Protecting Communication with SSL
|
|
- Luke Cox
- 6 years ago
- Views:
Transcription
1 Protecting Communication with SSL Robert Walker SE 4C03 Winter 2005 Last Revised April 4, 2005
2 Table of Conten ts Introduction...2 Secure Sockets Layer...2 Introduction to OpenSSL...2 Programming with OpenSSL...3 Conclusion...4 Appendix A - Initialization Stage...5 Appendix B - Authentication Stage...5 Appendix C - Termination Stage...6 References...7 1
3 Introduction The internet has experienced phenomenal growth in the last decade. Many confidential activities are now being performed via the internet such as banking and shopping. These services require private information to be exchanged, such as credit card numbers and login passwords. As well, it is necessary to authenticate the parties involved in the transaction. Imagine if anyone was free to impersonate you and obtain your bank statements! Many protocols exist today that ensure the identity of the parties communicating as well as their privacy. Most of these protocols are invisible to the application programmer because they are implemented as part of the operating system. SSL (Secure Sockets Layer) takes a different approach by being implemented above the TCP layer.[1] The most common interface to the TCP layer is sockets which is where the name Secure Sockets Layer is derived from. The purpose of this report is not to explain the SSL protocol in detail but rather to enlighten the application programmer to the basics of SSL and its various implementations. An overview of how to add SSL to application programs is also given. For this last section, a knowledge of sockets is assumed. Secure Sockets Layer SSL was developed by Netscape and SSLv2 (the second version) was first deployed in 1995 as part of Netscape Navigator, a popular web browser at the time.[1] Quickly, several variations of SSL appeared, including PCT (Private Communications Technology), TLS (Transport Layer Security) and SSLv3. The purpose of each variant was to fix problems with the original specification of SSL and resulted in compatibility problems. Eventually, SSLv3 became the most widely used variant and will be the focus of this report.[1] As mentioned previously, SSL is implemented above the TCP layer. This means that application programs need to be altered to take advantage of the features that SSL offers. In addition, SSL is only compatible with TCP and cannot be used in conjunction with UDP. The goal of SSL is to provide a reliable, encrypted and integrity- protected communication stream.[1] The reliability is provided by the TCP layer, while SSL adds encryption and integrity- protection. It is important to note that the TCP stream itself is not protected by SSL, only the data that is exchanged. The most common deployment model is to only authenticate the service provider, also known as the server.[2] The consumer, or client, usually confirms their identity by providing a secret password, however SSL does not concern itself with such a procedure. The client verifies the identity of the server by requesting a signed certificate and comparing it to a database of trusted certificates maintained on the client computer. If a match is found, the client can be confident that the desired server is indeed on the other end of the connection. Further communication between the client and server is encrypted to prevent spying and tampering. SSL is quite flexible and can be configured to use a number of different ciphers for encryption and can also require both the client and server to authenticate each other with certificates. SSL also preserves properties from the sockets library such as allowing multiple connections to be derived efficiently from the main connection.[1] Introduction to OpenSSL There are several mature implementations of SSL, including OpenSSL. OpenSSL is an open source, widely available implementation of SSL. OpenSSL supports SSLv2, SSLv3 and TLS, although SSLv3 is most commonly used.[3] The examples included in the report will use OpenSSL and the SSLv3 protocol. Ultimately, the application programmer is responsible for 2
4 adding SSL support. Fortunately, the OpenSSL libraries interact nicely with existing sockets libraries. This following section will give implementation details on the four main phases of an SSL connection: initialization, authentication, data transmission and termination. Program m in g with OpenSSL The first stage in creating an SSL connection is initialization. The major steps in initialization include creating appropriate data structures used in subsequent stages and loading certificates. This is illustrated in figure 1. Figure 1: Initialization Stage The implementation of this stage is quite simple and is shown in Appendix A. At this time, the actions of the client and server diverge. The server will begin listening on a particular port and the client will attempt to connect to the same port. The subsequent stages will assume that the client has initiated a connection to the server. The second stage involves authentication. OpenSSL can be used to require none, one or both parties to verify their identity. The procedure is the same for both client and server so only one perspective will be shown. Figure 2 shows the steps involved in the authentication stage from the perspective of the server. Figure 2: Authentication Stage 3
5 If no problems were encountered verifying the certificate, the client and server can now communicate with each other securely. If verification failed because the certificate was not valid or not trusted, the socket should be immediately closed without further communication. It is possible that a malicious user is impersonating the server or has tampered with the TCP packets being exchanged. The authentication procedure details are shown in Appendix B. The strength of SSL is apparent in the data transmission stage. Those familiar with sockets will have no problem reading and writing data to an SSL connection. The replacements shown below of standard UNIX functions will enable SSL protection. Replace: ssize_t write(int fd, const void *buf, size_t count) With: int SSL_write(SSL *ssl, const void *buf, int num) Replace: ssize_t read(int fd, void *buf, size_t count) With: int SSL_read(SSL *ssl, void *buf, int num) The main difference between the SSL functions and the socket functions is that an SSL* is required instead of a file descriptor. This is obtained during the "Accept SSL Connection" step in the authentication stage (figure 2). When all the data has been exchanged, the connection must be terminated. The disconnection process is not abrupt; the SSL libraries take care to encrypt the request to terminate the connection. This is to foil a malicious user from prematurely ending the connection by sending an appropriately faked TCP packet. Only the verified parties are allowed to terminate the connection. This process is shown in figure 3. Figure 3: Termination Stage The details of the termination stage are shown in Appendix C. At the end of this stage, both the SSL connection and the TCP connection have ended. Conclusion As was shown, SSL is an important protocol in today's internet and the application programmer should be aware of how SSL ensures security, the various implementations of SSL available and how to use SSL libraries in application programs. Adding SSL support is quite simple and can be broken into distinct stages for simplification: initialization, authentication, data transmission and termination. Many of the steps involved in using SSL are similar to socket programming and can be easily integrated into existing applications that use sockets. Using SSL in applications that require communication over the internet will give customers confidence that their privacy is being protected. 4
6 Appendix A - Initialization Stage #include <ssl.h> #define PRIVATE_KEY "myprivkey.pem" #define CERTIFICATE "mycert.pem" #define TRUSTED_CERTS "trustedcerts.pem" SSL_METHOD *method; SSL_CTX *context; /* load supported algorithms */ SSLeay_add_ssl_algorithms(); /* create SSL data structures and specify SSLv3 */ method = SSLv3_client_method(); context = SSL_CTX_new(method); /* load the certificate identifying myself */ SSL_CTX_use_certificate_file(context, CERTIFICATE, SSL_FILETYPE_PEM); /* load the private key identifying myself */ SSL_CTX_use_PrivateKey_file(context, PRIVATE_KEY, SSL_FILETYPE_PEM); /* load file containing a list of trusted certificates */ SSL_CTX_load_verify_locations(context, TRUSTED_CERT, NULL); Appendix B - Authen tica tion Stage #include <unistd.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <ssl.h> typedef struct { int fd; SSL *ssl; ssl_comm_t; /* create a connection between client and server */ static int accept_client(int fd, ssl_comm_t *ssl_comm) { int new_fd; struct sockaddr_in client; socklen_t len = sizeof (struct sockaddr); /* obtain a socket between client and server */ while (((new_fd = accept(fd, (struct sockaddr*)&ssl_comm->conn, &len)) == -1 && errno == EINTR)); return new_fd; 5
7 X509 *server_cert; ssl_comm_t *ssl_comm; /* allocate memory for connection */ if ((ssl_comm = malloc(sizeof *ssl_comm)) == NULL){ return EXIT_FAILURE; /* obtain a socket for communication with a client */ if ((ssl_comm->fd = accept_client(listen_fd, ssl_comm)) == -1){ free(ssl_comm); return EXIT_FAILURE; /* create an SSL connection */ ssl_comm->ssl = SSL_new(context); /* associate the SSL connection with the obtained file descriptor */ SSL_set_fd(ssl_comm->ssl, ssl_comm->fd); /* accept the SSL connection */ if (SSL_accept(ssl_comm->ssl) == -1){ r_close(ssl_comm->fd); SSL_free(ssl_comm->ssl); free(ssl_comm); /* request authenticating certificate */ if ((server_cert = SSL_get_peer_certificate(ssl_con)) == NULL){ return -1; /* check for a matching certificate in the trusted certificates */ if (SSL_get_verify_result(ssl_con)!= X509_V_OK){ return -1; Appendix C - Termina tion Stage #include <unistd.h> #include <ssl.h> /* request that the SSL session be terminated */ SSL_shutdown(ssl_con); /* release memory for the SSL data structures */ SSL_free(ssl_con); SSL_CTX_free(context); /* close the open file descriptor */ r_close(comm_fd); 6
8 References [1] Kaufman et al. Network Security: Private Communication is a Public World. Prentice Hall, [2] Transport Layer Security. Wikipedia. Retrieved from n.wikipedia.org/wiki/secure_sockets_layer on March 29, [3] Welcome to the OpenSSL Project. OpenSSL. Retrieved from on March 29,
Programming Internet with Socket API. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
Programming Internet with Socket API Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 10/19/2015 CSCI 445 - Fall 2015 1 Acknowledgements Some pictures
More informationTutorial on Socket Programming
Tutorial on Socket Programming Computer Networks - CSC 458 Department of Computer Science Hao Wang (Slides are mainly from Seyed Hossein Mortazavi, Monia Ghobadi, and Amin Tootoonchian, ) 1 Outline Client-server
More informationIn OpenSSL, an Secure Socket Layer connection is represented by an SSL object. An SSL object is created by a factory object called SSL_CTX.
Secure Socket Layer Lesson Outline Use BIO objects to create SSL connections. Create an SSL connection. Let the client authenticate the server and the server authenticate the client by means of certificates
More informationCSE 333 Section 8 - Client-Side Networking
CSE 333 Section 8 - Client-Side Networking Welcome back to section! We re glad that you re here :) Networking Quick Review What are the following protocols used for? (bonus: what layer of the networking
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationMSc Integrated Electronics Networks Assignment. Investigation of TCP/IP Sockets and Ports. Gavin Cameron
MSc Integrated Electronics Networks Assignment Investigation of TCP/IP Sockets and Ports Gavin Cameron Introduction TCP and IP (Transmission Control Protocol / Internet Protocol) are two protocols from
More informationThe Berkeley Sockets API. Networked Systems Architecture 3 Lecture 4
The Berkeley Sockets API Networked Systems Architecture 3 Lecture 4 The Berkeley Sockets API Widely used low-level C networking API First introduced in 4.3BSD Unix Now available on most platforms: Linux,
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationNetwork Programming in C: The Berkeley Sockets API. Networked Systems 3 Laboratory Sessions
Network Programming in C: The Berkeley Sockets API Networked Systems 3 Laboratory Sessions The Berkeley Sockets API Widely used low-level C networking API First introduced in 4.3BSD Unix Now available
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationCSMC 412. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala Set 2. September 15 CMSC417 Set 2 1
CSMC 412 Computer Networks Prof. Ashok K Agrawala 2015 Ashok Agrawala Set 2 September 15 CMSC417 Set 2 1 Contents Client-server paradigm End systems Clients and servers Sockets Socket abstraction Socket
More informationSockets Sockets Communication domains
Sockets Sockets The original method for process communication in UNIX is pipes. A disadvantage with pipes is that they can only be used by processes that have the same parent process. When communicating
More informationSection 3: File I/O, JSON, Generics. Meghan Cowan
Section 3: File I/O, JSON, Generics Meghan Cowan POSIX Family of standards specified by the IEEE Maintains compatibility across variants of Unix-like OS Defines API and standards for basic I/O: file, terminal
More informationNetwork Programming in C. Networked Systems 3 Laboratory Sessions and Problem Sets
Network Programming in C Networked Systems 3 Laboratory Sessions and Problem Sets Lab Timetable, Aims, and Objectives Teaching Week Activity 14 Introduction 15 Warm-up exercise 16 17 Web client 18 19 20
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCS4700/CS5700 Fundamentals of Computer Networking
CS4700/CS5700 Fundamentals of Computer Networking Prof. Alan Mislove Lecture 3: Crash course in socket programming September 10th, 2009 Project 0 Goal: Familiarize you with socket programming in C Implement
More informationCLIENT-SIDE PROGRAMMING
CLIENT-SIDE PROGRAMMING George Porter Apr 11, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These slides
More informationPresented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis
2 nd Assignment of Comm. Sys. & Computer N.W Department of Information Technology, Institute of Graduate Studies and Research, University of Alexandria, Egypt. Presented by: Ahmed Atef Elnaggar Supervisor:
More informationComputer Networks Prof. Ashok K. Agrawala
CMSC417 Computer Networks Prof. Ashok K. Agrawala 2018Ashok Agrawala September 6, 2018 Fall 2018 Sept 6, 2018 1 Overview Client-server paradigm End systems Clients and servers Sockets Socket abstraction
More informationTCP: Three-way handshake
Sockets in C 1 Sockets in C The slides by themselves will not be sufficient to learn how to write socket code. If you did not attend class, then you will want to review the relevant chapters in Kerrisk
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationNETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science
NETWORK PROGRAMMING CSC- 341 25 Instructor: Junaid Tariq, Lecturer, Department of Computer Science 26 9 Lecture Sockets as means for inter-process communication (IPC) application layer Client Process Socket
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 15 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture The network layer
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationElementary TCP Sockets
Elementary TCP Sockets Chapter 4 UNIX Network Programming Vol. 1, Second Ed. Stevens Distributed Computer Systems 1 socket interface Application 1 Application 2 socket interface user kernel user kernel
More informationUDP CONNECT TO A SERVER
UDP The User Datagram Protocol Stefan D. Bruda Winter 2018 Very similar to the TCP in terms of API Dissimilar with TCP in terms of innards (and hence programming techniques) Many-to-many communication.
More informationIntroduction to SSL. Copyright 2005 by Sericon Technology Inc.
Introduction to SSL The cornerstone of e-commerce is a Web site s ability to prevent eavesdropping on data transmitted to and from its site. Without this, consumers would justifiably be afraid to enter
More informationCSE 333 Lecture 16 - network programming intro
CSE 333 Lecture 16 - network programming intro Hal Perkins Department of Computer Science & Engineering University of Washington Today Network programming - dive into the Berkeley / POSIX sockets API -
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationCSE 333 SECTION 3. POSIX I/O Functions
CSE 333 SECTION 3 POSIX I/O Functions Administrivia Questions (?) HW1 Due Tonight Exercise 7 due Monday (out later today) POSIX Portable Operating System Interface Family of standards specified by the
More informationNETWORK AND SYSTEM PROGRAMMING
NETWORK AND SYSTEM PROGRAMMING LAB 16 ELEMENTARY UDP SOCKETS The UDP protocol is connectionless and adds unreliability to the application. Each packet that is sent by the client or server is not acknowledged
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationThe User Datagram Protocol
The User Datagram Protocol Stefan D. Bruda Winter 2018 UDP Very similar to the TCP in terms of API Dissimilar with TCP in terms of innards (and hence programming techniques) Many-to-many communication.
More informationA Socket Example. Haris Andrianakis & Angelos Stavrou George Mason University
A Socket Example & George Mason University Everything is a file descriptor Most socket system calls operate on file descriptors Server - Quick view socket() bind() listen() accept() send(), recv() close()
More informationSocket Programming. #In the name of Allah. Computer Engineering Department Sharif University of Technology CE443- Computer Networks
#In the name of Allah Computer Engineering Department Sharif University of Technology CE443- Computer Networks Socket Programming Acknowledgments: Lecture slides are from Computer networks course thought
More informationE-Commerce/Web Security
E-Commerce/Web Security Prepared For: Software Engineering 4C03 Kartik Sivaramakrishnan McMaster University 2005 Prepared by James Allin 9902847 1.0 - Introduction... 3 2.0 - E-Commerce Transaction Overview...
More informationCSC209H Lecture 9. Dan Zingaro. March 11, 2015
CSC209H Lecture 9 Dan Zingaro March 11, 2015 Socket Programming (Kerrisk Ch 56, 57, 59) Pipes and signals are only useful for processes communicating on the same machine Sockets are a general interprocess
More informationSocket Programming TCP UDP
Socket Programming TCP UDP Introduction Computer Network hosts, routers, communication channels Hosts run applications Routers forward information Packets: sequence of bytes contain control information
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationNetworked Applications: Sockets. End System: Computer on the Net
Networked Applications: Sockets Topics Programmer s view of the Internet Sockets interface End System: Computer on the Net Internet Also known as a host 2 Page 1 Clients and Servers Client program Running
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationCS 3516: Computer Networks
Welcome to CS 3516: Prof. Yanhua Li Time: 9:00am 9:50am M, T, R, and F Location: AK219 Fall 2018 A-term 1 Some slides are originally from the course materials of the textbook Computer Networking: A Top
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationUnix Network Programming
Introduction to Computer Networks Polly Huang EE NTU Unix Network Programming The socket struct and data handling System calls Based on Beej's Guide to Network Programming 1 The Unix Socket A file descriptor
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationCSCI 415 Computer Networks Homework 2 Due 02/13/08
CSCI 415 Computer Networks Homework 2 Due 02/13/08 Saad Mneimneh Computer Science Hunter College of CUNY Problem 1 Consider the following server and client C++ code that we saw in class: server.c #include
More informationProject 3. Reliable Data Transfer over UDP. NTU CSIE Computer Networks 2011 Spring
Project 3 Reliable Data Transfer over UDP NTU CSIE Computer Networks 2011 Spring Project Goal In Project 3, students are asked to understand and implement reliable data transfer mechanism over UDP. UDP
More informationIntroduction and Overview Socket Programming Lower-level stuff Higher-level interfaces Security. Network Programming. Samuli Sorvakko/Trusteq Oy
Network Programming Samuli Sorvakko/Trusteq Oy Telecommunications software and Multimedia Laboratory T-110.4100 Computer Networks January 29, 2013 Agenda 1 Introduction and Overview 2 Socket Programming
More informationContent and Purpose of This Guide... 1 User Management... 2
Contents Introduction--1 Content and Purpose of This Guide........................... 1 User Management........................................ 2 Security--3 Security Features.........................................
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationPorts under 1024 are often considered special, and usually require special OS privileges to use.
1 2 Turns out that besides an IP address (used by the IP layer), there is another address that is used by TCP (stream sockets) and, coincidentally, by UDP (datagram sockets). It is the port number. It's
More informationCS118 Discussion 1B, Week 1. Taqi Raza BUNCHE 1209B, Fridays 12:00pm to 1:50pm
CS118 Discussion 1B, Week 1 Taqi Raza BUNCHE 1209B, Fridays 12:00pm to 1:50pm 1 TA Taqi, PhD student in Computer Networking Discussion (1B): Bunche 1209, Fri 12:00 1:50 p.m. Office hours: Boelter Hall
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 9 1 Announcements Assignment 1 Graded (out of 100) Max: 95 Min: 50 Mean: 77.33
More informationµroar Manual Philipp ph3-der-loewe Schafft
µroar Manual Philipp ph3-der-loewe Schafft April 26, 2010 Contents Contens 1 1 Programming with libmuroar 2 1.1 Connecting to sever and creation of streams............ 2 1.2 Portable IO with extended IO
More informationApache Security with SSL Using FreeBSD
Apache Security with SSL Using FreeBSD cctld Workshop February 14, 2007 Hervey Allen Network Startup Resource Center Some SSL background Invented by Netscape for secure commerce. Only available using Netscape
More informationSSL, Credit Card Transactions. CS174 Chris Pollett Nov. 5, 2007.
SSL, Credit Card Transactions CS174 Chris Pollett Nov. 5, 2007. Outline HTTPS and the Secure Socket Layer Credit Card Transactions HTTPS and the Secure Socket Layer When we use HTTP to browse the web,
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More information1 /* client.c - adapted from code for example client program that uses TCP */ 2 /*Modified by Vincent Chu, Winter
1 /* client.c - adapted from code for example client program that uses TCP */ 2 /*Modified by Vincent Chu, Winter 2004. 3 http://www.sfu.ca/~vwchu 4 chuvincent (at) gmail (dot) com 5 */ 6 7 #define closesocket
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationCS 155 Final Exam. CS 155: Spring 2012 June 11, 2012
CS 155: Spring 2012 June 11, 2012 CS 155 Final Exam This exam is open books and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationData Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II
Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Hello and welcome to today's lecture on secured communication.
More informationA Client-Server Exchange
Socket programming A Client-Server Exchange A server process and one or more client processes Server manages some resource. Server provides service by manipulating resource for clients. 1. Client sends
More informationFiles. Eric McCreath
Files Eric McCreath 2 What is a file? Information used by a computer system may be stored on a variety of storage mediums (magnetic disks, magnetic tapes, optical disks, flash disks etc). However, as a
More informationConnectUPS-X / -BD /-E How to use and install SSL, SSH
ConnectUPS-X /-BD /-E product family Root CA Certificate installation Rev. B Page 1/16 Index 1. How to use and install SSL (Secure Socket Layer)...3 1.1. General Certificate warning message if not installed...3
More informationToday s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice
Today s Lecture Secure Communication Tom Chothia Computer Security, Lecture 8 Protocols in and ob notation Some Key Establishment Protocol Secure Sockets Layer (SSL) / Transport Later Security (TLS) Certificates
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationCSE 124 Discussion Section Sockets Programming 10/10/17
CSE 124 Discussion Section Sockets Programming 10/10/17 Topics What s a socket? Creating a socket Connecting a socket Sending data Receiving data Resolving URLs to IPs Advanced socket options Live code
More informationNetworks. Practical Investigation of TCP/IP Ports and Sockets. Gavin Cameron
Networks Practical Investigation of TCP/IP Ports and Sockets Gavin Cameron MSc/PGD Networks and Data Communication May 9, 1999 TABLE OF CONTENTS TABLE OF CONTENTS.........................................................
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationA Proposed Method for Cryptography using Random Key and Rotation of Text
Volume 6, No.2, March - April 2017 Mousumi Ghanti et al., International Journal of Advanced Trends in Computer Science and Engineering, 6(2), March - April 2017, 18-22 Available Online at http://www.warse.org/ijatcse/static/pdf/file/ijatcse03622017.pdf
More informationSocket programming in C
Socket programming in C Sven Gestegård Robertz September 2017 Abstract A socket is an endpoint of a communication channel or connection, and can be either local or over the network.
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationIntegrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise
System z Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6880-00 System z Integrating the Hardware Management Console s Broadband Remote Support
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationProcesses communicating. Network Communication. Sockets. Addressing processes 4/15/2013
Processes communicating Network Communication Process: program running within a host. within same host, two processes communicate using inter-process communication (defined by OS). processes in different
More informationSockets. Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University Embedded Software Lab.
1 Sockets Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University http://nyx.skku.ac.kr Internet Connections (1) 2 Connection Clients and servers communicate by sending streams of bytes over
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationSTUDY OF SOCKET PROGRAMMING
STUDY OF SOCKET PROGRAMMING Sockets : An application programming interface(api) used for inter process communication. Sockets allow communication between two different processes on the same or different
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationCS4514 B08 HELP Session 1
CS4514 B08 HELP Session 1 Presented by Choong-Soo Lee clee01@cs.wpi.edu CS4514 TCP/IP Socket Programming Outline Project 1 Overview Unix Network Programming TCP Client TCP Server Processing commands How
More informationSocket Programming 2007/03/28
Socket Programming 2007/03/28 Reference W. Richard Stevens, Unix Network Programming 2/e Volume 1,1998 James F. Kurose and Keith W. Ross, "Computer Networks: A Top-Down Approach Featuring the Internet
More informationCSc 450/550 Computer Networks Network Architectures & Client-Server Model
CSc 450/550 Computer Networks Network Architectures & Client-Server Model Jianping Pan Summer 2007 5/17/07 CSc 450/550 1 Last lectures So far, nuts and bolts views of the Internet Internet evolution and
More informationIntroduction to Client-Server Model
Preview Introduction to Client-Server Model Motivation of Client-Server Model Terminologies and Concepts in Client-Server Model Connectionless vs. Connection-Oriented Stateless vs. Stateful Server Identify
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More informationLab 0. Yvan Petillot. Networks - Lab 0 1
Lab 0 Yvan Petillot Networks - Lab 0 1 What You Will Do In This Lab. The purpose of this lab is to help you become familiar with the UNIX/LINUX on the lab network. This means being able to do editing,
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationProgramming with TCP/IP. Ram Dantu
1 Programming with TCP/IP Ram Dantu 2 Client Server Computing Although the Internet provides a basic communication service, the protocol software cannot initiate contact with, or accept contact from, a
More informationINTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET
INTERNET & WORLD WIDE WEB (UNIT-1) MECHANISM OF INTERNET 1. INTRODUCTION Hello friends are topic is Internet and World Wide Web the most popular services of our topic is social networking and online shopping
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationProblem 1: Concepts (Please be concise)
Problem 1: Concepts (Please be concise) 1) Consider the use of threads vs. the select() system call for asynchronous I/O. Name one advantage of each approach. 2) Consider a dynamically allocated linked-list
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More information