SlideShare une entreprise Scribd logo

Internet security protocol

Télécharger en tant que PPTX, PDF
Mousmi Pawar
Mousmi Pawar
Technologie
1  sur  15
INTERNET SECURITY PROTOCOL TYIT UNIT V
TCP/IP TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL TCP/IP is a combination of many protocols that facilitates the communication between computer over internet. TCP/IP protocol suite consist of 5 layers
SECURE SOCKET LAYER(SSL) The SSL protocol is an internet protocol for secure exchange of information between a web browser and a web server.  It provides two basic security services: authentication and confidentiality  SSL can be conceptually considered as an additional layer in TCP/IP protocol suite. It is located between application and transport layer.  The application layer data is passed to the SSL layer, SSL layer performs encryption on the data received and also add its own encryption information header called as SSL Header to encrypted data 
HOW SSL WORKS  SSL has 3 sub protocols Handshake protocol  Record protocol  Alert protocol  The Handshake protocol is similar to how two people shake hand with each other before they start conversing.  Each handshake message has 3 fields  Type(1 byte): one of the 10 possible message type  Length (3 byte): length of message in bytes  Content (1 or more bytes): parameters associated with this message. 
SSL HANDSHAKE PROTOCOL PHASES  The handshake protocol is actually made up of 4 phases. 1. 2. 3. 4. Establish security capabilities Server authentication and key exchange Client authentication and key exchange Finish
PHASE 1: ESTABLISH SECURITY CAPABILITIES: This first phase is used to initiate a logical connection and establish the security capabilities associated with that connection.  It consists of two messages, the “client hello” and the “server hello”  Step 1: Client Hello Step 2 Server Hello
CLIENT HELLO PARAMETERS: Version: highest version of SSL that client supports.  Random: this field is useful for later actual communication , it consists of 2 sub fields    A 32 bit data-time field that identifies current date and time of clients computer A 28 bit random number generated by the random number generator software. Session Id: if this fields contains non-zero value, it means that there is already a connection. A zero value indicates that client wants to create a new connection.  Cipher Suite: list of cryptographic algorithm supported by client  Compression method: list of compression algorithm supported by the client 
SERVER HELLO PARAMETERS Version: highest version that server supports from the list.  Random: same structure as random field of client. However, the random value generated is depended on clients random value.  Session Id: server creates a new session id and puts it in this field.  Cipher Suite: Contains a single cipher suite, which server selects from the list sent by the client.  Compression method: contains a compression algorithm, which the server selects from the list. 
PHASE 2 SERVER AUTHENTICATION AND KEY EXCHANGE The server initiates this second phase of the SSL  This phase contains four steps:  Certificate  Server key exchange  Certificate request  Sever hello done 
PHASE 3 CLIENT AUTHENTICATION AND KEY EXCHANGE The client initiates this third phase of the SSL  This phase contains three steps:  Certificate  Client key exchange(premaster secret key)  Certificate verify 
PHASE 4 FINISH The client initiates this fourth phase of SSL handshake which the server ends First 2 messages from client 1. Change cipher specs 2. Finished Server responds 1. Change cipher specs, 2. Finished
MASTER KEY GENERATION Client creates 48 byte pre master secret key and encrypts it with servers public key. And sends pre master secret key to the server. Finally the Symmetric keys to be used by the client and the server are generated
THE RECORD PROTOCOL The record protocol in SSL comes into picture after a successful handshake is completed.  This protocol provides 2 services  Confidentiality: achieved using secret key that is defined by handshake protocol  Integrity: the handshake protocol also defines shared secret Key (MAC)that is used for assuring the message integrity. 
SSL RECORD PROTOCOL 1. Fragmentations 2. Compression 3. Addition of MAC 4. Encryption 5. Append header 1. Content type 2. Major version 3. Minor version 4. Compressed length
THE ALERT PROTOCOL When the server detects an error, the detecting party sends an alert message to other party.  Both the parties close the SSL connection and destroys the session id, secret keys.  Alert message is of 2 bytes  1st byte is error type  2nd byte specifies the reason for actual error. 

Recommandé

Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature ppt
OECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
patisa
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
Mohamed Talaat
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
Anil Neupane
 

Recommandé

Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature ppt
OECLIB Odisha Electronics Control Library
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
patisa
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
Mohamed Talaat
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
Anil Neupane
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
Devakumar Kp
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
Soham Kansodaria
 
Digital signature
Digital signatureDigital signature
Digital signature
Hossain Md Shakhawat
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
parvez Sharaf
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Digital signature
Digital signatureDigital signature
Digital signature
Filipp Kolobov
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
OECLIB Odisha Electronics Control Library
 
Key management
Key managementKey management
Key management
Sujata Regoti
 
Kerberos
KerberosKerberos
Kerberos
Sutanu Paul
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
CAS
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
Venkatesh Jambulingam
 
Cryptography
CryptographyCryptography
Cryptography
Birmingham City University
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
guestfbf635
 

Contenu connexe

Tendances

Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 

Tendances (20)

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Web Security
Web SecurityWeb Security
Web Security
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Digital signature
Digital signatureDigital signature
Digital signature
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Ipsec
IpsecIpsec
Ipsec
 
Digital signature
Digital signatureDigital signature
Digital signature
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Key management
Key managementKey management
Key management
 
Kerberos
KerberosKerberos
Kerberos
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Email security
Email securityEmail security
Email security
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Cryptography
CryptographyCryptography
Cryptography
 

En vedette

8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
guestfbf635
 
Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
farhan516
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
Rohit Bhat
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
David Barker
 
Networking Java Socket Programming
Networking Java Socket ProgrammingNetworking Java Socket Programming
Networking Java Socket Programming
Mousmi Pawar
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
Ishwar Dayal
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
rahul kundu
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 

En vedette (20)

Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
 
Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
 
Network security
Network securityNetwork security
Network security
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network Security Fundamental
Network Security FundamentalNetwork Security Fundamental
Network Security Fundamental
 
IP Protocol Security
IP Protocol SecurityIP Protocol Security
IP Protocol Security
 
Networking Java Socket Programming
Networking Java Socket ProgrammingNetworking Java Socket Programming
Networking Java Socket Programming
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network security
Network security Network security
Network security
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 

Similaire à Internet security protocol

BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 

Similaire à Internet security protocol (20)

Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
ssl
sslssl
ssl
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
SSL-image
SSL-imageSSL-image
SSL-image
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Dernier (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Internet security protocol

  • 2. TCP/IP TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL TCP/IP is a combination of many protocols that facilitates the communication between computer over internet. TCP/IP protocol suite consist of 5 layers
  • 3. SECURE SOCKET LAYER(SSL) The SSL protocol is an internet protocol for secure exchange of information between a web browser and a web server.  It provides two basic security services: authentication and confidentiality  SSL can be conceptually considered as an additional layer in TCP/IP protocol suite. It is located between application and transport layer.  The application layer data is passed to the SSL layer, SSL layer performs encryption on the data received and also add its own encryption information header called as SSL Header to encrypted data 
  • 4. HOW SSL WORKS  SSL has 3 sub protocols Handshake protocol  Record protocol  Alert protocol  The Handshake protocol is similar to how two people shake hand with each other before they start conversing.  Each handshake message has 3 fields  Type(1 byte): one of the 10 possible message type  Length (3 byte): length of message in bytes  Content (1 or more bytes): parameters associated with this message. 
  • 5. SSL HANDSHAKE PROTOCOL PHASES  The handshake protocol is actually made up of 4 phases. 1. 2. 3. 4. Establish security capabilities Server authentication and key exchange Client authentication and key exchange Finish
  • 6. PHASE 1: ESTABLISH SECURITY CAPABILITIES: This first phase is used to initiate a logical connection and establish the security capabilities associated with that connection.  It consists of two messages, the “client hello” and the “server hello”  Step 1: Client Hello Step 2 Server Hello
  • 7. CLIENT HELLO PARAMETERS: Version: highest version of SSL that client supports.  Random: this field is useful for later actual communication , it consists of 2 sub fields    A 32 bit data-time field that identifies current date and time of clients computer A 28 bit random number generated by the random number generator software. Session Id: if this fields contains non-zero value, it means that there is already a connection. A zero value indicates that client wants to create a new connection.  Cipher Suite: list of cryptographic algorithm supported by client  Compression method: list of compression algorithm supported by the client 
  • 8. SERVER HELLO PARAMETERS Version: highest version that server supports from the list.  Random: same structure as random field of client. However, the random value generated is depended on clients random value.  Session Id: server creates a new session id and puts it in this field.  Cipher Suite: Contains a single cipher suite, which server selects from the list sent by the client.  Compression method: contains a compression algorithm, which the server selects from the list. 
  • 9. PHASE 2 SERVER AUTHENTICATION AND KEY EXCHANGE The server initiates this second phase of the SSL  This phase contains four steps:  Certificate  Server key exchange  Certificate request  Sever hello done 
  • 10. PHASE 3 CLIENT AUTHENTICATION AND KEY EXCHANGE The client initiates this third phase of the SSL  This phase contains three steps:  Certificate  Client key exchange(premaster secret key)  Certificate verify 
  • 11. PHASE 4 FINISH The client initiates this fourth phase of SSL handshake which the server ends First 2 messages from client 1. Change cipher specs 2. Finished Server responds 1. Change cipher specs, 2. Finished
  • 12. MASTER KEY GENERATION Client creates 48 byte pre master secret key and encrypts it with servers public key. And sends pre master secret key to the server. Finally the Symmetric keys to be used by the client and the server are generated
  • 13. THE RECORD PROTOCOL The record protocol in SSL comes into picture after a successful handshake is completed.  This protocol provides 2 services  Confidentiality: achieved using secret key that is defined by handshake protocol  Integrity: the handshake protocol also defines shared secret Key (MAC)that is used for assuring the message integrity. 
  • 14. SSL RECORD PROTOCOL 1. Fragmentations 2. Compression 3. Addition of MAC 4. Encryption 5. Append header 1. Content type 2. Major version 3. Minor version 4. Compressed length
  • 15. THE ALERT PROTOCOL When the server detects an error, the detecting party sends an alert message to other party.  Both the parties close the SSL connection and destroys the session id, secret keys.  Alert message is of 2 bytes  1st byte is error type  2nd byte specifies the reason for actual error. 