SlideShare une entreprise Scribd logo

Lecture #21: HTTPS , SSL & TLS

D
Dr. Ramchandra Mangrulkar

This lecture discusses HTTPS, SSL, and TLS. It explains that HTTPS establishes an encrypted link between a web browser and server using SSL/TLS protocols. SSL/TLS uses public key cryptography for authentication and symmetric encryption for secure data transfer. The lecture covers the SSL handshake process, different types of SSL certificates, and validation levels. It also describes how TLS evolved from SSL and its functions of encryption, authentication, and integrity.

Ingénierie
1  sur  15
Télécharger pour lire hors ligne
Lecture #21: HTTPS , SSL & TLS Dr.Ramchandra Mangrulkar September 16, 2020 Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 1 / 15
Contents HTTPS SSL Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 2 / 15
Contents Who developed HTTP Protocol? What are the basic components of First version of HTTP Protocol developed? What was the First version of HTTP Protocol called? Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 3 / 15
HTTP and HTTPS HTTP is the secured version of HTTP: HyperText Transfer Protocol. Web browser is the client. browser sends a request message to the HTTP server for the requested objects. HTTPS is the secured version of HTTP SSL/TLS When that exchange of data is encrypted with SSL/TLS, HTTPS HTTP opens a connection between the client and server through TCP. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 4 / 15
HTTP Connections Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 5 / 15
HTTP Vs HTTPS 1 1 https://www.suntech.org.ng/ Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 6 / 15
Secure Socket Layer (SSL) HTTPS established an encrypted link between the browser and the web server using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. can be browser to server, server to server or client to server. SSL establishes an encrypted link using an SSL certificate which is also known as a digital certificate. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 7 / 15
SSL Working The attacker presents a page with a desirable and seemingly innocuous program for the user to download, for example, a browser toolbar or a photo organizer utility. Attack also defeats users’ access controls that would normally block software downloads and installations, because the user intentionally accepts this software. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 8 / 15
SSL Working SSL fundamentally works with Asymmetric and Symmetric Cryptography Protocols. SSL handshake is an asymmetric cryptography which allows the browser to verify the web server, get the public key and establish a secure connection Both the client and the server have a valid session key which they will use to encrypt or decrypt actual data. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 9 / 15
SSL Handshake Steps The client sends a ”client hello” message. - client’s SSL version number, -cipher settings, -session-specific data and -other information, the server needs. The server responds - server’s SSL version number, -cipher settings, -session-specific data, an- SSL certificate with a public key - other information that the client needs to communicate The client verifies the server’s SSL certificate from -CA (Certificate Authority) and -authenticates the server. - authentication fails, then the -throws an exception. - authentication succeeds, - step 4. The client creates a session key, encrypts it with the server’s public key and sends it to the server. -if server has requested client authentication - then the client sends his own certificate to the server. The server decrypts the session key with its private key - sends the acknowledgement to the client encrypted with the session key. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 10 / 15
SSL Data Transfer The client and the server now use a shared session key to encrypt and decrypt actual data and transfer it. This is done using the same session key at both ends and so, it is a symmetric cryptography. There are certain infrastructures involved in achieving SSL communication in real life, which are called Public Key Infrastructure. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 11 / 15
SSL Certificates What are the types of SSL certificates? Single-domain -only one domain Wildcard -Like a single-domain certificate -it also includes that domain’s subdomains. -e.g. www.cloudflare.com, blog.cloudflare.com, and developers.cloudflare.com, Multi-domain- - can apply to multiple unrelated domains. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 12 / 15
SSL Validation Levels Domain Validation: This is the least-stringent level of validation, and the cheapest. All a business has to do is prove they control the domain. Organization Validation: This is a more hands-on process: The CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users. Extended Validation: This requires a full background check of an organization before the SSL certificate can be issued. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 13 / 15
TLS Security protocol designed to facilitate privacy and data security for communications over the Internet. Aencrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). TLS, IETF in 1999. Recent version is TLS 1.3, which was published in 2018. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 14 / 15
TLS What is the difference between TLS and SSL? TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. What does TLS do? -Encryption: hides the data being transferred from third parties. -Authentication: ensures that the parties exchanging information are who they claim to be. -Integrity: verifies that the data has not been forged or tampered with. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 15 / 15

Recommandé

Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
Dr. Ramchandra Mangrulkar
 
Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)
Dr. Ramchandra Mangrulkar
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
John Ombagi
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
0011sas security whitepaper
0011sas security whitepaper0011sas security whitepaper
0011sas security whitepaper
CMR WORLD TECH
 
Lecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityLecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application Security
Dr. Ramchandra Mangrulkar
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
IJERA Editor
 

Recommandé

Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
Dr. Ramchandra Mangrulkar
 
Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0Lecture #25 : Oauth 2.0
Lecture #25 : Oauth 2.0
Dr. Ramchandra Mangrulkar
 
Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)Lecture #24 : Cross Site Request Forgery (CSRF)
Lecture #24 : Cross Site Request Forgery (CSRF)
Dr. Ramchandra Mangrulkar
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
John Ombagi
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
feriuyolasyolas
 
0011sas security whitepaper
0011sas security whitepaper0011sas security whitepaper
0011sas security whitepaper
CMR WORLD TECH
 
Lecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application SecurityLecture #18 - #20: Web Browser and Web Application Security
Lecture #18 - #20: Web Browser and Web Application Security
Dr. Ramchandra Mangrulkar
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
IJERA Editor
 
Internet banking applications' security
Internet banking applications' securityInternet banking applications' security
Internet banking applications' security
SecuRing
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
Zied GUESMI
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
IJNSA Journal
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
Laurentiu Meirosu
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
IRJET Journal
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 
IRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger TechnologyIRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger Technology
IRJET Journal
 
Https interception
Https interceptionHttps interception
Https interception
Andrey Apuhtin
 
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning AttacksAlgorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
iosrjce
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
Kevin Cody
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
RAHUL126667
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET Journal
 
Iaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured email
Iaetsd Iaetsd
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
IJERD Editor
 
Certification authority
Certification authorityCertification authority
Certification authority
proser tech
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
Tentacle Cloud
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET Journal
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
Sarah Jimenez
 

Contenu connexe

Tendances

Internet banking applications' security
Internet banking applications' securityInternet banking applications' security
Internet banking applications' security
SecuRing
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
PROIDEA
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
IJNSA Journal
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 

Tendances (19)

Internet banking applications' security
Internet banking applications' securityInternet banking applications' security
Internet banking applications' security
 
Blockchain Presentation
Blockchain PresentationBlockchain Presentation
Blockchain Presentation
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)
 
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS AuthenticationMTLS - Securing Microservice Architecture with Mutual TLS Authentication
MTLS - Securing Microservice Architecture with Mutual TLS Authentication
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
IRJET- Decentralized Kyc System
IRJET- Decentralized Kyc SystemIRJET- Decentralized Kyc System
IRJET- Decentralized Kyc System
 
76 s201923
76 s20192376 s201923
76 s201923
 
IRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger TechnologyIRJET- Credible Data through Distributed Ledger Technology
IRJET- Credible Data through Distributed Ledger Technology
 
Https interception
Https interceptionHttps interception
Https interception
 
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning AttacksAlgorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
Algorithm for Securing SOAP Based Web Services from WSDL Scanning Attacks
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
Gayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be tGayatri the process of signing your document digitally can be t
Gayatri the process of signing your document digitally can be t
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
Iaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured emailIaetsd secure emails an integrity assured email
Iaetsd secure emails an integrity assured email
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data Effectively
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 

Similaire à Lecture #21: HTTPS , SSL & TLS

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docx
todd401
 

Similaire à Lecture #21: HTTPS , SSL & TLS (20)

SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Https presentation
Https presentationHttps presentation
Https presentation
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Explain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docxExplain how SSL protocol is used to ensure the confidentiality and int.docx
Explain how SSL protocol is used to ensure the confidentiality and int.docx
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Unit 6
Unit 6Unit 6
Unit 6
 
Identifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusinessIdentifying How WAP Can Be Used For Secure mBusiness
Identifying How WAP Can Be Used For Secure mBusiness
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
Ssl https
Ssl httpsSsl https
Ssl https
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 

Plus de Dr. Ramchandra Mangrulkar

Plus de Dr. Ramchandra Mangrulkar (20)

Blockchain#2.pdf
Blockchain#2.pdfBlockchain#2.pdf
Blockchain#2.pdf
 
Blockchain#1.pdf
Blockchain#1.pdfBlockchain#1.pdf
Blockchain#1.pdf
 
Blockchain#3.pdf
Blockchain#3.pdfBlockchain#3.pdf
Blockchain#3.pdf
 
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
Manuscript Preparation using Latex: A Cloud Based Approach(Overleaf)
 
Lecture #32: Forensic Duplication
Lecture #32: Forensic DuplicationLecture #32: Forensic Duplication
Lecture #32: Forensic Duplication
 
Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
Lecture #32: Digital Forensics : Evidence Handling, Validation and ReportingLecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
Lecture #32: Digital Forensics : Evidence Handling, Validation and Reporting
 
LEcture #28-#30
LEcture #28-#30LEcture #28-#30
LEcture #28-#30
 
Lecture #31 : Windows Forensics
Lecture #31 : Windows ForensicsLecture #31 : Windows Forensics
Lecture #31 : Windows Forensics
 
Lecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security BreachLecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security Breach
 
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
Lecture #15: Buffer Overflow Attack (Non Malicious Attack)
 
Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks Lecture # 14: Salami and Linearization Attacks
Lecture # 14: Salami and Linearization Attacks
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part I
 
Lecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity ManagementLecture #9 : Single Sign on and Federation Identity Management
Lecture #9 : Single Sign on and Federation Identity Management
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
 
Lecture #6: Multilevel Security Models
Lecture #6: Multilevel Security ModelsLecture #6: Multilevel Security Models
Lecture #6: Multilevel Security Models
 
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel SecurityLecture #7: Bell Lapdula and Biba Model of Multilevel Security
Lecture #7: Bell Lapdula and Biba Model of Multilevel Security
 
Lecture #4: Access Control Policies
Lecture #4: Access Control PoliciesLecture #4: Access Control Policies
Lecture #4: Access Control Policies
 
Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II Lecture #3: Defense Strategies and Techniques: Part II
Lecture #3: Defense Strategies and Techniques: Part II
 
Lecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part ILecture #2: Defence Strategies and Techniques (Security): Part I
Lecture #2: Defence Strategies and Techniques (Security): Part I
 
Lecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest StatisticsLecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest Statistics
 

Dernier

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 

Dernier (20)

Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 

Lecture #21: HTTPS , SSL & TLS

  • 1. Lecture #21: HTTPS , SSL & TLS Dr.Ramchandra Mangrulkar September 16, 2020 Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 1 / 15
  • 2. Contents HTTPS SSL Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 2 / 15
  • 3. Contents Who developed HTTP Protocol? What are the basic components of First version of HTTP Protocol developed? What was the First version of HTTP Protocol called? Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 3 / 15
  • 4. HTTP and HTTPS HTTP is the secured version of HTTP: HyperText Transfer Protocol. Web browser is the client. browser sends a request message to the HTTP server for the requested objects. HTTPS is the secured version of HTTP SSL/TLS When that exchange of data is encrypted with SSL/TLS, HTTPS HTTP opens a connection between the client and server through TCP. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 4 / 15
  • 5. HTTP Connections Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 5 / 15
  • 6. HTTP Vs HTTPS 1 1 https://www.suntech.org.ng/ Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 6 / 15
  • 7. Secure Socket Layer (SSL) HTTPS established an encrypted link between the browser and the web server using the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. can be browser to server, server to server or client to server. SSL establishes an encrypted link using an SSL certificate which is also known as a digital certificate. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 7 / 15
  • 8. SSL Working The attacker presents a page with a desirable and seemingly innocuous program for the user to download, for example, a browser toolbar or a photo organizer utility. Attack also defeats users’ access controls that would normally block software downloads and installations, because the user intentionally accepts this software. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 8 / 15
  • 9. SSL Working SSL fundamentally works with Asymmetric and Symmetric Cryptography Protocols. SSL handshake is an asymmetric cryptography which allows the browser to verify the web server, get the public key and establish a secure connection Both the client and the server have a valid session key which they will use to encrypt or decrypt actual data. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 9 / 15
  • 10. SSL Handshake Steps The client sends a ”client hello” message. - client’s SSL version number, -cipher settings, -session-specific data and -other information, the server needs. The server responds - server’s SSL version number, -cipher settings, -session-specific data, an- SSL certificate with a public key - other information that the client needs to communicate The client verifies the server’s SSL certificate from -CA (Certificate Authority) and -authenticates the server. - authentication fails, then the -throws an exception. - authentication succeeds, - step 4. The client creates a session key, encrypts it with the server’s public key and sends it to the server. -if server has requested client authentication - then the client sends his own certificate to the server. The server decrypts the session key with its private key - sends the acknowledgement to the client encrypted with the session key. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 10 / 15
  • 11. SSL Data Transfer The client and the server now use a shared session key to encrypt and decrypt actual data and transfer it. This is done using the same session key at both ends and so, it is a symmetric cryptography. There are certain infrastructures involved in achieving SSL communication in real life, which are called Public Key Infrastructure. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 11 / 15
  • 12. SSL Certificates What are the types of SSL certificates? Single-domain -only one domain Wildcard -Like a single-domain certificate -it also includes that domain’s subdomains. -e.g. www.cloudflare.com, blog.cloudflare.com, and developers.cloudflare.com, Multi-domain- - can apply to multiple unrelated domains. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 12 / 15
  • 13. SSL Validation Levels Domain Validation: This is the least-stringent level of validation, and the cheapest. All a business has to do is prove they control the domain. Organization Validation: This is a more hands-on process: The CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users. Extended Validation: This requires a full background check of an organization before the SSL certificate can be issued. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 13 / 15
  • 14. TLS Security protocol designed to facilitate privacy and data security for communications over the Internet. Aencrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). TLS, IETF in 1999. Recent version is TLS 1.3, which was published in 2018. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 14 / 15
  • 15. TLS What is the difference between TLS and SSL? TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was developed by Netscape. TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. What does TLS do? -Encryption: hides the data being transferred from third parties. -Authentication: ensures that the parties exchanging information are who they claim to be. -Integrity: verifies that the data has not been forged or tampered with. Dr.Ramchandra Mangrulkar Lecture #21: HTTPS , SSL & TLS September 16, 2020 15 / 15