SlideShare una empresa de Scribd logo

What is TLS/SSL?

Descargar como DOCX, PDF
Shehzad Imran
Shehzad Imran

This Document will help You to understand the TLS/SSL on Tnransport Layer

TecnologíaEducación
1 de 24
Outline:  Web Security  Executive Summary  Introduction to SSL/TLS  What is TLS/SSL?  Digital Certificates  Authentication and Verification  Services of SSL  The Four Upper Layer Protocols  Record Protocol  Change Cipher Spec Protocol  Alert Protocol  Handshake Protocol  Secure Socket Layer (SSL)  Where, What and How about SSL  Architecture  Transport Layer Security (TLS)  TLS Overview  Public Key Certificates  Implementation & Applications of SSL/TLS  Summary  References
Security:  Web is now widely used by businesses, government firms and individuals.  But Internet & Web space are vulnerable.  Have a variety of threats related to  Integrity: Someone might alter content  Confidentiality: Anyone can see content  Denial of service:  Authentication: Not clear who you are talking with  need added security mechanisms Executive Summary: Transport Layer Security or TLS,widelyknownalsoasSecureSocketsLayerorSSL,isthemostpopularapplicationofpublickeycryp tographyintheworld.ItismostfamousforsecuringWebbrowsersessions,butithaswidespreadapplicati ontoothertasks TLS/SSL canbeusedtoprovide strong authentication of bothparties inacommunicationsession,strongencryptionofdatain transitbetweenthem,andverificationofthe integrityofthatdataintransitTLS/SSLcanbe used tosecureabroadrangeofcriticalbusinessfunctionssuchasWebbrowsing,server-toservercommunications,emailclient-to-servercommunications,softwareupdating,databaseaccess, virtualprivatenetworkingandothersHowever,whenused improperly,TLScangivetheillusionofsecuritywherethecommunicationshave beencompromisedItisimportanttokeepcertificatesuptodateandcheckrigorouslyforerrorcond itionsInmany,butnotallapplicationsofTLS,theintegrityoftheprocessisenhancedbyusingacertificatei
ssuedbyan outside trusted CertificateAuthority(CA)ThispaperwillexplorehowTLSworks,bestpracticesforitsuse,andthevariou sapplicationsinwhichitcansecurebusinesscomputing. Introduction:  Secure Sockets Layer (SSL)  Developed by Netscape Corporation  Versions 1, 2, and 3 (released in 1996)  Transport Layer Security (TLS)  Successor of SSL  IETF standards track protocol, based on SSL 3.0  Last updated in RFC 5246 (2008)  Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet.  TLS and SSL encrypt the segments of network connections at the Transport Layer endto-end. Asthescience ofbusinesscomputing,andofcomputingsecurityinparticular, thetrendhasbeentofind securityweaknesseseverywhere wherecomplexityandfunctionalitygrow,sodotheopportunities forabuseofsystemsbymaliciousactors. hasadvanced, The solutions to these problems are varied and must be explored individually, but one technology shows up often: TLS or Transport Layer Security, often known by the name of the predecessor technology, SSL or Secure Sockets Layer TLSisbestknownasthetechnologywhichsecuresWebbrowsersessionsforbankingandothersensitivet asks,butitcanbeusedformuchmore. Clientservercommunicationwithavarietyofservertypes,inadditiontoWebservers,benefitsfromuseofTLS. Server-to-servercommunicationsalsoneedtobesecuredandcanbethroughTLS. ClientsupdatingapplicationsandothersoftwareontheirPCsshouldonlydosothroughasecureconnectio n,whichiswhysuchupdateapplicationsusuallyuseTLSor SSL. ThispaperwillexploretheseandotherapplicationsofTLSthatcansecuretheenterprisein themyriadplacesinwhichitcanbeattacked.
TLSprovides3basicbenefits:  Itprovidesauthenticationofthecommunicatingparties,eitherone-wayorin both directions  Itencryptsthecommunicationsession“onthewire”  Itensurestheintegrityofthedatatransferred What is TLS/SSL? TLS/SSLisatunnelingprotocolthatworksatthetransportlayer. Itprovidesencryption,authenticationandintegrityverificationofdata,anddoessobymeansofdigitalcer tificates. Digital Certificates Adigitalcertificateisanelectronicdocumentwhichconfirmstheidentityofanentity– whichcouldbeauser,aserver,acompany,aprogramonaclient,justaboutanything– andassociatesthatentitywithapublickey. Thedigitalcertificateistheentity’sidentificationtothepublickeyinfrastructure. EachpartytoaTLSsecuredcommunicationcanevaluatethecontentsofthecertificate. ThemostexaminedfieldistheCommonNameEachthencomparesittowhattheyexpect. Itisalsowisetochecktheissuerofthecertificate. Istheissueratrustedparty?FormoreontheseissuersseeTrustedCertificateAuthorities, Userscangeneratetheirowndigitalcertificates,calledself-signedcertificates,withfreetools. Butsuchcertificatesareinherentlyuntrustworthyandtherealvalueofcertificates comeswhentheyareissuedbyatrustedCA. UserscancreateandruntheirownCAontheirnetworkandsometimesthismakessense,butinmanycasesit isnecessarytouseanoutsidetrusted CA whichoutsidepartiescanalsotrustSymantec™isthelargestCA. Authentication and Verification
Publickeycryptographyallowstwopartiestoauthenticateeachother. Eachpartyhastwo keys,whicharelargenumericvalues. Amessageexchangedbetweentheparties isrunthroughahashingalgorithm. Ahashfunctiontakesablockofdataandcreatesavaluefromit,knownasahashordigestMakeevena small changeinthedataandthehashchangessignificantly. Atthesametimethereisnowaytorecreatethedatafromthehash. Thesendingpartytothecommunicationsusestheirprivatekeytoencryptthehashvalue. Thisencryptedvalueiscalledadigitalsignature. Themessageandsignaturearesenttotherecipientparty. Therecipientpartyusesthesender’spublickeytodecryptthesignature. Theygenerateahashofthemessageusingthesamealgorithmasthesenderandcomparethevalues. Ifthevaluesarethesamethentwothingsarecertain:thedatahasnotbeentamperedwithandthesenderiswh otheypurporttobe. Thisisbecausetheprivatekeycorrespondingtothepublickeyinthecertificatewasusedtosignthedata,an dtheprivatekeyshouldonlybe accessiblebythesendernamedinthecertificate. NeitherauthenticationnorintegrityverificationaremandatoryinTLSYoucanuseitsimplysothatthebits on thewireareencrypted. Butauthenticationis acorefeature,importanttomostcustomers. Services of SSL: SSL Provides several services on data received from the application layer.  Fragmentation: First SSL divides the data into blocks of 2^14 bytes or less.  Compression: Each fragment of data is compressed using one of the lossless compression methodnegotiated between the client and server. This service is optional.  Message Integrity: To preserve the integrity of data, SSL uses a keyed Hash function to create a MAC.  Confidentiality: To provide confidentiality, the original data and the MAC are encrypted using symmetric key cryptography  Framing:
A header is added to the encrypted payload. The payload is then passed to a reliable transport protocol. The Four Upper Layer Protocols  Application Encryption Protocol  Encrypt/Decrypt application data  Change Cipher Spec Protocol  Alert to a change in communication variables  Alert Protocol  Messages important to SSL connections  Handshaking Protocol  Establish communication variables SSL Record Protocol Services provided are:  Confidentiality  using symmetric encryption with a shared secret key defined by Handshake Protocol  IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128  message is compressed before encryption  Message integrity  using a MAC (Message Authentication Code) created using a shared secret key and a short message
SSL Change Cipher Spec Protocol:  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  Purpose of message  Cause copy of pending state to current state.  Updates cipher suite to be used on the current connection. SSL Alert Protocol:  conveys SSL-related alerts to peer entity  Consists of two bytes  1st byte : warning or fatal  2nd byte: code for specific alerts  specific alert types  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data SSL Handshake Protocol:  The most complex part of SSL.
 allows server & client to:  authenticate each other  to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used  comprises a series of messages in phases  Establish Security Capabilities  Server Authentication and Key Exchange  Client Authentication and Key Exchange  Finish  The client(Alice) and server(Bob) must agree on various parameters to establish the connection  Alice request a secure connections and presents a list of Cipher Suites  Bob picks the strongest supported Cipher Suite  Bob sends back his digital certificate o Including the certificate authority and his public key  By encrypting using the server’s public key, Alice send a random number to Bob securely  Alice and Bob generate key material from the random number  Secure connection established
`
SSL Handshake Protocol:  This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.
TLS (Transport Layer Security) SSL Key Exchange (Simplified) 1. SSL client connects to an SSL server 2. Server then sends its own certificate that contains its public key 3. Client then creates a random key (premaster key) and uses server's public key to encrypt it
4. Client then sends encrypted premaster key to the server 5. Server then decrypts it (only the server that has the matching private key can decrypt it) and uses decrypted premaster key to create secret session key 6. Now both client and server uses secret session key for further communication Secure Socket Layer (SSL): Where SSL fits? SSL runs over TCP:  Confidentiality (Privacy)  Data integrity (Tamper-proofing)  Server authentication (Proving a server is what it claims it is) – Used in typical B2C transaction  Optional client authentication – Would be required in B2B (or Web services environment in which program talks to program) What security is provided?
 By providing:  Endpoint Authentication  Unilateral or Bilateral  Communication Confidentiality  For preventing:  Eavesdropping  Tampering  Message Forgery Eavesdropping Tampering Message Forgery • Encryption • Symmetric-key Cryptography • Message Digest • Cryptographic Hash • Authentication & Digital signature • Public-key Cryptography SSL Architecture: TLS (Transport Layer Security)  TLS uses stronger encryption algorithms and has the ability to work on different ports. Additionally, TLS version 1.0 does not interoperate with SSL version 3.0.  IETF standard RFC 2246 similar to SSLv3
 with minor differences  In record format version number  Uses HMAC for MAC  A pseudo-random function expands secrets  Has additional alert codes  Some changes in supported ciphers  Changes in certificate negotiations  Changes in use of padding Changes from SSL 3.0 to TLS: TLSisthesuccessortechnologytoSSL, whichwasdevelopedbyNetscapein1994. ThefirstpublicreleasewasSSLversion,andwasquicklyfollowedbyversion. TheTLSspecificationwasreleasedin1999inRFC2246,andisonlyaminormodificationofSSL3. Changeshavecomeatamuchslowerpacesincethen,withTLS1.1and1.2largelyconcernedwithsecurity improvements. TLSisstillwidelycalledSSL,especiallyinproductnames,evenifthetermisstrictlyinaccurate. TLSversionsaredesignedtointeractwith androllbacktoearlierprotocolssuchasSSL3. Infact,intheprotocolhandshake,TLS1.0,1.1 and1.2 usetheversionnumbers3.1,3.2and3.3 Oneofthemaindifferencesyou’llseebetweenSSLandTLSversionsarethecryptographicfeatures,inclu dingtheciphers,hashalgorithmsandkeyexchangemechanismstheysupport. Astimeandversionsadvance,supportforweakerfeaturesisdroppedfromtheprotocolandstrongeronesa dded.  Fortezza removed  Additional Alerts added  Modification to hash calculations  Protocol version 3.1 in ClientHello, ServerHello What is TLS?  Protocol layer  Requires reliable transport layer (e.g. TCP)  Supports any application protocols
TLS: Privacy:  Encrypt message so it cannot be read  Use conventional cryptography with shared key  DES, 3DES  RC2, RC4  IDEA TLS: Key Exchange:  Need secure method to exchange secret key  Use public key encryption for this  “key pair” is used - either one can encrypt and then the other can decrypt  slower than conventional cryptography  share one key, keep the other private  Choices are RSA or Diffie-Hellman TLS: Integrity:  Compute fixed-length Message Authentication Code (MAC)  Includes hash of message  Includes a shared secret  Include sequence number  Transmit MAC with message  Receiver creates new MAC  should match transmitted MAC  TLS allows MD5, SHA-1 TLS: Authentication:  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes TLS: Architecture:
 TLS defines Record Protocol to transfer application and TLS information  A session is established using a Handshake Protocol TLS: Record Protocol: TLS: Handshake:  Negotiate Cipher-Suite Algorithms  Symmetric cipher to use  Key exchange method  Message digest function  Establish and share master secret  Optionally authenticate server and/or client Handshake Phases:  Hello messages  Certificate and Key Exchange messages  Change Cipher Spec and Finished messages Implementation of SSL/TLS:  SSL and TLS have been widely implemented  Open source software projects ○ OpenSSL, NSS, or GnuTLS  Microsoft Windows
○ Part of its Secure Channel  Browsers ○ Google Chrome ○ Internet Explorer, etc. Client Side: <? Php//-------------------------------------Message Encryption Start .......................// $plan_text=$_POST['text']; $befor_cipher=$plan_text; $strlen=strlen($plan_text)."<br />"; $abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s", "t","u","v","w","x","y","z"); $count=0; $replace=array(); for($count=0; $count<$strlen; $count++) { foreach($abc as $key=>$value) { if($plan_text[$count]==$value)
{ $replace[$count]=$abc[25-$key]; } } } $cipher_text=implode($replace); //.................................................... Message Encrption End .......................... // //........................................ Codding For Connection Start ....................// $host = "192.168.1.9"; $port = 25003; //set_time_limit(0); echo "<h1>Message Sent</h1><br />"; echo "Plan Text : ".$befor_cipher; echo "<br />Cipher Text : ".$cipher_text; // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); // connect to server $result = socket_connect($socket, $host, $port) or die("Could not connect to servern"); // send string to server socket_write($socket, $cipher_text, strlen($cipher_text)) or die("Could not send data to servern"); // close socket socket_close($socket); // ...........................................Codding for connection End.............................// ?> Server Side:
<?php //.............................................Codding Start.........................// for SERVER Connection // set some variables $host = "192.168.1.9"; $port = 25003; // don't timeout! set_time_limit(0); // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); // bind socket to port $result = socket_bind($socket, $host, $port) or die("Could not bind to socketn"); // start listening for connections $result = socket_listen($socket, 10) or die("Could not set up socket listenern"); // accept incoming connections // spawn another socket to handle communication $spawn = socket_accept($socket) connectionn"); or die("Could not accept incoming // read client input $cipher_text = socket_read($spawn, 1024) or die("Could not read cipher_textn"); echo "<h1>Message Received</h1><br />"; echo "Cipher text :".$cipher_text."<br />"; // close sockets socket_close($spawn); socket_close($socket); //.............................................Codding End.........................// for SERVER //.................................................Decription Start.........................// Connection
$strlen=strlen($cipher_text)."<br />"; $abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s", "t","u","v","w","x","y","z"); $count=0; $replace=array(); for($count=0; $count<$strlen; $count++) { foreach($abc as $key=>$value) { if($cipher_text[$count]==$value) {$replace[$count]=$abc[25-$key];} } } $plan_text=implode($replace); echo "Plan Text : ".$plan_text; //...............................................Decription Enc.........................// ?> Socket Programming in PHP Introduction Sockets are used for inter process communication. Inter process communication is generally based on client-server model. In this case, client-server is the applications that interact with each other. Interaction between client and server requires a connection. Socket programming is responsible for establishing that connection between applications to interact. By the end of this tip, we will learn how to create a simple client-server in PHP. We will also learn how client application sends message to server and receives it from the same. Using the Code Aim: Develop a client to send a string message to server and server to return reverse of the same message to client.
PHP SERVER Step 1: Set variables such as "host" and "port" $host = "127.0.0.1"; $port = 5353; // No Timeout set_time_limit(0); Port number can be any positive integer between 1024 -65535. Step 2: Create Socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); Step 3: Bind the socket to port and host Here the created socket resource is bound to IP address and port number. $result = socket_bind($socket, $host, $port) or die("Could not bind to socketn"); Step 4: Start listening to the socket After getting bound with IP and port server waits for the client to connect. Till then it keeps on waiting. $result = socket_listen($socket, 3) or die("Could not set up socket listenern"); Step 5: Accept incoming connection This function accepts incoming connection request on the created socket. After accepting the connection from client socket, this function returns another socket resource that is actually responsible for communication with the corresponding client socket. Here “$spawn” is that socket resource which is responsible for communication with client socket. $spawn = socket_accept($socket) or die("Could not accept incoming connectionn"); So far, we have prepared our server socket but the script doesn't actually do anything. Keeping to our aforesaid aim, we will read message from client socket and then send back reverse of the received message to the client socket again. Step 6: Read the message from the Client socket $input = socket_read($spawn, 1024) or die("Could not read inputn");
Step 7: Reverse the message $output = strrev($input) . "n"; Step 8: Send message to the client socket socket_write($spawn, $output, strlen ($output)) or die("Could not write outputn"); Close the socket socket_close($spawn); socket_close($socket); This completes with the server. Now we will learn to create PHP client. PHP CLIENT The first two steps are the same as in the server. Step 1: Set variables such as "host" and "port" $host = "127.0.0.1"; $port = 5353; // No Timeout set_time_limit(0); Note: Here the port and host should be same as defined in server. Step 2: Create Socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); Step 3: Connect to the server $result = socket_connect($socket, $host, $port) or die("Could not connect toservern"); Here unlike server, client socket is not bound with port and host. Instead it connects to server socket, waiting to accept the connection from client socket. Connection of client socket to server socket is established in this step. Step 4: Write to server socket socket_write($socket, $message, strlen($message)) or die("Could not send data to servern"); In this step, client socket data is sent to the server socket.
Step 5: Read the response from the server $result = socket_read ($socket, 1024) or die("Could not read server responsen"); echo "Reply From Server :".$result; Step 6: Close the socket socket_close($socket); Application of SSL/TLS:  On top of the Transport Layer protocols  Primarily with TCP  Datagram Transport Layer Security(DTLS) for UDP  Encapsulating the application protocols  HTTP (HTTPS)  for securing WWW traffic  FTP (FTPS) SMTP, NNTP, etc. References:  William Stallings, 5th Edition, “Transport-Level Security”, Chapter 16, Pages : 509-543  www.cse.buffalo.edu/DBGROUP/nachi/ecopres/fengmei  http://www.slideshare.net/leethree/ssl-intro

Recomendados

SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 

Recomendados

SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security Ibrahiem Mohammed
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadCefalo
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP Ramesh Giri
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Email security
Email securityEmail security
Email securitySultanErbo
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. HttpsRaed Aldahdooh
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Overview of TCP IP
Overview of TCP IPOverview of TCP IP
Overview of TCP IPuniversity of education,Lahore
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSpavansmiles
 

Más contenido relacionado

La actualidad más candente

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadCefalo
 
Https presentation
Https presentationHttps presentation
Https presentationpatel jatin
 
Email security
Email securityEmail security
Email securitySultanErbo
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 

La actualidad más candente (20)

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Ssl https
Ssl httpsSsl https
Ssl https
 
IP Security
IP SecurityIP Security
IP Security
 
Basics of HTTP - Nafis Fuad
Basics of HTTP - Nafis FuadBasics of HTTP - Nafis Fuad
Basics of HTTP - Nafis Fuad
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Https presentation
Https presentationHttps presentation
Https presentation
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
 
Email security
Email securityEmail security
Email security
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
Overview of TCP IP
Overview of TCP IPOverview of TCP IP
Overview of TCP IP
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 

Destacado

Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
SSL, FFL, SFL Abbreviations
SSL, FFL, SFL AbbreviationsSSL, FFL, SFL Abbreviations
SSL, FFL, SFL AbbreviationsEhlelt Mancha
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Plan symbols
Plan symbolsPlan symbols
Plan symbolsgopaltry
 

Destacado (9)

Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
SSL, FFL, SFL Abbreviations
SSL, FFL, SFL AbbreviationsSSL, FFL, SFL Abbreviations
SSL, FFL, SFL Abbreviations
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Plan symbols
Plan symbolsPlan symbols
Plan symbols
 

Similar a What is TLS/SSL?

Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL CertificateCheapSSLUSA
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Mumbai Academisc
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerEmprovise
 
secure socket layer
secure socket layersecure socket layer
secure socket layerAmar Shah
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfHost It Smart
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 

Similar a What is TLS/SSL? (20)

Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
ssl
sslssl
ssl
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
Unit 6
Unit 6Unit 6
Unit 6
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
secure socket layer
secure socket layersecure socket layer
secure socket layer
 
ssl
sslssl
ssl
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 
Differences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdfDifferences to Know Between SSL & TLS certificate .pdf
Differences to Know Between SSL & TLS certificate .pdf
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
Ssl
SslSsl
Ssl
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SSL.pptx
SSL.pptxSSL.pptx
SSL.pptx
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

What is TLS/SSL?

  • 1. Outline:  Web Security  Executive Summary  Introduction to SSL/TLS  What is TLS/SSL?  Digital Certificates  Authentication and Verification  Services of SSL  The Four Upper Layer Protocols  Record Protocol  Change Cipher Spec Protocol  Alert Protocol  Handshake Protocol  Secure Socket Layer (SSL)  Where, What and How about SSL  Architecture  Transport Layer Security (TLS)  TLS Overview  Public Key Certificates  Implementation & Applications of SSL/TLS  Summary  References
  • 2. Security:  Web is now widely used by businesses, government firms and individuals.  But Internet & Web space are vulnerable.  Have a variety of threats related to  Integrity: Someone might alter content  Confidentiality: Anyone can see content  Denial of service:  Authentication: Not clear who you are talking with  need added security mechanisms Executive Summary: Transport Layer Security or TLS,widelyknownalsoasSecureSocketsLayerorSSL,isthemostpopularapplicationofpublickeycryp tographyintheworld.ItismostfamousforsecuringWebbrowsersessions,butithaswidespreadapplicati ontoothertasks TLS/SSL canbeusedtoprovide strong authentication of bothparties inacommunicationsession,strongencryptionofdatain transitbetweenthem,andverificationofthe integrityofthatdataintransitTLS/SSLcanbe used tosecureabroadrangeofcriticalbusinessfunctionssuchasWebbrowsing,server-toservercommunications,emailclient-to-servercommunications,softwareupdating,databaseaccess, virtualprivatenetworkingandothersHowever,whenused improperly,TLScangivetheillusionofsecuritywherethecommunicationshave beencompromisedItisimportanttokeepcertificatesuptodateandcheckrigorouslyforerrorcond itionsInmany,butnotallapplicationsofTLS,theintegrityoftheprocessisenhancedbyusingacertificatei
  • 3. ssuedbyan outside trusted CertificateAuthority(CA)ThispaperwillexplorehowTLSworks,bestpracticesforitsuse,andthevariou sapplicationsinwhichitcansecurebusinesscomputing. Introduction:  Secure Sockets Layer (SSL)  Developed by Netscape Corporation  Versions 1, 2, and 3 (released in 1996)  Transport Layer Security (TLS)  Successor of SSL  IETF standards track protocol, based on SSL 3.0  Last updated in RFC 5246 (2008)  Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet.  TLS and SSL encrypt the segments of network connections at the Transport Layer endto-end. Asthescience ofbusinesscomputing,andofcomputingsecurityinparticular, thetrendhasbeentofind securityweaknesseseverywhere wherecomplexityandfunctionalitygrow,sodotheopportunities forabuseofsystemsbymaliciousactors. hasadvanced, The solutions to these problems are varied and must be explored individually, but one technology shows up often: TLS or Transport Layer Security, often known by the name of the predecessor technology, SSL or Secure Sockets Layer TLSisbestknownasthetechnologywhichsecuresWebbrowsersessionsforbankingandothersensitivet asks,butitcanbeusedformuchmore. Clientservercommunicationwithavarietyofservertypes,inadditiontoWebservers,benefitsfromuseofTLS. Server-to-servercommunicationsalsoneedtobesecuredandcanbethroughTLS. ClientsupdatingapplicationsandothersoftwareontheirPCsshouldonlydosothroughasecureconnectio n,whichiswhysuchupdateapplicationsusuallyuseTLSor SSL. ThispaperwillexploretheseandotherapplicationsofTLSthatcansecuretheenterprisein themyriadplacesinwhichitcanbeattacked.
  • 4. TLSprovides3basicbenefits:  Itprovidesauthenticationofthecommunicatingparties,eitherone-wayorin both directions  Itencryptsthecommunicationsession“onthewire”  Itensurestheintegrityofthedatatransferred What is TLS/SSL? TLS/SSLisatunnelingprotocolthatworksatthetransportlayer. Itprovidesencryption,authenticationandintegrityverificationofdata,anddoessobymeansofdigitalcer tificates. Digital Certificates Adigitalcertificateisanelectronicdocumentwhichconfirmstheidentityofanentity– whichcouldbeauser,aserver,acompany,aprogramonaclient,justaboutanything– andassociatesthatentitywithapublickey. Thedigitalcertificateistheentity’sidentificationtothepublickeyinfrastructure. EachpartytoaTLSsecuredcommunicationcanevaluatethecontentsofthecertificate. ThemostexaminedfieldistheCommonNameEachthencomparesittowhattheyexpect. Itisalsowisetochecktheissuerofthecertificate. Istheissueratrustedparty?FormoreontheseissuersseeTrustedCertificateAuthorities, Userscangeneratetheirowndigitalcertificates,calledself-signedcertificates,withfreetools. Butsuchcertificatesareinherentlyuntrustworthyandtherealvalueofcertificates comeswhentheyareissuedbyatrustedCA. UserscancreateandruntheirownCAontheirnetworkandsometimesthismakessense,butinmanycasesit isnecessarytouseanoutsidetrusted CA whichoutsidepartiescanalsotrustSymantec™isthelargestCA. Authentication and Verification
  • 5. Publickeycryptographyallowstwopartiestoauthenticateeachother. Eachpartyhastwo keys,whicharelargenumericvalues. Amessageexchangedbetweentheparties isrunthroughahashingalgorithm. Ahashfunctiontakesablockofdataandcreatesavaluefromit,knownasahashordigestMakeevena small changeinthedataandthehashchangessignificantly. Atthesametimethereisnowaytorecreatethedatafromthehash. Thesendingpartytothecommunicationsusestheirprivatekeytoencryptthehashvalue. Thisencryptedvalueiscalledadigitalsignature. Themessageandsignaturearesenttotherecipientparty. Therecipientpartyusesthesender’spublickeytodecryptthesignature. Theygenerateahashofthemessageusingthesamealgorithmasthesenderandcomparethevalues. Ifthevaluesarethesamethentwothingsarecertain:thedatahasnotbeentamperedwithandthesenderiswh otheypurporttobe. Thisisbecausetheprivatekeycorrespondingtothepublickeyinthecertificatewasusedtosignthedata,an dtheprivatekeyshouldonlybe accessiblebythesendernamedinthecertificate. NeitherauthenticationnorintegrityverificationaremandatoryinTLSYoucanuseitsimplysothatthebits on thewireareencrypted. Butauthenticationis acorefeature,importanttomostcustomers. Services of SSL: SSL Provides several services on data received from the application layer.  Fragmentation: First SSL divides the data into blocks of 2^14 bytes or less.  Compression: Each fragment of data is compressed using one of the lossless compression methodnegotiated between the client and server. This service is optional.  Message Integrity: To preserve the integrity of data, SSL uses a keyed Hash function to create a MAC.  Confidentiality: To provide confidentiality, the original data and the MAC are encrypted using symmetric key cryptography  Framing:
  • 6. A header is added to the encrypted payload. The payload is then passed to a reliable transport protocol. The Four Upper Layer Protocols  Application Encryption Protocol  Encrypt/Decrypt application data  Change Cipher Spec Protocol  Alert to a change in communication variables  Alert Protocol  Messages important to SSL connections  Handshaking Protocol  Establish communication variables SSL Record Protocol Services provided are:  Confidentiality  using symmetric encryption with a shared secret key defined by Handshake Protocol  IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128  message is compressed before encryption  Message integrity  using a MAC (Message Authentication Code) created using a shared secret key and a short message
  • 7. SSL Change Cipher Spec Protocol:  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  Purpose of message  Cause copy of pending state to current state.  Updates cipher suite to be used on the current connection. SSL Alert Protocol:  conveys SSL-related alerts to peer entity  Consists of two bytes  1st byte : warning or fatal  2nd byte: code for specific alerts  specific alert types  unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data SSL Handshake Protocol:  The most complex part of SSL.
  • 8.  allows server & client to:  authenticate each other  to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used  comprises a series of messages in phases  Establish Security Capabilities  Server Authentication and Key Exchange  Client Authentication and Key Exchange  Finish  The client(Alice) and server(Bob) must agree on various parameters to establish the connection  Alice request a secure connections and presents a list of Cipher Suites  Bob picks the strongest supported Cipher Suite  Bob sends back his digital certificate o Including the certificate authority and his public key  By encrypting using the server’s public key, Alice send a random number to Bob securely  Alice and Bob generate key material from the random number  Secure connection established
  • 9. `
  • 10.
  • 11. SSL Handshake Protocol:  This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record.
  • 12. TLS (Transport Layer Security) SSL Key Exchange (Simplified) 1. SSL client connects to an SSL server 2. Server then sends its own certificate that contains its public key 3. Client then creates a random key (premaster key) and uses server's public key to encrypt it
  • 13. 4. Client then sends encrypted premaster key to the server 5. Server then decrypts it (only the server that has the matching private key can decrypt it) and uses decrypted premaster key to create secret session key 6. Now both client and server uses secret session key for further communication Secure Socket Layer (SSL): Where SSL fits? SSL runs over TCP:  Confidentiality (Privacy)  Data integrity (Tamper-proofing)  Server authentication (Proving a server is what it claims it is) – Used in typical B2C transaction  Optional client authentication – Would be required in B2B (or Web services environment in which program talks to program) What security is provided?
  • 14.  By providing:  Endpoint Authentication  Unilateral or Bilateral  Communication Confidentiality  For preventing:  Eavesdropping  Tampering  Message Forgery Eavesdropping Tampering Message Forgery • Encryption • Symmetric-key Cryptography • Message Digest • Cryptographic Hash • Authentication & Digital signature • Public-key Cryptography SSL Architecture: TLS (Transport Layer Security)  TLS uses stronger encryption algorithms and has the ability to work on different ports. Additionally, TLS version 1.0 does not interoperate with SSL version 3.0.  IETF standard RFC 2246 similar to SSLv3
  • 15.  with minor differences  In record format version number  Uses HMAC for MAC  A pseudo-random function expands secrets  Has additional alert codes  Some changes in supported ciphers  Changes in certificate negotiations  Changes in use of padding Changes from SSL 3.0 to TLS: TLSisthesuccessortechnologytoSSL, whichwasdevelopedbyNetscapein1994. ThefirstpublicreleasewasSSLversion,andwasquicklyfollowedbyversion. TheTLSspecificationwasreleasedin1999inRFC2246,andisonlyaminormodificationofSSL3. Changeshavecomeatamuchslowerpacesincethen,withTLS1.1and1.2largelyconcernedwithsecurity improvements. TLSisstillwidelycalledSSL,especiallyinproductnames,evenifthetermisstrictlyinaccurate. TLSversionsaredesignedtointeractwith androllbacktoearlierprotocolssuchasSSL3. Infact,intheprotocolhandshake,TLS1.0,1.1 and1.2 usetheversionnumbers3.1,3.2and3.3 Oneofthemaindifferencesyou’llseebetweenSSLandTLSversionsarethecryptographicfeatures,inclu dingtheciphers,hashalgorithmsandkeyexchangemechanismstheysupport. Astimeandversionsadvance,supportforweakerfeaturesisdroppedfromtheprotocolandstrongeronesa dded.  Fortezza removed  Additional Alerts added  Modification to hash calculations  Protocol version 3.1 in ClientHello, ServerHello What is TLS?  Protocol layer  Requires reliable transport layer (e.g. TCP)  Supports any application protocols
  • 16. TLS: Privacy:  Encrypt message so it cannot be read  Use conventional cryptography with shared key  DES, 3DES  RC2, RC4  IDEA TLS: Key Exchange:  Need secure method to exchange secret key  Use public key encryption for this  “key pair” is used - either one can encrypt and then the other can decrypt  slower than conventional cryptography  share one key, keep the other private  Choices are RSA or Diffie-Hellman TLS: Integrity:  Compute fixed-length Message Authentication Code (MAC)  Includes hash of message  Includes a shared secret  Include sequence number  Transmit MAC with message  Receiver creates new MAC  should match transmitted MAC  TLS allows MD5, SHA-1 TLS: Authentication:  Verify identities of participants  Client authentication is optional  Certificate is used to associate identity with public key and other attributes TLS: Architecture:
  • 17.  TLS defines Record Protocol to transfer application and TLS information  A session is established using a Handshake Protocol TLS: Record Protocol: TLS: Handshake:  Negotiate Cipher-Suite Algorithms  Symmetric cipher to use  Key exchange method  Message digest function  Establish and share master secret  Optionally authenticate server and/or client Handshake Phases:  Hello messages  Certificate and Key Exchange messages  Change Cipher Spec and Finished messages Implementation of SSL/TLS:  SSL and TLS have been widely implemented  Open source software projects ○ OpenSSL, NSS, or GnuTLS  Microsoft Windows
  • 18. ○ Part of its Secure Channel  Browsers ○ Google Chrome ○ Internet Explorer, etc. Client Side: <? Php//-------------------------------------Message Encryption Start .......................// $plan_text=$_POST['text']; $befor_cipher=$plan_text; $strlen=strlen($plan_text)."<br />"; $abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s", "t","u","v","w","x","y","z"); $count=0; $replace=array(); for($count=0; $count<$strlen; $count++) { foreach($abc as $key=>$value) { if($plan_text[$count]==$value)
  • 19. { $replace[$count]=$abc[25-$key]; } } } $cipher_text=implode($replace); //.................................................... Message Encrption End .......................... // //........................................ Codding For Connection Start ....................// $host = "192.168.1.9"; $port = 25003; //set_time_limit(0); echo "<h1>Message Sent</h1><br />"; echo "Plan Text : ".$befor_cipher; echo "<br />Cipher Text : ".$cipher_text; // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); // connect to server $result = socket_connect($socket, $host, $port) or die("Could not connect to servern"); // send string to server socket_write($socket, $cipher_text, strlen($cipher_text)) or die("Could not send data to servern"); // close socket socket_close($socket); // ...........................................Codding for connection End.............................// ?> Server Side:
  • 20. <?php //.............................................Codding Start.........................// for SERVER Connection // set some variables $host = "192.168.1.9"; $port = 25003; // don't timeout! set_time_limit(0); // create socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); // bind socket to port $result = socket_bind($socket, $host, $port) or die("Could not bind to socketn"); // start listening for connections $result = socket_listen($socket, 10) or die("Could not set up socket listenern"); // accept incoming connections // spawn another socket to handle communication $spawn = socket_accept($socket) connectionn"); or die("Could not accept incoming // read client input $cipher_text = socket_read($spawn, 1024) or die("Could not read cipher_textn"); echo "<h1>Message Received</h1><br />"; echo "Cipher text :".$cipher_text."<br />"; // close sockets socket_close($spawn); socket_close($socket); //.............................................Codding End.........................// for SERVER //.................................................Decription Start.........................// Connection
  • 21. $strlen=strlen($cipher_text)."<br />"; $abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s", "t","u","v","w","x","y","z"); $count=0; $replace=array(); for($count=0; $count<$strlen; $count++) { foreach($abc as $key=>$value) { if($cipher_text[$count]==$value) {$replace[$count]=$abc[25-$key];} } } $plan_text=implode($replace); echo "Plan Text : ".$plan_text; //...............................................Decription Enc.........................// ?> Socket Programming in PHP Introduction Sockets are used for inter process communication. Inter process communication is generally based on client-server model. In this case, client-server is the applications that interact with each other. Interaction between client and server requires a connection. Socket programming is responsible for establishing that connection between applications to interact. By the end of this tip, we will learn how to create a simple client-server in PHP. We will also learn how client application sends message to server and receives it from the same. Using the Code Aim: Develop a client to send a string message to server and server to return reverse of the same message to client.
  • 22. PHP SERVER Step 1: Set variables such as "host" and "port" $host = "127.0.0.1"; $port = 5353; // No Timeout set_time_limit(0); Port number can be any positive integer between 1024 -65535. Step 2: Create Socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); Step 3: Bind the socket to port and host Here the created socket resource is bound to IP address and port number. $result = socket_bind($socket, $host, $port) or die("Could not bind to socketn"); Step 4: Start listening to the socket After getting bound with IP and port server waits for the client to connect. Till then it keeps on waiting. $result = socket_listen($socket, 3) or die("Could not set up socket listenern"); Step 5: Accept incoming connection This function accepts incoming connection request on the created socket. After accepting the connection from client socket, this function returns another socket resource that is actually responsible for communication with the corresponding client socket. Here “$spawn” is that socket resource which is responsible for communication with client socket. $spawn = socket_accept($socket) or die("Could not accept incoming connectionn"); So far, we have prepared our server socket but the script doesn't actually do anything. Keeping to our aforesaid aim, we will read message from client socket and then send back reverse of the received message to the client socket again. Step 6: Read the message from the Client socket $input = socket_read($spawn, 1024) or die("Could not read inputn");
  • 23. Step 7: Reverse the message $output = strrev($input) . "n"; Step 8: Send message to the client socket socket_write($spawn, $output, strlen ($output)) or die("Could not write outputn"); Close the socket socket_close($spawn); socket_close($socket); This completes with the server. Now we will learn to create PHP client. PHP CLIENT The first two steps are the same as in the server. Step 1: Set variables such as "host" and "port" $host = "127.0.0.1"; $port = 5353; // No Timeout set_time_limit(0); Note: Here the port and host should be same as defined in server. Step 2: Create Socket $socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn"); Step 3: Connect to the server $result = socket_connect($socket, $host, $port) or die("Could not connect toservern"); Here unlike server, client socket is not bound with port and host. Instead it connects to server socket, waiting to accept the connection from client socket. Connection of client socket to server socket is established in this step. Step 4: Write to server socket socket_write($socket, $message, strlen($message)) or die("Could not send data to servern"); In this step, client socket data is sent to the server socket.
  • 24. Step 5: Read the response from the server $result = socket_read ($socket, 1024) or die("Could not read server responsen"); echo "Reply From Server :".$result; Step 6: Close the socket socket_close($socket); Application of SSL/TLS:  On top of the Transport Layer protocols  Primarily with TCP  Datagram Transport Layer Security(DTLS) for UDP  Encapsulating the application protocols  HTTP (HTTPS)  for securing WWW traffic  FTP (FTPS) SMTP, NNTP, etc. References:  William Stallings, 5th Edition, “Transport-Level Security”, Chapter 16, Pages : 509-543  www.cse.buffalo.edu/DBGROUP/nachi/ecopres/fengmei  http://www.slideshare.net/leethree/ssl-intro