Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Similar documents
Transport Level Security

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

But where'd that extra "s" come from, and what does it mean?

Overview. SSL Cryptography Overview CHAPTER 1

Digital Certificates Demystified

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

E-commerce security: SSL/TLS, SET and others. 4.1

PROVING WHO YOU ARE TLS & THE PKI

Transport Layer Security

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Chapter 6: Security of higher layers. (network security)

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Chapter 8 Web Security

Information Security CS 526

Internet security and privacy

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CSCE 715: Network Systems Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

UNIT - IV Cryptographic Hash Function 31.1

Crypto meets Web Security: Certificates and SSL/TLS

Displaying SSL Configuration Information and Statistics

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

SSL/TLS. How to send your credit card number securely over the internet

Managing SSL certificates in the ServerView Suite

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

HTTPS Setup using mod_ssl on CentOS 5.8. Jeong Chul. tland12.wordpress.com. Computer Science ITC and RUPP in Cambodia

Configuring SSL Security

Defending Computer Networks Lecture 23: Transport Layer Security. Stuart Staniford Adjunct Professor of Computer Science

Trust Infrastructure of SSL

Key Management and Distribution

CS Certificates, part 2. Prof. Clarkson Spring 2017

Configuring SSL CHAPTER

Using Cryptography CMSC 414. October 16, 2017

CS November 2018

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Public Key Infrastructure. What can it do for you?

Today s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice

Configuring SSL. SSL Overview CHAPTER

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Chapter 4: Securing TCP connections

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

When HTTPS Meets CDN

CIS 5373 Systems Security

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

Key Management and Distribution

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Securing Communications with your Apache HTTP Server. Lars Eilebrecht

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Understanding Traffic Decryption

Configuring SSL. SSL Overview CHAPTER

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

How to Configure SSL Interception in the Firewall

Managing Certificates

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Security Fundamentals

Introduction and Overview. Why CSCI 454/554?

Securing Network Communications

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

and Web Security

Securing Internet Communication: TLS

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CIP Security Phase 1 Secure Transport for EtherNet/IP

Configuring Secure Socket Layer HTTP

Configuring Secure Socket Layer HTTP

Introduction to Cryptography Lecture 11

and Web Security

1.264 Lecture 28. Cryptography: Asymmetric keys

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Security Protocols and Infrastructures. Winter Term 2010/2011

Datasäkerhetsmetoder föreläsning 7

Web as a Distributed System

Cryptography (Overview)

BlackBerry Dynamics Security White Paper. Version 1.6

Cipher Suite Configuration Mode Commands

Lecture 2 Applied Cryptography (Part 2)

Uniform Resource Locators (URL)

Securing Internet Communication

Public-key Infrastructure Options and choices

Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics

Server-based Certificate Validation Protocol

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

How to Configure SSL Interception in the Firewall

SSL/TLS Vulnerability Detection Using Black Box Approach

securing a host Matsuzaki maz Yoshinobu

Understanding HTTPS CRL and OCSP

Diffie-Hellman. Part 1 Cryptography 136

Overview of Authentication Systems

Securing MQTT. #javaland

White Paper for Wacom: Cryptography in the STU-541 Tablet

Introduction to Cryptography Lecture 11

CSE 565 Computer Security Fall 2018

Transcription:

Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1

History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent and secure transactions. In 1997 an Open Source version of Netscape s patented version was created, which is now OpenSSL. In 1999 the existing protocol was extended by a version now known as Transport Layer Security (TLS). By convention, the term "SSL" is used even when technically the TLS protocol is being used. 2

SSL/TLS Protocol Application (HTTP) Encrypted SSL/TLS data [HTTP] Transport (TCP) Internet Network Access 3

TLS/SSL: What it does Confidentiality Encryption Integrity Keyed hash (HMAC): TLS (authentication!) Hash (MAC): SSL Authentication certificates 4

SSL/TLS Operations Client connects to the server To access a resource Public-key cryptography during initial handshake to authenticate and exchange session keys PKI (X.509 Certificates) Symmetric key cryptography to encrypt and hash data Master secret (shared secret) generated Separate Encryption and Hashing keys from the master secret 5

How SSL/TLS Works Part 1 CLIENT SERVER PKI SSL Handshake Phase Sends Hello Supported algorithms, random number 1 Message Algorithms, random number 2 Authentication Server Generates random value (pre-master secret & encrypts it with the server s public key) 4 Certificate Encrypted pre-master secret 5 6 3 Sends Hello Message Sends Certificates Decrypts to retrieve pre-master secret Calculates Keys 7 7 Calculates Keys Sends finished message Master Secret (shared) Encryption key Hashing key 8 8 Sends finished message SSL Data Transfer Phase 9 Data 9 Encrypted data 6

PKI public key infra Digital (X.509) certificates associates a public key with an individual or organization public key of the subject! Version Serial Number Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer ID Subject ID Extensions (CRL) 7

PKI Chain of Trust Root CA Self-signed Issue and sign ICA s certificate Intermediate CA Issue and sign EE certificate Root CA ICA ICA EE EE EE EE End Entity 8

PKI Example Client (browser) sends https request to google.com browsers have trusted CA certificates stored Web server sends back google.com s certificate Signed by Google ICA, plus Google ICA s certificate signed by root CA (GeoTrust) Verify the certificates up the chain of trust Once successfully verified, use the public key Root CA Cert Signature (self-signed) google.com Cert Signature (signed by ICA) ICA Cert Signature (signed by root) 9

How SSL/TLS Works Part 2 CLIENT SERVER Symmetric Encryption SSL Handshake Phase Sends Hello Supported algorithms, random number 1 Message Algorithms, random number 2 Authentication Server Generates random value (pre-master secret & encrypts it with the server s public key) 4 Certificate Encrypted pre-master secret 5 6 3 Sends Hello Message Sends Certificates Decrypts to retrieve pre-master secret Calculates Keys 7 7 Calculates Keys Sends finished message Master Secret (shared) Encryption key Hashing key 8 8 Sends finished message SSL Data Transfer Phase 9 Data 9 Encrypted data 10

Symmetric Encryption Once the server s public key is verified up the chain of trust The client generates a pre-master secret C-random & S-random Sends to the server encrypted with server s public key Both client and server generates the Master Secret Uses the pre-master secret, C-random, and S-random with the agreed key exchange cipher (eg: DH) Separate Encryption and Hashing keys generated from the Master secret All future communication hashed and encrypted using the symmetric keys 11

Trusted vs Non-trusted Certificate 12

Certificate Authority 13

Chinese CA WoSign faces revocation after issuing fake certificates of Github, Microsoft and Alibaba https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/k9pbmylci8i/discussion 14

15 Introducing Let s Encrypt An open source CA Proof your domain to get your digital (TLS/SSL) certificate https://letsencrypt.org

16 Let s Encrypt chain Let s Encrypt ICA (X3) cross-signed by DST (IdenTrust) Until ISRG (Internet Security Research Group) is trusted by everyone

17 Introducing Let s Encrypt Browsers and OS https://community.letsencrypt.org/t/which-browsers-andoperating-systems-support-lets-encrypt/4394 Check your browser https://wiki.apnictraining.net (signed by Let s Encrypt)

LAB http:/ca.apnictraining.net/root-cert 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback