Soumettre la recherche
Mettre en ligne
ssl
•
Télécharger en tant que PPTX, PDF
•
1 j'aime
•
970 vues
V
vivek lohiya
Suivre
Signaler
Partager
Signaler
Partager
1 sur 28
Télécharger maintenant
Recommandé
security in transport layer ssl
security in transport layer ssl
STUDENT
Secure socket layer
Secure socket layer
Emprovise
Transport layer security
Transport layer security
Hrudya Balachandran
Transport Layer Security
Transport Layer Security
Chhatra Thapa
Secure Socket Layer
Secure Socket Layer
Pina Parmar
Ssl and tls
Ssl and tls
Rana assad ali
Transport layer security
Transport layer security
Hrudya Balachandran
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
Nate Lawson
Recommandé
security in transport layer ssl
security in transport layer ssl
STUDENT
Secure socket layer
Secure socket layer
Emprovise
Transport layer security
Transport layer security
Hrudya Balachandran
Transport Layer Security
Transport Layer Security
Chhatra Thapa
Secure Socket Layer
Secure Socket Layer
Pina Parmar
Ssl and tls
Ssl and tls
Rana assad ali
Transport layer security
Transport layer security
Hrudya Balachandran
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
Nate Lawson
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
Ip Sec Rev1
Ip Sec Rev1
Ram Dutt Shukla
Secure socket layer
Secure socket layer
Nishant Pahad
SSL And TLS
SSL And TLS
Ghanshyam Patel
Secure shell ppt
Secure shell ppt
sravya raju
SSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
Microsoft
SSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
Fit project
Fit project
ajay raghavender
Transport Layer Security
Transport Layer Security
Huda Seyam
BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
Unit 6
Unit 6
Vinod Kumar Gorrepati
Transportsec
Transportsec
Bogdan Korniyenko
What is TLS/SSL?
What is TLS/SSL?
Shehzad Imran
Intro to SSH
Intro to SSH
JP Bourget
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Sandeep Gupta
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Pefkoula Stagia
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Games for Health Finland
Contenu connexe
Tendances
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
Ip Sec Rev1
Ip Sec Rev1
Ram Dutt Shukla
Secure socket layer
Secure socket layer
Nishant Pahad
SSL And TLS
SSL And TLS
Ghanshyam Patel
Secure shell ppt
Secure shell ppt
sravya raju
SSL/TLS
SSL/TLS
Dr Anjan Krishnamurthy
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
Microsoft
SSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
Fit project
Fit project
ajay raghavender
Transport Layer Security
Transport Layer Security
Huda Seyam
BAIT1103 Chapter 4
BAIT1103 Chapter 4
limsh
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
Unit 6
Unit 6
Vinod Kumar Gorrepati
Transportsec
Transportsec
Bogdan Korniyenko
What is TLS/SSL?
What is TLS/SSL?
Shehzad Imran
Intro to SSH
Intro to SSH
JP Bourget
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Sandeep Gupta
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
Tendances
(20)
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Ip Sec Rev1
Ip Sec Rev1
Secure socket layer
Secure socket layer
SSL And TLS
SSL And TLS
Secure shell ppt
Secure shell ppt
SSL/TLS
SSL/TLS
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
SSL/TLS Handshake
SSL/TLS Handshake
Fit project
Fit project
Transport Layer Security
Transport Layer Security
BAIT1103 Chapter 4
BAIT1103 Chapter 4
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
Unit 6
Unit 6
Transportsec
Transportsec
What is TLS/SSL?
What is TLS/SSL?
Intro to SSH
Intro to SSH
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Secure Shell(ssh)
Secure Shell(ssh)
En vedette
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Pefkoula Stagia
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Games for Health Finland
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
WomenAntiCoup
Yx yoyo series you are only young once
Yx yoyo series you are only young once
Jose Ramos
Literacy in the content area for week four blog
Literacy in the content area for week four blog
Chris Lewis
Presentation1
Presentation1
Pradeepkumar Vj
Avatar power point
Avatar power point
MARIAINES2504
Characteristics of Intelligent Behavior
Characteristics of Intelligent Behavior
ldenney65
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
WomenAntiCoup
тема 6
тема 6
Настя Корабахина
тема 8
тема 8
Настя Корабахина
Jem Smith CV PDF
Jem Smith CV PDF
Jem16
TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1
Jose Ramos
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
Alex Gonzales
тема 4
тема 4
Настя Корабахина
Run to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 media
Jose Ramos
Welcome
Welcome
Sonia Nidhin
Camera shots and what makes a good photo
Camera shots and what makes a good photo
Suther98
30 ideas to Innovate the Workplace
30 ideas to Innovate the Workplace
Paula Steffen Moeller, Ed.D.
Ten Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are Making
designs.codes
En vedette
(20)
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Οι δραστηριότητες των παιδιών στους ανοιχτούς χώρους στη Νέα Μηχανιώνα από το...
Kuopion ideaklinikka tavoitetila hankinnalle 012015
Kuopion ideaklinikka tavoitetila hankinnalle 012015
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
تقرير عن واقع النساء بعد 3 أعوام من الإنقلاب (موسع) - نساء ضد الانقلاب
Yx yoyo series you are only young once
Yx yoyo series you are only young once
Literacy in the content area for week four blog
Literacy in the content area for week four blog
Presentation1
Presentation1
Avatar power point
Avatar power point
Characteristics of Intelligent Behavior
Characteristics of Intelligent Behavior
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
الإهمال الطبي والقتل البطئ والإعدام ..واقع نساء مصر في سجون الانقلاب !
тема 6
тема 6
тема 8
тема 8
Jem Smith CV PDF
Jem Smith CV PDF
TTS ORIENTATION Trainors Training School PART 1
TTS ORIENTATION Trainors Training School PART 1
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
PORTAFOLIO DE PLANEAMIENTO Y CONTROL DE OPERACIONES
тема 4
тема 4
Run to God intimacy 530pm 2016 media
Run to God intimacy 530pm 2016 media
Welcome
Welcome
Camera shots and what makes a good photo
Camera shots and what makes a good photo
30 ideas to Innovate the Workplace
30 ideas to Innovate the Workplace
Ten Horrible Social Media Campaign Mistakes That You Are Making
Ten Horrible Social Media Campaign Mistakes That You Are Making
Similaire à ssl
Transport layer security.ppt
Transport layer security.ppt
ImXaib
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
cscpconf
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
csandit
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
United International University
Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
SSL.pptx
SSL.pptx
hammadhassan9507
Internet security protocol
Internet security protocol
Mousmi Pawar
Lec 3.pptx
Lec 3.pptx
ssuserbab2f4
Network Security- Secure Socket Layer
Network Security- Secure Socket Layer
Dr.Florence Dayana
SIP over TLS
SIP over TLS
Hossein Yavari
secure socket layer
secure socket layer
Amar Shah
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
Network Security Applications
Network Security Applications
Hatem Mahmoud
Secure Socket Layer.pptx
Secure Socket Layer.pptx
Jenish Prajapati
Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
SonukumarRawat
Web Security
Web Security
Dr.Florence Dayana
ssl
ssl
sjyuva
Sequere socket Layer
Sequere socket Layer
Raghavendra Rao
Similaire à ssl
(20)
Transport layer security.ppt
Transport layer security.ppt
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
Transport Layer Security (TLS)
Transport Layer Security (TLS)
SSL.pptx
SSL.pptx
Internet security protocol
Internet security protocol
Lec 3.pptx
Lec 3.pptx
Network Security- Secure Socket Layer
Network Security- Secure Socket Layer
SIP over TLS
SIP over TLS
secure socket layer
secure socket layer
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Network Security Applications
Network Security Applications
Secure Socket Layer.pptx
Secure Socket Layer.pptx
Transport Layer Security
Transport Layer Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
Web Security
Web Security
ssl
ssl
Sequere socket Layer
Sequere socket Layer
ssl
1.
SSL / TLS Internet
Security Protocols
2.
© Novell, Inc.
All rights reserved.2 What is it used for? Designed to provide communication security over the Internet Authentication, Data Integrity, Confidentiality Prevents Eavesdropping, tampering & message forgery Application protocol independent ( POP3, IMAP, SMTP, FTP) Virtual Private Network (SSL VPN) Public key infrastructure(PKI)
3.
© Novell, Inc.
All rights reserved.3 Cryptography Heads up!!! 1. Symmetric Key Cryptography 2. Asymmetric Key Cryptography a.k.a. Public Key Cryptography
4.
© Novell, Inc.
All rights reserved.4 Symmetric Key Cryptography
5.
© Novell, Inc.
All rights reserved.5 Public Key Cryptography
6.
© Novell, Inc.
All rights reserved.6 History & Development Secure Network Programming (1993) SSL 1.0, 2.0 and 3.0 (1995-96) TLS 1.0(1999) TLS 1.1(2006) TLS 1.2(2008) TLS 1.3(Draft Oct. 2014)
7.
© Novell, Inc.
All rights reserved.7 SSL/TLS Architecture Handshake protocol Change Cipher spec Alert Application Protocol Record TCP/IP
8.
© Novell, Inc.
All rights reserved.8 Basic TLS Handshake TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Server Hello Server chooses TLS version, Session IDs, Cipher, compression method Server Certificate (Optional) Server Key Exchange (Optional) Servers public key if certificate not available Client certificate request (Optional) Server Hello Done Client Certificate (Optional) Client KeyExchange PreMasterSecret or public key, or nothing encrypted using server’s public key Client Certificate verify (Optional) client will start using the new session keys for hashing and encrypting messages Change CipherSpec Server Finished Encrypted Application Data Change CipherSpec & Client Finished
9.
© Novell, Inc.
All rights reserved.9 Resumed TLS Handshake Public key operations (e.g., RSA) are relatively expensive in terms of computational power. TLS provides a secure shortcut in the handshake mechanism to avoid these operations: resumed sessions. Resumed sessions are implemented using session IDs or session tickets. Apart from the performance benefit, resumed sessions can also be used for single sign-on. Session ID and Session tickets are used for resumed TLS handshake.
10.
© Novell, Inc.
All rights reserved.10 Resumed TLS Handshake (Cont.) TLS Client TLS Server Client Hello Offers TLS version, list of ciphers, compression methods etc. Older Session ID / Session Ticket Server Hello With Old / New session ID Change CipherSpec & Client Finished client will start using the new /old session keys for hashing and encrypting messages Encrypted Application Data Change CipherSpec Server Finished containing a hash and MAC over the previous handshake messages
11.
© Novell, Inc.
All rights reserved.11 Session ID & Session tickets Session ID:- The client associates this session id with the server's IP address and TCP port, so that when the client connects again to that server, it can use the session id to shortcut the handshake. In the server, the session id maps to the cryptographic parameters previously negotiated, specifically the "master secret". Both sides must have the same "master secret" or the resumed handshake will fail. Session Tickets:- When using session tickets, the TLS server stores its session-specific state in a session ticket and sends the session ticket to the TLS client for storing. The client resumes a TLS session by sending the session ticket to the server, and the server resumes the TLS session according to the session-specific state in the ticket. The session ticket is encrypted and authenticated by the server, and the server verifies its validity before using its contents.
12.
© Novell, Inc.
All rights reserved.12 TLS Record Protocol The TLS Record Protocol is a layered protocol. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients. Following four protocol clients uses it: the handshake protocol, the alert protocol, the change cipher spec protocol, and the application data protocol
13.
© Novell, Inc.
All rights reserved.13 TLS Record Protocol(Cont.) TLS Record Header
14.
© Novell, Inc.
All rights reserved.14 Connection States A TLS connection state is the operating environment of the TLS Record Protocol There are always four connection states outstanding: the current read and write states, and the pending read and write states All records are processed under the current read and write states. The security parameters for the pending states can be set by the TLS Handshake Protocol, and the Change Cipher Spec can selectively make either of the pending states current
15.
© Novell, Inc.
All rights reserved.15 Message Authentication Code TLS record layer uses Keyed-Hash MAC(HMAC) for authentication and integrity check of messages. HMAC employs an iterative cryptographic hash function in combination with a premaster secret key as follows: H(secret XOR opad, H(secret XOR ipad, message)) HMAC produces a fixed length message digest which may not be sufficiently long. To remedy this successive concatenation of HMAC with different values is done as follows: P_hash(secret, seed) = H(secret, A(1) + seed) + H(secret, A(2) + seed) + H (secret, A(3) + seed) + ... where + indicates concatenation. A() is defined as: A(0) = seed = ClientHello.random + ServerHello.random A(i) = H (secret, A(i-1)) Secret = premaster secret
16.
© Novell, Inc.
All rights reserved.16 Master Key Generation:- The master secret is calculated using PRF: master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) [0..47]; where + indicates concatenation. TLS's PRF is created by applying P_hash to the secret as: PRF(secret, label, seed) = P_<hash>(secret, label, + seed) where + indicates concatenation. The master secret is always exactly 48 bytes in length. The Length of the premaster secret will vary depending on key exchange method.
17.
© Novell, Inc.
All rights reserved.17 TLS communication steps 1. Handshake and cipher suite negotiation 2. Authentication of parties 3. Key-related information exchange 4. Application data exchange The steps that make up TLS are divided into two protocols that together provide connection security: TLS Handshaking Protocols — (steps 1 – 3) Application Data Protocol — (step 4)
18.
© Novell, Inc.
All rights reserved.18 TLS Handshaking Protocols It is responsible for the authentication and key exchange necessary to establish or resume secure sessions When establishing a secure session, the Handshaking Protocol manages the following: • Cipher suite negotiation • Authentication of the server and optionally, the client • Session key information exchange. It includes “The Handshake Protocol”, “The Alert Protocol” & “Change Cipher Spec Protocol”
19.
© Novell, Inc.
All rights reserved.19 TLS Handshake Protocol The Handshake Protocol is responsible for negotiating a session, which consists of the following items:- Session Identifier:- An arbitrary byte sequence chosen by the server to identify an active or resume-able session state. Peer Certificate:- X509v3 certificate of the peer. This element of the state may be null. Compression Method:- The algorithm used to compress data prior to encryption. Cipher Spec:- Specifies the pseudorandom function (PRF) used to generate keying material, the bulk data encryption algorithm (such as null, AES, etc.) and the MAC algorithm (such as MD5 HMAC-SHA1). It also defines cryptographic attributes such as the mac_length. Master Secret:- 48-byte secret shared between the client and server. is resumable:- A flag indicating whether the session can be used to initiate new connections.
20.
© Novell, Inc.
All rights reserved.20 Change Cipher Spec Protocol The change cipher spec protocol exists to signal transitions in ciphering strategies. The ChangeCipherSpec message is sent by both the client and the server to notify the receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.
21.
© Novell, Inc.
All rights reserved.21 Alert Protocol Alert messages convey the severity of the message (warning or fatal) and a description of the alert. There are two alert levels in TLS 1. Fatal:- immediate termination of the connection 2. Warning:- other connections corresponding to the session may continue, but the session identifier MUST be invalidated, preventing the failed session from being used to establish new connections For complete list of alert messages use RFC5246 Note :- alert messages are encrypted and compressed, as specified by the current connection state.
22.
© Novell, Inc.
All rights reserved.22 Application Data Protocol Application data messages are carried by the record layer and are fragmented, compressed, and encrypted based on the current connection state. The messages are treated as transparent data to the record layer.
23.
© Novell, Inc.
All rights reserved.23 TLS Record Content Type:- This field identifies the Record Layer Protocol Type contained in this Record.
24.
© Novell, Inc.
All rights reserved.24 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
25.
© Novell, Inc.
All rights reserved.25 TLS Record(Cont.) Version :- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client. Length:- The length of Protocol message(s), MAC and Padding, not to exceed 214 bytes (16 KiB).
26.
© Novell, Inc.
All rights reserved.26 TLS Record(Cont.) Protocol message(s):- One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection. MAC and Padding:- A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. No MAC or Padding can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.
27.
© Novell, Inc.
All rights reserved.27 References:- • http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS _record • rfc2246, rfc5246, rfc4346 • http://msdn.microsoft.com/en- us/library/windows/desktop/aa380516%28v=vs.85%29.as px • https://www.cs.bham.ac.uk/~mdr/teaching/modules06/net sec/lectures/tls/tls.html • http://lasr.cs.ucla.edu/vahab/resources/notes_on_tls.pdf
28.
© Novell, Inc.
All rights reserved.28 Corporate Headquarters 1800 South, Novell Place Provo, Utah 84606 801.861.7000 (Worldwide) 800.453.1267 (Toll-free) Join us on: www.novell.com
Télécharger maintenant