Transport Layer Security
|
|
- Gwendolyn Matthews
- 6 years ago
- Views:
Transcription
1 CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University
2 Web Security Considerations Web is client/server application over Internet Internet is 2-way, unlike traditional publishing Many businesses depend on web Underlying software is very complex browsers, web servers easy to use, configure however, software hide many security flaws Attack on web servers can harm other computers within organization Many users don t know enough to handle risks 2
3 Web Security Threats 3
4 Web Security Approaches IPSec Transparent to applications General purpose Filtering capability SSL/TLS Part of protocol, thus, transparent to applications or embedded into packages (e.g. browsers) Kerberos, S/MIME/PGP Embedded into packages Can be tailored to specific application needs 4
5 Secure Socket Layer (SSL) Originated by Netscape (SSLv3) Transport Layer Security developed by IETF TLS = SSLv3.1, backward compatible v3 Discussion is mainly for SSLv3 5
6 SSL Architecture Designed to work with TCP Provide end-to-end reliable service Two layers of protocols SSL record protocol provide services to upper protocols SSL Handshake, Change Cipher Spec, Alert used in management of SSL exchanges HTTP can operate on top of SSL 6
7 SSL Architecture 7
8 SSL Connections and Sessions Connection peer-to-peer relationship, transport layer transient associated with one session Session association between client, server created by Handshake Protocol define set of cryptographic security parameters parameters shared by multiple connections avoid negotiating new parameters/connection 8
9 Session State Parameters Session identifier Peer certificate X.509v3 certificate of the peer Compression method Cipher spec encryption algorithm (e.g. AES), hash (MD5) Master secret key shared between client, server Is resumable 9
10 Connection State Parameters Server and client random Server MAC secret Client MAC secret Server write key Client write key Initialization vector IV used with CBC mode Sequence numbers secret keys used in MAC operations secret encryption keys 10
11 SSL Record Protocol Provides two services to SSL connections confidentiality: encryption of SSL payloads message integrity: using MAC Steps fragmentation: to blocks of 2 14 bytes compression: optional MAC: of compressed data, secret key used encryption: symmetric block or stream cipher prepending header 11
12 SSL Record Protocol 12
13 SSL Record Format header 13
14 SSL Record Protocol Payload 14
15 Change Cipher Spec Protocol Consists of single message change_cipher_spec single byte, value = 1 Cause pending state to be copied to current updates cipher suite to be used on connection 15
16 Alert Protocol Convey SSL related alerts to peer entity Alert messages compressed, encrypted Consists of 2 bytes First byte take values warning (1), fatal (2) Fatal SSL terminates connection other connections in same session continue no new connections allowed Second byte contains code of specific alert 16
17 Handshake Protocol Most complex part of SSL Allows server and client to authenticate each other negotiate algorithms, keys used (crypt, MAC) Used before any application data transmitted Consists of 4 phases 17
18 18
19 Phase 1: Establish Security Capabilities Initiate logical connection Establish associated security capabilities client_hello message version: highest supported SSL version CipherSuite: list of supported crypt algorithms in decreasing order of preference server_hello message version: highest supported by both client, server CipherSuite: selected suite from proposed list 19
20 Phase 2: Server Authentication and Key Exchange certificate message server sends its X.509 certificate or chain certificate_key_exchange message parameters for key exchange required by some algorithms (no shared key) certificate_request message list of acceptable certificate authorities server_done message indicate end of server hello messages 20
21 Phase 3: Client Authentication and Key Exchange Client verifies server certificate is valid Check that parameters are acceptable certificate_message sent if server requested certificate client_key_exchange message parameters for key exchange certificate_verify message optional, for some certificate types 21
22 Phase 4: Finish Completes setting up secure connection change_cipher_spec message sent using Change Cipher Spec protocol finished message sent with established algorithms, keys verifies key exchange, auth were successful 22
23 TLS Differences From SSL Version number MAC algorithm and scope of calculation Pseudorandom function Alert codes: one unsupported, many added Client certificate types: some unsupported Hash calculation for messages certificate_verify finished 23
24 HTTPS HTTP over SSL/TLS Secure comm between web server and browser Supported by all modern web browsers Use depends on web server 24
25 HTTPS 25
26 HTTPS 26
27 Encrypted Elements URL of requested document Contents of the document Contents of browser filled forms Cookies (both sides) HTTP headers 27
28 Secure Shell (SSH) Protocol for secure network communications Relatively simple and inexpensive Initially focused on remote login (TELNET) Later: general client/server capability file transfer X tunneling One of most pervasive encryption applications 28
29 Secure Shell (SSH) 29
30 SSH Protocols 30
31 Transport Layer Protocol (TLP) Server uses public key for authentication Server host key used during key exchange Client must know server s public key local database [hostname : key] no centrally administered infrastructure database can be large central CA: client only knows CA root key simpler maintenance host key must be centrally certified 31
32 Packet Exchanges Supported algorithms for key exchange encryption MAC compression see Table 16.3 Uses Diffie-Hellman Why use key exchange when we have public key? 32
33 Packet Formation compression decided during...? why padding? initialized to 0 incremented for each packet MAC not encrypted 33
34 User Authentication Protocol Authentication methods publickey C S: E(PRC, M).. where M contains PUC S checks PUC is acceptable, then verifies signature password plaintext password (protected by TLP encryption) hostbased SSH server verifies client s host believes host when it authenticates user 34
35 Connection Protocol Runs on top of SSH Transport Layer Protocol Assume secure auth connection (tunnel) in use Tunnel multiplex multiple logical channels Channel used for each type of communication e.g. terminal session flow controlled using window mechanism 35
36 Connection Protocol 36
37 Channel Types session remote execution of a program program: shell, file transfer, , x11 app run at server but displayed at client desktop forwarded-tcpip remote port forwarding direct-tcpip local port forwarding 37
38 Port Forwarding One of the most useful features of SSH Ability to secure any insecure TCP connection Also known as SSH Tunnel Two types local forwarding remote forwarding 38
39 Local Forwarding Source: 39
40 Remote Forwarding Source: 40
41 Additional References About SSL/TLS SSL/TLS Protocol overview Implementing Web Site Client Authentication Using Digital IDs Secure Sockets Layer (SSL) Protocol SSH Public-Key Authentication HOWTO Supported SSH channel types SSH Port Forwarding Local VS Remote 41
The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationLehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München ilab Lab 8 SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL
More informationSecurity Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel
Security Protocols Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel 1 Case Study: Host Access The first systems used telnet
More informationSecurity Protocols and Infrastructures. Winter Term 2010/2011
Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2 Contents Overview Record Protocol
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationChapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University
Chapter 7 WEB Security Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University +91 9426669020 bhargavigoswami@gmail.com Topic List 1. Web Security Considerations 2. Secure Socket Layer
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationUniversität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2
Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationTransport Layer Security
Cryptography and Security in Communication Networks Transport Layer Security ETTI - Master - Advanced Wireless Telecommunications Secure channels Secure data delivery on insecure networks Create a secure
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationChapter 12 Security Protocols of the Transport Layer
Chapter 12 Security Protocols of the Transport Layer Secure Socket Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) [NetSec], WS 2009/2010 12.1 Scope of Transport Layer Security Protocols
More informationChapter 5. Transport Level Security
Chapter 5 Transport Level Security Bhargavi H Goswami Assistant Professor Sunshine Group of Institutes Rajkot, Gujarat, India. Email: bhargavigoswami@gmail.com Topic List 1. Web Security Considerations
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationTLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
More informationSecure Remote Access: SSH & HTTPS
Secure Remote Access: SSH & HTTPS What is SSH? SSH Secure Shell SSH is a protocol for secure remote login and other secure network services over an insecure network developed by SSH Communications Security
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationSecurity Protocols and Infrastructures. Winter Term 2015/2016
Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 8: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents
More informationThe Secure Shell (SSH) Protocol
The Secure Shell (SSH) Protocol Mario Čagalj University of Split, FESB Introduction What is SSH? SSH is a protocol for secure remote login and other secure network services over an insecure network (RFC
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationSecurity Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 8: The Transport Layer Security Protocol (TLS) December 4, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Overview
More informationTRANSPORT-LEVEL SECURITY
CHAPTER TRANSPORT-LEVEL SECURITY 5.1 Web Security Considerations Web Security Threats Web Traffic Security Approaches 5.2 Secure Socket Layer and Transport Layer Security SSL Architecture SSL Record Protocol
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More informationPerformance Implications of Security Protocols
Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference
More informationIPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43
0/43 IPsec and SSL/TLS Applied Cryptography 0 Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, 2016 Cryptography in the TCP/IP stack application layer transport layer network layer data-link
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationINF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationProtocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationCSE543 Computer and Network Security Module: Network Security
CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationOpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12
OpenSSH ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 24th February 2006 1 / 12 SSH - History 1995 Tatu Ylonen releases ssh-1.0.0 (Forms SSH Communications
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted
UNDERSTANDING by Simson L. Garfinkel S ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted information over the Internet. Developed by Netscape Communications Corp., SSL was
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1516/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationNetwork Working Group Requests for Commments: 2716 Category: Experimental October 1999
Network Working Group Requests for Commments: 2716 Category: Experimental B. Aboba D. Simon Microsoft October 1999 Status of this Memo PPP EAP TLS Authentication Protocol This memo defines an Experimental
More informationChapter 6: Security of higher layers. (network security)
Chapter 6: Security of higher layers (network security) Outline TLS SET 1. TLS History of TLS SSL = Secure Socket Layer defined by Netscape normalized as TLS TLS = Transport Layer Security between TCP
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate
More informationSSL/TLS CONT Lecture 9a
SSL/TLS CONT Lecture 9a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 11, 2017 Source of some slides: University of Twente 2 HANDSHAKE PROTOCOL: KEY EXCHANGE AND AUTHENTICATION
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationSecuring Network Communications
Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise
More informationComing of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
More informationSSL/TLS. Pehr Söderman Natsak08/DD2495
SSL/TLS Pehr Söderman Pehrs@kth.se Natsak08/DD2495 1 Historical problems No general purpose security wrapper Kerberos doesn't cut it! Each protocol has it's own security layer SNMP, Ktelnet Or none at
More informationOutline. 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE
Outline 0 Topic 4.1: Securing Real-Time Communications 0 Topic 4.2: Transport Layer Security 0 Topic 4.3: IPsec and IKE 2 Securing Real-time Communications 0 In a real-time protocol, two parties negotiate
More informationPresented by: Ahmed Atef Elnaggar Supervisor: Prof. Shawkat K.Guirguis
2 nd Assignment of Comm. Sys. & Computer N.W Department of Information Technology, Institute of Graduate Studies and Research, University of Alexandria, Egypt. Presented by: Ahmed Atef Elnaggar Supervisor:
More informationAuthenticated Encryption in TLS
Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple
More informationTLS Extensions Project IMT Network Security Spring 2004
TLS Extensions Project IMT4101 - Network Security Spring 2004 Ole Martin Dahl [ole.dahl@hig.no] Torkjel Søndrol [torkjel.soendrol@hig.no] Fredrik Skarderud [fredrik.skarderud@hig.no] Ole Kasper Olsen [ole.olsen@hig.no]
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationIPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security
IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,
More informationApplication Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer
ISO/OSI Model SSL: Security at Transport Layer Application Layer Peer-to-peer Application Layer Network Security Assurance Presentation Layer Session Layer Transport Layer Presentation Layer Session Layer
More informationDatasäkerhetsmetoder föreläsning 7
Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management
More informationManaging SSL certificates in the ServerView Suite
Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition August 201/ Comments Suggestions Corrections The
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationTLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
More informationCS321: Computer Networks FTP, TELNET, SSH
CS321: Computer Networks FTP, TELNET, SSH Dr. Manas Khatua Assistant Professor Dept. of CSE IIT Jodhpur E-mail: manaskhatua@iitj.ac.in FTP File Transfer Protocol (FTP) is the standard protocol provided
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationCS669 Network Security
UNIT IV SECURITY PRACTICE Authentication applications Kerberos Kerberos Encryption Techniques PGP Radix64 IP Security Architecture Payload Key management Web security requirements SSL TLS SET Authentication
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationTLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationOverview of TLS v1.3 What s new, what s removed and what s changed?
Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Nils Gruschka University of Oslo Spring 2018 Introduction Nils Gruschka University Kiel (Diploma in Computer Science) T-Systems, Hamburg
More informationCOMPUTER SECURITY. Computer Security Secure Communication Channels (2)
COMPUTER SECURITY 7. Secure Communication Channels: 2 case studies (2) Technologies' case studies (2) WEP Wired Equivalent Privacy (3) IPsec Internet Protocol Security (11) SSL Secure Sockets Layer (25)
More informationSecurity analysis of DTLS 1.2 implementations
Bachelor thesis Computing Science Radboud University Security analysis of DTLS 1.2 implementations Author: Niels van Drueten s4496604 First supervisor/assessor: dr.ir. Joeri de Ruiter joeri@cs.ru.nl Second
More informationTLS/sRTP Voice Recording AddPac Technology
Secure IP Telephony Solution (TLS/SRTP Protocol) TLS/sRTP Voice Recording AddPac Technology 2015, Sales and Marketing www.addpac.com Contents Secure IP Telephony Service Diagram Secure VoIP Protocol &
More informationIntroduction to Cryptography Lecture 11
Introduction to Cryptography Lecture 11 Factoring, computing discrete logs SSL / TLS Benny Pinkas page 1 1 Integer factorization The RSA and Rabin cryptosystems use a modulus N and are insecure if it is
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More information