1 / 14

SSL : An Overview

SSL : An Overview. Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad. Overview. Brief Introduction to Public-Key Infrastructure Public-keys, Certificates & Digital Signatures Relevance to Electronic Commerce SSL Protocol details Cryptographic details.

anneke
Download Presentation

SSL : An Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad

  2. Overview • Brief Introduction to Public-Key Infrastructure • Public-keys, Certificates & Digital Signatures • Relevance to Electronic Commerce • SSL • Protocol details • Cryptographic details

  3. Internet Threats • Weak security in TCP/IP • Eavesdropping • Theft of valuable information • Fraud • Authentication • Non-repudiation Difficult to transform normal business practices into Internet usable form with such issues

  4. Small Intro to PKI • Problem Solved by PKI? • Secure communication over an insecure channel • Confidentiality, authentication, non-repudation and Integrity • Asymmetric key cryptography: one (public) key encrypts, the other (private) decrypts • The whole technique is public-key cryptography • Solutions: RSA, El-Gamal, ECC • Issues with PKI • Verifying the ownership and security of public-keys • High cost of computation when sending bulk data (RSA exponentiation)

  5. Addressing Issues in PKI • Digital signatures: encryption with private key, un-forgeable in real-time; verifiable with public-keys • Other critical uses as well : non-repudiation • Certificates: Public-keys that are digitally signed by a trusted-third party, e.g., a certifying authority (CA) • Catch22: Need the Public-key of the CA to verify! • Certificate hierarchy: A method used to verify certificates issued by CAs whose public-keys are not known • CAs sign exchange and sign each other’s public-keys securely • To reduce computational overhead PKI is generally used in as a vehicle to convey session keys • Reducing the overhead further without too many modifications to current PKI-based protocols is an open area

  6. X.509 v3 Certificate Attributes version (v3) serial number signature algorithm id issuer name criticality validity period flag subject name subject public key info issuer unique identifier subject unique identifier extn. a cf value extensions extn b cf value extn. c cf value CA’s signature Sharath Jeppu Can include any data, including graphics (GIF), video, audio, etc.

  7. Relevance to E-Commerce • Business model in electronic world • Customer shops for product using e-carts • Makes a payment in credit card • Gets confirmation of payment and delivery • Problems • How to secure the credit-card information when sent over a public network like Internet? • How to trust that the merchant has not charged more than what you ordered? • How to make the merchant is liable if the delivery is not made? • PKI solves these problems • Need appropriate protocols that work in real-time • And hence, SSL & SET

  8. SSL: Secure Sockets Layer • Runs above TCP/IP below application layer • Purpose • Provide secure & authenticated communication between client & server • Services • Authenticates server to client • Negotiation of cryptographic parameters • Session key establishment & encrypted communication • Connection reliability is maintained via message integrity checks (message authentication codes MAC) • Optional: authenticate client to server (often, not possible; password authentication is current default)

  9. Protocol Details • SSL Record Layer • This lies below SSL handshake and encapsulates the handshake data • Alert protocol • Closure, error, unsupported certificate etc • SSL Handshake • Sets up the connection between client and server • Negotiates cryptographic parameters • Provides confidentiality, authentication, reliability and integrity of data • Change cipher • Signals change in ciphering strategies

  10. SSL States • Session State characterized by • session identifier • peer certificate • compression method • cipher spec (DES, MD5 etc) • master secret (shared secret between server and client) • flag (is resumable)

  11. SSL States • Connection State • server and client random byte sequences • MAC secret used by server • MAC secret used by client • encryption key used by server • encryption key used by client • initialization vector for CBC mode • sequence numbers

  12. SSL Handshake

  13. References • William Stallings: Cryptography and Network Security • Sun Website: http://docs.sun.com/source/816-6156-10/contents.htm • Netscape SSL Specification V3: http://wp.netscape.com/eng/ssl3/3-SPEC.HTM

More Related