
 
Ieee java projects list
Ieee java projects list Ieee java projects list
Ieee java projects list
 
Ieee 2014 java projects list
Ieee 2014 java projects list Ieee 2014 java projects list
Ieee 2014 java projects list
 
Ieee 2014 dot net projects list
Ieee 2014 dot net projects list Ieee 2014 dot net projects list
Ieee 2014 dot net projects list
 
Ieee 2013 java projects list
Ieee 2013 java projects list Ieee 2013 java projects list
Ieee 2013 java projects list
 
Ieee 2013 dot net projects list
Ieee 2013 dot net projects listIeee 2013 dot net projects list
Ieee 2013 dot net projects list
 
Ieee 2012 dot net projects list
Ieee 2012 dot net projects listIeee 2012 dot net projects list
Ieee 2012 dot net projects list
 
Spring ppt
Spring pptSpring ppt
Spring ppt
 
Ejb notes
Ejb notesEjb notes
Ejb notes
 
Java web programming
Java web programmingJava web programming
Java web programming
 
Java programming-examples
Java programming-examplesJava programming-examples
Java programming-examples
 
Hibernate tutorial
Hibernate tutorialHibernate tutorial
Hibernate tutorial
 
J2ee project lists:-Mumbai Academics
J2ee project lists:-Mumbai AcademicsJ2ee project lists:-Mumbai Academics
J2ee project lists:-Mumbai Academics
 
Web based development
Web based developmentWeb based development
Web based development
 
Jdbc
JdbcJdbc
Jdbc
 
Java tutorial part 4
Java tutorial part 4Java tutorial part 4
Java tutorial part 4
 
Java tutorial part 3
Java tutorial part 3Java tutorial part 3
Java tutorial part 3
 
Java tutorial part 2
Java tutorial part 2Java tutorial part 2
Java tutorial part 2
 
Engineering
EngineeringEngineering
Engineering
 

Dernier

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Dernier (20)

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

Demonstration of secure socket layer(synopsis)

  • 1. Demonstration of secure socket layer (Synopsis) 1
  • 2. INTRODUCTION What is SSL? Secure Socket Layer (SSL) is the predominant method of securing Internet transactions over the World Wide Web (WWW). Introduced in 1994, SSL was quickly incorporated into popular web browsers, such as from Netscape and Microsoft, primarily to protect the confidentiality of on-line purchases by consumers. In addition to securing E-commerce, SSL has now evolved into the preferred way of transferring many types of sensitive data such as bill payments, banking statements, tax returns and stock purchases over the Internet. Through the many forms of Internet eavesdropping, unauthorized people can steal credit card numbers, PIN numbers, personal data, and other confidential information. To transfer information privately and securely across the Internet, the Secure Socket Layer (SSL) protocol was developed. SSL is placed between Transport layer and application layer. Application protocols such as HTTP, ftp, telnet, gopher, Network News Protocol (NTTP), and Simple Mail Transport Protocol (SMTP) can be layered easily and transparently on top of SSL, with the TCP/IP layered beneath it. 2
  • 3. SSL Basics SSL Elements The main role of SSL is to provide security for Web traffic. Security includes confidentiality, message integrity, and authentication. SSL achieves these elements of security through the use of cryptography, digital signatures, and certificates. Cryptography SSL protects confidential information through the use of cryptography. Sensitive data is encrypted across public networks to achieve a level of confidentiality. There are two types of data encryption: symmetric cryptography and asymmetric cryptography (refer to Table 1). Symmetric cryptography uses the same key for encryption and decryption. An example of symmetric cryptography is a decoder ring. Alice has a ring and Bob has the same ring. Alice can encode messages to Bob using her ring as the cipher. Bob can then decode the sent message using his ring. In cryptography, the "decoder ring" is considered a preshared key. The key is agreed upon by both sides and can remain static. Both sides must know each other already and have agreed upon what key to use for the encryption and decryption of messages. Remember that the same key is used for encoding as well as decoding messages—thus the term symmetric cryptography . 3
  • 4. Asymmetric algorithms use one key for encryption of data, and then a separate key for decryption. Asymmetric algorithms are more favorable than symmetric algorithms because even if the encryption key is learned in one direction, the third party still needs to know the other key in order to decrypt the message in the other direction. Symmetric Cryptography • • the key. Symmetric cryptography encryption and decryption. uses a single key for Symmetric cryptography requires that both parties have • Key distribution is the inherent weakness in symmetric cryptography. • Minimal CPU cycles are required to verify keys. • Symmetric ciphers are fortified by algorithmic strength and key lengths. • SSL symmetric key lengths range from 40 to 168 bits. Asymmetric Cryptography (PKI) • Asymmetric cryptography was designed in response to the limitations of symmetric cryptography. • Information encrypted with one key can be decrypted only with another key. • Public key infrastructure (PKI) cryptography is up to 1000 times more CPU intensive than symmetric cryptography. 4
  • 5. • The Rivest, Shamir, Adelman (RSA) algorithm uses modular arithmetic to enable the concept of public and private keys. • All SSL transactions begin with an asymmetric key exchange. With asymmetric encryption, both sides can spontaneously spawn a transaction without ever having met. This is achieved by the use of a public and private key pair. The public key of the entity is public knowledge and is used for encryption, whereas the private key of the entity remains secret and is used for decryption. PKI is the more common name for asymmetric cryptography. Although PKI is more secure, it also is more expensive in terms of processing speed. The encryption and decryption of the PKI can take up to 1000 times the processing than symmetric cryptography. Digital Signatures To ensure message integrity, each message exchanged in SSL has a digital signature attached to it. A digital signature is a hashed message digest with public key information. The message digest is based on the checksum of the message. The message digest is difficult to reverse. Both parties compute the message digest separately and compare the hashed results. Matching results means that the checksum was unaltered during transit, minimizing the chance of a compromised message 5
  • 6. FIG: 1.1 Working of DIGITAL SIGNATURE 1. Client sends a message 2. Client has message and a public key 3. Client hashes message with public key 4. Server takes random message and knows public key 5. Server hashes message with public key 6. Server sends hashed message 7. Client compares its own hashed message to Server`s message 8. If the two match, then the message has not been tampered. 6
  • 7. Certificates How do you trust the person to whom you are sending your message? SSL uses digital certificates to authenticate servers. (SSL also includes an optional authentication for clients.) Certificates are digital documents that will attest to the binding of a public key to an individual or other entity. They allow verification of the claim that a specific public key does, in fact, belong to the specified entity. Certificates help prevent someone from impersonating the server with a false key. SSL uses X.509 certificates to validate identities. X.509 certificates contain information about the entity, including public key and name. A certificate authority then validates this certificate Certificate Authority Whenever you go to a place, where security checks are available they check your ID to verify who you are. Your driver's license validates your ability to drive; more importantly, however, your driver's license is a trusted form of identity because your license was issued by a trusted third party. In the same way, a digital certificate is a mere statement of the identity of the body or individual who wishes to be authenticated. A trusted third party outside the server and client pair is needed to validate the certificate. This third party is the certificate authority. Reputable certificate authorities, such as VeriSign, are responsible for ensuring the trust of all World Wide Web entities. Certificate Chaining 7
  • 8. In some cases it may be necessary to create a chain of certificates, each one certifying the previous one until the parties involved are confident of the identity in question. This process is called certificate chaining. Certificate chaining is important in situations where the first line of certificate authorities may not be as well known or trusted as another certificate authority. How SSL works When a client and server communicate, SSL ensures that the connection is private and secure by providing authentication and encryption. Authentication confirms that the server and the client are who they say they are. Encryption then creates a secure “tunnel” between the two, which prevents any unauthorized system from reading the data. SSLenabled clients (such as a Netscape or Microsoft browser) and SSL-enabled servers (such as Apache or IIS) confirm each other’s identities using digital certificates. Digital certificates are issued by trusted third parties called Certificate Authorities (or CAs) and provide information about an individual’s claimed identity, as well as their public key. By validating digital certificates both parties can ensure that an imposter has not intercepted a transmission. SSL uses both public-key and symmetric key encryption.. The secure tunnel that SSL creates is an encrypted connection that ensures that all information sent between an SSL enabled client and an SSL-enabled server remains private. SSL also provides a Demonstration of SSL May 2007 Page 12 of 105 mechanism for detecting if someone has altered the data in transit. These message integrity checks ensure that the connection is reliable. If, at any point during a transmission, SSL detects that a connection is not 8
  • 9. secure, it will terminate the connection and the client and server will establish a new secure connection. SSL Roles SSL has two distinct entities, server and client. The client is the entity that initiates the transaction, whereas the server is the entity that responds to the client and negotiates which cipher suites are used for encryption. In SSL, the Web browser is the client and the Web-site server is the server. Three protocols lie within SSL, the Handshake Protocol, the Record Protocol, and the Alert Protocol. The client authenticates the server during the Handshake Protocol. When the session is initiated and the handshake is complete, the data transfer is encrypted during the Record Protocol phase. If there are any alarms at any point during the session, the alert is attached to the questionable packet and handled according to the Alert Protocol PROTOCOL STACK: FIG 1.2 Protocol Stack of SSL PROTOCOL SSL Handshake 9
  • 10. The client always authenticates the server, and the server has the option of also authenticating the client. In general, Web servers do not authenticate the client during the Handshake Protocol because the server has other ways to verify the client other than SSL. For e-commerce, the Web-site server can verify the credit card number externally from the SSL session. In this way, the server can reserve precious processing resources for encrypted transactions. During the Handshake Protocol, the following important steps take place: the session capabilities are negotiated, meaning the encryption (ciphers) algorithms are negotiated; and the server is authenticated to the client. SSL uses symmetric cryptography for the bulk data encryption during the transfer phase; however, asymmetric cryptography, (that is, PKI) is used to negotiate the key used for that symmetric encryption. This exchange is critical to the Handshake Protocol. Note that the server may optionally ask the client to authenticate itself. However, it is not necessary to the protocol. The following are the figure and steps that describes the function of the Handshake Protocol. Handshake Protocol: 1. Client sends ClientHello message. 2. Server acknowledges with ServerHello message 3. Server sends its certificate 4. Optional: Server requests client's certificate 5. Optional: Client sends its certificate 10
  • 11. 6. Client sends ClientKeyExhcange message 7. Client sends Certificate Verify message 8. Both send ChangeCipherSpec messages 9. Both send Finished messages FIG 1.3 Describing the function of HANDSHAKE PROTOCOL SSL Records 11
  • 12. The encryption for all messaging in SSL is handled in the Record Protocol. This protocol provides a common format to frame all Alert, ChangeCiperSpec, Handshake, and application protocol messages. SSL records consist of the encapsulated data, digital signature, message type, version, and length. SSL records are 8 bytes long. Because the record length is fixed, encrypted messages sometimes include padding and pad length in the frame, (i.e.., shown in the table below). An Example of an SSL Record Type Version Length Data Hashed-based message authentication code (HMAC) message digest algorithm 5 (MD5) Pad Pad Length 8-byte Packet FIG 1.4 An example of an FRAME format of SSL RECORD data packet SSL Alert Protocol As mentioned earlier, the Alert Protocol handles any questionable packets. If either the server or client detects an error, it sends an alert containing the error. There are three types of alert messages: warning, critical, and fatal. Based on the alert message 12
  • 13. received, the session can be restricted (warning, critical) or terminated (fatal). SSL Transactions SSL is comprised of two protocols: the SSL Handshake protocol and the SSL Record protocol. These protocols work together to secure an SSL transaction. The SSL Handshake Protocol handles key exchange and the SSL Record Protocol handles the bulk data transfer. The SSL Handshake Protocol does the following: • authenticates the server to the client (optionally, the client to the server) • allows the client and server to negotiate the cipher suite to be used • allows the client and the server to generate symmetric session keys • establishes the encrypted SSL connection Once the key exchange is complete, the client and the server use this key to encrypt all communication between them. The encryption is done with a symmetric key encryption algorithm, such as RC4 or DES. This is the function of the SSL Record Protocol. To illustrate how SSL works, assume a user wants to make a purchase over the Internet and needs to send a credit card number to a secure web site. The server sends its digital certificate which if valid, results in the transmission of client’s credit card number. Crypto Algorithms 13
  • 14. SSL supports a variety of different cryptographic algorithms, or ciphers, that it uses for authentication, transmission of certificates, and establishing session keys. SSL-enabled devices can be configured to support different sets of ciphers, called cipher suites. If an SSL-enabled client and an SSL-enabled server support multiple cipher suites, the client and server may negotiate which cipher suites they will use in an attempt to use the strongest possible security supported by both parties. SSL supports the following cipher suites: Key exchange algorithms are: RSA (Rivest, Shamir and Adleman) Fixed Diffie Hellman Symmetric key algorithms: DES (Data Encryption Standard) 3 DES (Data Encryption Standard) Hash algorithms MD5 (Message Digest) SHA-1(Secure Hash Algorithm) The key exchange algorithms are used to establish the master secret, while the symmetric key algorithms are used for encryption of bulk data. The hash algorithms are used for message authentication Problem Definition Information is now the most valuable resource in the world. Whether it is a personal letter or an industrial secret, all information has a worth to someone. This this is considers issues of security and privacy for such information. It discusses the reasons for wishing to protect data and the methods available for doing so. 14
  • 15. For secure transferring of information between the sockets at distant places which mainly requires security so that the message may not be tampered while it has been transferred. This project deals with the implementation of the Secure Socket Layer protocol. Here we are mainly concerned with the implementation of the client and server entities and the SSL transaction between them. This transaction comprises of the authentication, key exchange and bulk data transfer. Our implementation guarantees secure and reliable communication (message exchange) and data transfer (files) between the two entities. REQUIREMENT ANALYSIS Requirement analysis is to understand the problem and collect the requirements to solve the problem. It results in a system description and a set of requirements to solve the problem. Requirement analysis is a communication intensive activity. If the communication fails, even the rest technical approach will fail short. Analysis is used to gain an understanding of an existing system and what is acquired of it. It is very important in the development of project life cycle. It helps us to develop a new package, which satisfies all the necessary goals. The fundamental activities of the system analysis phases are:• Understanding the system clearly. • Analysis the needs and creating a design for the new system. • Difficulties in the existing system. 15
  • 16. • Propose new system. System analysis is an important activity that takes place when we are building new information or changing the existing one. It is therefore necessary to spend considerable time to properly understand the system and its problems. 16
  • 17. SOFTWARE REQUIREMENTS: Language : J2SDK 1.5.0 Version Opertaing System : Windows XP HARDWARE REQUIREMENTS: LAN Requirements: Connected with : D-Link cat 5 (Category 5) LAN Configuration: 10/1000/10000 Each Terminal configuration: Processor : Intel P-IV based system Processor Speed : 250 MHZ to 833 MHZ RAM : Hard Disk : LAN Speed: 512 MB 40 GB 100 Mbps. 17