SlideShare a Scribd company logo

SECURE SOCKET LAYER ( WEB SECURITY )

Download as PPTX, PDF
M
Monodip Singha Roy

This slide is all about SSL and TSL with little descirption of WEB SECURITY

Technology
1 of 33
WEB SECURITY (SECURE SOCKET LAYER) MONODIP SINGHA ROY M.TECH Dr. B.C.ROY ENGINEERING COLLEGE 2
Contents  WEB SECURITY  WEB SECURITY TERMINOLOGY  SSL ( SECURE SOCKET LAYER )  SSL ARCHITECTURE  TLS ( TRANSPORT LAYER SECURITY )  PROS AND CONS OF SSL/TLS  SUMMARY 3
WEB SECURITY  Almost everything in today’s world relies on computer and internet. ◦ Communications (emails, phones) ◦ Transportation (car engine system, airplane navigation system) ◦ Medicine ( medical records, equipments) ◦ Shopping (online store, online payments) ◦ Entertainment (digital cables) 4
What is WEB SECURITY ?? Web security , also known as “cyber security “ involves protecting the information by protecting , preventing and responding to the attacks. 5
WEB SECURITY: TERMNOLOGY  HACKERS: People who strive to exploit weaknesses in software and computer for their own gain.  VIRUSES: Infects your computer before actually u can do something.  WORMS: Propagates without users intervention.  TROJAN: A software that claims to do something while in fact doing something in background. 6
WEB SECURITY: TERNINOLOGY  RANSOMWARE: ◦ A form of Trojan that has been since 1989, as known as ‘PC CYBORG’ Trojan. ◦ It affects the user computer by encrypting the user’s personal files. ◦ The victim then contacted and offered the decrypt key in exchange of cash. 7
WEB SECURITY: TERMINOLOGY  KEYLOGGERS: ◦ It is an software that monitor users activity such as key typed in keyboard. ◦ KeyLoggers can  Record keystrokes on keyboards.  Record mouse movement and clicks.  Record menus that are invoked.  Takes screenshot of the desktop at pre defined intervals. 8
Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats ◦ integrity ◦ confidentiality ◦ denial of service ◦ authentication  need added security mechanisms. 9
What is SSL?  SSL – Secure Socket Layer ƒit provides a secure transport connection between applications (e.g., a web server and a browser)  SSL was developed by Netscape  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols SSL v3.0 was specified in an Internet Draft (1996) ƒit evolved into RFC 246 and was renamed to TLS (Transport Layer Security)  TLS can be viewed as SSL v3.1 10
SSL Architecture 11
SSL Components SSL HANDSHAKE PROTOCOL SSL RECORD PROTOCOL SSL ALERT PROTOCOL SSL CHANGE CIPHER SPEC PROTOCOL • Negotiation of security algorithms and parameters. • Key exchange. • Server authentication and optionally client authentication. • Fragmentation. • Compression. • Encryption. • Message authentication and integrity protection. • Error message ( fatal alerts and warning ) • A single message that indicates the end of SSL handshake. 12
Sessions and Connections  An SSL session is a connection between client and server.  Sessions are stateful ; the session state includes security algorithm and parameters.  A session may include multiple secure connection between same server and client.  Connections of the same session share the session state.  Sessions are used to avoid expensive negotiation of new security parameters for each state. 13
Session States…  Session state ◦ Session identifier – arbitrary byte sequence chosen by the server to identify the session. ◦ Peer certificate – may be null. ◦ Compression method. ◦ Cipher Spec – bulk data encryption algorithm and MAC algorithm ( eg. DES, MD5 ). ◦ Master key – a 48 byte secret key is used in between client and server. ◦ Resumable – a flag indicating whether the session can be used to initiate new connections. 14
Connection States…  Connection State ◦ Server and client random – random byte sequence is chosen by the client and server for new connection. ◦ Server write MAC secret – secret key is used in MAC operations on data sent by the server. ◦ Client write MAC secret – secret key is used in MAC operations on data sent by the client. ◦ Server write key – secret encryption key for data, encrypted by the server. ◦ Client write key – secret encryption key for data, encrypted by the client. 15
How States changes??  Operating state: current using state  Pending state: state to be used  Operating state < Pending state: at the transmission and reception of change cipher spec message The sending part of the pending state is copied into the sending part of operating state The receiving part of the pending state is copied into the receiving part of operating stateParty A Party B Change Cipher Spec 16
 SSL session ◦ an association between client & server ◦ created by the Handshake Protocol ◦ define a set of cryptographic parameters ◦ may be shared by multiple SSL connections  SSL connection ◦ a transient, peer-to-peer, communications link ◦ associated with 1 SSL session 17
SSL Handshake Protocol  Handshake protocol is used to exchange all the information required by both sides for the exchange of actual application data by the TRANSPORT LAYER SECURITY 18
SSL Record Protocol  confidentiality ◦ using symmetric encryption with a shared secret key defined by Handshake Protocol ◦ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 ◦ message is compressed before encryption  message integrity ◦ using a MAC with shared secret key ◦ similar to HMAC but with different padding 19
SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use. 20
SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data 21
What is TSL??  Internet Engineering Task Force standard RFC 2246 similar to SSLv3 with minor differences: ◦ In record format version number ◦ Uses HMAC for MAC ◦ Has optional alert code ◦ Some changes in supported ciphers ◦ Change in use of certificate negotiation ◦ Change in use of padding 22
Changes from SSLv3 to TLS…  Fortezza removed  Additional alerts added  Modification of hash calculation  Protocol version 3.1 in client hello, server hello 23
TLS : Privacy  Encrypt message so it cannot be read  Use conventional cryptography with shared key ◦ DES , 3DES ◦ RC2, RC4 ◦ IDEA A (Message) $@#&!@ B(Message) 24
TLS: Key Exchange  Need secure method to exchange key  Use public key encryption for this  Choices are RSA & Diffie-Hellman 25
TLS: Integrity  Compute fixed length message authentication code (MAC) ◦ Includes hash of message ◦ Includes a shared secret key ◦ Includes sequence number ◦ Transmit MAC with message 26
TLS : Authentication  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes A B CERTIFICATES 27
TLS: HTTP Application  HTTP is most common TLS application https://  Requires TLS-capable web server  Requires TLS-capable web browser ◦ Netscape navigator ◦ Internet explorer ◦ Cryptozilla 28
Implementation of SSL/TLS  SSL & TLS have widely been implemented ◦ Open source software projects ( openSSL, NSS & GnuTLS) ◦ Microsoft windows : part of its secure channel ◦ Browsers  Apple safari  Internet explorer  Mozilla firefox 29
Pros & Cons of SSL/TLS  Pros : ◦ Customer will trust your website: many visitors are now savvy enough to recognize when a webpage is encrypted and protected by SSL. ◦ Avoid dispute due to credit/debit card frauds: visitors uses their credit/debit cards information's on unprotected servers and faces identity theft. 30
Cons ….  Cons : ◦ Regular renewal : just like website domain and hosting plan, SSL certificates also expires after short period of time ; usually one to five years. ◦ Complex installation : SSL is very difficult to install on websites for those who are unaware of website development. 31
Application of SSL/TLS  On top of the Transport layer protocols ◦ Primarily with TCP ◦ Datagram transport layer security (DTLS) for UDP  Encapsulating the applications protocols ◦ HTTP ◦ Securing WWW traffic ◦ FTP, SMTP, etc 32
SUMMARY  SSL/TLS address the need for security in internet communications ◦ Privacy – conventional encryption ◦ Integrity – message authentication codes ◦ Authentication – X.509  SSL in use today with web browsers and servers. 33
Thank You 34

Recommended

Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
02 protocol architecture
02 protocol architecture02 protocol architecture
02 protocol architecturechameli devi group of institutions
 
Multiplexing in mobile computing
Multiplexing in mobile computingMultiplexing in mobile computing
Multiplexing in mobile computingZituSahu
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Unit 1 - mobile computing introduction
Unit 1 - mobile computing introductionUnit 1 - mobile computing introduction
Unit 1 - mobile computing introductionVintesh Patel
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 

Recommended

Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
02 protocol architecture
02 protocol architecture02 protocol architecture
02 protocol architecturechameli devi group of institutions
 
Multiplexing in mobile computing
Multiplexing in mobile computingMultiplexing in mobile computing
Multiplexing in mobile computingZituSahu
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Unit 1 - mobile computing introduction
Unit 1 - mobile computing introductionUnit 1 - mobile computing introduction
Unit 1 - mobile computing introductionVintesh Patel
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
Hub vs-switch
Hub vs-switchHub vs-switch
Hub vs-switchNitesh Singh
 
TCP over wireless slides
TCP over wireless slidesTCP over wireless slides
TCP over wireless slidesMahesh Rajawat
 
Physical design of io t
Physical design of io tPhysical design of io t
Physical design of io tShilpaKrishna6
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
Bluetooth security
Bluetooth securityBluetooth security
Bluetooth securityShantanu Krishna
 
Data dissemination
Data disseminationData dissemination
Data disseminationVikram Nandini
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issuesAnastasios Economides
 
Mobile computing
Mobile computingMobile computing
Mobile computingTapesh Chalisgaonkar
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
Introduction To Mobile Computing
Introduction To Mobile ComputingIntroduction To Mobile Computing
Introduction To Mobile ComputingMadhuri Badgujar
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLjunnubabu
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Mobile ip presentation
Mobile ip presentationMobile ip presentation
Mobile ip presentationSifat Hossain
 
Mobile internet protocol
Mobile internet protocolMobile internet protocol
Mobile internet protocolSaranyaK68
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
FOG COMPUTING
FOG COMPUTINGFOG COMPUTING
FOG COMPUTINGSaisharan Amaravadhi
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computinggaurav koriya
 
Computer networks
Computer networks Computer networks
Computer networks SakshiGupta964978
 
SSL
SSLSSL
SSLtheekuchi
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 

More Related Content

What's hot

TCP over wireless slides
TCP over wireless slidesTCP over wireless slides
TCP over wireless slidesMahesh Rajawat
 
Physical design of io t
Physical design of io tPhysical design of io t
Physical design of io tShilpaKrishna6
 
The mac layer
The mac layerThe mac layer
The mac layeraazamk
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and securityAkhil Kumar
 
Introduction To Mobile Computing
Introduction To Mobile ComputingIntroduction To Mobile Computing
Introduction To Mobile ComputingMadhuri Badgujar
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayerRahul Hada
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLjunnubabu
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
Mobile ip presentation
Mobile ip presentationMobile ip presentation
Mobile ip presentationSifat Hossain
 
Mobile internet protocol
Mobile internet protocolMobile internet protocol
Mobile internet protocolSaranyaK68
 

What's hot (20)

Hub vs-switch
Hub vs-switchHub vs-switch
Hub vs-switch
 
TCP over wireless slides
TCP over wireless slidesTCP over wireless slides
TCP over wireless slides
 
Physical design of io t
Physical design of io tPhysical design of io t
Physical design of io t
 
The mac layer
The mac layerThe mac layer
The mac layer
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
 
Bluetooth security
Bluetooth securityBluetooth security
Bluetooth security
 
Data dissemination
Data disseminationData dissemination
Data dissemination
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
cellphone virus and security
cellphone virus and securitycellphone virus and security
cellphone virus and security
 
Introduction To Mobile Computing
Introduction To Mobile ComputingIntroduction To Mobile Computing
Introduction To Mobile Computing
 
Mobile transportlayer
Mobile transportlayerMobile transportlayer
Mobile transportlayer
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
Mobile ip presentation
Mobile ip presentationMobile ip presentation
Mobile ip presentation
 
Mobile internet protocol
Mobile internet protocolMobile internet protocol
Mobile internet protocol
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest link
 
FOG COMPUTING
FOG COMPUTINGFOG COMPUTING
FOG COMPUTING
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
 
Computer networks
Computer networks Computer networks
Computer networks
 

Viewers also liked

TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01Qaisar Ayub
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 

Viewers also liked (20)

SSL
SSLSSL
SSL
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL
SSLSSL
SSL
 
web security
web securityweb security
web security
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
PGP Presentation Powerpoint
PGP Presentation PowerpointPGP Presentation Powerpoint
PGP Presentation Powerpoint
 
Overview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server InteractionsOverview of SSL & TLS Client-Server Interactions
Overview of SSL & TLS Client-Server Interactions
 
ssl
sslssl
ssl
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
PGP presentation 2014
PGP presentation 2014PGP presentation 2014
PGP presentation 2014
 
PGP Basic Lecture 01
PGP Basic Lecture 01PGP Basic Lecture 01
PGP Basic Lecture 01
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good Privacy
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Pgp
PgpPgp
Pgp
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 

Similar to SECURE SOCKET LAYER ( WEB SECURITY )

Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 

Similar to SECURE SOCKET LAYER ( WEB SECURITY ) (20)

Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Unit 6
Unit 6Unit 6
Unit 6
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Web security
Web securityWeb security
Web security
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 

More from Monodip Singha Roy

Novel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsNovel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsMonodip Singha Roy
 
Complementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleComplementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleMonodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 

More from Monodip Singha Roy (6)

Novel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applicationsNovel microstrip patch antenna for WLAN and Wi-MAX applications
Novel microstrip patch antenna for WLAN and Wi-MAX applications
 
Complementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in singleComplementary inverted reactive slot antenna embedded in single
Complementary inverted reactive slot antenna embedded in single
 
OPTICAL COMMUNICATION
OPTICAL COMMUNICATIONOPTICAL COMMUNICATION
OPTICAL COMMUNICATION
 
CHAOS ANALYSIS OF HRV
CHAOS ANALYSIS OF HRVCHAOS ANALYSIS OF HRV
CHAOS ANALYSIS OF HRV
 
MOBILE Ad-Hoc NETWORK (MANET)
MOBILE Ad-Hoc NETWORK (MANET)MOBILE Ad-Hoc NETWORK (MANET)
MOBILE Ad-Hoc NETWORK (MANET)
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

SECURE SOCKET LAYER ( WEB SECURITY )

  • 1. WEB SECURITY (SECURE SOCKET LAYER) MONODIP SINGHA ROY M.TECH Dr. B.C.ROY ENGINEERING COLLEGE 2
  • 2. Contents  WEB SECURITY  WEB SECURITY TERMINOLOGY  SSL ( SECURE SOCKET LAYER )  SSL ARCHITECTURE  TLS ( TRANSPORT LAYER SECURITY )  PROS AND CONS OF SSL/TLS  SUMMARY 3
  • 3. WEB SECURITY  Almost everything in today’s world relies on computer and internet. ◦ Communications (emails, phones) ◦ Transportation (car engine system, airplane navigation system) ◦ Medicine ( medical records, equipments) ◦ Shopping (online store, online payments) ◦ Entertainment (digital cables) 4
  • 4. What is WEB SECURITY ?? Web security , also known as “cyber security “ involves protecting the information by protecting , preventing and responding to the attacks. 5
  • 5. WEB SECURITY: TERMNOLOGY  HACKERS: People who strive to exploit weaknesses in software and computer for their own gain.  VIRUSES: Infects your computer before actually u can do something.  WORMS: Propagates without users intervention.  TROJAN: A software that claims to do something while in fact doing something in background. 6
  • 6. WEB SECURITY: TERNINOLOGY  RANSOMWARE: ◦ A form of Trojan that has been since 1989, as known as ‘PC CYBORG’ Trojan. ◦ It affects the user computer by encrypting the user’s personal files. ◦ The victim then contacted and offered the decrypt key in exchange of cash. 7
  • 7. WEB SECURITY: TERMINOLOGY  KEYLOGGERS: ◦ It is an software that monitor users activity such as key typed in keyboard. ◦ KeyLoggers can  Record keystrokes on keyboards.  Record mouse movement and clicks.  Record menus that are invoked.  Takes screenshot of the desktop at pre defined intervals. 8
  • 8. Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats ◦ integrity ◦ confidentiality ◦ denial of service ◦ authentication  need added security mechanisms. 9
  • 9. What is SSL?  SSL – Secure Socket Layer ƒit provides a secure transport connection between applications (e.g., a web server and a browser)  SSL was developed by Netscape  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols SSL v3.0 was specified in an Internet Draft (1996) ƒit evolved into RFC 246 and was renamed to TLS (Transport Layer Security)  TLS can be viewed as SSL v3.1 10
  • 11. SSL Components SSL HANDSHAKE PROTOCOL SSL RECORD PROTOCOL SSL ALERT PROTOCOL SSL CHANGE CIPHER SPEC PROTOCOL • Negotiation of security algorithms and parameters. • Key exchange. • Server authentication and optionally client authentication. • Fragmentation. • Compression. • Encryption. • Message authentication and integrity protection. • Error message ( fatal alerts and warning ) • A single message that indicates the end of SSL handshake. 12
  • 12. Sessions and Connections  An SSL session is a connection between client and server.  Sessions are stateful ; the session state includes security algorithm and parameters.  A session may include multiple secure connection between same server and client.  Connections of the same session share the session state.  Sessions are used to avoid expensive negotiation of new security parameters for each state. 13
  • 13. Session States…  Session state ◦ Session identifier – arbitrary byte sequence chosen by the server to identify the session. ◦ Peer certificate – may be null. ◦ Compression method. ◦ Cipher Spec – bulk data encryption algorithm and MAC algorithm ( eg. DES, MD5 ). ◦ Master key – a 48 byte secret key is used in between client and server. ◦ Resumable – a flag indicating whether the session can be used to initiate new connections. 14
  • 14. Connection States…  Connection State ◦ Server and client random – random byte sequence is chosen by the client and server for new connection. ◦ Server write MAC secret – secret key is used in MAC operations on data sent by the server. ◦ Client write MAC secret – secret key is used in MAC operations on data sent by the client. ◦ Server write key – secret encryption key for data, encrypted by the server. ◦ Client write key – secret encryption key for data, encrypted by the client. 15
  • 15. How States changes??  Operating state: current using state  Pending state: state to be used  Operating state < Pending state: at the transmission and reception of change cipher spec message The sending part of the pending state is copied into the sending part of operating state The receiving part of the pending state is copied into the receiving part of operating stateParty A Party B Change Cipher Spec 16
  • 16.  SSL session ◦ an association between client & server ◦ created by the Handshake Protocol ◦ define a set of cryptographic parameters ◦ may be shared by multiple SSL connections  SSL connection ◦ a transient, peer-to-peer, communications link ◦ associated with 1 SSL session 17
  • 17. SSL Handshake Protocol  Handshake protocol is used to exchange all the information required by both sides for the exchange of actual application data by the TRANSPORT LAYER SECURITY 18
  • 18. SSL Record Protocol  confidentiality ◦ using symmetric encryption with a shared secret key defined by Handshake Protocol ◦ IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 ◦ message is compressed before encryption  message integrity ◦ using a MAC with shared secret key ◦ similar to HMAC but with different padding 19
  • 19. SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use. 20
  • 20. SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data 21
  • 21. What is TSL??  Internet Engineering Task Force standard RFC 2246 similar to SSLv3 with minor differences: ◦ In record format version number ◦ Uses HMAC for MAC ◦ Has optional alert code ◦ Some changes in supported ciphers ◦ Change in use of certificate negotiation ◦ Change in use of padding 22
  • 22. Changes from SSLv3 to TLS…  Fortezza removed  Additional alerts added  Modification of hash calculation  Protocol version 3.1 in client hello, server hello 23
  • 23. TLS : Privacy  Encrypt message so it cannot be read  Use conventional cryptography with shared key ◦ DES , 3DES ◦ RC2, RC4 ◦ IDEA A (Message) $@#&!@ B(Message) 24
  • 24. TLS: Key Exchange  Need secure method to exchange key  Use public key encryption for this  Choices are RSA & Diffie-Hellman 25
  • 25. TLS: Integrity  Compute fixed length message authentication code (MAC) ◦ Includes hash of message ◦ Includes a shared secret key ◦ Includes sequence number ◦ Transmit MAC with message 26
  • 26. TLS : Authentication  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes A B CERTIFICATES 27
  • 27. TLS: HTTP Application  HTTP is most common TLS application https://  Requires TLS-capable web server  Requires TLS-capable web browser ◦ Netscape navigator ◦ Internet explorer ◦ Cryptozilla 28
  • 28. Implementation of SSL/TLS  SSL & TLS have widely been implemented ◦ Open source software projects ( openSSL, NSS & GnuTLS) ◦ Microsoft windows : part of its secure channel ◦ Browsers  Apple safari  Internet explorer  Mozilla firefox 29
  • 29. Pros & Cons of SSL/TLS  Pros : ◦ Customer will trust your website: many visitors are now savvy enough to recognize when a webpage is encrypted and protected by SSL. ◦ Avoid dispute due to credit/debit card frauds: visitors uses their credit/debit cards information's on unprotected servers and faces identity theft. 30
  • 30. Cons ….  Cons : ◦ Regular renewal : just like website domain and hosting plan, SSL certificates also expires after short period of time ; usually one to five years. ◦ Complex installation : SSL is very difficult to install on websites for those who are unaware of website development. 31
  • 31. Application of SSL/TLS  On top of the Transport layer protocols ◦ Primarily with TCP ◦ Datagram transport layer security (DTLS) for UDP  Encapsulating the applications protocols ◦ HTTP ◦ Securing WWW traffic ◦ FTP, SMTP, etc 32
  • 32. SUMMARY  SSL/TLS address the need for security in internet communications ◦ Privacy – conventional encryption ◦ Integrity – message authentication codes ◦ Authentication – X.509  SSL in use today with web browsers and servers. 33