SlideShare une entreprise Scribd logo

SECURE SOCKET LAYER ( WEB SECURITY )

Télécharger en tant que PPTX, PDF
M
Monodip Singha Roy

This slide is all about SSL and TSL with little descirption of WEB SECURITY

Technologie
1  sur  33
WEB SECURITY (SECURE SOCKET LAYER) MONODIP SINGHA ROY M.TECH Dr. B.C.ROY ENGINEERING COLLEGE 2
Contents  WEB SECURITY  WEB SECURITY TERMINOLOGY  SSL ( SECURE SOCKET LAYER )  SSL ARCHITECTURE  TLS ( TRANSPORT LAYER SECURITY )  PROS AND CONS OF SSL/TLS  SUMMARY 3
WEB SECURITY  Almost everything in today’s world relies on computer and internet. ◦ Communications (emails, phones) ◦ Transportation (car engine system, airplane navigation system) ◦ Medicine ( medical records, equipments) ◦ Shopping (online store, online payments) ◦ Entertainment (digital cables) 4
What is WEB SECURITY ?? Web security , also known as “cyber security “ involves protecting the information by protecting , preventing and responding to the attacks. 5
WEB SECURITY: TERMNOLOGY  HACKERS: People who strive to exploit weaknesses in software and computer for their own gain.  VIRUSES: Infects your computer before actually u can do something.  WORMS: Propagates without users intervention.  TROJAN: A software that claims to do something while in fact doing something in background. 6
WEB SECURITY: TERNINOLOGY  RANSOMWARE: ◦ A form of Trojan that has been since 1989, as known as ‘PC CYBORG’ Trojan. ◦ It affects the user computer by encrypting the user’s personal files. ◦ The victim then contacted and offered the decrypt key in exchange of cash. 7
WEB SECURITY: TERMINOLOGY  KEYLOGGERS: ◦ It is an software that monitor users activity such as key typed in keyboard. ◦ KeyLoggers can  Record keystrokes on keyboards.  Record mouse movement and clicks.  Record menus that are invoked.  Takes screenshot of the desktop at pre defined intervals. 8
Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats ◦ integrity ◦ confidentiality ◦ denial of service ◦ authentication  need added security mechanisms. 9
What is SSL?  SSL – Secure Socket Layer ƒit provides a secure transport connection between applications (e.g., a web server and a browser)  SSL was developed by Netscape  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols SSL v3.0 was specified in an Internet Draft (1996) ƒit evolved into RFC 246 and was renamed to TLS (Transport Layer Security)  TLS can be viewed as SSL v3.1 10
SSL Architecture 11
SSL Components SSL HANDSHAKE PROTOCOL SSL RECORD PROTOCOL SSL ALERT PROTOCOL SSL CHANGE CIPHER SPEC PROTOCOL • Negotiation of security algorithms and parameters. • Key exchange. • Server authentication and optionally client authentication. • Fragmentation. • Compression. • Encryption. • Message authentication and integrity protection. • Error message ( fatal alerts and warning ) • A single message that indicates the end of SSL handshake. 12
Sessions and Connections  An SSL session is a connection between client and server.  Sessions are stateful ; the session state includes security algorithm and parameters.  A session may include multiple secure connection between same server and client.  Connections of the same session share the session state.  Sessions are used to avoid expensive negotiation of new security parameters for each state. 13
Session States…  Session state ◦ Session identifier – arbitrary byte sequence chosen by the server to identify the session. ◦ Peer certificate – may be null. ◦ Compression method. ◦ Cipher Spec – bulk data encryption algorithm and MAC algorithm ( eg. DES, MD5 ). ◦ Master key – a 48 byte secret key is used in between client and server. ◦ Resumable – a flag indicating whether the session can be used to initiate new connections. 14
Connection States…  Connection State ◦ Server and client random – random byte sequence is chosen by the client and server for new connection. ◦ Server write MAC secret – secret key is used in MAC operations on data sent by the server. ◦ Client write MAC secret – secret key is used in MAC operations on data sent by the client. ◦ Server write key – secret encryption key for data, encrypted by the server. ◦ Client write key – secret encryption key for data, encrypted by the client. 15
How States changes??  Operating state: current using state  Pending state: state to be used  Operating state < Pending state: at the transmission and reception of change cipher spec message The sending part of the pending state is copied into the sending part of operating state The receiving part of the pending state is copied into the receiving part of operating stateParty A Party B Change Cipher Spec 16
 SSL session ◦ an association between client & server ◦ created by the Handshake Protocol ◦ define a set of cryptographic parameters ◦ may be shared by multiple SSL connections  SSL connection ◦ a transient, peer-to-peer, communications link ◦ associated with 1 SSL session 17
SSL Handshake Protocol  Handshake protocol is used to exchange all the information required by both sides for the exchange of actual application data by the TRANSPORT LAYER SECURITY 18
SSL Record Protocol  confidentiality ◦ using symmetric encryption with a shared secret key defined by Handshake Protocol ◦ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 ◦ message is compressed before encryption  message integrity ◦ using a MAC with shared secret key ◦ similar to HMAC but with different padding 19
SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use. 20
SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data 21
What is TSL??  Internet Engineering Task Force standard RFC 2246 similar to SSLv3 with minor differences: ◦ In record format version number ◦ Uses HMAC for MAC ◦ Has optional alert code ◦ Some changes in supported ciphers ◦ Change in use of certificate negotiation ◦ Change in use of padding 22
Changes from SSLv3 to TLS…  Fortezza removed  Additional alerts added  Modification of hash calculation  Protocol version 3.1 in client hello, server hello 23
TLS : Privacy  Encrypt message so it cannot be read  Use conventional cryptography with shared key ◦ DES , 3DES ◦ RC2, RC4 ◦ IDEA A (Message) $@#&!@ B(Message) 24
TLS: Key Exchange  Need secure method to exchange key  Use public key encryption for this  Choices are RSA & Diffie-Hellman 25
TLS: Integrity  Compute fixed length message authentication code (MAC) ◦ Includes hash of message ◦ Includes a shared secret key ◦ Includes sequence number ◦ Transmit MAC with message 26
TLS : Authentication  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes A B CERTIFICATES 27
TLS: HTTP Application  HTTP is most common TLS application https://  Requires TLS-capable web server  Requires TLS-capable web browser ◦ Netscape navigator ◦ Internet explorer ◦ Cryptozilla 28
Implementation of SSL/TLS  SSL & TLS have widely been implemented ◦ Open source software projects ( openSSL, NSS & GnuTLS) ◦ Microsoft windows : part of its secure channel ◦ Browsers  Apple safari  Internet explorer  Mozilla firefox 29
Pros & Cons of SSL/TLS  Pros : ◦ Customer will trust your website: many visitors are now savvy enough to recognize when a webpage is encrypted and protected by SSL. ◦ Avoid dispute due to credit/debit card frauds: visitors uses their credit/debit cards information's on unprotected servers and faces identity theft. 30
Cons ….  Cons : ◦ Regular renewal : just like website domain and hosting plan, SSL certificates also expires after short period of time ; usually one to five years. ◦ Complex installation : SSL is very difficult to install on websites for those who are unaware of website development. 31
Application of SSL/TLS  On top of the Transport layer protocols ◦ Primarily with TCP ◦ Datagram transport layer security (DTLS) for UDP  Encapsulating the applications protocols ◦ HTTP ◦ Securing WWW traffic ◦ FTP, SMTP, etc 32
SUMMARY  SSL/TLS address the need for security in internet communications ◦ Privacy – conventional encryption ◦ Integrity – message authentication codes ◦ Authentication – X.509  SSL in use today with web browsers and servers. 33
Thank You 34

Recommandé

Domain State model OOAD
Domain State model OOADDomain State model OOAD
Domain State model OOADRaghu Kumar
 
Ec8004 wireless networks unit 1 hiperlan 2
Ec8004 wireless networks unit 1 hiperlan 2Ec8004 wireless networks unit 1 hiperlan 2
Ec8004 wireless networks unit 1 hiperlan 2HemalathaR31
 
Lecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksLecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksChandra Meena
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentationtravel_affair
 
Unit 4
Unit 4Unit 4
Unit 4gopal10scs185
 
4. system models
4. system models4. system models
4. system modelsAbDul ThaYyal
 
Viewing transformation
Viewing transformationViewing transformation
Viewing transformationUdayan Gupta
 
Packet switching
Packet switchingPacket switching
Packet switchingasimnawaz54
 

Recommandé

Domain State model OOAD
Domain State model OOADDomain State model OOAD
Domain State model OOADRaghu Kumar
 
Ec8004 wireless networks unit 1 hiperlan 2
Ec8004 wireless networks unit 1 hiperlan 2Ec8004 wireless networks unit 1 hiperlan 2
Ec8004 wireless networks unit 1 hiperlan 2HemalathaR31
 
Lecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksLecture 23 27. quality of services in ad hoc wireless networks
Lecture 23 27. quality of services in ad hoc wireless networksChandra Meena
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentationtravel_affair
 
Unit 4
Unit 4Unit 4
Unit 4gopal10scs185
 
4. system models
4. system models4. system models
4. system modelsAbDul ThaYyal
 
Viewing transformation
Viewing transformationViewing transformation
Viewing transformationUdayan Gupta
 
Packet switching
Packet switchingPacket switching
Packet switchingasimnawaz54
 
Transport services
Transport servicesTransport services
Transport servicesNavin Kumar
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizationsFabMinds
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyAli Habeeb
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer servicesMelvin Cabatuan
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecturenupurmakhija1211
 
Socket System Calls
Socket System CallsSocket System Calls
Socket System CallsAvinash Varma Kalidindi
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud ComputingJithin Parakka
 
5. protocol layering
5. protocol layering5. protocol layering
5. protocol layeringJAIGANESH SEKAR
 
Quality of Service
Quality of ServiceQuality of Service
Quality of ServiceAbhishek Wadhwa
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 
Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
 
Quality of service
Quality of serviceQuality of service
Quality of serviceIsmail Mukiibi
 
Ns2
Ns2Ns2
Ns2varsha mohite
 
Project control and process instrumentation
Project control and process instrumentationProject control and process instrumentation
Project control and process instrumentationKuppusamy P
 
Distance Vector Routing
Distance Vector RoutingDistance Vector Routing
Distance Vector RoutingShouvikDhali
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile ComputingKABILESH RAMAR
 
Ppt 11 - netopeer
Ppt 11 - netopeerPpt 11 - netopeer
Ppt 11 - netopeerudhayakumarc1
 
SSL
SSLSSL
SSLtheekuchi
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 

Contenu connexe

Tendances

Transport services
Transport servicesTransport services
Transport servicesNavin Kumar
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizationsFabMinds
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyAli Habeeb
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer servicesMelvin Cabatuan
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecturenupurmakhija1211
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud ComputingJithin Parakka
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)ArunChokkalingam
 
Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
 
Project control and process instrumentation
Project control and process instrumentationProject control and process instrumentation
Project control and process instrumentationKuppusamy P
 
Distance Vector Routing
Distance Vector RoutingDistance Vector Routing
Distance Vector RoutingShouvikDhali
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile ComputingKABILESH RAMAR
 

Tendances (20)

Transport services
Transport servicesTransport services
Transport services
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizations
 
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A surveyData-Centric Routing Protocols in Wireless Sensor Network: A survey
Data-Centric Routing Protocols in Wireless Sensor Network: A survey
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer services
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and material
 
Corba concepts & corba architecture
Corba concepts & corba architectureCorba concepts & corba architecture
Corba concepts & corba architecture
 
Socket System Calls
Socket System CallsSocket System Calls
Socket System Calls
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud Computing
 
5. protocol layering
5. protocol layering5. protocol layering
5. protocol layering
 
Quality of Service
Quality of ServiceQuality of Service
Quality of Service
 
Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)Destination Sequenced Distance Vector Routing (DSDV)
Destination Sequenced Distance Vector Routing (DSDV)
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Quality of service
Quality of serviceQuality of service
Quality of service
 
Ns2
Ns2Ns2
Ns2
 
Project control and process instrumentation
Project control and process instrumentationProject control and process instrumentation
Project control and process instrumentation
 
Distance Vector Routing
Distance Vector RoutingDistance Vector Routing
Distance Vector Routing
 
Handover in Mobile Computing
Handover in Mobile ComputingHandover in Mobile Computing
Handover in Mobile Computing
 
Ppt 11 - netopeer
Ppt 11 - netopeerPpt 11 - netopeer
Ppt 11 - netopeer
 

En vedette

TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyJernej Virag
 

En vedette (20)

SSL
SSLSSL
SSL
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL
SSLSSL
SSL
 
web security
web securityweb security
web security
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
PGP Presentation Powerpoint
PGP Presentation PowerpointPGP Presentation Powerpoint
PGP Presentation Powerpoint
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server Interactions
 
ssl
sslssl
ssl
 
PGP presentation 2014
PGP presentation 2014PGP presentation 2014
PGP presentation 2014
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good Privacy
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Pgp
PgpPgp
Pgp
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 

Similaire à SECURE SOCKET LAYER ( WEB SECURITY )

Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 

Similaire à SECURE SOCKET LAYER ( WEB SECURITY ) (20)

Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Unit 6
Unit 6Unit 6
Unit 6
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Web security
Web securityWeb security
Web security
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 

Plus de Monodip Singha Roy

Novel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsNovel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsMonodip Singha Roy
 
Complementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleComplementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleMonodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 

Plus de Monodip Singha Roy (6)

Novel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsNovel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applications
 
Complementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleComplementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in single
 
OPTICAL COMMUNICATION
OPTICAL COMMUNICATIONOPTICAL COMMUNICATION
OPTICAL COMMUNICATION
 
CHAOS ANALYSIS OF HRV
CHAOS ANALYSIS OF HRVCHAOS ANALYSIS OF HRV
CHAOS ANALYSIS OF HRV
 
MOBILE Ad-Hoc NETWORK (MANET)
MOBILE Ad-Hoc NETWORK (MANET)MOBILE Ad-Hoc NETWORK (MANET)
MOBILE Ad-Hoc NETWORK (MANET)
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Dernier (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

SECURE SOCKET LAYER ( WEB SECURITY )

  • 1. WEB SECURITY (SECURE SOCKET LAYER) MONODIP SINGHA ROY M.TECH Dr. B.C.ROY ENGINEERING COLLEGE 2
  • 2. Contents  WEB SECURITY  WEB SECURITY TERMINOLOGY  SSL ( SECURE SOCKET LAYER )  SSL ARCHITECTURE  TLS ( TRANSPORT LAYER SECURITY )  PROS AND CONS OF SSL/TLS  SUMMARY 3
  • 3. WEB SECURITY  Almost everything in today’s world relies on computer and internet. ◦ Communications (emails, phones) ◦ Transportation (car engine system, airplane navigation system) ◦ Medicine ( medical records, equipments) ◦ Shopping (online store, online payments) ◦ Entertainment (digital cables) 4
  • 4. What is WEB SECURITY ?? Web security , also known as “cyber security “ involves protecting the information by protecting , preventing and responding to the attacks. 5
  • 5. WEB SECURITY: TERMNOLOGY  HACKERS: People who strive to exploit weaknesses in software and computer for their own gain.  VIRUSES: Infects your computer before actually u can do something.  WORMS: Propagates without users intervention.  TROJAN: A software that claims to do something while in fact doing something in background. 6
  • 6. WEB SECURITY: TERNINOLOGY  RANSOMWARE: ◦ A form of Trojan that has been since 1989, as known as ‘PC CYBORG’ Trojan. ◦ It affects the user computer by encrypting the user’s personal files. ◦ The victim then contacted and offered the decrypt key in exchange of cash. 7
  • 7. WEB SECURITY: TERMINOLOGY  KEYLOGGERS: ◦ It is an software that monitor users activity such as key typed in keyboard. ◦ KeyLoggers can  Record keystrokes on keyboards.  Record mouse movement and clicks.  Record menus that are invoked.  Takes screenshot of the desktop at pre defined intervals. 8
  • 8. Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats ◦ integrity ◦ confidentiality ◦ denial of service ◦ authentication  need added security mechanisms. 9
  • 9. What is SSL?  SSL – Secure Socket Layer ƒit provides a secure transport connection between applications (e.g., a web server and a browser)  SSL was developed by Netscape  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols SSL v3.0 was specified in an Internet Draft (1996) ƒit evolved into RFC 246 and was renamed to TLS (Transport Layer Security)  TLS can be viewed as SSL v3.1 10
  • 11. SSL Components SSL HANDSHAKE PROTOCOL SSL RECORD PROTOCOL SSL ALERT PROTOCOL SSL CHANGE CIPHER SPEC PROTOCOL • Negotiation of security algorithms and parameters. • Key exchange. • Server authentication and optionally client authentication. • Fragmentation. • Compression. • Encryption. • Message authentication and integrity protection. • Error message ( fatal alerts and warning ) • A single message that indicates the end of SSL handshake. 12
  • 12. Sessions and Connections  An SSL session is a connection between client and server.  Sessions are stateful ; the session state includes security algorithm and parameters.  A session may include multiple secure connection between same server and client.  Connections of the same session share the session state.  Sessions are used to avoid expensive negotiation of new security parameters for each state. 13
  • 13. Session States…  Session state ◦ Session identifier – arbitrary byte sequence chosen by the server to identify the session. ◦ Peer certificate – may be null. ◦ Compression method. ◦ Cipher Spec – bulk data encryption algorithm and MAC algorithm ( eg. DES, MD5 ). ◦ Master key – a 48 byte secret key is used in between client and server. ◦ Resumable – a flag indicating whether the session can be used to initiate new connections. 14
  • 14. Connection States…  Connection State ◦ Server and client random – random byte sequence is chosen by the client and server for new connection. ◦ Server write MAC secret – secret key is used in MAC operations on data sent by the server. ◦ Client write MAC secret – secret key is used in MAC operations on data sent by the client. ◦ Server write key – secret encryption key for data, encrypted by the server. ◦ Client write key – secret encryption key for data, encrypted by the client. 15
  • 15. How States changes??  Operating state: current using state  Pending state: state to be used  Operating state < Pending state: at the transmission and reception of change cipher spec message The sending part of the pending state is copied into the sending part of operating state The receiving part of the pending state is copied into the receiving part of operating stateParty A Party B Change Cipher Spec 16
  • 16.  SSL session ◦ an association between client & server ◦ created by the Handshake Protocol ◦ define a set of cryptographic parameters ◦ may be shared by multiple SSL connections  SSL connection ◦ a transient, peer-to-peer, communications link ◦ associated with 1 SSL session 17
  • 17. SSL Handshake Protocol  Handshake protocol is used to exchange all the information required by both sides for the exchange of actual application data by the TRANSPORT LAYER SECURITY 18
  • 18. SSL Record Protocol  confidentiality ◦ using symmetric encryption with a shared secret key defined by Handshake Protocol ◦ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 ◦ message is compressed before encryption  message integrity ◦ using a MAC with shared secret key ◦ similar to HMAC but with different padding 19
  • 19. SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use. 20
  • 20. SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data 21
  • 21. What is TSL??  Internet Engineering Task Force standard RFC 2246 similar to SSLv3 with minor differences: ◦ In record format version number ◦ Uses HMAC for MAC ◦ Has optional alert code ◦ Some changes in supported ciphers ◦ Change in use of certificate negotiation ◦ Change in use of padding 22
  • 22. Changes from SSLv3 to TLS…  Fortezza removed  Additional alerts added  Modification of hash calculation  Protocol version 3.1 in client hello, server hello 23
  • 23. TLS : Privacy  Encrypt message so it cannot be read  Use conventional cryptography with shared key ◦ DES , 3DES ◦ RC2, RC4 ◦ IDEA A (Message) $@#&!@ B(Message) 24
  • 24. TLS: Key Exchange  Need secure method to exchange key  Use public key encryption for this  Choices are RSA & Diffie-Hellman 25
  • 25. TLS: Integrity  Compute fixed length message authentication code (MAC) ◦ Includes hash of message ◦ Includes a shared secret key ◦ Includes sequence number ◦ Transmit MAC with message 26
  • 26. TLS : Authentication  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes A B CERTIFICATES 27
  • 27. TLS: HTTP Application  HTTP is most common TLS application https://  Requires TLS-capable web server  Requires TLS-capable web browser ◦ Netscape navigator ◦ Internet explorer ◦ Cryptozilla 28
  • 28. Implementation of SSL/TLS  SSL & TLS have widely been implemented ◦ Open source software projects ( openSSL, NSS & GnuTLS) ◦ Microsoft windows : part of its secure channel ◦ Browsers  Apple safari  Internet explorer  Mozilla firefox 29
  • 29. Pros & Cons of SSL/TLS  Pros : ◦ Customer will trust your website: many visitors are now savvy enough to recognize when a webpage is encrypted and protected by SSL. ◦ Avoid dispute due to credit/debit card frauds: visitors uses their credit/debit cards information's on unprotected servers and faces identity theft. 30
  • 30. Cons ….  Cons : ◦ Regular renewal : just like website domain and hosting plan, SSL certificates also expires after short period of time ; usually one to five years. ◦ Complex installation : SSL is very difficult to install on websites for those who are unaware of website development. 31
  • 31. Application of SSL/TLS  On top of the Transport layer protocols ◦ Primarily with TCP ◦ Datagram transport layer security (DTLS) for UDP  Encapsulating the applications protocols ◦ HTTP ◦ Securing WWW traffic ◦ FTP, SMTP, etc 32
  • 32. SUMMARY  SSL/TLS address the need for security in internet communications ◦ Privacy – conventional encryption ◦ Integrity – message authentication codes ◦ Authentication – X.509  SSL in use today with web browsers and servers. 33