SlideShare une entreprise Scribd logo

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security

Jyothishmathi Institute of Technology and Science Karimnagar
Jyothishmathi Institute of Technology and Science Karimnagar

Transport-level Security: Web security considerations, Secure Socket Layer and Transport Layer Security, HTTPS, Secure Shell (SSH) Wireless Network Security: Wireless Security, Mobile Device Security, IEEE 802.11 Wireless LAN, IEEE 802.11i Wireless LAN Security

Technologie
1  sur  66
Télécharger pour lire hors ligne
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security Dr R Jegadeesan Prof-CSE Jyothishmathi Institute of Technology and Science, karimnagar
SYLLABUS . Transport-level Security: Web security considerations, Secure Socket Layer and Transport Layer Security, HTTPS, Secure Shell (SSH) Wireless Network Security: Wireless Security, Mobile Device Security, IEEE 802.11 Wireless LAN, IEEE 802.11i Wireless LAN Security
Transport level Security Topic Name : Transport level Security Topic : Introduction to Web security considerations Aim & Objective : To understand the Web Security considerations secure Socket layer and Transport layer Security Application With Example :web security Services Limitations If Any: Reference Links : Cryptography and Network Security: C K Shyamala, N Harini, Dr T R Padmanabhan, Wiley India, 1st Edition. Cryptography and Network Security : Forouzan Mukhopadhyay, Mc Graw Hill, 3rd Edition https://en.wikipedia.org/wiki/Cryptography and Network security https://www.tutorialspoint.com/network_security/network_security_overview.htm http://www.slideshare.net/leethree/ssl-intro https://www.minigranth.com https://www.igi-global.com › •Video Link details •https://www.youtube.com/watch?v=sCuVLyvxM5g
Universities & Important Questions : •Is it possible in SSL for the receiver to recorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not? Explain the classification technique? •Discuss the IEEE 802.11i Wireless LAN Security. •In SSL and TLS, why is there a separate change cipher spec protocol, rather than including change cipher spec message in the handshake protocol? •Explain the IEEE 802.11Wireless LAN.
Transport-level Security
▪TLS stands for Transport Layer Security. It is an IETF standardization initiative whose goal is to come out with an Internet standard Version of SSL. ▪ IETF- Internet Engineering Task Force. ▪There are subtle differences between SSL and TLS. However, the core idea and implementation are quite similar.
• Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. • When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). • The TLS protocol is based on Netscape's SSL 3.0 protocol; however, TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0. The most recent browser versions support TLS.
• TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. • The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.
TLS HANDSHAKE PROTOCOL • The Transport Layer Security (TLS) Handshake Protocol is responsible for the authentication and key exchange necessary to establish or resume secure sessions. When establishing a secure session, the Handshake Protocol manages the following: • Cipher suite negotiation. • Authentication of the server and optionally, the client. • Session key information exchange.
Cipher Suite Negotiation The client and server make contact and choose the cipher suite that will be used throughout their message exchange. (Authentication & Encryption combination) Authentication In TLS, a server proves its identity to the client. The client might also need to prove its identity to the server. PKI, the use of public/private key pairs, is the basis of this authentication. The exact method used for authentication is determined by the cipher suite negotiated. Key Exchange The client and server exchange random numbers and a special number called the Pre-Master Secret. These numbers are combined with additional data permitting client and server to create their shared secret, called the Master Secret. The Master Secret is used by client and server to generate the write MAC secret, which is the session key used for hashing, and the write key, which is the session key used for encryption
The TLS Handshake Protocol involves the following steps • The client sends a "Client hello" message to the server, along with the client's random value and supported cipher suites. • The server responds by sending a "Server hello" message to the client, along with theserver's random value. The server sends its certificate to the client for authentication and may request a certificate from the client. The server sends the "Server hello done" message. • If the server has requested a certificate from the client, the client sends it. • The client creates a random Pre-Master Secret and encrypts it with the public key from the server's certificate, sending the encrypted Pre-Master Secret to the server. • The server receives the Pre-Master Secret. The server and client each generate the Master Secret and session keys based on the Pre-Master Secret. • The client sends "Change cipher spec" notification to server to indicate that the client will start using the new session keys for hashing and encrypting messages. Client also sends "Client finished" message. • Server receives "Change cipher spec" and switches its record layer security state to symmetric encryption using the session keys. Server sends "Server finished" message to the client. • Client and server can now exchange application data over the secured channel they have established. All messages sent from client to server and from server to client are encrypted using session key.
• The client sends a "Client hello" message using the Session ID of the session to be resumed. • The server checks its session cache for a matching Session ID. If a match is found, and the server is able to resume the session, it sends a "Server hello" message with the Session ID. • Note If a session ID match is not found, the server generates a new session ID and the TLS client and server perform a full handshake. • Client and server must exchange "Change cipher spec" messages and send "Client finished" and "Server finished" messages. • Client and server can now resume application data exchange • over the secure channel.
TLS RECORD Protocol • The Transport Layer Security (TLS) Record protocol secures application data using the keys created during the Handshake. The Record Protocol is responsible for securing application data and verifying its integrity and origin. It manages the following: 1. Dividing outgoing messages into manageable blocks, andreassembling incoming messages. 2. Compressing outgoing blocks and decompressing incoming blocks (optional). 3. Applying a Message Authentication Code (MAC) to outgoing 4. messages, and verifying incoming messages using the MAC. 5. Encrypting outgoing messages and decrypting incoming messages.
• When the Record Protocol & Handshake protocols are completed, the outgoing encrypted data is passed down to the Transmission Control Protocol (TCP) layer for transport.
Web Security • OUT LINE • Web Security Considerations • Secure socket layer and Transport layer security • Secure Electronic Transaction
• Web is now widely used by businesses, government firms and individuals. • but Internet & Web space are vulnerable. have a variety of threats related to • Integrity : Someone might alter content • Confidentiality : Anyone can see content • Denial of service • Authentication : Not clear who you are talking with need added security mechanisms
SECURE SOCKET LAYER (SSL) • Secure Sockets Layer (SSL) • Developed by Netscape Corporation • Versions 1, 2, and 3 (released in 1996) • Transport Layer Security (TLS) • Successor of SSL • IETF standards track protocol, based on SSL 3.0 • Last updated in RFC 5246 (2008)
SECURE SOCKET LAYER (SSL)
19 Where SSL fits? HTTP SMTP POP3 80 25 110 HTTPS SSMTP SPOP3 443 465 995 Secure Socket Layer Transport Network Data Link Port No. NITTTR,
What security is provided? • By providing: • Endpoint Authentication • Unilateral or Bilateral • Communication Confidentiality • For preventing: • Eavesdropping • Tampering • Message Forgery
How security is provided?
• UseEach client-server pair uses • 2 public keys • one for client (browser) created when browser is installed on client machine • one for server (http server) created when server is installed on server hardware • 2 private keys • one for client browser • one for server (http server)
Uses public key scheme • 1 Each client-server pair uses • 2 public keys • one for client (browser) • created when browser is installed on client machine • one for server (http server) • created when server is installed on server hardware • 2 private keys • one for client browser • one for server (http server
Cipher Suite • Common Cipher Suite algorithms: • Encryption algorithm • RC4,Triple DES,AES, IDEA, DES, Camellia • Message authentication code (MAC) algorithm • Authentication by RSA, DSA, ECDSA • Hashing by MD5, SHA • Key exchange algorithm • RSA, Diffie-Hellman, ECDH, SRP, PSK • Pseudorandom function (PRF)
SSL Architecture
SSL Architecture (Contd.) • SSL session an association between client & server • created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL • The hybrid mechanism is also known as interleaved-push-and-pull (IPP) mechanism.
• SSL connection • a transient, peer-to-peer, communications link • associated with 1 SSL session • The Four UpperLayer Protocols • Application Encryption Protocol Encrypt/Decrypt application data • Change Cipher Spec Protocol Alert to a change in communication variables • Alert Protocol Messages important to SSL connections • Handshaking Protocol Establish communication variables
SSL Record Protocol • Services provided are : • Confidentiality using symmetric encryption with a shared secret key defined byHandshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption • Message integrity  using a MAC (Message Authentication Code) c r e a t e d using a shared secret key and a short message
Advantages • The number of server interruptions and queued requests are significantly reduced. Disadvantages • IPP does not eliminate the typical server problems of too many interruptions and queued requests.
SSL Handshake Protocol • The most complex part of SSL. allows server & client to: • authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in phases • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish NITTTR,
235 • The client(Alice) and server(Bob) must agree on various • parameters to establish the connection • Alice request a secure connections and presents a list of Cipher Suites • Bob picks the strongest supported Cipher Suite • Bob sends back his digital certificate • Including the certificate authority and his public key • By encrypting using the server’s public key, Alice send a random number to Bob securely • Alice and Bob generate key material from the random number • Secure connection established
236
237
238
239
242
243 S: HTTP Application HTTP is most common TLS application https:// Requires TLS-capable web server Requires TLS-capable web browser Netscape Navigator Internet Explorer Cryptozilla Netscape Mozilla sources with SSLeay
TLS “Alternatives” 244 S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction Protocol and infrastructure for bank card payments SASL: Simple Authentication and Security Layer (RFC 2222)
245 Implementation of SSL/TLS SSL and TLS have been widely implemented Open source software projects OpenSSL, NSS, or GnuTLS Microsoft Windows Part of its Secure Channel Browsers Apple Safari Mozilla Firefox (2+) Internet Explorer, etc.
246 . Application of SSL/TLS On top of the Transport Layer protocols Primarily with TCP Datagram Transport Layer Security(DTLS) for UDP Encapsulating the application protocols HTTP (HTTPS) for securing WWW traffic FTP (FTPS), SMTP, NNTP, etc.
Data Synchronization
• The data synchronization refers to maintaining data consistency among the disseminated or distributed data between data source and different computing systems • Data consistency─ if there is data modification at the server then that should reflect in the data with the device within a defined period • It ensures that the same copy or version of data is used in all devices - from source to destination.
Wireless Network Security
Contents • What is Wireless Networking • What is Wireless Security • Threats to Wireless Networks • Parking Lot attack • Security in WLAN 802.11 • Thoughts on Wireless Security
Wireless Networking? • A wireless network is a computer network that uses wireless data connections between network nodes. • It provides the flexibility and freedom that wired networks lack. • The main standards in the wireless world are: • 802.11, which describes the Wireless LAN architecture, • 802.16 which describes the Wireless MAN architecture.
Wireless Security ? Access Point(AP): • Allows wireless communication device, such as computers to connect to a wireless network Service set Identifier(SSID): • SSID allows wireless clients to communicate with an appropriate access point. Only clients with correct SSID can communicate with the AP
Reasons why wireless networks are more vulnerable to attacks then a wired network are: Channel: Involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks Accessibility:Wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations.
THREAT TO WIRELESS NETWORKS Here the client initiates the synchronization and sends backup to the server for updating its data. • Malicious Association: A wireless device is configured to appear to be a legitimate access point, and then the operator penetrates the wired network through a legitimate wireless access point. • Ad hoc Network: These are peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of a central point ofcontrol. • Identify theft (MAC Spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges.
PARKING LOT ATTACK • Wireless Signals are intercepted outside an organization, or even through the floors in multi-storey buildings. • “Parking lot” signifies that the attacker sit in the organization's parking lot and try to access internal hosts via the wireless network.
SECURITY IN WLAN 802.11
Database Records • Here the records are indexed to facilitate search operation by placing the query. • For example, the contacts in the mobile are indexed as per the first alphabet of the name.
• 802.11 Standard • 802.11 Authentication • Wired Equivalent Privacy(WEP) • WEP Weakness • 802.1x: EAP over LAN • 802.11i Standard
802.11 Standard • The 802.11 IEEE standard was standardized in 1997. • It consists of three layers: Physical layer, MAC (Medium Access Control) layer, and LLC (Logical Link Control) layer • The first version of the standard supported only 2 Mbps bandwidth, which motivated the developing teams to come up with other standards to support up to 54Mbps
Synchronizer
• WEP Weakness • One of the major reasons behind WEP weaknesses is its key length. • WEP has a 40-bit key , which can be broken in less than five hours using parallel • This issue urged vendors to update WEP from using 40-bit to 104-bit key; the new • WEP does not support mutual authentication. • CRC (for integrity) lacks the cryptography feature.
802.1x : EAP Over LAN (EAPOL) • The 802.1x standard was designed for port base authentication for 802 networks. • EAP (Extensible authentication Protocol) was designed to support multiple authentication methods over point to point connections without requiring IP. • It allows any of the encryption schemes to be implemented on top of it.
• 802.1x framework define 3 ports or entities: • Supplicant (client want to be authenticated), • Authenticator (AP that connect the supplicant to the wired network), • Authentication Server (performs the authentication process from the supplicant based on their credentials).
802.11i Standard: • The 802.11i (released June 2004) security standard is supposed to be the final solution to wireless security issue. • It improves authentication, integrity and data transfer. • After final release the full specification was named as WPA2. • 802.11i enhances 802.11 by providing a Robust Security Network (RSN) with two new protocols: the four- way handshake and the group key handshake.
Four-way handshake: • AP – Access Point • STA – Client Station • PTK – Pairwise Transient Key 64 Bytes (generated by concatenating PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a pseudo-random function.). • GTK – Group Temporal Key 32 Bytes(used to decrypt multicast and broadcast message) • MIC – Message Integrity Code
Group Key Handshake • The Group Temporal Key (GTK) used in the network may need to be updated due to the expiration of a preset timer. • To handle the updating, 802.11i defines a Group Key Handshake that consists of a two-way handshake: • The AP sends the new GTK to each STA in the network. • The GTK is encrypted using the KEK assigned to that STA, and protects the data from tampering, by use of a MIC. • The STA acknowledges the new GTK and replies to the AP.
• To improve data transfer, 802.11i specifies three protocols: TKIP, CCMP and WRAP. • TKIP (Temporal Key Integrity Management) was introduced as a "band-aid" solution to WEP problems. • TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism. • TKIP ensures that every data packet is sent with its own unique encryption key.
• WRAP (Wireless Robust Authenticated Protocol) is the LAN implementation of the AES encryption. • WRAP has intellectual property issues, where three parties have filed for its patent. This problem caused IEEE to replace it with CCMP • CCMP (Counter with Cipher Block Chaining Message Authentication Code Protocol) is considered the optimal solution for secure data transfer under 802.11i. • CCMP uses AES for encryption.
THOUGHTS ON WIRELESS SECURITY: • WIRELESS SECURITY MEASURES • We can group wireless security measures into those dealing with: • Wireless Transmissions(threats involves eavesdropping, altering or inserting messages, and disruption.) • Wireless Networks
SECURING WIRELESS NETWORK: • Following techniques can be adopted to secure wireless networks: • Use encryption. Wireless routers are typically equipped with built-in encryption • Use antivirus and antispyware software, and a firewall. • Turn off identifier broadcasting. • Allow only specific computers to access your wireless network.
Thank you

Recommandé

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 

Recommandé

Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithmstrilokchandra prakash
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Encryption and Decryption
Encryption and DecryptionEncryption and Decryption
Encryption and DecryptionRajaKrishnan M
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)k33a
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
Cryptography Intro
Cryptography IntroCryptography Intro
Cryptography IntroChristopher Martin
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Tcp
TcpTcp
TcpVarsha Kumar
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryptionRashmi Burugupalli
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 

Contenu connexe

Tendances

Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DESHemant Sharma
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Encryption and Decryption
Encryption and DecryptionEncryption and Decryption
Encryption and DecryptionRajaKrishnan M
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)k33a
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryptionRashmi Burugupalli
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 

Tendances (20)

Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Double DES & Triple DES
Double DES & Triple DESDouble DES & Triple DES
Double DES & Triple DES
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Web Security
Web SecurityWeb Security
Web Security
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Encryption and Decryption
Encryption and DecryptionEncryption and Decryption
Encryption and Decryption
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
Cryptography Intro
Cryptography IntroCryptography Intro
Cryptography Intro
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Tcp
TcpTcp
Tcp
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryption
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 

Similaire à CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 

Similaire à CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security (20)

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 

Plus de Jyothishmathi Institute of Technology and Science Karimnagar

Plus de Jyothishmathi Institute of Technology and Science Karimnagar (20)

JAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
JAVA PROGRAMMING- GUI Programming with Swing - The Swing ButtonsJAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
JAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
 
JAVA PROGRAMMING - The Collections Framework
JAVA PROGRAMMING - The Collections Framework JAVA PROGRAMMING - The Collections Framework
JAVA PROGRAMMING - The Collections Framework
 
JAVA PROGRAMMING- Exception handling - Multithreading
JAVA PROGRAMMING- Exception handling - MultithreadingJAVA PROGRAMMING- Exception handling - Multithreading
JAVA PROGRAMMING- Exception handling - Multithreading
 
JAVA PROGRAMMING – Packages - Stream based I/O
JAVA PROGRAMMING – Packages - Stream based I/O JAVA PROGRAMMING – Packages - Stream based I/O
JAVA PROGRAMMING – Packages - Stream based I/O
 
Java programming -Object-Oriented Thinking- Inheritance
Java programming -Object-Oriented Thinking- InheritanceJava programming -Object-Oriented Thinking- Inheritance
Java programming -Object-Oriented Thinking- Inheritance
 
WEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScriptWEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScript
 
WEB TECHNOLOGIES JSP
WEB TECHNOLOGIES JSPWEB TECHNOLOGIES JSP
WEB TECHNOLOGIES JSP
 
WEB TECHNOLOGIES Servlet
WEB TECHNOLOGIES ServletWEB TECHNOLOGIES Servlet
WEB TECHNOLOGIES Servlet
 
WEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLWEB TECHNOLOGIES XML
WEB TECHNOLOGIES XML
 
WEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES- PHP ProgrammingWEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES- PHP Programming
 
Compiler Design- Machine Independent Optimizations
Compiler Design- Machine Independent OptimizationsCompiler Design- Machine Independent Optimizations
Compiler Design- Machine Independent Optimizations
 
COMPILER DESIGN Run-Time Environments
COMPILER DESIGN Run-Time EnvironmentsCOMPILER DESIGN Run-Time Environments
COMPILER DESIGN Run-Time Environments
 
COMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationCOMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed Translation
 
COMPILER DESIGN- Syntax Analysis
COMPILER DESIGN- Syntax AnalysisCOMPILER DESIGN- Syntax Analysis
COMPILER DESIGN- Syntax Analysis
 
COMPILER DESIGN- Introduction & Lexical Analysis:
COMPILER DESIGN- Introduction & Lexical Analysis: COMPILER DESIGN- Introduction & Lexical Analysis:
COMPILER DESIGN- Introduction & Lexical Analysis:
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsCRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Computer Forensics Working with Windows and DOS Systems
Computer Forensics Working with Windows and DOS SystemsComputer Forensics Working with Windows and DOS Systems
Computer Forensics Working with Windows and DOS Systems
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security

  • 1. CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security Dr R Jegadeesan Prof-CSE Jyothishmathi Institute of Technology and Science, karimnagar
  • 2. SYLLABUS . Transport-level Security: Web security considerations, Secure Socket Layer and Transport Layer Security, HTTPS, Secure Shell (SSH) Wireless Network Security: Wireless Security, Mobile Device Security, IEEE 802.11 Wireless LAN, IEEE 802.11i Wireless LAN Security
  • 3. Transport level Security Topic Name : Transport level Security Topic : Introduction to Web security considerations Aim & Objective : To understand the Web Security considerations secure Socket layer and Transport layer Security Application With Example :web security Services Limitations If Any: Reference Links : Cryptography and Network Security: C K Shyamala, N Harini, Dr T R Padmanabhan, Wiley India, 1st Edition. Cryptography and Network Security : Forouzan Mukhopadhyay, Mc Graw Hill, 3rd Edition https://en.wikipedia.org/wiki/Cryptography and Network security https://www.tutorialspoint.com/network_security/network_security_overview.htm http://www.slideshare.net/leethree/ssl-intro https://www.minigranth.com https://www.igi-global.com › •Video Link details •https://www.youtube.com/watch?v=sCuVLyvxM5g
  • 4. Universities & Important Questions : •Is it possible in SSL for the receiver to recorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not? Explain the classification technique? •Discuss the IEEE 802.11i Wireless LAN Security. •In SSL and TLS, why is there a separate change cipher spec protocol, rather than including change cipher spec message in the handshake protocol? •Explain the IEEE 802.11Wireless LAN.
  • 6. ▪TLS stands for Transport Layer Security. It is an IETF standardization initiative whose goal is to come out with an Internet standard Version of SSL. ▪ IETF- Internet Engineering Task Force. ▪There are subtle differences between SSL and TLS. However, the core idea and implementation are quite similar.
  • 7. • Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. • When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). • The TLS protocol is based on Netscape's SSL 3.0 protocol; however, TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0. The most recent browser versions support TLS.
  • 8. • TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. • The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.
  • 9. TLS HANDSHAKE PROTOCOL • The Transport Layer Security (TLS) Handshake Protocol is responsible for the authentication and key exchange necessary to establish or resume secure sessions. When establishing a secure session, the Handshake Protocol manages the following: • Cipher suite negotiation. • Authentication of the server and optionally, the client. • Session key information exchange.
  • 10. Cipher Suite Negotiation The client and server make contact and choose the cipher suite that will be used throughout their message exchange. (Authentication & Encryption combination) Authentication In TLS, a server proves its identity to the client. The client might also need to prove its identity to the server. PKI, the use of public/private key pairs, is the basis of this authentication. The exact method used for authentication is determined by the cipher suite negotiated. Key Exchange The client and server exchange random numbers and a special number called the Pre-Master Secret. These numbers are combined with additional data permitting client and server to create their shared secret, called the Master Secret. The Master Secret is used by client and server to generate the write MAC secret, which is the session key used for hashing, and the write key, which is the session key used for encryption
  • 11. The TLS Handshake Protocol involves the following steps • The client sends a "Client hello" message to the server, along with the client's random value and supported cipher suites. • The server responds by sending a "Server hello" message to the client, along with theserver's random value. The server sends its certificate to the client for authentication and may request a certificate from the client. The server sends the "Server hello done" message. • If the server has requested a certificate from the client, the client sends it. • The client creates a random Pre-Master Secret and encrypts it with the public key from the server's certificate, sending the encrypted Pre-Master Secret to the server. • The server receives the Pre-Master Secret. The server and client each generate the Master Secret and session keys based on the Pre-Master Secret. • The client sends "Change cipher spec" notification to server to indicate that the client will start using the new session keys for hashing and encrypting messages. Client also sends "Client finished" message. • Server receives "Change cipher spec" and switches its record layer security state to symmetric encryption using the session keys. Server sends "Server finished" message to the client. • Client and server can now exchange application data over the secured channel they have established. All messages sent from client to server and from server to client are encrypted using session key.
  • 12. • The client sends a "Client hello" message using the Session ID of the session to be resumed. • The server checks its session cache for a matching Session ID. If a match is found, and the server is able to resume the session, it sends a "Server hello" message with the Session ID. • Note If a session ID match is not found, the server generates a new session ID and the TLS client and server perform a full handshake. • Client and server must exchange "Change cipher spec" messages and send "Client finished" and "Server finished" messages. • Client and server can now resume application data exchange • over the secure channel.
  • 13. TLS RECORD Protocol • The Transport Layer Security (TLS) Record protocol secures application data using the keys created during the Handshake. The Record Protocol is responsible for securing application data and verifying its integrity and origin. It manages the following: 1. Dividing outgoing messages into manageable blocks, andreassembling incoming messages. 2. Compressing outgoing blocks and decompressing incoming blocks (optional). 3. Applying a Message Authentication Code (MAC) to outgoing 4. messages, and verifying incoming messages using the MAC. 5. Encrypting outgoing messages and decrypting incoming messages.
  • 14. • When the Record Protocol & Handshake protocols are completed, the outgoing encrypted data is passed down to the Transmission Control Protocol (TCP) layer for transport.
  • 15. Web Security • OUT LINE • Web Security Considerations • Secure socket layer and Transport layer security • Secure Electronic Transaction
  • 16. • Web is now widely used by businesses, government firms and individuals. • but Internet & Web space are vulnerable. have a variety of threats related to • Integrity : Someone might alter content • Confidentiality : Anyone can see content • Denial of service • Authentication : Not clear who you are talking with need added security mechanisms
  • 17. SECURE SOCKET LAYER (SSL) • Secure Sockets Layer (SSL) • Developed by Netscape Corporation • Versions 1, 2, and 3 (released in 1996) • Transport Layer Security (TLS) • Successor of SSL • IETF standards track protocol, based on SSL 3.0 • Last updated in RFC 5246 (2008)
  • 19. 19 Where SSL fits? HTTP SMTP POP3 80 25 110 HTTPS SSMTP SPOP3 443 465 995 Secure Socket Layer Transport Network Data Link Port No. NITTTR,
  • 20. What security is provided? • By providing: • Endpoint Authentication • Unilateral or Bilateral • Communication Confidentiality • For preventing: • Eavesdropping • Tampering • Message Forgery
  • 21. How security is provided?
  • 22. • UseEach client-server pair uses • 2 public keys • one for client (browser) created when browser is installed on client machine • one for server (http server) created when server is installed on server hardware • 2 private keys • one for client browser • one for server (http server)
  • 23. Uses public key scheme • 1 Each client-server pair uses • 2 public keys • one for client (browser) • created when browser is installed on client machine • one for server (http server) • created when server is installed on server hardware • 2 private keys • one for client browser • one for server (http server
  • 24. Cipher Suite • Common Cipher Suite algorithms: • Encryption algorithm • RC4,Triple DES,AES, IDEA, DES, Camellia • Message authentication code (MAC) algorithm • Authentication by RSA, DSA, ECDSA • Hashing by MD5, SHA • Key exchange algorithm • RSA, Diffie-Hellman, ECDH, SRP, PSK • Pseudorandom function (PRF)
  • 26. SSL Architecture (Contd.) • SSL session an association between client & server • created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL • The hybrid mechanism is also known as interleaved-push-and-pull (IPP) mechanism.
  • 27. • SSL connection • a transient, peer-to-peer, communications link • associated with 1 SSL session • The Four UpperLayer Protocols • Application Encryption Protocol Encrypt/Decrypt application data • Change Cipher Spec Protocol Alert to a change in communication variables • Alert Protocol Messages important to SSL connections • Handshaking Protocol Establish communication variables
  • 28. SSL Record Protocol • Services provided are : • Confidentiality using symmetric encryption with a shared secret key defined byHandshake Protocol IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption • Message integrity  using a MAC (Message Authentication Code) c r e a t e d using a shared secret key and a short message
  • 29.
  • 30. Advantages • The number of server interruptions and queued requests are significantly reduced. Disadvantages • IPP does not eliminate the typical server problems of too many interruptions and queued requests.
  • 31. SSL Handshake Protocol • The most complex part of SSL. allows server & client to: • authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used comprises a series of messages in phases • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish NITTTR,
  • 32. 235 • The client(Alice) and server(Bob) must agree on various • parameters to establish the connection • Alice request a secure connections and presents a list of Cipher Suites • Bob picks the strongest supported Cipher Suite • Bob sends back his digital certificate • Including the certificate authority and his public key • By encrypting using the server’s public key, Alice send a random number to Bob securely • Alice and Bob generate key material from the random number • Secure connection established
  • 33. 236
  • 34. 237
  • 35. 238
  • 36. 239
  • 37. 242
  • 38. 243 S: HTTP Application HTTP is most common TLS application https:// Requires TLS-capable web server Requires TLS-capable web browser Netscape Navigator Internet Explorer Cryptozilla Netscape Mozilla sources with SSLeay
  • 39. TLS “Alternatives” 244 S-HTTP: secure HTTP protocol, shttp:// IPSec: secure IP SET: Secure Electronic Transaction Protocol and infrastructure for bank card payments SASL: Simple Authentication and Security Layer (RFC 2222)
  • 40. 245 Implementation of SSL/TLS SSL and TLS have been widely implemented Open source software projects OpenSSL, NSS, or GnuTLS Microsoft Windows Part of its Secure Channel Browsers Apple Safari Mozilla Firefox (2+) Internet Explorer, etc.
  • 41. 246 . Application of SSL/TLS On top of the Transport Layer protocols Primarily with TCP Datagram Transport Layer Security(DTLS) for UDP Encapsulating the application protocols HTTP (HTTPS) for securing WWW traffic FTP (FTPS), SMTP, NNTP, etc.
  • 43. • The data synchronization refers to maintaining data consistency among the disseminated or distributed data between data source and different computing systems • Data consistency─ if there is data modification at the server then that should reflect in the data with the device within a defined period • It ensures that the same copy or version of data is used in all devices - from source to destination.
  • 45. Contents • What is Wireless Networking • What is Wireless Security • Threats to Wireless Networks • Parking Lot attack • Security in WLAN 802.11 • Thoughts on Wireless Security
  • 46. Wireless Networking? • A wireless network is a computer network that uses wireless data connections between network nodes. • It provides the flexibility and freedom that wired networks lack. • The main standards in the wireless world are: • 802.11, which describes the Wireless LAN architecture, • 802.16 which describes the Wireless MAN architecture.
  • 47. Wireless Security ? Access Point(AP): • Allows wireless communication device, such as computers to connect to a wireless network Service set Identifier(SSID): • SSID allows wireless clients to communicate with an appropriate access point. Only clients with correct SSID can communicate with the AP
  • 48. Reasons why wireless networks are more vulnerable to attacks then a wired network are: Channel: Involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks Accessibility:Wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations.
  • 49. THREAT TO WIRELESS NETWORKS Here the client initiates the synchronization and sends backup to the server for updating its data. • Malicious Association: A wireless device is configured to appear to be a legitimate access point, and then the operator penetrates the wired network through a legitimate wireless access point. • Ad hoc Network: These are peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of a central point ofcontrol. • Identify theft (MAC Spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges.
  • 50. PARKING LOT ATTACK • Wireless Signals are intercepted outside an organization, or even through the floors in multi-storey buildings. • “Parking lot” signifies that the attacker sit in the organization's parking lot and try to access internal hosts via the wireless network.
  • 52. Database Records • Here the records are indexed to facilitate search operation by placing the query. • For example, the contacts in the mobile are indexed as per the first alphabet of the name.
  • 53. • 802.11 Standard • 802.11 Authentication • Wired Equivalent Privacy(WEP) • WEP Weakness • 802.1x: EAP over LAN • 802.11i Standard
  • 54. 802.11 Standard • The 802.11 IEEE standard was standardized in 1997. • It consists of three layers: Physical layer, MAC (Medium Access Control) layer, and LLC (Logical Link Control) layer • The first version of the standard supported only 2 Mbps bandwidth, which motivated the developing teams to come up with other standards to support up to 54Mbps
  • 56. • WEP Weakness • One of the major reasons behind WEP weaknesses is its key length. • WEP has a 40-bit key , which can be broken in less than five hours using parallel • This issue urged vendors to update WEP from using 40-bit to 104-bit key; the new • WEP does not support mutual authentication. • CRC (for integrity) lacks the cryptography feature.
  • 57. 802.1x : EAP Over LAN (EAPOL) • The 802.1x standard was designed for port base authentication for 802 networks. • EAP (Extensible authentication Protocol) was designed to support multiple authentication methods over point to point connections without requiring IP. • It allows any of the encryption schemes to be implemented on top of it.
  • 58. • 802.1x framework define 3 ports or entities: • Supplicant (client want to be authenticated), • Authenticator (AP that connect the supplicant to the wired network), • Authentication Server (performs the authentication process from the supplicant based on their credentials).
  • 59. 802.11i Standard: • The 802.11i (released June 2004) security standard is supposed to be the final solution to wireless security issue. • It improves authentication, integrity and data transfer. • After final release the full specification was named as WPA2. • 802.11i enhances 802.11 by providing a Robust Security Network (RSN) with two new protocols: the four- way handshake and the group key handshake.
  • 60. Four-way handshake: • AP – Access Point • STA – Client Station • PTK – Pairwise Transient Key 64 Bytes (generated by concatenating PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a pseudo-random function.). • GTK – Group Temporal Key 32 Bytes(used to decrypt multicast and broadcast message) • MIC – Message Integrity Code
  • 61. Group Key Handshake • The Group Temporal Key (GTK) used in the network may need to be updated due to the expiration of a preset timer. • To handle the updating, 802.11i defines a Group Key Handshake that consists of a two-way handshake: • The AP sends the new GTK to each STA in the network. • The GTK is encrypted using the KEK assigned to that STA, and protects the data from tampering, by use of a MIC. • The STA acknowledges the new GTK and replies to the AP.
  • 62. • To improve data transfer, 802.11i specifies three protocols: TKIP, CCMP and WRAP. • TKIP (Temporal Key Integrity Management) was introduced as a "band-aid" solution to WEP problems. • TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism. • TKIP ensures that every data packet is sent with its own unique encryption key.
  • 63. • WRAP (Wireless Robust Authenticated Protocol) is the LAN implementation of the AES encryption. • WRAP has intellectual property issues, where three parties have filed for its patent. This problem caused IEEE to replace it with CCMP • CCMP (Counter with Cipher Block Chaining Message Authentication Code Protocol) is considered the optimal solution for secure data transfer under 802.11i. • CCMP uses AES for encryption.
  • 64. THOUGHTS ON WIRELESS SECURITY: • WIRELESS SECURITY MEASURES • We can group wireless security measures into those dealing with: • Wireless Transmissions(threats involves eavesdropping, altering or inserting messages, and disruption.) • Wireless Networks
  • 65. SECURING WIRELESS NETWORK: • Following techniques can be adopted to secure wireless networks: • Use encryption. Wireless routers are typically equipped with built-in encryption • Use antivirus and antispyware software, and a firewall. • Turn off identifier broadcasting. • Allow only specific computers to access your wireless network.