1 / 17

SSL security

SSL security. Secure Sockets Layer. Used to establish secure network links Based on Open SSL Also supports HTTPS NET+OS version supports some authentication. Connection Process. Client connects to server Server authenticates with client Client and server negotiate encryption protocol

kareem
Download Presentation

SSL security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL security

  2. Secure Sockets Layer • Used to establish secure network links • Based on Open SSL • Also supports HTTPS • NET+OS version supports some authentication

  3. Connection Process • Client connects to server • Server authenticates with client • Client and server negotiate encryption protocol • Encrypted link is established

  4. Authentication • Authentication means making sure the server is who it says it is • Server gives client a certificate • Certificates often come from a “trusted” machine • Client checks certificate against a database

  5. NET+OS 6 Authentication • NET+OS provides an API to generate a self-signed certificate • Can also use other certificates if available • NET+OS server side will send the certificate to the client when connection is established • NET+OS client ignores certificates

  6. Encryption • Client and server negotiate an encryption protocol and a key when the connection is established • Algorithm and key are used by each side to scramble data sent over the network, and to descramble data received • Strength of encryption is determined by the length of the key used

  7. Supported Encryption Protocols • Date Encryption Standard (DES) with 56-bit key • Triple DES with 112-bit key • Advanced Encryption Standard (AES) with a 128-bit key • AES with 256-bit key • DES and AES developed by National Institute of Standards and Technology (NIST)

  8. NASSLX50Generate • Used to generate an authentication certificate • Caller provides a name for certificate and serial number • Date and time certificate will start to be valid • Date and time certificate will no longer be valid • Function returns certificate information

  9. NASSLAccept • Used by servers to accept a connection from a client • Must be passed certificate information • Authenticates with client (gives it the certificate) • Establishes an encrypted connection • Example application is NASSLSVR

  10. NASSLAccept • Use socket() to open the socket • Use bind() to bind an address • Use listen() to listen for a connection request • Use accept() to accept connection at TCP level • Use NASSLAccept() to secure the connection

  11. NASSLConnect • Used by clients to create a secure connection to a server • Negotiates encryption protocol • Ignores certificate sent by server • Future version may examine certificate

  12. NASSLConnect • Use socket() to open a socket • Use bind() to set an address (if desired) • Use connect() to connect at TCP level • Use NASSLConnect() to secure the connection

  13. Operations after Connected • Both NASSLConnect() and NASSLAccept() return socket descriptors • Use send() and recv() with the returned descriptors to communicate • Shutdown connection by closing socket returned by NASSLConnect() or NASSLAccept()

  14. Secure HTTP • Compliant with standard HTTPS • Transfers HTTP data over an SSL connection • Integrated with AWS and BWS

  15. HSStartServerSecure • Starts a secure HTTP server • Certificate and list of encryption protocols to support are passed to the function • Can support HTTPS only, or both HTTP and HTTPS

  16. HTTPStartServerSecure • Build web pages as normal using Pbuilder • Set up access levels as normal with NAsetSysAccess() • Use HSStartServerSecure to start the server • Example application NAHTTPS

  17. Licensing Issues • Encryption software is considered an armament by the US government • Severe restrictions apply when distributing software in source form • Severe restrictions apply when distributing binary software that supports long keys • Cannot distribute software in any form to terrorists and some countries

More Related