0% found this document useful (0 votes)
33 views14 pages

Slides-10 On Network Security

The document discusses web security and protocols like SSL, TLS, and SET. It describes the SSL and TLS handshake protocols and record formats. It also covers the different phases of the SSL handshake protocol and differences between SSL and TLS.

Uploaded by

Muhammad Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
33 views14 pages

Slides-10 On Network Security

The document discusses web security and protocols like SSL, TLS, and SET. It describes the SSL and TLS handshake protocols and record formats. It also covers the different phases of the SSL handshake protocol and differences between SSL and TLS.

Uploaded by

Muhammad Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Blekinge Institute of Technology

Fredrik Erlandsson

WEB Security
Outline

• Web Security Considerations


• Secure Socket Layer (SSL) and Transport Layer Security (TLS)
• Secure Electronic Transaction (SET)

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 2
Web Security Considerations

• The WEB is very visible.


• Complex software hide many security flaws.
• Web servers are easy to configure and manage.
• Users are not aware of the risks.

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 3
Demo

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 4
Security facilities in the TCP/IP protocol stack

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 5
SSL and TLS

• SSL was originated by Netscape


• TLS working group was formed within IETF
• First version of TLS can be viewed as an SSLv3.1

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 6
SSL Architecture

SSL SSL Change


Handshake Cipher Spec SSL Alert HTTP
Protocol Protocol Protocol

SSL Record Protocol

TCP

IP

Figure 7.2 SSL Protocol Stack

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 7
SSL Record Protocol Operation
Application Data

Fragment

Compress

Add MAC

Encrypt

Append SSL
Record Header
Blekinge Institute of Technology
Fredrik Erlandsson ET1318 - Network Security 8
SSL Record Format

Content Major Minor Compressed


Type Version Version Length

Plaintext
encrypted

(optionally
compressed)

MAC (0, 16, or 20 bytes)

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 9
SSL Record Protocol Payload

1 byte 1 byte 3 bytes ! 0 bytes

1 Type Length Content

(a) Change Cipher Spec Protocol (c) Handshake Protocol

1 byte 1 byte ! 1 byte

Level Alert OpaqueContent

(b) Alert Protocol (d) Other Upper-Layer Protocol (e.g., HTTP)

Figure 7.5 SSL Record Protocol Payload

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 10
Handshake Protocol

• The most complex part of SSL.


• Allows the server and client to authenticate each other.
• Negotiate encryption, MAC algorithm and cryptographic keys.
• Used before any application data are transmitted.

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 11
Handshake Protocol Action
Client Server
client_h
ello Phase 1
Establish security capabilities, including
protocol version, session ID, cipher suite,
hello
server_
compression method, and initial random
numbers.

te
certifica
hange
key_exc
server_ Phase 2
Server may send certificate, key exchange,
quest
certif icate_re and request certificate. Server signals end
of hello message phase.
one
hello_d
s e r v er_
Time

certifica
te
client_k Phase 3
ey_exch
ange Client sends certificate if requested. Client
sends key exchange. Client may send
certifica
te_verif certificate verification.
y

change
_cipher
_spec
finished
Phase 4
Change cipher suite and finish
spec
a n g e _ cipher_ handshake protocol.
ch

finished

Note: Shaded transfers are


optional or situation-dependent
Blekinge Institute of Technology messages that are not always sent.
Fredrik Erlandsson ET1318 - Network Security 12
Figure 7.6 Handshake Protocol Action
Transport Layer Security

• The same record format as the SSL record format.


• Defined in RFC 2246.
• Similar to SSLv3.
• Differences in the:
 version number
 message authentication code
 pseudo random function
 alert codes
 cipher suites
 client certificate types
 certificate_verify and finished message
 cryptographic computations
 padding

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 13
The End

END

Blekinge Institute of Technology


Fredrik Erlandsson ET1318 - Network Security 14

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy