set324 - WEB Security Secure Socket Layer Cunsheng Ding...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 1 WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 2 Outline of this Lecture • Brief Information on SSL and TLS • Secure Socket Layer (SSL) • Transport Layer Security (TLS) • Recommended Reading
Background image of page 2
C. Ding - COMP4631 - L24 3 Security Facilities in the TCP/IP Protocol Stack SSL or TLS IP TCP IP/IPSec HTTP SMTP FTP HTTP FTP SMTP TCP IP UDP TCP S/MIME PGP SET Kerberos SMTP HTTP ± a) Network level ± b) Transport level ± c) Applica±on level
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 4 SSL and TLS: Information • SSL was originated by Netscape, Version 2, 3, 3.1 • TLS is an IETF protocol. • First version of TLS can be viewed as an SSLv3.1 • They are the most popular transport layer security protocols
Background image of page 4
C. Ding - COMP4631 - L24 5 SSL: Brief Introduction • Based on connection-oriented and reliable service (e.g., TCP) • Able to provide security services for any TCP-based application protocol, e.g., HTTP, FTP, TELNET, etc. – Application independent
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 6 SSL Services • Client- server authentication • Data confidentiality • Data origin authentication • Data integrity
Background image of page 6
C. Ding - COMP4631 - L24 7 SSL Architecture
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 8 SSL Protocol Structure It makes use of TCP to provide reliable end-to-end secure service. SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol SSL Record Protocol < NFTTBHF PSJHJO BVUIFOUJDBUJPO± EBUB DPOGJEFOUJBMJUZ± EBUB JOUFHSJUZ> < QSPWJEFT TVQQPSU GPS 44- TFTTJPO ² DPOOFDUJPO FTUBCMJTINFOU> Auth. & encryption algorithms, keys, random numbers, alert messages TCP IP
Background image of page 8
C. Ding - COMP4631 - L24 9 SSL Protocol Components: SSL Record Protocol – Layered on top of a connection-oriented and reliable transport layer service – Provides message origin authentication, data confidentiality, and data integrity SSL sub-protocols – Layered on top of the SSL Record Protocol – Provides support for SSL session and connection establishment
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 10 SSL Connection and Session Connection: – a transport (in the OSI layering model definition) that provides a suitable service. – For SSL, such connections are peer- to-peer relationships. – Every connection is associated with one “session ”. Session: – an association between a client and a server. – Defines a set of cryptographic parameters, which can be shared among multiple connections. – Is is used to avoid the expensive negotiation of new security parameters for each connection.
Background image of page 10
C. Ding - COMP4631 - L24 11 SSL State Information • SSL session is stateful – SSL protocol must initialize and maintain session state information on either side of the session • SSL session can be used for a number of connections (i.e., it has a lifetime) – connection state information
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Ding - COMP4631 - L24 12 SSL Session State Information Elements Session ID : An arbitrary byte sequence chosen by the server to identify an active or resumable session state.
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 42

set324 - WEB Security Secure Socket Layer Cunsheng Ding...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online