SlideShare une entreprise Scribd logo

How does TLS work?

Hyeonsu Lee
Hyeonsu Lee

Slides for Chocolatier Meetup Chocolatier Meetup: https://github.com/chocolate-factory/chocolatier-meetup)

Technologie
1  sur  19
Télécharger pour lire hors ligne
How does TLS work? Chocolatier Meetup: 5th Meeting Hyeonsu Lee (@incleaf)
Table of Contents • What is TLS/SSL? • How does TLS handshake work? • How does TLS certificate work? • Real-world Examples
What is TLS/SSL?
What is TLS/SSL? • TLS (Transport Layer Security) • SSL (Secure Sockets Layer) is the same one, but deprecated by IETF (Internet Engineering Task Force) • HTTPS is NOT TLS. HTTPS is using TLS with HTTP. TLS can be used for many protocols including SMTP, FTP.
How does TLS handshake work?
How does TLS handshake work? Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
• A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. Client verifies the server’s Certificate. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client verifies the server’s Certificate. Note: Pre-master key is a random string. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. Client verifies the server’s Certificate. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinished: Create hash of messages using the master secret key. 5 ServerFinished: Create hash of messages using the master secret key. Client verifies the server’s Certificate. Note: This is where ‘Message Authentication’ of Cipher Suite comes in. Finished Message will contain the Handshake Messages sent from both the Server and Client. It’s to verify both client and server have the Same Handshake messages and MAC key. How does TLS handshake work?
• A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinish: Create hash of messages using the master secret key. 5 ServerFinish: Create hash of messages using the master secret key. The master secret key will be used as symmetric key to encrypt the data. Client verifies the server’s Certificate. How does TLS handshake work?
How does TLS certificate work?
• TLS Certificate is simply a text file • We can make it our own certificate that says “We are Google” • A Browser will trust us: • If It’s on a list of certificates the browser trusts. • If it’s able to prove that it’s trusted by one of the certificates that the browser trusts. This is where ‘Digital Signature’ comes in. How does TLS certificate work?
• Digital Signature • TLS Certificates have an associated public/private key pair. • A certificate can be “signed” by another authority. • All root CA certificates are “self-signed”. • This puts an enormous burden on all browser and OS publishers to trust only clean root CAs. How does TLS certificate work?
Real-world Examples
• Man In The Middle Attacks (MITM) • IP Spoofing, ARP Spoofing, DNS Spoofing • Blocking HTTPS by the government of South Korea • No, it was DNS blocking Real-world Examples
Q&A

Recommandé

SSL
SSLSSL
SSLBadrul Alam bulon
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

Recommandé

SSL
SSLSSL
SSLBadrul Alam bulon
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - OverviewMohammed Adam
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
How ssl works
How ssl worksHow ssl works
How ssl worksSaptarshi Basu
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKIwolverinetyagi
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacksn|u - The Open Security Community
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
SSL Layer
SSL LayerSSL Layer
SSL LayerTrinh Phuc Tho
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
SSL
SSLSSL
SSLtheekuchi
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Transport layer security
Transport layer securityTransport layer security
Transport layer securityHrudya Balachandran
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 

Contenu connexe

Tendances

SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKIwolverinetyagi
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 

Tendances (20)

SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
 
Secure messaging using PKI
Secure messaging using PKISecure messaging using PKI
Secure messaging using PKI
 
SSL intro
SSL introSSL intro
SSL intro
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Ssl attacks
Ssl attacksSsl attacks
Ssl attacks
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
SSL Layer
SSL LayerSSL Layer
SSL Layer
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
SSL
SSLSSL
SSL
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
SSL overview
SSL overviewSSL overview
SSL overview
 

Similaire à How does TLS work?

Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__sslMainak Goswami
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonDavid Johansson
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 

Similaire à How does TLS work? (20)

fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
ssl
sslssl
ssl
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdf
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
The last picks
The last picksThe last picks
The last picks
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
SIP over TLS
SIP over TLSSIP over TLS
SIP over TLS
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__ssl
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 

Dernier

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Dernier (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

How does TLS work?

  • 1. How does TLS work? Chocolatier Meetup: 5th Meeting Hyeonsu Lee (@incleaf)
  • 2. Table of Contents • What is TLS/SSL? • How does TLS handshake work? • How does TLS certificate work? • Real-world Examples
  • 4. What is TLS/SSL? • TLS (Transport Layer Security) • SSL (Secure Sockets Layer) is the same one, but deprecated by IETF (Internet Engineering Task Force) • HTTPS is NOT TLS. HTTPS is using TLS with HTTP. TLS can be used for many protocols including SMTP, FTP.
  • 5. How does TLS handshake work?
  • 6. How does TLS handshake work? Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
  • 7. • A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
  • 8. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. Client verifies the server’s Certificate. How does TLS handshake work?
  • 9. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client verifies the server’s Certificate. Note: Pre-master key is a random string. How does TLS handshake work?
  • 10. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. Client verifies the server’s Certificate. How does TLS handshake work?
  • 11. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinished: Create hash of messages using the master secret key. 5 ServerFinished: Create hash of messages using the master secret key. Client verifies the server’s Certificate. Note: This is where ‘Message Authentication’ of Cipher Suite comes in. Finished Message will contain the Handshake Messages sent from both the Server and Client. It’s to verify both client and server have the Same Handshake messages and MAC key. How does TLS handshake work?
  • 12. • A Cipher Suite includes: • Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc. • Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc. • Authentications: RSA, DSS, ECDSA, ANON, etc. • Encryption: 3DES, AES, AES128, etc. • Block Cipher Operation Mode: CBC, GCM, etc. • Message Authentication: SHA, SHA256, SHA384, MD5, etc. How does TLS handshake work?
  • 13. Client Server 1 ClientHello: Available Cipher Suites, random numbers, etc. 2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc. 3 Send a pre-master key encrypted with the certificate’s public key. Client and Server compute the master secret key with the client random numbers, the server random numbers, and the pre-master key. 4 ClientFinish: Create hash of messages using the master secret key. 5 ServerFinish: Create hash of messages using the master secret key. The master secret key will be used as symmetric key to encrypt the data. Client verifies the server’s Certificate. How does TLS handshake work?
  • 14. How does TLS certificate work?
  • 15. • TLS Certificate is simply a text file • We can make it our own certificate that says “We are Google” • A Browser will trust us: • If It’s on a list of certificates the browser trusts. • If it’s able to prove that it’s trusted by one of the certificates that the browser trusts. This is where ‘Digital Signature’ comes in. How does TLS certificate work?
  • 16. • Digital Signature • TLS Certificates have an associated public/private key pair. • A certificate can be “signed” by another authority. • All root CA certificates are “self-signed”. • This puts an enormous burden on all browser and OS publishers to trust only clean root CAs. How does TLS certificate work?
  • 18. • Man In The Middle Attacks (MITM) • IP Spoofing, ARP Spoofing, DNS Spoofing • Blocking HTTPS by the government of South Korea • No, it was DNS blocking Real-world Examples
  • 19. Q&A