Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings."

Transcription

1 Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

2 Abstraction: Crypto building blocks NS HS13 2

3 Abstraction: The secure channel 1., run a key-exchange protocol that establishes an, between and. 2. This is used together with a cryptographic functions to protect the and/or of the transmitted data. NS HS13 3

4 The real secure channel Network layer Physical layer Data link LLC = Logical Link Control MAC = Media Access Control NS HS13 4

5 SSL as a playground for crypto tools We will study the SSL protocol and in the meantime recapitulate (or relearn) some important concepts like: 1. Hash function, hash value (SHA-1/2/3) 2. Symmetric encryption key (AES) 3. Asymmetric encryption key (RSA) 4. Digital signature 5. X.509 certificates NS HS13 5

6 Where hides security in the TCP/IP protocol stack? NS HS13 6

7 SSL functionality NS HS13 7

8 The different parts of the SSL protocol NS HS13 8

9 SSL(TLS) over TCP over IP NS HS13 9

10 SSL characteristics! Netscape Secure Socket Layer;! Layered between the application and TCP;! Server authenticated with public keys (X509);! Can authenticate client (rare);! Privacy enforced by encryption;! Integrity enforced by MACs;! Works with any TCP application (but mainly http): service port NS HS13 10

11 SSL(TLS) protocols SSL provides end-to-end security, based on a communication protocol. SSL protocols: 1. Handshake 2. Record 3. Change cipher specifications 4. Alert services The record part provides how encrypted data are transported to the application (via http) and other protocols NS HS13 11

12 Handshake protocol The most complex part of SSL: 1. Allows the server and client (optional) to authenticate each other. 2. Negotiate encryption, MAC algorithm and cryptographic keys. 3. Used before any application data are transmitted. NS HS13 12

13 Handshake protocol action: the palatable version. Client : Hello, here is a list of cipher suites I can use. Server: Hello, here is the cipher suite I chose from your list. And here's an X.509v3 certificate that contains my public RSA key. Client : [Scrutinises the certificate, checks to make sure it's signed by a known certificate authority.] Okay, thanks. Here's the pre-master secret, encrypted with your public key. The next thing I say to you will be encrypted with the session key. Client : [Encrypted] I'm done with the handshake. Server: [Decrypts the pre-master secret using private key, then generates the session key.] The next thing I send will be encrypted. Server: [Encrypted] I'm done with the handshake too. NS HS13 13

14 SSL protocol basic handshake features (i) The client initiates the connection to the server and tells the server which SSL cipher suites the client supports. (ii) The server responds with the cipher suites that it supports. (iii) The server sends the client a certificate that should authenticate it. (iv) The server initiate a session key exchange algorithm, based in part on the information contained in the certificate it has just sent, and sends the necessary key exchange information to the client. (v) The client completes the key exchange algorithm and sends the necessary key exchange information to the server. Along the way, it verifies the certificate. (vi) Based on the type of key exchange algorithm (that in turn is based on the type of key in the server s certificate), the client selects an appropriate cipher suite and tells the server which suite it wishes to use. (vii) The server makes a final decision as to which cipher suite to use. NS HS13 14

15 Handshake protocol crypto details Negotiate cryptographic specifications: -- includes session id and nonce (random number) -- key exchange -- RSA, Diffie-Hellmann, Fortezza (IBM proprietary alg.) -- cipher -- RC2, RC4, DES, 3DES, DES40, IDEA, Fortezza, AES -- hash -- MD5, SHA-1 Authenticate server (optionally and rarely the client): -- server sends its public key certificate -- or anonymous DH (option) -- client verifies server certificates with CA certificate Establish session key/iv (Initial Vectors): -- optional client authentication -- client sends premaster secret encrypted with server's pub key -- client/server calculate master secret, keys, IVs Send change cipher message. Send encrypted finish message. NS HS13 15

16 Handshake protocol global view NS HS13 16

17 Handshake protocol gritty details (1) Client Server of client of server Handshake: ClientHello 1. cipher_suites (offer of supported cipher clusters, represented as two-byte codes; the client is offering different combinations of signing algorithms, digest algorithms, and so on) 2. random (4 bytes GMT + 28 bytes random) 3. version 4. session_id (first time through client leaves this blank) 5. compression_method (the only one defined is null...) Handshake: (contains essentially the same fields as the message. Server fills in session_id, for uses we'll see shortly. What's in cipher_suite are the algorithms the client and server will actually use--i.e., the server decides) Handshake:Certificate (here's my X.509 certificate; see the example below) Handshake: NS HS13 17

18 Handshake protocol gritty details (2) Client Handshake: (client selects pre_master_secret (= two bytes designating version + 46 bytes of random, encrypts with sender's public key (having verified the server's certificate and extracted the key) and sends; each side now turns the pre_master_secret into the master_secret, and then to turn the master_secret into a set of session keys; see below for further details) (my next message will use the encryptions we agreed on) Handshake: 1. the client now sends a digest of all its previous messages so the server can verify the integrity of the messages received; the point is to prevent the possibility of an attacker injecting bogus handshake messages 2. in the case of SSLv3, the contents of the Finished message are an MD5 hash followed by a SHA-1 hash; here's how the MD5 hash is produced: Server (my next message will use the encryptions we agreed on) Handshake: Finished (here's a digest of what I just said) NS HS13 18

19 Handshake protocol gritty details (3) Client Server (blah blah blah) ApplicationData (yak yak yak) Alert: warning, (the point of which is to prevent truncation attack, i.e., attacker inserting a premature (they can't insert a bogus because of the integrity checks built into SSL)) Alert:, of of NS HS13 19

20 Generating the Master Secret SERVER S PUBLIC KEY IS SENT BY SERVER IN CLIENT GENERATES THE PREMASTER SECRET ENCRYPTS WITH PUBLIC KEY OF SERVER CLIENT SENDS PREMASTER SECRET IN SENT BY CLIENT IN SENT BY SERVER IN TLS 1.2 : MD5 and SHA-1 replaced by SHA-256 MASTER SECRET IS 3 MD5 HASHES CONCATENATED TOGETHER = 384 BITS SOURCE: THOMAS, SSL AND TLS ESSENTIALS NS HS13 20

21 Generation of key material JUST LIKE FORMING THE MASTER SECRET EXCEPT THE MASTER SECRET IS USED HERE INSTEAD OF THE PREMASTER SECRET... SOURCE: THOMAS, SSL AND TLS ESSENTIALS NS HS13 21

22 Obtaining keys from the key material SECRET VALUES INCLUDED IN MESSAGE AUTHENTICATION CODES SYMMETRIC KEYS INITIALIZATION VECTORS FOR DES CBC ENCRYPTION SOURCE: THOMAS, SSL AND TLS ESSENTIALS NS HS13 22

23 Record protocol 1. Provides confidentiality and integrity. 2. Fragments message ( 2 14 bytes). 3. Optional compression (default: none). 4. Calculates MAC (Message Authentication Code = integrity). MAC traditionally is based on symmetric block cipher, i.e. MAC = C K (M) where M is the message, MAC a fixed length authenticator, K a secret symmetric key shared between sender and receiver and C(.) a function. 5. Modified H(Hash)MAC to include sequence number (prevent replay attacks). 6. Encrypts both message and MAC (confidentiality+integrity). 7. Propend header. NS HS13 23

24 SSL Record Protocol Operation 2 14 Bytes = 16 KB NS HS13 24

25 SSL Record Format Higher level protocol used 2003: : 1 Length in Bytes of plaintext or compressed fragment NS HS13 25

26 SSL remaining protocols One of 10 messages, e.g.: Always 1: pending state current Parameters Warning (1) or fatal (2) Specifies alert NS HS13 26

27 TLS enhancements: TLS 1.0 (1) RFC 2246 standard for SSLv3.1:! contains only non patented technology (no IBM KEA/FORTEZZA)! standard HMAC functions: H = embedded hash function (for TLS, either MD5 or SHA-1) M = message input to HMAC K+ = secret key padded with zeros until the block length of hash code is reached ipad = (36 in hexadecimal) repeated 64 times (512 bits) opad = (5C in hexadecimal) repeated 64 times (512 bits)! No weak cryptography for export! Good PRF (pseudo random function) for random bit expansion! Newer cryptographic algorithms (SHA-1/2/3, AES) NS HS13 27

28 TLS enhancements: TLS 1.0 (2) Differences in the: version number message authentication code pseudorandom function (PRF) alert codes cipher suites client certificate types certificate_verify and finished message cryptographic computations padding Otherwise similar to SSL v3.1. Important: the same record format as the SSL record. Vaudeney (EPFL): TLS/1.0 is unsafe! Production use: TLS 1.1 or better TLS 1.2 NS HS13 28

29 TLS enhancements: TLS 1.1 Defined in RFC 4346 in April Significant differences in this version include: 1. Added protection against Cipher block chaining ( ) attacks. Each block has a new IV field. Random IV via PRF 2. The implicit Initialization Vector ( ) was replaced with an explicit. 3. Change in handling of padding errors. 4. Support for IANA registration of parameters i.e. canonical bites codes for Internet s commands, protocols, algorithms etc. Examples: NS HS13 29

30 TLS enhancements: TLS 1.2 TLS 1.2 was defined in RFC 5246 in August Major differences include: 1. The MD5-SHA-1 combination in the pseudorandom function (PRF) was replaced with SHA-256, with an option to use PRFs specified in the ciphersuite. 2. The same combination in the message hash was replaced with SHA-256, with an option to use hash algorithms specified in the cipher-suite. 3. The same combination in the digitally-signed element was replaced with a single hash negotiated during handshake, defaults to SHA Enhancement in the client's and server's ability to specify which hash and signature algorithms they will accept. 5. Expansion of support for authenticated encryption ciphers, used mainly for Galois/Counter Mode (GCM) and CCM mode of Advanced Encryption Standard encryption. 6. TLS Extensions definition and Advanced Encryption Standard CipherSuites were added. 7. TLS 1.2 was further refined in RFC 6176 in March 2011 redacting its backward compatibility with SSL such that TLS sessions will never negotiate the use of Secure Sockets Layer (SSL) version 2.0. NS HS13 30

31 Words to the wise about applied cryptography 1. Hashing and symmetric key ciphers are fast: use them for session encryption. 2. RSA public key is slow, but it is useful for key exchange and user/server authentication 3. Informal web of trust of PGP (you are in charge) versus CA based (you do not know, who controls it: DigiNotar (NL) 2011, NSA 2013) 4. A good protocol should: 1. negotiate cryptographic parameters 2. establish shared secret 3. authenticate endpoints 5. Use ssh, pgp liberally as the crypto part of an application. 6. SSL: a transport interface, but you still needs to modify the application (http https, telnet ssltelnet,...) 7. IPsec places cryptography where it belongs: at the network layer. NS HS13 31

32 A fast intro to socket Datagram (dg) = Internet data packet, which consists of:! Header: accounting info (e.g., sequence #, src port and dest port)! Payload: the data itself. Internet data are a stream of dg. Questions: How to split dg? How to reassemble dg? How to track packets arrival? How to parse dg? All this is handled by sockets. A socket is a descriptor that lets an application read/write from/to the network. Socket is a Berkeley Unix innovation that treat network connection as yet another byte stream, e.g., a file. Clients and servers communicate with each other by reading from and writing to socket descriptors. The main difference between file I/O and socket I/O is how the application opens the socket descriptors.! Example: Linux uses the same abstraction for both file I/O and network I/O.! Example: Linux uses regular read and write I/O functions. NS HS13 32

33 OpenSSL software (1) OpenSSL is a sort of reference implementation consisting of: 1. SSL software library: To develop SSL based applications like 2. Tools ( ) to create certificates with your own CA (Certification Authority). Some options: : key generation : verify certificates : convert keys : certificates management : generates signing certificate request CSR NS HS13 33

34 OpenSSL software (2) 3. Generates random numbers:! mix with MD5 of data in! Windows: hash of screen! add randomness on each connect()! save/restore from rand file 4. Generates big prime numbers:! quick sieve (2048)! MillerRabin 5. Arithmetic with big integer NS HS13 34

35 OpenSSL library Secure message protocol: 1. TCP stream only 2. RSA, DiffieHellman + legacy 3. Key exchange and authentication 4. Message integrity (MD2, MD5, SHA-1) 5. Encryption (DES, IDEA, RSA, AES, RC4) 6. (Weak) random numbers 7. Reference implementations available NS HS13 35

36 OpenSSL client NS HS13 36

37 OpenSSL server NS HS13 37

38 X.509 certificate (1) Every X.509 certificate consists of two sections: (i) data and (ii) signature. The data section includes the following information: 1. The version number of the X.509 standard supported by the certificate. 2. The certificate's serial number. Every certificate issued by a CA has a serial number that is unique to the certificates issued by that CA. 3. Information about the user's public key, including the algorithm used and a representation of the key itself. 4. The DN of the CA that issued the certificate. 5. The period during which the certificate is valid (for example, between 1:00 p.m. on January 1, 2000 and 1:00 p.m. December 31, 2000). 6. The DN of the certificate subject (for example, in a client SSL certificate this would be the user's DN), also called the subject name. 7. Optional certificate extensions, which may provide additional data used by the client or server. For example, the certificate type extension indicates the type of certificate - that is, whether it is a client SSL certificate, a server SSL certificate, a certificate for signing , and so on. Certificate extensions can also be used for a variety of other purposes. NS HS13 38

39 X.509 certificate (2) The signature section includes: 1. The cryptographic algorithm, or cipher, used by the issuing certificate authority (CA) to create its own digital signature. 2. The CA's digital signature, obtained by hashing all of the data in the certificate together and encrypting it with the CA's private key. NS HS13 39

40 Client verification of server's certificate NS HS13 40

41 Webserver verification of client's certificate NS HS13 41

42 OpenSSL key generation for CA 1. Create a random string: (write 128 random bytes of base64-encoded data to stdout) 2. Generate public/private key: 3. Generate certificate signing request (CSR): 4. to CA, or selfsign: NS HS13 42

43 Your own CA In OpenSSL directory start : 1. Creates a CA. 2. has CA policies: dictates which certificate s fields are mandatory, the cert lifetime, which algorithms are to be used.) 3. Generates certificate requests. 4. Signs CSR. 5. Generates CRL (Certificates Revocation List). 6. Uses PEMencoded certificates (not PKCS#12). 7. For secure web server, real CA certificate -- $400/year (Verisign) NS HS13 43

44 NS HS13 44

45 Bibliography Stephen Thomas: SSL and TLS Essentials, John Wiley, RFC on TLS 1.1, 1.2: Analysis of SSL Security: SSL Timing Attack: Vaudenay paper can be found at: NS HS13 45

46 Appendix: Java certificates NS HS13 46

47 Certificates and keys administration (Java) Look contents of cacerts in: Verisign, Thawte CA Date trust degree given by user MD5-hash of cert NS HS13 47

48 Key pair generation (1) Encryption algorithm Private and public key + autosigned certificate Default name of keystore in directory. Other options: : Size in bits of key. Default 1024 bits. : Signature algorithm. Default: : No of day the certificate is valid. Default 90 days. NS HS13 48

49 Key pair generation (2) NS HS13 49

50 List contents of keystore NS HS13 50

51 Export and trust an autosigned certificate (1) Export: Import it into your trusted : NS HS13 51

52 Export and trust an autosigned certificate (2) Examine it in your trusted.cuntruststore: NS HS13 52

53 Preparation for a Verisign certificate You want to get Verisign to authenticate your certificate (it costs money). First step: You get a file cuncert.crq formatted with the MIME64 standard: NS HS13 53

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Crypto building blocks AS HS13 2 Abstraction: The secure channel 1., run a key-exchange protocol

More information

Communication Systems SSL

Communication Systems SSL Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security

More information

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610

Real-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610 Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

WEB Security: Secure Socket Layer

WEB Security: Secure Socket Layer WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security

More information

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

The Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course

More information

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

CSC 474 Information Systems Security

CSC 474 Information Systems Security CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

More information

CSC 774 -- Network Security

CSC 774 -- Network Security CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version

More information

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols INFS 766 Internet Security s Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

SSL Secure Socket Layer

SSL Secure Socket Layer ??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake

More information

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132)

Outline. Transport Layer Security (TLS) Security Protocols (bmevihim132) Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture

More information

SECURE SOCKETS LAYER (SSL)

SECURE SOCKETS LAYER (SSL) INFS 766 Internet Security Protocols Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS

More information

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice: Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Secure Socket Layer/ Transport Layer Security (SSL/TLS) Secure Socket Layer/ Transport Layer Security (SSL/TLS) David Sánchez Universitat Pompeu Fabra World Wide Web (www) Client/server services running over the Internet or TCP/IP Intranets nets widely used

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS) Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL

Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,

More information

SSL Secure Socket Layer

SSL Secure Socket Layer ??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture OS Appl. CSC/ECE 574 Computer and Network Security Outline I. Overview II. The Record Protocol III. The Handshake and Other Protocols Topic 8.3 /TLS 1 2 Reminder: What Layer? Overview of 3 4 Protocols

More information

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Authenticity of Public Keys

Authenticity of Public Keys SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

More information

Security Protocols/Standards

Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Lecture 7: Transport Level Security SSL/TLS. Course Admin

Lecture 7: Transport Level Security SSL/TLS. Course Admin Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be

More information

mod_ssl Cryptographic Techniques

mod_ssl Cryptographic Techniques mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Security. Learning Objectives. This module will help you...

Security. Learning Objectives. This module will help you... Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

T-79.159 Cryptography and Data Security

T-79.159 Cryptography and Data Security T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP Kaufman et al: Ch 17, 11.2 SSL/TLS 18, 19 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy Email encryption

More information

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol SSL/TLS TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol HTTPS SSH SSH Protocol Architecture SSH Transport Protocol Overview SSH User Authentication Protocol SSH Connection Protocol

More information

SSL and TLS. An Overview of A Secure Communications Protocol. Simon Horman aka Horms. horms@valinux.co.jp horms@verge.net.au horms@debian.

SSL and TLS. An Overview of A Secure Communications Protocol. Simon Horman aka Horms. horms@valinux.co.jp horms@verge.net.au horms@debian. SSL and TLS An Overview of A Secure Communications Protocol Simon Horman aka Horms horms@valinux.co.jp horms@verge.net.au horms@debian.org Presented at the Security Mini-Conf at Linux.Conf.Au Canberra,

More information

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012

Security Protocols and Infrastructures. h_da, Winter Term 2011/2012 Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

ERserver. iseries. Securing applications with SSL

ERserver. iseries. Securing applications with SSL ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

Information Security

Information Security SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:

More information

, ) I Transport Layer Security

, ) I Transport Layer Security Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security

More information

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents

More information

Lecture 4: Transport Layer Security (secure Socket Layer)

Lecture 4: Transport Layer Security (secure Socket Layer) Lecture 4: Transport Layer Security (secure Socket Layer) Recommended reading: Thomas, SSS and TLS essentials (old but very well written) SSL/TLS: layered view HTTP SMTP TCP/UDP IPsec Network layer security

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Web Security. Mahalingam Ramkumar

Web Security. Mahalingam Ramkumar Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

SSL: Secure Socket Layer

SSL: Secure Socket Layer SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties

More information

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1 Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can

More information

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng

SSL/TLS. What Layer? History. SSL vs. IPsec. SSL Architecture. SSL Architecture. IT443 Network Security Administration Instructor: Bo Sheng What Layer? /TLS IT443 Network Security Administration Instructor: Bo Sheng Application TCP IPSec IP LAN layer Application TCP IP LAN layer 1 2 History v2 proposed and deployed in Netscape 1.1 (1995) PCT

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Einführung in SSL mit Wireshark

Einführung in SSL mit Wireshark Einführung in SSL mit Wireshark Chemnitzer Linux-Tage 16. März 2014 Martin Kaiser What? SSL/TLS is the most widely used security protocol on the Internet there's lots of parameters, options, extensions

More information

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843  Prof. John A. Copeland 404 894-5177 fax 404 894-0035 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

Embedded TCP/IP-Security

Embedded TCP/IP-Security Embedded TCP/IP-Security Agenda What is security? A look into a security data sheet Symmetric vs. asymmetric cryptography TCP/IP security SSL/TLS CB ussl SSH CB ussh Demo Summary Page 2 What is security?

More information

T-79.4501 Cryptography and Data Security

T-79.4501 Cryptography and Data Security T-79.4501 Cryptography and Data Security Lecture 12: Security systems using public keys 11.1 PGP 11.2 SSL/TLS 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy Email encryption program ottom up approach

More information

TLS/SSL in distributed systems. Eugen Babinciuc

TLS/SSL in distributed systems. Eugen Babinciuc TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History

More information

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005 Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol

More information

ISA 562 Information System Security

ISA 562 Information System Security Outline ISA 562 Information System Security PKI SSL PKI SSL ISA 562 1 ISA 562 2 Motivation 1- Key Distribution Problem In a secret key cryptosystem, the secret key must be transmitted via a secure channel

More information

IT Networks & Security CERT Luncheon Series: Cryptography

IT Networks & Security CERT Luncheon Series: Cryptography IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI

More information

Netzwerksicherheit: Anwendungen

Netzwerksicherheit: Anwendungen Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

SSL Handshake Analysis

SSL Handshake Analysis SSL Handshake Analysis Computer Measurement Group Webinar Nalini Elkins Inside Products, Inc. nalini.elkins@insidethestack.com Inside Products, Inc. (831) 659-8360 www.insidethestack.com www.ipproblemfinders.com

More information

SSL/TLS: The Ugly Truth

SSL/TLS: The Ugly Truth SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

More information

As enterprises conduct more and more

As enterprises conduct more and more Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside

More information

Managing SSL certificates in the ServerView Suite

Managing SSL certificates in the ServerView Suite Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition September 2015 Comments Suggestions Corrections

More information

TLS security protocol, Firewalls

TLS security protocol, Firewalls TLS security protocol, Firewalls Diana Berbecaru < diana.berbecaru @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Security internal to the applications APP #1 sec... APP #N sec logical

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Cryptography and Network Security Chapter 15

Cryptography and Network Security Chapter 15 Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North

More information

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS 1.0.13. by Nikos Mavroyanopoulos

GNUTLS. a Transport Layer Security Library This is a Draft document Applies to GnuTLS 1.0.13. by Nikos Mavroyanopoulos GNUTLS a Transport Layer Security Library This is a Draft document Applies to GnuTLS 1.0.13 by Nikos Mavroyanopoulos ii Copyright c 2001,2002,2003 Nikos Mavroyanopoulos Permission is granted to copy, distribute

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

[SMO-SFO-ICO-PE-046-GU-

[SMO-SFO-ICO-PE-046-GU- Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

2014 IBM Corporation

2014 IBM Corporation 2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session

More information

The Rabbit Embedded Security Pack

The Rabbit Embedded Security Pack The Rabbit Embedded Security Pack The Rabbit Embedded Security Pack is a Dynamic C add-on module. It is composed of three main software packages: SSL/TLS 1 AES Wi-Fi Enterprise Mode Authentication SSL

More information

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces

More information

Internetwork Security

Internetwork Security Internetwork Security Why Network Security Layers? Fundamentals of Encryption Network Security Layer Overview PGP Security on Internet Layer IPSec IPv6-GCAs SSL/TLS Lower Layers 1 Prof. Dr. Thomas Schmidt

More information