8.SSL - Announcement Final exam: Wed, June 9, 9:30-11:18...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA ) Open books, open notes. Calculators allowed. 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
We have learned … Symmetric encryption: DES, 3DES, AES, RC4 Public-key encryption: RSA Hash: SHA-1 MAC: CBC-MAC, CMAC, HMAC Digital signature: RSA Entity authentication: challenge and response Key agreement: Diffie-Hellman, RSA Certicificate 2
Background image of page 2
SSL-Secure Socket Layer
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSL (Secure Socket Layer) TCP: provides a reliable end-to-end service. TCP & SSL: provides a reliable & secure end-to-end service. HTTPS: HTTP over SSL (or TLS) Typically on port 443 (regular http on port 80) SSL originally developed by Netscape subsequently became Internet standard known as TLS (Transport Layer Security) SSL has two layers of protocols
Background image of page 4
SSL Architecture
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
SSL Record Protocol Services SSL Record Protocol provides two services. Message integrity using a MAC with a shared secret key similar to HMAC but with different padding hash functions: MD5, SHA-1 Message confidentiality using symmetric encryption with a shared secret key Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-128
Background image of page 6
SSL Record Protocol Operation (optional; default: null) 2 14 bytes
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
() Similar to HMAC, using MD5 or SHA-1. HMAC ( ) ( ) The SSL MAC is MAC_write_secret pa computed as: ( ( d_2 MAC_write_sec seq_num ha ret pad_ sh hash has 1 h hash SSL MAC k k opad k ipad m m = && & & & & SSLCompression.type SSLCompression.length SSLC ompression.fragmen )) t & & &
Background image of page 8
SSL Handshake Protocol Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms and keys Comprises a series of messages exchanged in phases: 1. Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms ) 2. Server Authentication and Key Exchange 3. Client Authentication and Key Exchange 4. Finish
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Stallings Figure 17.6
Background image of page 10
client_hello server_hello Client Server client_hello: contains a c Phase1: Establish Security Capabilities ⎯⎯⎯⎯⎯⎯→ ←⎯⎯⎯⎯⎯⎯ and a list of in decreasing order of preference.
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 29

8.SSL - Announcement Final exam: Wed, June 9, 9:30-11:18...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online