Nothing Special   »   [go: up one dir, main page]
Scribd
Upload
41 views17 pages

An Introduction To SSL/TLS: Providing Secure Communication Over The Internet

Uploaded by

VargheseMartin

SSL/TLS provides secure communication over the internet by addressing privacy, integrity, and authentication issues. It uses encryption, message authentication codes, and X.509 certificates to ensure private and authenticated communications between applications, such as web servers and browsers. SSL establishes an encrypted session by negotiating a cipher suite and exchanging secrets before application data can be securely transferred.

Copyright:

© All Rights Reserved
Download as PPT, PDF, TXT or read online from Scribd
Download as ppt, pdf, or txt

An Introduction To SSL/TLS: Providing Secure Communication Over The Internet

Uploaded by

VargheseMartin
41 views17 pages
SSL/TLS provides secure communication over the internet by addressing privacy, integrity, and authentication issues. It uses encryption, message authentication codes, and X.509 certificates to ensure private and authenticated communications between applications, such as web servers and browsers. SSL establishes an encrypted session by negotiating a cipher suite and exchanging secrets before application data can be securely transferred.

Original Title

cn_ssl

Copyright

© © All Rights Reserved

Available Formats

PPT, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

SSL/TLS provides secure communication over the internet by addressing privacy, integrity, and authentication issues. It uses encryption, message authentication codes, and X.509 certificates to ensure private and authenticated communications between applications, such as web servers and browsers. SSL establishes an encrypted session by negotiating a cipher suite and exchanging secrets before application data can be securely transferred.

Copyright:

© All Rights Reserved
Download as PPT, PDF, TXT or read online from Scribd
Download as ppt, pdf, or txt
41 views17 pages

An Introduction To SSL/TLS: Providing Secure Communication Over The Internet

Uploaded by

VargheseMartin
SSL/TLS provides secure communication over the internet by addressing privacy, integrity, and authentication issues. It uses encryption, message authentication codes, and X.509 certificates to ensure private and authenticated communications between applications, such as web servers and browsers. SSL establishes an encrypted session by negotiating a cipher suite and exchanging secrets before application data can be securely transferred.

Copyright:

© All Rights Reserved
Download as PPT, PDF, TXT or read online from Scribd
Download as ppt, pdf, or txt
You are on page 1/ 17

An Introduction to SSL/TLS

Providing secure communication


over the Internet
What is SSL?
• SSL – Secure Socket Layer ƒ it provides a secure
transport connection between applications (e.g., a
web server and a browser)
• SSL was developed by Netscape
• uses TCP to provide a reliable end-to-end service
• TLS can be viewed as SSL v3.1
Security Issues
• Privacy
– Anyone can see content
• Integrity
– Someone might alter content
• Authentication
– Not clear who you are talking with
SSL Architecture
SSL Components

SSL HANDSHAKE SSL RECORD SSL ALERT SSL CHANGE


PROTOCOL PROTOCOL PROTOCOL CIPHER SPEC
PROTOCOL

• Negotiation of • Fragmentation. • Error message • A single message


security algorithms • Compression. ( fatal alerts and that indicates the
and parameters. • Encryption. warning ) end of SSL
• Key exchange. • Message handshake.
• Server
authentication and
optionally client
authentication.
Sessions and Connections
• An SSL session is a connection between
client and server.
• Sessions are stateful ; the session state
includes security algorithm and
parameters.
• A session may include multiple secure
connection between same server and
client.
• Server and client random – random
byte sequence is chosen by the client
and server for new connection.
Session States…
• Session state
– Session identifier – arbitrary byte sequence
chosen by the server to identify the session.
– Peer certificate – may be null.
– Compression method.
– Cipher Spec – bulk data encryption
algorithm and MAC algorithm ( eg. DES,
MD5 ).
– Master key – a 48 byte secret key is used in
between client and server.
– Resumable – a flag indicating whether the
session can be used to initiate new
connections.
What is TLS?
• Protocol layer
• Requires reliable transport layer (e.g.
TCP)
• Supports any application protocols
HTTP Telnet FTP LDAP
TLS
TCP
IP

9
TLS: Privacy
• Encrypt message so it cannot be read
• Use conventional cryptography with
shared key
– DES, 3DES
– RC2, RC4
– IDEA

A B
Message $%&#!@ Message 10
TLS:Key Exchange
• Need secure method to exchange secret
key
• Use public key encryption for this
– “key pair” is used - either one can encrypt
and then the other can decrypt
– slower than conventional cryptography
– share one key, keep the other private

11
TLS: Integrity
• Compute fixed-length Message
Authentication Code (MAC)
– Includes hash of message
– Includes a shared secret
– Include sequence number
• Transmit MAC with message

12
TLS: Integrity
• Receiver creates new MAC
– should match transmitted MAC

A B
Message Message’ MAC

MAC MAC’ =?
13
14

TLS: Authentication
• Verify identities of participants
• Client authentication is optional
• Certificate is used to associate identity
with public key and other attributes

A B
Certificate
Certificate
15

TLS: Overview
• Establish a session
– Agree on algorithms
– Share secrets
– Perform authentication
• Transfer application data
– Ensure privacy and integrity
SUMMARY
• SSL/TLS address the need for
security in internet communications
– Privacy – conventional encryption
– Integrity – message authentication codes
– Authentication – X.509
• SSL in use today with web browsers
and servers.
Thank You

You might also like