Lecture 7 ssl_ipsec

Lecture 7 ssl_ipsec - SSL and IPSec Thursday, March 4, 2010...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
SSL and IPSec Thursday, March 4, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Transport Layer Security IP MAC Protocol TCP SSL/TLS Applications Thursday, March 4, 2010
Background image of page 2
Transport Layer Security IP MAC Protocol TCP SSL/TLS Applications TCP HTTP SMTP IMAP FTP Etc. Record Layer Protocol Hand Shake Change Cipher Spec Alert Protocol Application SSL Thursday, March 4, 2010
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Transport Layer Security IP MAC Protocol TCP SSL/TLS Applications Operates between transport layer and application layer Provides application independent, reliable, end-to-end secure channel SSL protocol has two layers Higher Layer Protocols (4) Record Layer Protocol TCP HTTP SMTP IMAP FTP Etc. Record Layer Protocol Hand Shake Change Cipher Spec Alert Protocol Application SSL Thursday, March 4, 2010
Background image of page 4
Secure Socket Layer Protocol Designed by Netscape – 93. Provides privacy and reliability between two communicating applications (Focus on Web). Requires reliable transport protocol (TCP). Only protects data in transit. Limited by cryptographic tools it uses. Does not provide non-repudiation or traffic flow confidentiality . Now with IETF – Transport Layer Security (TLS). Current Versions: SSL 3.0, TLS 1.0 Thursday, March 4, 2010
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSL History 95 96 Initial Design SSL v2.0 SSLRef 2.0 SSL BOF @ IETF SSL v3.0 SSL BOF II @ IETF Independent Implementations Hardware, Toolkits, Applications TLS Draft TLS v1.0 99 Thursday, March 4, 2010
Background image of page 6
Secure Socket Layer Protocol A server running SSL provides Confidentiality Integrity Authentication SSL is designed to operate in a number of different modes, depending on the requirement of the network connection No authentication, no encryption Authentication without encryption Encrypted communication only Encryption and authentication of the server Encryption and authentication of client and server Thursday, March 4, 2010
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSL Sessions and Connections Alice Amazon A Connection Server, Client Random Server Write MAC Secret Client Write MAC Secret Server, Client Write Key Initialization Vector Sequence Numbers A Session Session Identifier Peer Certificate Master Secret Compression Method IS RESUMEABLE Thursday, March 4, 2010
Background image of page 8
Record Layer Protocol Operations 1) Application Data 2) Fragments 3) Compress 4) Add MAC 5) Encrypt 6) Add SSL Header Each fragment 2 14 bytes Optional Compression (allow 1024 bytes for expansion) HMAC-like or HMAC (using SHA-1 or MD5) Encrypt (allow 1024 bytes for expansion) Add SSL Record Layer header Thursday, March 4, 2010
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSL Record Layer Format Plaintext (optionally compressed) Content Type Major Version Minor Version [Compressed] Length (16) MAC Encrypted Thursday, March 4, 2010
Background image of page 10
SSL Record Layer Format Content Type: change_cipher_spec (20) alert (21) handshake (22) application_data (23) Major Version: Major version of SSL Minor Version: Minor version of SSL Length: 16-bits Then, why are fragments only 2
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 103

Lecture 7 ssl_ipsec - SSL and IPSec Thursday, March 4, 2010...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online