Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
|
|
- Anabel Fitzgerald
- 6 years ago
- Views:
Transcription
1 Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1
2 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent and secure transactions. In 1997 an Open Source version of Netscape s patented version was created, which is now OpenSSL. In 1999 the existing protocol was extended by a version now known as Transport Layer Security (TLS). By convention, the term "SSL" is used even when technically the TLS protocol is being used. 2
3 SSL/TLS Protocol Application (HTTP) Encrypted SSL/TLS data [HTTP] Transport (TCP) Internet Network Access 3
4 TLS/SSL: What it does Confidentiality Encryption Integrity Keyed hash (HMAC): TLS (authentication!) Hash (MAC): SSL Authentication certificates 4
5 SSL/TLS Operations Client connects to the server To access a resource Public-key cryptography during initial handshake to authenticate and exchange session keys PKI (X.509 Certificates) Symmetric key cryptography to encrypt and hash data Master secret (shared secret) generated Separate Encryption and Hashing keys from the master secret 5
6 How SSL/TLS Works Part 1 CLIENT SERVER PKI SSL Handshake Phase Sends Hello Supported algorithms, random number 1 Message Algorithms, random number 2 Authentication Server Generates random value (pre-master secret & encrypts it with the server s public key) 4 Certificate Encrypted pre-master secret Sends Hello Message Sends Certificates Decrypts to retrieve pre-master secret Calculates Keys 7 7 Calculates Keys Sends finished message Master Secret (shared) Encryption key Hashing key 8 8 Sends finished message SSL Data Transfer Phase 9 Data 9 Encrypted data 6
7 PKI public key infra Digital (X.509) certificates associates a public key with an individual or organization public key of the subject! Version Serial Number Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer ID Subject ID Extensions (CRL) 7
8 PKI Chain of Trust Root CA Self-signed Issue and sign ICA s certificate Intermediate CA Issue and sign EE certificate Root CA ICA ICA EE EE EE EE End Entity 8
9 PKI Example Client (browser) sends https request to google.com browsers have trusted CA certificates stored Web server sends back google.com s certificate Signed by Google ICA, plus Google ICA s certificate signed by root CA (GeoTrust) Verify the certificates up the chain of trust Once successfully verified, use the public key Root CA Cert Signature (self-signed) google.com Cert Signature (signed by ICA) ICA Cert Signature (signed by root) 9
10 How SSL/TLS Works Part 2 CLIENT SERVER Symmetric Encryption SSL Handshake Phase Sends Hello Supported algorithms, random number 1 Message Algorithms, random number 2 Authentication Server Generates random value (pre-master secret & encrypts it with the server s public key) 4 Certificate Encrypted pre-master secret Sends Hello Message Sends Certificates Decrypts to retrieve pre-master secret Calculates Keys 7 7 Calculates Keys Sends finished message Master Secret (shared) Encryption key Hashing key 8 8 Sends finished message SSL Data Transfer Phase 9 Data 9 Encrypted data 10
11 Symmetric Encryption Once the server s public key is verified up the chain of trust The client generates a pre-master secret C-random & S-random Sends to the server encrypted with server s public key Both client and server generates the Master Secret Uses the pre-master secret, C-random, and S-random with the agreed key exchange cipher (eg: DH) Separate Encryption and Hashing keys generated from the Master secret All future communication hashed and encrypted using the symmetric keys 11
12 Trusted vs Non-trusted Certificate 12
13 Certificate Authority 13
14 Chinese CA WoSign faces revocation after issuing fake certificates of Github, Microsoft and Alibaba 14
15 15 Introducing Let s Encrypt An open source CA Proof your domain to get your digital (TLS/SSL) certificate
16 16 Let s Encrypt chain Let s Encrypt ICA (X3) cross-signed by DST (IdenTrust) Until ISRG (Internet Security Research Group) is trusted by everyone
17 17 Introducing Let s Encrypt Browsers and OS Check your browser (signed by Let s Encrypt)
18 LAB 18
Transport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More informationChapter 6: Security of higher layers. (network security)
Chapter 6: Security of higher layers (network security) Outline TLS SET 1. TLS History of TLS SSL = Secure Socket Layer defined by Netscape normalized as TLS TLS = Transport Layer Security between TCP
More informationTLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationManaging SSL certificates in the ServerView Suite
Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition August 201/ Comments Suggestions Corrections The
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationHTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia
HTTPS Setup using mod_ssl on CentOS 5.8 Jeong Chul tland12.wordpress.com Computer Science ITC and RUPP in Cambodia HTTPS Setup using mod_ssl on CentOS 5.8 Part 1 Basic concepts on SSL Step 1 Secure Socket
More informationConfiguring SSL Security
CHAPTER9 This chapter describes how to configure SSL on the Cisco 4700 Series Application Control Engine (ACE) appliance. This chapter contains the following sections: Overview Configuring SSL Termination
More informationDefending Computer Networks Lecture 23: Transport Layer Security. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 23: Transport Layer Security Stuart Staniford Adjunct Professor of Computer Science Logis;cs Apologies again for last Thursday HW 4 due tomorrow No class this Thursday
More informationTrust Infrastructure of SSL
Trust Infrastructure of SSL CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL Trust 1 SSL/TLS The main workhorse of secure Internet communication. Everyday, billions of
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCS Certificates, part 2. Prof. Clarkson Spring 2017
CS 5430 Certificates, part 2 Prof. Clarkson Spring 2017 Review: Certificates Digital certificate is a signature binding together: identity of principal public key of that principal (might be encryption
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationToday s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice
Today s Lecture Secure Communication Tom Chothia Computer Security, Lecture 8 Protocols in and ob notation Some Key Establishment Protocol Secure Sockets Layer (SSL) / Transport Later Security (TLS) Certificates
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationWhen HTTPS Meets CDN
When HTTPS Meets CDN A Case of Authentication in Delegated Service Jinjin Liang 1, Jian Jiang 1, Haixin Duan 1, Kang Li 2, Tao Wan 3, Jianping Wu 1 1 Tsinghua University 2 University of Georgia 3 Huawei
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate
More informationLet's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX
Let's Encrypt - Free SSL certificates for the masses Pete Helgren Bible Study Fellowship International San Antonio, TX Agenda Overview of data security Encoding and Encryption SSL and TLS Certficate options
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationSecuring Communications with your Apache HTTP Server. Lars Eilebrecht
with your Apache HTTP Server Lars Eilebrecht Lars@apache.org About Me Lars Eilebrecht Independent IT Consultant Contributor to the Apache HTTP Server project since 1996 Member of the ASF Security Team
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationIntegrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise
System z Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6880-00 System z Integrating the Hardware Management Console s Broadband Remote Support
More informationHow to Configure SSL Interception in the Firewall
Most applications encrypt outgoing connections with SSL or TLS. SSL Interception decrypts SSL-encrypted traffic to allow Application Control features (such as the Virus Scanner, ATD, URL Filter, Safe Search,
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationUniversität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2
Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationSecuring Network Communications
Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange
More informationCryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography - SSH Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 What is Secure Authentication I know who I am talking to Our communication is Encrypted Telnet Servers Terminal
More informationand Web Security
Email and Web Security Computer Security Lecture 15 David Aspinall School of Informatics University of Edinburgh 3rd March 2008 Outline Secure Email: PGP and S/MIME Issues of trust Web security: transport
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationCIP Security Phase 1 Secure Transport for EtherNet/IP
CIP Security Phase 1 Secure Transport for EtherNet/IP Brian Batke, Rockwell Automation Dennis Dubé, Schneider Electric Joakim Wiberg, HMS Industrial Networks October 14, 2015 The Need for a Secure Transport
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationIntroduction to Cryptography Lecture 11
Introduction to Cryptography Lecture 11 Factoring, computing discrete logs SSL / TLS Benny Pinkas page 1 1 Integer factorization The RSA and Rabin cryptosystems use a modulus N and are insecure if it is
More informationand Web Security
Email and Web Security Computer Security Lecture 14 Mike Just 1 School of Informatics University of Edinburgh 4th March 2010 1 Based on original lecture notes by David Aspinall Outline Secure Email: PGP
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationSecurity Protocols and Infrastructures. Winter Term 2010/2011
Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2 Contents Overview Record Protocol
More informationDatasäkerhetsmetoder föreläsning 7
Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management
More informationWeb as a Distributed System
Web as a Distributed System The World Wide Web is a large distributed system. In 1998 comprises 70-75% of Internet traffic. With large transfers of streaming media and p2p, no longer a majority of bytes,
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationBlackBerry Dynamics Security White Paper. Version 1.6
BlackBerry Dynamics Security White Paper Version 1.6 Page 2 of 36 Overview...4 Components... 4 What's New... 5 Security Features... 6 How Data Is Protected... 6 On-Device Data... 6 In-Transit Data... 7
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationSecuring Internet Communication
Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationPublic-key Infrastructure Options and choices
Public-key Infrastructure Options and choices Tim Moses Director, Advanced Security Technology April 98 1997 Entrust Technologies Overview General-purpose and Dedicated PKIs Trust models Two-key architecture
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics
Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationHow to Configure SSL Interception in the Firewall
Most applications encrypt outgoing connections with SSL or TLS. SSL Interception decrypts SSL-encrypted HTTPS and SMTPS traffic to allow Application Control features (such as the Virus Scanner, ATP, URL
More informationSSL/TLS Vulnerability Detection Using Black Box Approach
Journal of Physics: Conference Series PAPER OPEN ACCESS SSL/TLS Vulnerability Detection Using Black Box Approach To cite this article: D Gunawan et al 2018 J. Phys.: Conf. Ser. 978 012121 View the article
More informationsecuring a host Matsuzaki maz Yoshinobu
securing a host Matsuzaki maz Yoshinobu Hardening a host Differs per operating system Windows: users can not be trusted to make security related decisions in almost all cases OS X : make
More informationUnderstanding HTTPS CRL and OCSP
Understanding HTTPS CRL and OCSP Santhosh J PKI Body of Knowledge: Development & Dissemination Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationSecuring MQTT. #javaland
Securing MQTT #javaland 2017 www.bestppt.com INTRODUCTION Dominik Obermaier @dobermai Disclaimer Obligatory Disclaimer: All security suggestions and guidelines in this talk are collected from real-world
More informationWhite Paper for Wacom: Cryptography in the STU-541 Tablet
Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5
More informationIntroduction to Cryptography Lecture 11
Introduction to Cryptography Lecture 11 Benny Pinkas page 1 Certification Authorities (CA) A method to bootstrap trust Start by trusting a single party and knowing its public key Use this to establish
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More information