LectureNote24-Protocols

LectureNote24-Protocols - S ECURITY P ROTOCOLS S ECURITY P...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: S ECURITY P ROTOCOLS S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 1 / 55 S ECURE S OCKETS L AYER P ROTOCOL S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 2 / 55 Designed to establish a secure connection between a client and a server communicating over an insecure channel Attacker assumptions Have substantial computational resources Can capture, modify, delete, replay and otherwise tamper with messages Cannot obtain secret information from sources outside the protocol P LACEMENT IN THE IP S TACK S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 3 / 55 SSL runs above TCP/IP and below high level application programs. SSL S ERVICES S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 4 / 55 Security parameter negotiation Peer entity authentication Data confidentiality Data authentication and integrity Compression / decompression SSL A RCHITECTURE S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 5 / 55 SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP Other Application Protocols SSL Record Protocol TCP IP SSL R ECORD P ROTOCOL S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 6 / 55 Provides the secure tunnel for communication between client and server Five steps by sender to transmit packet Fragmentation of message into packets Compression of packets into smaller packets Generating and appending Message Authentication Code to each packet Encryption of packet (with MAC) Add SSL record header and transmit Receiver perform the corresponding steps in reverse order SSL R ECORD P ROTOCOL S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 7 / 55 ecord Header Add SSL Encrypt Add MAC Compress Fragment Application Data SSL S ESSION S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 8 / 55 An association between a client and a server Generated by the SSL Handshake Protocol Define a set of cryptographic security parameter that can be shared among multiple connections Used to avoid expensive negotiation of new security parameters for each connection S ESSION S TATE E LEMENTS S ECURITY P ROTOCOLS SSL H ANDSHAKE P ROTOCOL S ECURE S HELL CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 9 / 55 session identifier An arbitrary byte sequence chosen by the...
View Full Document

Page1 / 55

LectureNote24-Protocols - S ECURITY P ROTOCOLS S ECURITY P...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online