08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
What is TLS/SSL?
1. Outline:
Web Security
Executive Summary
Introduction to SSL/TLS
What is TLS/SSL?
Digital Certificates
Authentication and Verification
Services of SSL
The Four Upper Layer Protocols
Record Protocol
Change Cipher Spec Protocol
Alert Protocol
Handshake Protocol
Secure Socket Layer (SSL)
Where, What and How about SSL
Architecture
Transport Layer Security (TLS)
TLS Overview
Public Key Certificates
Implementation & Applications of SSL/TLS
Summary
References
2. Security:
Web is now widely used by businesses, government firms and individuals.
But Internet & Web space are vulnerable.
Have a variety of threats related to
Integrity: Someone might alter content
Confidentiality: Anyone can see content
Denial of service:
Authentication: Not clear who you are talking with
need added security mechanisms
Executive Summary:
Transport
Layer
Security
or
TLS,widelyknownalsoasSecureSocketsLayerorSSL,isthemostpopularapplicationofpublickeycryp
tographyintheworld.ItismostfamousforsecuringWebbrowsersessions,butithaswidespreadapplicati
ontoothertasks TLS/SSL canbeusedtoprovide strong authentication of
bothparties
inacommunicationsession,strongencryptionofdatain
transitbetweenthem,andverificationofthe
integrityofthatdataintransitTLS/SSLcanbe
used
tosecureabroadrangeofcriticalbusinessfunctionssuchasWebbrowsing,server-toservercommunications,emailclient-to-servercommunications,softwareupdating,databaseaccess,
virtualprivatenetworkingandothersHowever,whenused
improperly,TLScangivetheillusionofsecuritywherethecommunicationshave
beencompromisedItisimportanttokeepcertificatesuptodateandcheckrigorouslyforerrorcond
itionsInmany,butnotallapplicationsofTLS,theintegrityoftheprocessisenhancedbyusingacertificatei
3. ssuedbyan outside
trusted
CertificateAuthority(CA)ThispaperwillexplorehowTLSworks,bestpracticesforitsuse,andthevariou
sapplicationsinwhichitcansecurebusinesscomputing.
Introduction:
Secure Sockets Layer (SSL)
Developed by Netscape Corporation
Versions 1, 2, and 3 (released in 1996)
Transport Layer Security (TLS)
Successor of SSL
IETF standards track protocol, based on SSL 3.0
Last updated in RFC 5246 (2008)
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are
cryptographic protocols that provide security for communications over networks such as
the Internet.
TLS and SSL encrypt the segments of network connections at the Transport Layer endto-end.
Asthescience ofbusinesscomputing,andofcomputingsecurityinparticular,
thetrendhasbeentofind securityweaknesseseverywhere
wherecomplexityandfunctionalitygrow,sodotheopportunities
forabuseofsystemsbymaliciousactors.
hasadvanced,
The solutions to these problems are varied and must be explored individually, but one
technology shows up often: TLS or Transport Layer Security, often known by the name of the
predecessor technology, SSL or Secure Sockets Layer
TLSisbestknownasthetechnologywhichsecuresWebbrowsersessionsforbankingandothersensitivet
asks,butitcanbeusedformuchmore.
Clientservercommunicationwithavarietyofservertypes,inadditiontoWebservers,benefitsfromuseofTLS.
Server-to-servercommunicationsalsoneedtobesecuredandcanbethroughTLS.
ClientsupdatingapplicationsandothersoftwareontheirPCsshouldonlydosothroughasecureconnectio
n,whichiswhysuchupdateapplicationsusuallyuseTLSor
SSL.
ThispaperwillexploretheseandotherapplicationsofTLSthatcansecuretheenterprisein
themyriadplacesinwhichitcanbeattacked.
4. TLSprovides3basicbenefits:
Itprovidesauthenticationofthecommunicatingparties,eitherone-wayorin both
directions
Itencryptsthecommunicationsession“onthewire”
Itensurestheintegrityofthedatatransferred
What is TLS/SSL?
TLS/SSLisatunnelingprotocolthatworksatthetransportlayer.
Itprovidesencryption,authenticationandintegrityverificationofdata,anddoessobymeansofdigitalcer
tificates.
Digital Certificates
Adigitalcertificateisanelectronicdocumentwhichconfirmstheidentityofanentity–
whichcouldbeauser,aserver,acompany,aprogramonaclient,justaboutanything–
andassociatesthatentitywithapublickey.
Thedigitalcertificateistheentity’sidentificationtothepublickeyinfrastructure.
EachpartytoaTLSsecuredcommunicationcanevaluatethecontentsofthecertificate.
ThemostexaminedfieldistheCommonNameEachthencomparesittowhattheyexpect.
Itisalsowisetochecktheissuerofthecertificate.
Istheissueratrustedparty?FormoreontheseissuersseeTrustedCertificateAuthorities,
Userscangeneratetheirowndigitalcertificates,calledself-signedcertificates,withfreetools.
Butsuchcertificatesareinherentlyuntrustworthyandtherealvalueofcertificates
comeswhentheyareissuedbyatrustedCA.
UserscancreateandruntheirownCAontheirnetworkandsometimesthismakessense,butinmanycasesit
isnecessarytouseanoutsidetrusted CA whichoutsidepartiescanalsotrustSymantec™isthelargestCA.
Authentication and Verification
6. A header is added to the encrypted payload. The payload is then passed to a
reliable transport protocol.
The Four Upper Layer Protocols
Application Encryption Protocol
Encrypt/Decrypt application data
Change Cipher Spec Protocol
Alert to a change in communication variables
Alert Protocol
Messages important to SSL connections
Handshaking Protocol
Establish communication variables
SSL Record Protocol
Services provided are:
Confidentiality
using symmetric encryption with a shared secret key defined by Handshake Protocol
IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
message is compressed before encryption
Message integrity
using a MAC (Message Authentication Code) created using a shared secret key and a
short message
7. SSL Change Cipher Spec Protocol:
one of 3 SSL specific protocols which use the SSL Record protocol
a single message
Purpose of message
Cause copy of pending state to current state.
Updates cipher suite to be used on the current connection.
SSL Alert Protocol:
conveys SSL-related alerts to peer entity
Consists of two bytes
1st byte : warning or fatal
2nd byte: code for specific alerts
specific alert types
unexpected message, bad record mac, decompression failure, handshake failure,
illegal parameter
close notify, no certificate, bad certificate, unsupported certificate, certificate
revoked, certificate expired, certificate unknown
compressed & encrypted like all SSL data
SSL Handshake Protocol:
The most complex part of SSL.
8. allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
Establish Security Capabilities
Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish
The client(Alice) and server(Bob) must agree on various parameters to establish the
connection
Alice request a secure connections and presents a list of Cipher Suites
Bob picks the strongest supported Cipher Suite
Bob sends back his digital certificate
o Including the certificate authority and his public key
By encrypting using the server’s public key, Alice send a random number to Bob
securely
Alice and Bob generate key material from the random number
Secure connection established
11. SSL Handshake Protocol:
This protocol allows the server and client to authenticate each other and to negotiate an
encryption and MAC algorithm and cryptographic keys to be used to protect data sent in
an SSL record.
12. TLS (Transport Layer Security)
SSL Key Exchange (Simplified)
1. SSL client connects to an SSL server
2. Server then sends its own certificate that contains its public key
3. Client then creates a random key (premaster key) and uses server's public key to encrypt it
13. 4. Client then sends encrypted premaster key to the server
5. Server then decrypts it (only the server that has the matching private key can decrypt it) and
uses decrypted premaster key to create secret session key
6. Now both client and server uses secret session key for further communication
Secure Socket Layer (SSL):
Where SSL fits?
SSL runs over TCP:
Confidentiality (Privacy)
Data integrity (Tamper-proofing)
Server authentication (Proving a server is what it claims it is)
–
Used in typical B2C transaction
Optional client authentication
–
Would be required in B2B (or Web services environment in which program talks
to program)
What security is provided?
14. By providing:
Endpoint Authentication
Unilateral or Bilateral
Communication Confidentiality
For preventing:
Eavesdropping
Tampering
Message Forgery
Eavesdropping
Tampering
Message
Forgery
• Encryption
• Symmetric-key Cryptography
• Message Digest
• Cryptographic Hash
• Authentication & Digital signature
• Public-key Cryptography
SSL Architecture:
TLS (Transport Layer Security)
TLS uses stronger encryption algorithms and has the ability to work on different ports.
Additionally, TLS version 1.0 does not interoperate with SSL version 3.0.
IETF standard RFC 2246 similar to SSLv3
15. with minor differences
In record format version number
Uses HMAC for MAC
A pseudo-random function expands secrets
Has additional alert codes
Some changes in supported ciphers
Changes in certificate negotiations
Changes in use of padding
Changes from SSL 3.0 to TLS:
TLSisthesuccessortechnologytoSSL,
whichwasdevelopedbyNetscapein1994.
ThefirstpublicreleasewasSSLversion,andwasquicklyfollowedbyversion.
TheTLSspecificationwasreleasedin1999inRFC2246,andisonlyaminormodificationofSSL3.
Changeshavecomeatamuchslowerpacesincethen,withTLS1.1and1.2largelyconcernedwithsecurity
improvements.
TLSisstillwidelycalledSSL,especiallyinproductnames,evenifthetermisstrictlyinaccurate.
TLSversionsaredesignedtointeractwith
androllbacktoearlierprotocolssuchasSSL3.
Infact,intheprotocolhandshake,TLS1.0,1.1 and1.2 usetheversionnumbers3.1,3.2and3.3
Oneofthemaindifferencesyou’llseebetweenSSLandTLSversionsarethecryptographicfeatures,inclu
dingtheciphers,hashalgorithmsandkeyexchangemechanismstheysupport.
Astimeandversionsadvance,supportforweakerfeaturesisdroppedfromtheprotocolandstrongeronesa
dded.
Fortezza removed
Additional Alerts added
Modification to hash calculations
Protocol version 3.1 in ClientHello, ServerHello
What is TLS?
Protocol layer
Requires reliable transport layer (e.g. TCP)
Supports any application protocols
16. TLS: Privacy:
Encrypt message so it cannot be read
Use conventional cryptography with shared key
DES, 3DES
RC2, RC4
IDEA
TLS: Key Exchange:
Need secure method to exchange secret key
Use public key encryption for this
“key pair” is used - either one can encrypt and then the other can decrypt
slower than conventional cryptography
share one key, keep the other private
Choices are RSA or Diffie-Hellman
TLS: Integrity:
Compute fixed-length Message Authentication Code (MAC)
Includes hash of message
Includes a shared secret
Include sequence number
Transmit MAC with message
Receiver creates new MAC
should match transmitted MAC
TLS allows MD5, SHA-1
TLS: Authentication:
Verify identities of participants
Client authentication is optional
Certificate is used to associate identity with public key and other attributes
TLS: Architecture:
17. TLS defines Record Protocol to transfer application and TLS information
A session is established using a Handshake Protocol
TLS: Record Protocol:
TLS: Handshake:
Negotiate Cipher-Suite Algorithms
Symmetric cipher to use
Key exchange method
Message digest function
Establish and share master secret
Optionally authenticate server and/or client
Handshake Phases:
Hello messages
Certificate and Key Exchange messages
Change Cipher Spec and Finished messages
Implementation of SSL/TLS:
SSL and TLS have been widely implemented
Open source software projects
○ OpenSSL, NSS, or GnuTLS
Microsoft Windows
18. ○ Part of its Secure Channel
Browsers
○ Google Chrome
○ Internet Explorer, etc.
Client Side:
<? Php//-------------------------------------Message Encryption Start .......................//
$plan_text=$_POST['text'];
$befor_cipher=$plan_text;
$strlen=strlen($plan_text)."<br />";
$abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s",
"t","u","v","w","x","y","z");
$count=0;
$replace=array();
for($count=0; $count<$strlen; $count++)
{
foreach($abc as $key=>$value)
{
if($plan_text[$count]==$value)
19. {
$replace[$count]=$abc[25-$key];
}
}
}
$cipher_text=implode($replace);
//.................................................... Message Encrption End .......................... //
//........................................ Codding For Connection Start ....................//
$host
= "192.168.1.9";
$port
= 25003;
//set_time_limit(0);
echo "<h1>Message Sent</h1><br />";
echo "Plan Text : ".$befor_cipher;
echo "<br />Cipher Text : ".$cipher_text;
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create
socketn");
// connect to server
$result = socket_connect($socket, $host, $port) or die("Could not connect to
servern");
// send string to server
socket_write($socket, $cipher_text, strlen($cipher_text)) or die("Could not send
data to servern");
// close socket
socket_close($socket);
// ...........................................Codding for connection End.............................//
?>
Server Side:
20. <?php
//.............................................Codding
Start.........................//
for
SERVER
Connection
// set some variables
$host = "192.168.1.9";
$port = 25003;
// don't timeout!
set_time_limit(0);
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create
socketn");
// bind socket to port
$result = socket_bind($socket, $host, $port) or die("Could not bind to socketn");
// start listening for connections
$result = socket_listen($socket, 10) or die("Could not set up socket listenern");
// accept incoming connections
// spawn another socket to handle communication
$spawn = socket_accept($socket)
connectionn");
or
die("Could
not
accept
incoming
// read client input
$cipher_text = socket_read($spawn, 1024) or die("Could not read cipher_textn");
echo "<h1>Message Received</h1><br />";
echo "Cipher text :".$cipher_text."<br />";
// close sockets
socket_close($spawn);
socket_close($socket);
//.............................................Codding
End.........................//
for
SERVER
//.................................................Decription Start.........................//
Connection
21. $strlen=strlen($cipher_text)."<br />";
$abc=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s",
"t","u","v","w","x","y","z");
$count=0;
$replace=array();
for($count=0; $count<$strlen; $count++)
{
foreach($abc as $key=>$value)
{
if($cipher_text[$count]==$value)
{$replace[$count]=$abc[25-$key];}
}
}
$plan_text=implode($replace);
echo "Plan Text : ".$plan_text;
//...............................................Decription Enc.........................//
?>
Socket Programming in PHP
Introduction
Sockets are used for inter process communication. Inter process communication is generally
based on client-server model. In this case, client-server is the applications that interact with each
other. Interaction between client and server requires a connection. Socket programming is
responsible for establishing that connection between applications to interact.
By the end of this tip, we will learn how to create a simple client-server in PHP. We will also
learn how client application sends message to server and receives it from the same.
Using the Code
Aim: Develop a client to send a string message to server and server to return reverse of the same
message to client.
22. PHP SERVER
Step 1: Set variables such as "host" and "port"
$host = "127.0.0.1";
$port = 5353;
// No Timeout
set_time_limit(0);
Port number can be any positive integer between 1024 -65535.
Step 2: Create Socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn");
Step 3: Bind the socket to port and host
Here the created socket resource is bound to IP address and port number.
$result = socket_bind($socket, $host, $port) or die("Could not bind to socketn");
Step 4: Start listening to the socket
After getting bound with IP and port server waits for the client to connect. Till then it keeps on
waiting.
$result = socket_listen($socket, 3) or die("Could not set up socket listenern");
Step 5: Accept incoming connection
This function accepts incoming connection request on the created socket. After accepting the
connection from client socket, this function returns another socket resource that is actually
responsible for communication with the corresponding client socket. Here “$spawn” is that
socket resource which is responsible for communication with client socket.
$spawn = socket_accept($socket) or die("Could not accept incoming connectionn");
So far, we have prepared our server socket but the script doesn't actually do anything. Keeping to
our aforesaid aim, we will read message from client socket and then send back reverse of the
received message to the client socket again.
Step 6: Read the message from the Client socket
$input = socket_read($spawn, 1024) or die("Could not read inputn");
23. Step 7: Reverse the message
$output = strrev($input) . "n";
Step 8: Send message to the client socket
socket_write($spawn, $output, strlen ($output)) or die("Could not write outputn");
Close the socket
socket_close($spawn);
socket_close($socket);
This completes with the server. Now we will learn to create PHP client.
PHP CLIENT
The first two steps are the same as in the server.
Step 1: Set variables such as "host" and "port"
$host = "127.0.0.1";
$port = 5353;
// No Timeout
set_time_limit(0);
Note: Here the port and host should be same as defined in server.
Step 2: Create Socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create socketn");
Step 3: Connect to the server
$result = socket_connect($socket, $host, $port) or die("Could not connect toservern");
Here unlike server, client socket is not bound with port and host. Instead it connects to server
socket, waiting to accept the connection from client socket. Connection of client socket to server
socket is established in this step.
Step 4: Write to server socket
socket_write($socket, $message, strlen($message)) or die("Could not send data to servern");
In this step, client socket data is sent to the server socket.
24. Step 5: Read the response from the server
$result = socket_read ($socket, 1024) or die("Could not read server responsen");
echo "Reply From Server :".$result;
Step 6: Close the socket
socket_close($socket);
Application of SSL/TLS:
On top of the Transport Layer protocols
Primarily with TCP
Datagram Transport Layer Security(DTLS) for UDP
Encapsulating the application protocols
HTTP (HTTPS)
for securing WWW traffic
FTP (FTPS) SMTP, NNTP, etc.
References:
William Stallings, 5th Edition, “Transport-Level Security”, Chapter 16, Pages : 509-543
www.cse.buffalo.edu/DBGROUP/nachi/ecopres/fengmei
http://www.slideshare.net/leethree/ssl-intro