SlideShare une entreprise Scribd logo
1  sur  33
Télécharger pour lire hors ligne
Secure Communication
                  USABILITY AND NECESSITY OF SSL / TLS




Slide 1 / 33                 © Copyright 2012 yaSSL
We’re going to talk about:

    1.     Why is this important?

    2.     What is SSL?

    3.     Where is SSL being used?

    4.     Features: What to look for in an SSL library?




Slide 2 / 33                           © Copyright 2012 yaSSL
Why is This Important?
    •  Number	
  of	
  connected	
  devices	
  is	
  ever	
  increasing	
  



    •  Frequent	
  Road-­‐blocks:	
  
               –  Lack	
  of	
  understanding	
  
               –  Insufficient	
  funding	
  
               –  Tight	
  deadlines	
  
    	
  




Slide 3 / 33                                        © Copyright 2012 yaSSL
Why is This Important?
    Ivan	
  Ris)c:	
  Internet	
  SSL	
  Survey	
  2010	
  
    hDp://www.ssllabs.com	
  
    	
                                                                   Alexa	
  Top	
  1M	
  
                                                                         Use	
  SSL	
  –	
  12%	
  
    	
  
    •  Alexa	
  Top	
  1M	
  Sites	
  
         	
   	
  120,000	
  Use	
  SSL	
  (12%)	
  
    	
  
    	
  
    	
  
    	
  



Slide 4 / 33                                    © Copyright 2012 yaSSL
What is SSL?
               X509, Encryption, handshakes, and more.




Slide 5 / 33                © Copyright 2012 yaSSL
What is SSL?
    •  Enables	
  secure	
  client	
  /	
  server	
  communicaSon,	
  providing:	
  



    	
  
                     Privacy	
   	
   	
  	
  	
  	
  	
  	
  	
  +	
  Prevent	
  eavesdropping	
  
    	
  
                     Authen)ca)on	
  	
  	
  	
  	
  	
  	
  +	
  Prevent	
  impersonaSon	
  
    	
  
                     Integrity 	
   	
  	
  	
  	
  	
  	
  	
  +	
  Prevent	
  modificaSon	
  
    	
  
    	
  




Slide 6 / 33                                    © Copyright 2012 yaSSL
Where does SSL fit?
    •  Layered	
  between	
  Transport	
  and	
  Applica)on	
  layers	
  

                                                Protocols Secured by
                                                      SSL/TLS



            SSL      SSL Change
                                    SSL Alert                LDAP,
         Handshake   Cipher Spec                    HTTP
                                    Protocol                  etc.              SMTP,
          Protocol     Protocol                                          HTTP
                                                                                 etc.

                          SSL Record Layer                                              Application Layer

                                             TCP                                        Transport Layer

                                             IP                                          Internet Layer

                                     Network Access                                      Network Layer




Slide 7 / 33                                    © Copyright 2012 yaSSL
SSL: Authentication
    •  Do	
  you	
  really	
  know	
  who	
  you’re	
  communicaSng	
  with?	
  




                      ?                                                     ?


                    Alice	
                                                Bob	
  

Slide 8 / 33                              © Copyright 2012 yaSSL
SSL: Authentication
    •  Generate	
  a	
  key	
  pair	
  (private	
  and	
  public	
  key)	
  




        Private	
                     Public	
                              Public	
               Private	
  



                       Alice	
                                                           Bob	
  

Slide 9 / 33                                       © Copyright 2012 yaSSL
SSL: Authentication
    •  X.509	
  CerSficate	
  ==	
  Wrapper	
  around	
  public	
  key	
  




                                  X509                                            X509

        Private	
                 Cert
                                         Public	
                    Public	
     Cert
                                                                                                   Private	
  



                      Alice	
                                                            Bob	
  

Slide 10 / 33                                     © Copyright 2012 yaSSL
SSL: X.509 Certificates
     X509       -----BEGIN CERTIFICATE-----!
     Cert
                MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD!
                VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG!
                A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu!
                eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw!
                MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE!
                CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS!
                BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ!
                KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP!
                ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE!
                ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk!
                NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+!
                v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/!
                eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw!
                Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU!
                M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w!
                J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x!
                ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv!
                Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW!
                DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG!
                9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe!
                4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q!
                P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR!
                /+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO!
                /eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua!
                cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==!
                -----END CERTIFICATE-----!

Slide 11 / 33                       © Copyright 2012 yaSSL
SSL: X.509 Certificates
                Certificate:!
     X509           Data:!
     Cert               Version: 3 (0x2)!
                        Serial Number:!
                            87:4a:75:be:91:66:d8:3d!
                        Signature Algorithm: sha1WithRSAEncryption!
                        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/
                emailAddress=info@yassl.com!
                        Validity!
                            Not Before: Oct 24 18:21:55 2011 GMT!
                            Not After : Jul 20 18:21:55 2014 GMT!
                        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/
                emailAddress=info@yassl.com!
                        Subject Public Key Info:!
                            Public Key Algorithm: rsaEncryption!
                                Public-Key: (2048 bit)!
                                Modulus: 00:c3:03:d1:2b:fe:39:a4 …!
                      !     !   Exponent: 65537 (0x10001)!
                        X509v3 extensions:!
                            X509v3 Subject Key Identifier: !
                                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0!
                            X509v3 Authority Key Identifier: !
                                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0!
                                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/
                emailAddress=info@yassl.com!
                                serial:87:4A:75:BE:91:66:D8:3D!
                !
                            X509v3 Basic Constraints: !
                                CA:TRUE!
                    Signature Algorithm: sha1WithRSAEncryption!
                        … 1c:7c:42:81:29:9e:21:cf:d0:d8!


Slide 12 / 33                              © Copyright 2012 yaSSL
SSL: Authentication
    •  Alice	
  and	
  Bob	
  exchange	
  CA-­‐signed	
  public	
  keys	
  




                                  X509                                            X509

        Private	
                 Cert
                                  CA     Public	
                    Public	
     Cert
                                                                                  CA               Private	
  



                      Alice	
                                                            Bob	
  

Slide 13 / 33                                     © Copyright 2012 yaSSL
SSL: Authentication
    •  How	
  do	
  you	
  get	
  a	
  CA-­‐signed	
  cert?	
  




            Buy	
                                                 Create	
  	
  
            VeriSign, DigiCert, Comodo, etc.                      Created yourself (self-sign)
            -  Costs $$$                                          -  Free!
            -  Trusted                                            -  Trusted (if you control both sides)




Slide 14 / 33                                     © Copyright 2012 yaSSL
SSL: Encryption
    •  Uses	
  a	
  variety	
  of	
  encrypSon	
  algorithms	
  to	
  secure	
  data	
  


                  Hashing	
  Func)ons	
                         MD4, MD5, SHA …
                  Block	
  and	
  Stream	
  Ciphers	
           DES, 3DES, AES, ARC4 …
                  Public	
  Key	
  Op)ons	
                     RSA, DSS …




                                              CIPHER	
  SUITE	
  




Slide 15 / 33                                 © Copyright 2012 yaSSL
SSL: Encryption
    •  A	
  common	
  CIPHER	
  SUITE	
  is	
  negoSated	
  


            Protocol_keyexchange_WITH_bulkencrypSon_mode_messageauth	
  


            SSL_RSA_WITH_DES_CBC_SHA
            SSL_DHE_RSA_WITH_DES_CBC_SHA
            TLS_RSA_WITH_AES_128_CBC_SHA
            TLS_DHE_DSS_WITH_AES_128_CBC_SHA
            TLS_DHE_RSA_WITH_AES_256_CBC_SHA




Slide 16 / 33                             © Copyright 2012 yaSSL
SSL: Handshake
                                      Client                                             Server




                                               1
                                                           Client Hello

                                                        Cryptographic Info
                                               (SSL version, supported ciphers, etc.)




                                               2
                        3                                  Server Hello
                                                      Cipher Suite
                Verify server cert,                   Server Certificate
                  check crypto                        Server Key Exchange (public key)
                   parameters                         ( Client Certificate Request )
                                                      Server Hello Done


                                               4
                                                     Client Key Exchange                                  5

                                                      ( Certificate Verify )                       Verify client cert
                                                      ( Client Certificate )                         (if required)

                                               6
                                                       Change Cipher Spec
                                                           Client Finished


                                               7
                                                      Change Cipher Spec
                                                         Server Finished


                                               8

                                               Exchange Messages (Encrypted)



Slide 17 / 33                                      © Copyright 2012 yaSSL
Where is SSL used?
                      Everywhere!




Slide 18 / 39         © Copyright 2012 yaSSL
SSL: Where is it used?
    •     Energy	
  Monitoring	
  
    •     Gaming	
  
    •     Databases	
  
    •     Sensors	
  
    •     VoIP	
  
    •     M2M	
  communicaSon	
  
    •     And	
  much	
  more...	
  	
  




Slide 19 / 33                              © Copyright 2012 yaSSL
What to look for?
                When shopping for an SSL stack.




Slide 20 / 33            © Copyright 2012 yaSSL
1: Protocols
    •  Support	
  for	
  current	
  protocols?	
  



         1995	
          SSL	
  2.0	
                                 Notes:	
  
         1996	
          SSL	
  3.0	
                                 	
  
         	
              	
                                           •  SSL	
  2.0	
  is	
  insecure	
  
         1999	
          TLS	
  1.0	
                                 •  SSL	
  =	
  “Secure	
  Sockets	
  Layer”	
  
         2006	
          TLS	
  1.1	
      DTLS	
  1.0	
              •  TLS	
  =	
  “Transport	
  Layer	
  Security”	
  
         2008	
          TLS	
  1.2	
                                 •  DTLS	
  =	
  “Datagram	
  TLS”	
  
         	
              	
  
         2012	
          DTLS	
  1.2	
  




Slide 21 / 33                                    © Copyright 2012 yaSSL
2: Ciphers
    •  Support	
  for	
  needed	
  cipher	
  suites?	
  


                Public	
  Key	
                   Block	
  /	
  Stream	
         Hash	
  

                RSA,	
  DSS,	
  DH,	
               DES,	
  3DES,	
          MD2,	
  MD4,	
  
                NTRU	
                              AES,	
  ARC4,	
          MD5,	
  
                …	
                                 RABBIT,	
                SHA-­‐128,	
  
                                                    HC-­‐128	
               SHA-­‐256,	
  
                                                    …	
                      RIPEMD	
  
                                                                             …	
  




                                    Ex:	
   TLS_RSA_WITH_AES_128_CBC_SHA



Slide 22 / 33                                    © Copyright 2012 yaSSL
3: Memory Usage
    •  ROM	
  /	
  RAM	
  usage	
  

                            1400	
                                                                       160	
               150	
  

                                                  1,200	
  
                            1200	
                                                                       140	
  


                                                                                                         120	
  
                            1000	
  

                                                                                                         100	
  
                             800	
  
          ROM	
  (kB)	
  




                                                                                       RAM	
  (kB)	
  
                                                                                                           80	
  
                             600	
  
                                                                                                           60	
  

                             400	
  
                                                                                                           40	
  

                             200	
                                                                         20	
  
                                         30	
                                                                        3	
  
                                 0	
                                                                         0	
  




Slide 23 / 33                                                 © Copyright 2012 yaSSL
4: Simple to Use
    •  Learning	
  curve?	
  

    •  Myth:	
  EncrypSon	
  is	
  too	
  hard	
  to	
  use.	
  




Slide 24 / 33                                   © Copyright 2012 yaSSL
5: Portability
    •  OS	
  support	
  out-­‐of-­‐the-­‐box?	
  
    •  Customizable?	
  




Slide 25 / 33                                 © Copyright 2012 yaSSL
6: Hardware Acceleration
    •  Support	
  for	
  hardware	
  acceleraSon?	
  

    •  Assembly	
  code	
  opSmizaSons	
  




Slide 26 / 33                           © Copyright 2012 yaSSL
7: License
    •  Flexible	
  license	
  model?	
  
    •  Does	
  it	
  meet	
  your	
  license	
  needs?	
  




                                           GPLv2	
  /	
  Commercial	
  

                                                                      Commercial	
  
                                 MIT	
                GPL	
  
                                                                          Proprietary	
  
                                            BSD	
          LGPL	
  




Slide 27 / 33                                    © Copyright 2012 yaSSL
8: Maturity
    •  Track	
  record?	
  
    •  Code	
  origin?	
  
    •  AcSvely	
  developed?	
  




Slide 28 / 33                      © Copyright 2012 yaSSL
9: Compatibility
    •  Is	
  interoperability	
  tesSng	
  being	
  conducted?	
  

    •  What	
  browsers	
  is	
  the	
  library	
  acSvely	
  tested	
  against?	
  




Slide 29 / 33                                © Copyright 2012 yaSSL
10: Crypto Access
    •  Direct	
  access	
  to	
  crypto?	
  
    	
  
          Many	
  reasons:	
  
          -­‐  Direct	
  encrypSon	
  
          -­‐  Code	
  Signing	
  
          -­‐  Verifying	
  hashes,	
  etc.	
  




Slide 30 / 33                                     © Copyright 2012 yaSSL
11: Support
    •  What	
  happens	
  if:	
  
    	
  
            –    Something	
  goes	
  wrong	
  
            –    You	
  can’t	
  get	
  it	
  to	
  work	
  on	
  your	
  system	
  
            –    New	
  vulnerability	
  comes	
  out	
  
            –    You	
  need	
  a	
  new	
  cipher/feature	
  



    •  Is	
  there	
  support	
  available	
  to	
  help	
  you	
  out?	
  




Slide 31 / 33                                                  © Copyright 2012 yaSSL
SSL: Shopping List
    1.  Protocols	
  
    2.  Ciphers	
  
    3.  Memory	
  Usage	
  
    4.  Simple	
  to	
  Use	
  
    5.  Portability	
  
    6.  Hardware	
  AcceleraSon	
  
    7.  License	
  
    8.  Maturity	
  
    9.  CompaSbility	
  
    10.  Crypto	
  Access	
  
    11.  Support	
  

Slide 32 / 33                         © Copyright 2012 yaSSL
Thanks!
                 www.yassl.com



                chris@yassl.com
                 info@yassl.com



Slide 33 / 33    © Copyright 2012 yaSSL

Contenu connexe

Tendances

Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017Ales Lichtenberg
 
SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)Olle E Johansson
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowCisco DevNet
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsCisco DevNet
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Cisco Russia
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Cisco Russia
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)NGINX, Inc.
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsCisco DevNet
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEANGINX, Inc.
 
SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018Sergey Gordeychik
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski -  DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski -  DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsCisco DevNet
 

Tendances (20)

Install dev stack
Install dev stackInstall dev stack
Install dev stack
 
ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?ION Sri Lanka - Why Implement DNSSEC?
ION Sri Lanka - Why Implement DNSSEC?
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017SUTOL 2016 - Secure IBM Traveler for 2017
SUTOL 2016 - Secure IBM Traveler for 2017
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
 
SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)SIPCORE - presentation of SIP and DANE (IETF #89)
SIPCORE - presentation of SIP and DANE (IETF #89)
 
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploying DNSSEC: A .ZA Case Study - ION Cape TownDeploying DNSSEC: A .ZA Case Study - ION Cape Town
Deploying DNSSEC: A .ZA Case Study - ION Cape Town
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
How to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and ChatbotsHow to Build Advanced Voice Assistants and Chatbots
How to Build Advanced Voice Assistants and Chatbots
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
Как развернуть кампусную сеть Cisco за 10 минут? Новые технологии для автомат...
 
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
Новая эра корпоративных сетей с Cisco Catalyst 9000 и другие инновации для ма...
 
ION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLSION Bucharest - DANE-DNSSEC-TLS
ION Bucharest - DANE-DNSSEC-TLS
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
 
Getting Started: Developing Tropo Applications
Getting Started: Developing Tropo ApplicationsGetting Started: Developing Tropo Applications
Getting Started: Developing Tropo Applications
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
 
SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018SD-WAN Internet Census, Zeronighst 2018
SD-WAN Internet Census, Zeronighst 2018
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski -  DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski -  DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
 
Rome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat botsRome 2017: Building advanced voice assistants and chat bots
Rome 2017: Building advanced voice assistants and chat bots
 

En vedette

Kerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunityKerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunitywolfSSL
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networkinganita maharjan
 
Secure Communication
Secure CommunicationSecure Communication
Secure CommunicationKoen Van Impe
 
On the fractional order extended kalman filter and its application to chaotic...
On the fractional order extended kalman filter and its application to chaotic...On the fractional order extended kalman filter and its application to chaotic...
On the fractional order extended kalman filter and its application to chaotic...Mostafa Shokrian Zeini
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacksAlexandre Moneger
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPKoen Van Impe
 
Performance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniquePerformance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniqueAncy Mariam Babu
 
Introduction to Total Library Solution- TLS
Introduction to Total Library Solution- TLSIntroduction to Total Library Solution- TLS
Introduction to Total Library Solution- TLSAta Rehman
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
z/OS Communications Server Overview
z/OS Communications Server Overviewz/OS Communications Server Overview
z/OS Communications Server OverviewzOSCommserver
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Comment bien choisir ses certificats ssl
Comment bien choisir ses certificats sslComment bien choisir ses certificats ssl
Comment bien choisir ses certificats sslAlice and Bob
 

En vedette (16)

Kerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunityKerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of Opportunity
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
 
On the fractional order extended kalman filter and its application to chaotic...
On the fractional order extended kalman filter and its application to chaotic...On the fractional order extended kalman filter and its application to chaotic...
On the fractional order extended kalman filter and its application to chaotic...
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
 
Secure modem design
Secure modem designSecure modem design
Secure modem design
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISP
 
SSL intro
SSL introSSL intro
SSL intro
 
Performance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption techniquePerformance evluvation of chaotic encryption technique
Performance evluvation of chaotic encryption technique
 
Introduction to Total Library Solution- TLS
Introduction to Total Library Solution- TLSIntroduction to Total Library Solution- TLS
Introduction to Total Library Solution- TLS
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
z/OS Communications Server Overview
z/OS Communications Server Overviewz/OS Communications Server Overview
z/OS Communications Server Overview
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Comment bien choisir ses certificats ssl
Comment bien choisir ses certificats sslComment bien choisir ses certificats ssl
Comment bien choisir ses certificats ssl
 

Similaire à Secure Communication: Usability and Necessity of SSL/TLS

Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSecurity Bootcamp
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain FundamentalsBruno Lowagie
 
Heart bleed-OpenSSL crytographic library
Heart bleed-OpenSSL crytographic libraryHeart bleed-OpenSSL crytographic library
Heart bleed-OpenSSL crytographic libraryLorick Jain
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87Shoichi Sakane
 
Domain Driven Development applied
Domain Driven Development appliedDomain Driven Development applied
Domain Driven Development appliedEloi Poch
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
Tweeting with OpenSplice DDS
Tweeting with OpenSplice DDSTweeting with OpenSplice DDS
Tweeting with OpenSplice DDSAngelo Corsaro
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML SecurityYusuf Motiwala
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Positive Hack Days
 

Similaire à Secure Communication: Usability and Necessity of SSL/TLS (20)

Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain Fundamentals
 
Heart bleed-OpenSSL crytographic library
Heart bleed-OpenSSL crytographic libraryHeart bleed-OpenSSL crytographic library
Heart bleed-OpenSSL crytographic library
 
IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87IoT関連技術の動向@IETF87
IoT関連技術の動向@IETF87
 
PHP Barcelona Monthly Talk Feb 2015
PHP Barcelona Monthly Talk Feb 2015PHP Barcelona Monthly Talk Feb 2015
PHP Barcelona Monthly Talk Feb 2015
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Domain Driven Development applied
Domain Driven Development appliedDomain Driven Development applied
Domain Driven Development applied
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Tweeting with OpenSplice DDS
Tweeting with OpenSplice DDSTweeting with OpenSplice DDS
Tweeting with OpenSplice DDS
 
Cloudand Xchange
Cloudand XchangeCloudand Xchange
Cloudand Xchange
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-coding
 
Attacking XML Security
Attacking XML SecurityAttacking XML Security
Attacking XML Security
 
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
Обнаружение вредоносного кода в зашифрованном с помощью TLS трафике (без деши...
 

Dernier

IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 

Dernier (20)

IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 

Secure Communication: Usability and Necessity of SSL/TLS

  • 1. Secure Communication USABILITY AND NECESSITY OF SSL / TLS Slide 1 / 33 © Copyright 2012 yaSSL
  • 2. We’re going to talk about: 1.  Why is this important? 2.  What is SSL? 3.  Where is SSL being used? 4.  Features: What to look for in an SSL library? Slide 2 / 33 © Copyright 2012 yaSSL
  • 3. Why is This Important? •  Number  of  connected  devices  is  ever  increasing   •  Frequent  Road-­‐blocks:   –  Lack  of  understanding   –  Insufficient  funding   –  Tight  deadlines     Slide 3 / 33 © Copyright 2012 yaSSL
  • 4. Why is This Important? Ivan  Ris)c:  Internet  SSL  Survey  2010   hDp://www.ssllabs.com     Alexa  Top  1M   Use  SSL  –  12%     •  Alexa  Top  1M  Sites      120,000  Use  SSL  (12%)           Slide 4 / 33 © Copyright 2012 yaSSL
  • 5. What is SSL? X509, Encryption, handshakes, and more. Slide 5 / 33 © Copyright 2012 yaSSL
  • 6. What is SSL? •  Enables  secure  client  /  server  communicaSon,  providing:     Privacy                  +  Prevent  eavesdropping     Authen)ca)on              +  Prevent  impersonaSon     Integrity                +  Prevent  modificaSon       Slide 6 / 33 © Copyright 2012 yaSSL
  • 7. Where does SSL fit? •  Layered  between  Transport  and  Applica)on  layers   Protocols Secured by SSL/TLS SSL SSL Change SSL Alert LDAP, Handshake Cipher Spec HTTP Protocol etc. SMTP, Protocol Protocol HTTP etc. SSL Record Layer Application Layer TCP Transport Layer IP Internet Layer Network Access Network Layer Slide 7 / 33 © Copyright 2012 yaSSL
  • 8. SSL: Authentication •  Do  you  really  know  who  you’re  communicaSng  with?   ? ? Alice   Bob   Slide 8 / 33 © Copyright 2012 yaSSL
  • 9. SSL: Authentication •  Generate  a  key  pair  (private  and  public  key)   Private   Public   Public   Private   Alice   Bob   Slide 9 / 33 © Copyright 2012 yaSSL
  • 10. SSL: Authentication •  X.509  CerSficate  ==  Wrapper  around  public  key   X509 X509 Private   Cert Public   Public   Cert Private   Alice   Bob   Slide 10 / 33 © Copyright 2012 yaSSL
  • 11. SSL: X.509 Certificates X509 -----BEGIN CERTIFICATE-----! Cert MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD! VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG! A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu! eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw! MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE! CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS! BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ! KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP! ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE! ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk! NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+! v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/! eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw! Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU! M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w! J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x! ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv! Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW! DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG! 9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe! 4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q! P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR! /+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO! /eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua! cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==! -----END CERTIFICATE-----! Slide 11 / 33 © Copyright 2012 yaSSL
  • 12. SSL: X.509 Certificates Certificate:! X509 Data:! Cert Version: 3 (0x2)! Serial Number:! 87:4a:75:be:91:66:d8:3d! Signature Algorithm: sha1WithRSAEncryption! Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/ emailAddress=info@yassl.com! Validity! Not Before: Oct 24 18:21:55 2011 GMT! Not After : Jul 20 18:21:55 2014 GMT! Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/ emailAddress=info@yassl.com! Subject Public Key Info:! Public Key Algorithm: rsaEncryption! Public-Key: (2048 bit)! Modulus: 00:c3:03:d1:2b:fe:39:a4 …! ! ! Exponent: 65537 (0x10001)! X509v3 extensions:! X509v3 Subject Key Identifier: ! 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0! X509v3 Authority Key Identifier: ! keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0! DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/ emailAddress=info@yassl.com! serial:87:4A:75:BE:91:66:D8:3D! ! X509v3 Basic Constraints: ! CA:TRUE! Signature Algorithm: sha1WithRSAEncryption! … 1c:7c:42:81:29:9e:21:cf:d0:d8! Slide 12 / 33 © Copyright 2012 yaSSL
  • 13. SSL: Authentication •  Alice  and  Bob  exchange  CA-­‐signed  public  keys   X509 X509 Private   Cert CA Public   Public   Cert CA Private   Alice   Bob   Slide 13 / 33 © Copyright 2012 yaSSL
  • 14. SSL: Authentication •  How  do  you  get  a  CA-­‐signed  cert?   Buy   Create     VeriSign, DigiCert, Comodo, etc. Created yourself (self-sign) -  Costs $$$ -  Free! -  Trusted -  Trusted (if you control both sides) Slide 14 / 33 © Copyright 2012 yaSSL
  • 15. SSL: Encryption •  Uses  a  variety  of  encrypSon  algorithms  to  secure  data   Hashing  Func)ons   MD4, MD5, SHA … Block  and  Stream  Ciphers   DES, 3DES, AES, ARC4 … Public  Key  Op)ons   RSA, DSS … CIPHER  SUITE   Slide 15 / 33 © Copyright 2012 yaSSL
  • 16. SSL: Encryption •  A  common  CIPHER  SUITE  is  negoSated   Protocol_keyexchange_WITH_bulkencrypSon_mode_messageauth   SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA Slide 16 / 33 © Copyright 2012 yaSSL
  • 17. SSL: Handshake Client Server 1 Client Hello Cryptographic Info (SSL version, supported ciphers, etc.) 2 3 Server Hello Cipher Suite Verify server cert, Server Certificate check crypto Server Key Exchange (public key) parameters ( Client Certificate Request ) Server Hello Done 4 Client Key Exchange 5 ( Certificate Verify ) Verify client cert ( Client Certificate ) (if required) 6 Change Cipher Spec Client Finished 7 Change Cipher Spec Server Finished 8 Exchange Messages (Encrypted) Slide 17 / 33 © Copyright 2012 yaSSL
  • 18. Where is SSL used? Everywhere! Slide 18 / 39 © Copyright 2012 yaSSL
  • 19. SSL: Where is it used? •  Energy  Monitoring   •  Gaming   •  Databases   •  Sensors   •  VoIP   •  M2M  communicaSon   •  And  much  more...     Slide 19 / 33 © Copyright 2012 yaSSL
  • 20. What to look for? When shopping for an SSL stack. Slide 20 / 33 © Copyright 2012 yaSSL
  • 21. 1: Protocols •  Support  for  current  protocols?   1995   SSL  2.0   Notes:   1996   SSL  3.0         •  SSL  2.0  is  insecure   1999   TLS  1.0   •  SSL  =  “Secure  Sockets  Layer”   2006   TLS  1.1   DTLS  1.0   •  TLS  =  “Transport  Layer  Security”   2008   TLS  1.2   •  DTLS  =  “Datagram  TLS”       2012   DTLS  1.2   Slide 21 / 33 © Copyright 2012 yaSSL
  • 22. 2: Ciphers •  Support  for  needed  cipher  suites?   Public  Key   Block  /  Stream   Hash   RSA,  DSS,  DH,   DES,  3DES,   MD2,  MD4,   NTRU   AES,  ARC4,   MD5,   …   RABBIT,   SHA-­‐128,   HC-­‐128   SHA-­‐256,   …   RIPEMD   …   Ex:   TLS_RSA_WITH_AES_128_CBC_SHA Slide 22 / 33 © Copyright 2012 yaSSL
  • 23. 3: Memory Usage •  ROM  /  RAM  usage   1400   160   150   1,200   1200   140   120   1000   100   800   ROM  (kB)   RAM  (kB)   80   600   60   400   40   200   20   30   3   0   0   Slide 23 / 33 © Copyright 2012 yaSSL
  • 24. 4: Simple to Use •  Learning  curve?   •  Myth:  EncrypSon  is  too  hard  to  use.   Slide 24 / 33 © Copyright 2012 yaSSL
  • 25. 5: Portability •  OS  support  out-­‐of-­‐the-­‐box?   •  Customizable?   Slide 25 / 33 © Copyright 2012 yaSSL
  • 26. 6: Hardware Acceleration •  Support  for  hardware  acceleraSon?   •  Assembly  code  opSmizaSons   Slide 26 / 33 © Copyright 2012 yaSSL
  • 27. 7: License •  Flexible  license  model?   •  Does  it  meet  your  license  needs?   GPLv2  /  Commercial   Commercial   MIT   GPL   Proprietary   BSD   LGPL   Slide 27 / 33 © Copyright 2012 yaSSL
  • 28. 8: Maturity •  Track  record?   •  Code  origin?   •  AcSvely  developed?   Slide 28 / 33 © Copyright 2012 yaSSL
  • 29. 9: Compatibility •  Is  interoperability  tesSng  being  conducted?   •  What  browsers  is  the  library  acSvely  tested  against?   Slide 29 / 33 © Copyright 2012 yaSSL
  • 30. 10: Crypto Access •  Direct  access  to  crypto?     Many  reasons:   -­‐  Direct  encrypSon   -­‐  Code  Signing   -­‐  Verifying  hashes,  etc.   Slide 30 / 33 © Copyright 2012 yaSSL
  • 31. 11: Support •  What  happens  if:     –  Something  goes  wrong   –  You  can’t  get  it  to  work  on  your  system   –  New  vulnerability  comes  out   –  You  need  a  new  cipher/feature   •  Is  there  support  available  to  help  you  out?   Slide 31 / 33 © Copyright 2012 yaSSL
  • 32. SSL: Shopping List 1.  Protocols   2.  Ciphers   3.  Memory  Usage   4.  Simple  to  Use   5.  Portability   6.  Hardware  AcceleraSon   7.  License   8.  Maturity   9.  CompaSbility   10.  Crypto  Access   11.  Support   Slide 32 / 33 © Copyright 2012 yaSSL
  • 33. Thanks! www.yassl.com chris@yassl.com info@yassl.com Slide 33 / 33 © Copyright 2012 yaSSL