1 / 24

Chapter 8

Chapter 8. Internet Security Protocols. Basic Concepts. Static Web Pages Figure 1 : Static web Page Dynamic Web Pages: the contents can vary all day depending on a number of parameters Involves server-side programming. Tools to create: CGI, ASP, JSP. Figure 2 : Dynamic web page

elizabeth-savage
Download Presentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Internet Security Protocols

  2. Basic Concepts • Static Web Pages • Figure 1: Static web Page • Dynamic Web Pages: the contents can vary all day depending on a number of parameters • Involves server-side programming. • Tools to create: CGI, ASP, JSP. • Figure 2: Dynamic web page • Active Web Pages: • Figure 3: Active web page • Java applet: small program sent to the browser along the HTML page

  3. Basic Concepts(cont’d) Figure 1: Static Web Page

  4. Basic Concepts(cont’d) Figure 2: Dynamic Web Page

  5. Basic Concepts(cont’d) Figure 3: Active Web Page

  6. Basic Concepts (cont’d) • ActiveX controls • Difference between Java applets and ActiveX controls • An applet cannot write to the client’s hard disk, but an ActiveX controls has no such restrictions • An applet is downloaded with an active web page, executed inside the browser, and destroyed when the user exits that Web page, but once downloaded, an ActiveX control remains on the client computer till it is explicitly deleted. Making applet quite slow as compared to ActiveX controls.

  7. Basic Concepts (cont’d) • Protocols and TCP/IP • Figure 4: TCP/IP layers. • Layered Organization • Figure 5: Data exchange using TCP/IP layers. Figure 4: TCP/IP layers

  8. Basic Concepts (cont’d) Figure 5: Data exchange using TCP/IP layers

  9. Secure Socket Layer (SSL) • An Internet protocol for secure exchange of information between a web browser and a web server. • Provides 2 basic security services: • Authentication • Confidentiality • Position of SSL in TCP/IP Protocol Suite • Figure 6: Position of SSL in TCP/IP • Figure 7: SSL is located between application and transport layers

  10. Secure Socket Layer (SSL) (cont’d) Figure 6: Position of SSL in TCP/IP

  11. Secure Socket Layer (SSL) (cont’d) Figure 7: SSL is located between application and transport layer

  12. How SSL Works? • SSL has three sub-protocols: • Handshake Protocol • Record Protocol • Alert Protocol • The handshake protocol consists of a series of messages between the client and the server. • Figure 8 shows format of the handshake protocol message.

  13. How SSL Works?(cont’d) Figure 8: Format of the handshake protocol message. Table 1: SSL handshake protocol message types

  14. How SSL Works?(cont’d) • The handshake protocol is made up of 4 phases as shown in Figure 9. • Phase 1: Establish security capabilities • Initiate a logical connection and establish the security capabilities associated with the connection. • Consists of 2 messages: • The client hello • The server hello. • Figure 10

  15. How SSL Works?(cont’d) Figure 9: SSL handshake phases

  16. How SSL Works?(cont’d) Figure 10: Phase 1 of SSL handshake protocol: Establish security capabilities

  17. How SSL Works?(cont’d) • Phase 2: Server authentication and key exchange • Figure 11 • Phase 3: Client authentication and key exchange • Figure 12 • Phase 4: Finish • Figure 13

  18. How SSL Works?(cont’d) Help client to authenticate the server using server’s public key from the server’s certificate Optional in case of server does not send its digital certificate, server send Public Key (Optional) Server request for the client’s digital certificate Indicate to the client that server’s portion of the hello message is complete Figure 11: Phase 2 of SSL handshake protocol: Server authentication and key exchange

  19. How SSL Works?(cont’d) Allow the client to send information to the server. Client creates a 48-byte pre-master secret to encrypts it with the server’s public key and sends it to the server. Figure 12: Phase 2 of SSL handshake protocol: Client authentication and key exchange

  20. How SSL Works?(cont’d) Figure 13: Phase 2 of SSL handshake protocol: Finish

  21. How SSL Works?(cont’d) • Record protocol • Provides 2 services to an SSL connection: • Confidentiality: achieve by using the secret key that is defined by the handshake protocol • Integrity: the handshake protocol also defines a shared secret key (MAC) that is used for assuring the message integrity.

  22. How SSL Works?(cont’d) Figure 14: SSL record protocol

  23. How SSL Works?(cont’d) • Alert Protocol • When client or server detects an error, the detecting party sends an alert message to the other party. • If the error is fatal, both the parties immediately close the SSL connection • Other error, which are not severe, do not result in the termination of the connection. Figure 15 Alert protocol message format

  24. Closing and Resuming SSL connections • Before ending their communication, the client and the server must inform each other that their side of the connection is ending. • TSL (Transport Layer Security) is an IETF standardization initiative, whose goal is to come out with an Internet standard version of SSL.

More Related