Certificates and network security
|
|
- Branden Smith
- 8 years ago
- Views:
Transcription
1 Certificates and network security Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014
2 Outline X.509 certificates and PKI Network security basics: threats and goals Secure socket layer Note: the SSL part of this lecture partly overlaps with the now-terminated T course 2
3 X.509 CERTIFICATES 3
4 Key distribution problem Public keys make key distribution easier than it is for secret keys, but it is still not trivial: How to find out someone s authentic public key? Solution: an authority or trusted third party issues certificates that bind public keys to names Certificate = Sign CA (Name, PK, validity_period) Certificate is a message signed by an issuer, containing the subject s name and public key Questions: Who could the authority be? How does everyone know the public key of the authority? What is the difference between authority and trusted third party? 4
5 X.509 PKI ITU-T/ISO X.509 standard, IETF RFC3280 Certification authority (CA) issues certificates CA can delegate its authority to another CA CA hierarchy X.509 certificates are identity certificates i.e. bind a principal name to a public key Users, computers and services are end entities CAs and end entities are principals Each principal has a key pair Key pair = public and private signature key (RSA keys can also be used for encryption) ISO notation for a certificate: CA<<Alice>> 5
6 Certificate: Data: Version: 3 (0x2) Serial Number: d1:32:5b:f8:d7:09:02:37:50:57:93:55:84:c9:b2:4c Signature Algorithm: sha1withrsaencryption Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA Validity Not Before: Nov 19 12:02: GMT Not After : Nov 19 12:02: GMT Subject: C=FI, O=TKK, OU=Computing Centre, CN=wwwlogin.tkk.fi/ Address=webmaster@tkk.fi Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c7:94:9b:49:29:6f:2d:6d:32:70:97:73:39:1e: 04:20:89:ea:05:89:02:01:1a:d7:2d:ad:86:f6:99: 69:7e:13:19:f2:09:d0:e6:05:ca:93:13:a7:e2:7b: 3b:b6:68:e7:49:c7:3b:53:fd:b5:c1:bc:64:65:6c: 4d:89:37:ab:b5:6b:2a:38:2b:45:82:f6:99:97:21: 57:fc:ac:26:9b:04:3b:ad:13:26:8e:85:ff:44:ba: 4f:1e:27:cc:f2:fd:c1:47:c4:de:b6:d2:6c:2c:48: 6e:a3:cc:cd:0c:ed:75:4b:a2:c7:f0:c2:e1:9b:e9: d3:0c:1b:90:35:c8:ee:e7:01 Exponent: (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:4a:a0:aa:58:84:d3:5e:3c X509v3 Certificate Policies: Issuer info Validity dates Policy: X509v3 CRL Distribution Points: URI:ldap:// :389/cn=Sonera%20Class2%20CA,o=Sonera,c=FI?certificaterevocationlist;binary X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: Key usage TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Key Identifier: 86:4C:D0:93:1A:A4:C4:7C:94:A0:28:04:F3:DA:17:12:18:FF:23:D7 Signature Algorithm: sha1withrsaencryption 50:c3:94:71:b3:d2:1d:7f:be:71:5e:fe:ff:ec:09:50:68:f0: 27:54:cd:e8:f2:17:90:3e:ea:6c:e2:81:12:bf:e2:73:72:9e: X.509 certificate example Save certificate into a file and pretty print: % openssl x509 -in cert.pem -noout -text Subject name Subject public key Revocation list URL CA signature 6
7 Certificate: Data: Version: 3 (0x2) Serial Number: d1:32:5b:f8:d7:09:02:37:50:57:93:55:84:c9:b2:4c Signature Algorithm: sha1withrsaencryption Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA Validity Not Before: Nov 19 12:02: GMT Not After : Nov 19 12:02: GMT Subject: C=FI, O=TKK, OU=Computing Centre, CN=wwwlogin.tkk.fi/ Address=webmaster@tkk.fi Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c7:94:9b:49:29:6f:2d:6d:32:70:97:73:39:1e: 04:20:89:ea:05:89:02:01:1a:d7:2d:ad:86:f6:99: 69:7e:13:19:f2:09:d0:e6:05:ca:93:13:a7:e2:7b: 3b:b6:68:e7:49:c7:3b:53:fd:b5:c1:bc:64:65:6c: 4d:89:37:ab:b5:6b:2a:38:2b:45:82:f6:99:97:21: 57:fc:ac:26:9b:04:3b:ad:13:26:8e:85:ff:44:ba: 4f:1e:27:cc:f2:fd:c1:47:c4:de:b6:d2:6c:2c:48: 6e:a3:cc:cd:0c:ed:75:4b:a2:c7:f0:c2:e1:9b:e9: d3:0c:1b:90:35:c8:ee:e7:01 Exponent: (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:4a:a0:aa:58:84:d3:5e:3c X509v3 Certificate Policies: Issuer info Validity dates Subject: C=FI, O=TKK, OU=Computing Centre, CN=wwwlogin.tkk.fi/ Address=webmaster@tkk.fi Subject name Policy: X509v3 CRL Distribution Points: URI:ldap:// :389/cn=Sonera%20Class2%20CA,o=Sonera,c=FI?certificaterevocationlist;binary X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: Key usage TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Key Identifier: 86:4C:D0:93:1A:A4:C4:7C:94:A0:28:04:F3:DA:17:12:18:FF:23:D7 Signature Algorithm: sha1withrsaencryption 50:c3:94:71:b3:d2:1d:7f:be:71:5e:fe:ff:ec:09:50:68:f0: 27:54:cd:e8:f2:17:90:3e:ea:6c:e2:81:12:bf:e2:73:72:9e: X.509 certificate example Save certificate into a file and pretty print: % openssl x509 -in cert.pem -noout -text Subject public key Revocation list URL CA signature 7
8 Certificate: Data: Version: 3 (0x2) Serial Number: d1:32:5b:f8:d7:09:02:37:50:57:93:55:84:c9:b2:4c Signature Algorithm: sha1withrsaencryption Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA Validity Not Before: Nov 19 12:02: GMT Not After : Nov 19 12:02: GMT Subject: C=FI, O=TKK, OU=Computing Centre, CN=wwwlogin.tkk.fi/ Address=webmaster@tkk.fi Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Issuer info Validity dates Modulus (1024 bit): 00:c7:94:9b:49:29:6f:2d:6d:32:70:97:73:39:1e: 04:20:89:ea:05:89:02:01:1a:d7:2d:ad:86:f6:99: 69:7e:13:19:f2:09:d0:e6:05:ca:93:13:a7:e2:7b: 3b:b6:68:e7:49:c7:3b:53:fd:b5:c1:bc:64:65:6c: 4d:89:37:ab:b5:6b:2a:38:2b:45:82:f6:99:97:21: 57:fc:ac:26:9b:04:3b:ad:13:26:8e:85:ff:44:ba: 4f:1e:27:cc:f2:fd:c1:47:c4:de:b6:d2:6c:2c:48: Policy: X509v3 CRL Distribution Points: URI:ldap:// :389/cn=Sonera%20Class2%20CA,o=Sonera,c=FI?certificaterevocationlist;binary X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: Key usage TLS Web Server Authentication, TLS Web Client Authentication X509v3 Subject Key Identifier: 86:4C:D0:93:1A:A4:C4:7C:94:A0:28:04:F3:DA:17:12:18:FF:23:D7 Signature Algorithm: sha1withrsaencryption 50:c3:94:71:b3:d2:1d:7f:be:71:5e:fe:ff:ec:09:50:68:f0: 27:54:cd:e8:f2:17:90:3e:ea:6c:e2:81:12:bf:e2:73:72:9e: X.509 certificate example Save certificate into a file and pretty print: % openssl x509 -in cert.pem -noout -text Subject name Subject public key X509v3 Key Usage: 6e:a3:cc:cd:0c:ed:75:4b:a2:c7:f0:c2:e1:9b:e9: Digital d3:0c:1b:90:35:c8:ee:e7:01 Signature, Key Encipherment Exponent: (0x10001) X509v3 extensions: Extended Key Usage: X509v3 Authority Key Identifier: keyid:4a:a0:aa:58:84:d3:5e:3c TLS Web Server Authentication, X509v3 TLS Certificate Web Policies: Client Authentication Revocation list URL CA signature 8
9 X.509 certificate fields (1) Mandatory fields: Version Serial number together with Issuer, uniquely identifiers the certificate Signature algorithm for the signature on this certificate; usually sha1rsa; includes any parameters Issuer name (e.g. CN = Microsoft Corp Enterprise CA 2) Valid from usually the time when issued Valid to expiry time Subject distinguished name of the subject Public key public key of the subject 9
10 X.509 certificate fields (2) Common extension fields: Key usage bit field indicating usages for the subject key (digitalsignature, nonrepudiation, keyencipherment, dataencipherment, keyagreement, keycertsign, crlsign, encipheronly, decipheronly) Subject alternative name address, DNS name, IP address, etc. Issuer alternative name Basic constraints (1) is the subject a CA or an end entity, (2) maximum length of delegation to sub-cas after the subject Name constraints limit the authority of the CA Certificate policies list of OIDs to indicate policies for the certificate Policy constraints certificate policies Extended key usage list of OIDs for new usages, e.g. server authentication, client authentication, code signing, protection, EFS key, etc. CRL distribution point where to get the CRL for this certificate, and who issues CRLs Authority info access where to find information about the CA and its policies 10
11 Certificate chain Typical certificate chain: 1. Root CA self-signed certificate 2. Root CA issues a CA certificate to a sub-ca 3. Sub-CA issues end-entity certificate to a user, computer or web server Chain typically has 0..2 sub-cas (Why?) Self-signed certificate is an X.509 certificate issued by CA to itself; not really a certificate, just a way to store and transport the CA public key 11
12 CA hierarchy One root CA Each CA can delegate its authority to sub-cas All end-entities trust all CAs to be honest and competent Original X.500 idea: One global hierarchy Reality: One CA or CA hierarchy per organization (e.g. Windows domain hierarchy) Competing commercial root CAs without real hierarchy (e.g. Verisign, TeliaSonera) Cross-certification between hierarchies rare Contoso Sales Asia CA, PK US Bob, PK B Contoso Sales CA PK Sales David, PK D Contoso Root CA PK CA Contoso Sales Euro CA PK Euro Alice, PK A CA certificate End-entity certificate Root CA Contoso Dev CA PK Dev Charlie, PK C Sub-CA End entity Here arrows depict the certificates i.e. signed messages 12
13 Certificate path End-entities (e.g. Bob) know the root CA Root CA s PK stored as a self-signed certificate To verify Alice s signature: Bob needs the entire certificate path from root CA to Alice (self-signed root certificate + 2 CA certificates + end-entity certificate) The root CA must be in Bob s list of trusted root CAs Contoso Sales Asia CA, PK US Bob, PK B Contoso Sales CA PK Sales David, PK D Contoso Root CA PK CA Contoso Sales Euro CA PK Euro Alice, PK A Self-certificate CA certificate End-entity certificate Contoso Dev CA PK Dev Charlie, PK C 13
14 Certificate revocation When might CA need to revoke certificates? If the conditions for issuing the certificate no longer hold If originally issued in error If the subject key has been compromised Upgrading cryptographic algorithms Certificate revocation list (CRL) = signed list of certificate serial numbers In X.509, only certificates are revoked, not keys No mechanism for revoking the root key Different from PGP Who issues the CRL? How to find it? By default, CRL is signed by the CA that issued the certificate CRL distribution point and issuer can be specified in each certificate 14
15 X.509 CRL fields Signature algorithm Issuer name This update time Next update time For each revoked certificate: Serial number Revocation date (how would you use this information?) Extensions reason code etc. Signature 15
16 Setting up a PKI Potential root CAs: Commercial CA such as Verisign usually charges per certificate Windows root domain controller can act as an organizational CA Anyone can set up their own CA using Windows Server or OpenSSL The real costs:! Distributing the root key (self-signed certificate) Certificate enrolment need to issue certificates for each user, computer, mobile device etc. Administering a secure CA and CRL server Cannot really ask users outside your own organization to install your root key to their browsers (why?) 16
17 Name and identity With certificates, it is possible to authenticate the name or identifier of an entity e.g. person, computer, web server, address What is the right name anyway? wwwlogin.tkk.fi, security.tkk.fi, leakybox.cse.tkk.fi George Bush, George W. Bush, George H. W. Bush Who decides who owns the name? Ville Valo on Facebook Identity proofing = verification of the subject identity before certification to registered domain owner Extended validation certificates Electronic ID cards and mobile certificates in Finland Does knowing the name imply trust? Should I order a second-hand camera from buycam.fi? Should they post the camera to Tuomas Aura? 17
18 Certificate: Data: Version: 3 (0x2) Serial Number: 1f:db:f9:f0:bc:21:cb:66:19:b5:ba:6b:29:fa:c8:97 Signature Algorithm: sha1withrsaencryption Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at (c)06, CN=VeriSign Class 3 Extende d Validation SSL SGC CA Validity Not Before: Jun 2 00:00: GMT Not After : Jun 4 23:59: GMT Subject: =FI/ =V1.0, Clause 5.(b)/serialNumber= , C=FI/postalCode=00100, ST=UUSIMAA, L=Helsinki/stree taddress=aleksanterinkatu 36B, O=Nordea Bank Finland Abp, OU=Electronic Banking, CN=solo1.nordea.fi Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:e6:e2:5c:ae:a5:d4:bc:26:1a:cc:f3:d4:eb:82: 9d:b9:43:68:54:09:57:60:22:20:ae:a3:ea:32:8d: 1d:30:28:d5:73:5d:97:45:49:bc:3a:3f:be:db:da: c4:3b:55:2b:b0:9c:44:05:b7:ed:85:87:eb:68:6b: 47:e7:fe:7b:be:75:0b:ae:e1:78:18:69:10:fe:d8: 20:64:ee:08:f3:5d:08:0d:05:c4:a6:ca:fe:c5:24: 3a:10:61:e9:45:98:e1:11:f9:a5:5f:80:cb:9f:86: 0a:1f:de:f3:a8:61:94:c1:6c:c9:48:34:47:5b:ee: 14:35:7a:e1:0e:f2:81:5a:8f:dc:89:e6:ba:88:fb: 41:4f:f0:26:d0:56:a7:04:1b:f7:2a:6a:d1:f0:97: c6:63:54:05:2a:0f:93:a0:85:ad:5d:9c:26:a6:57: 5b:d4:b2:41:0e:a0:fe:d0:ab:53:a5:64:c8:b1:be: 24:ac:45:ec:54:55:5c:e3:ac:5d:94:1f:bb:82:32: cd:f7:54:80:37:01:a7:28:dc:b2:2d:ce:f6:94:cd: 67:4e:ed:5b:de:33:bd:ca:36:cc:5e:b3:0f:a7:58: ce:75:81:69:26:e2:29:a6:25:99:0f:60:68:45:fa: a5:6b:ab:fd:e0:6e:92:be:f1:8a:8c:f3:da:6f:ce: 2b:53 Exponent: (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: DD:DA:ED:35:8B:AA:A9:15:B2:11:06:C6:7C:5A:8D:2F:CB:ED:08:F1 X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Certificate Policies: Policy: CPS: X509v3 CRL Distribution Points: URI: X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto X509v3 Authority Key Identifier: keyid:4e:43:c8:1d:76:ef:37:53:7a:4f:f2:58:6f:94:f3:38:e2:d5:bd:df Authority Information Access: OCSP - URI: CA Issuers - URI: : 0`.^.\0Z0X0V..image/gif0! Kk.(...R8.).K..!..0&.$ Signature Algorithm: sha1withrsaencryption 2d:d3:9c:45:bd:d4:49:0e:52:9e:54:98:8f:36:e1:00:6c:38: 58:1a:47:f2:77:dc:15:45:85:da:5d:3f:60:03:9a:ab:7f:6a: f8:5e:3d:32:41:93:80:b9:d7:bb:6a:e0:79:40:f7:77:2c:af: 19:3a:16:5e:14:83:4a:99:f2:f1:90:ab:ed:b3:31:03:50:a5: 62:03:37:b7:73:77:59:1d:6e:f8:c5:20:17:61:9a:9a:3f:93: ac:fa:93:ea:52:29:45:78:50:56:94:79:a0:a6:94:a5:93:fc: 1f:04:2f:db:cf:9c:f3:c8:0b:2e:44:a5:ce:6f:94:27:bc:0e: fc:9e:81:03:15:9d:b6:5f:75:67:44:12:4c:d8:5e:3e:8f:21: 0b:d9:cb:f1:59:ab:b0:42:19:a9:99:d5:ab:0e:b7:44:06:c0: e8:15:b4:a8:54:06:61:09:1a:3a:71:3a:8a:17:da:ac:ac:c5: cf:83:2c:85:dd:51:ae:92:de:df:af:5a:a1:38:63:dc:ee:bd: 15:0f:c9:bb:6f:ee:45:92:40:bb:08:51:3a:67:10:a6:c7:87: 7f:ab:da:ac:0a:0c:38:a5:a2:35:6c:59:5a:65:d9:91:35:c1: a3:09:f6:4a:c8:64:76:86:a4:f2:3a:e5:12:59:9f:d9:03:ed: cb:02:d2:9d Example: extended validation certificate 18
19 NETWORK SECURITY BASICS 19
20 Network-security threat model Alice Network = Attacker Bob Traditional network-security model: trusted end nodes, unreliable network End nodes send messages to the network and receive messages from it; the network may deliver, delete, modify and spoof messages Metaphors: unreliable postman, bulletin board, dust bin 20
21 Network security threats Traditional threats: Sniffing = attacker listens to network traffic Spoofing = attacker sends unauthentic messages Data modification (man in the middle) = attacker intercepts and modifies data Corresponding security requirements: Data confidentiality Data-origin authentication and data integrity Q: Can there be integrity without authentication or authentication without integrity? Other treats: denial of service, server compromise, worms etc. 21
22 SECURE SOCKET LAYER 22
23 Secure web site (https) HTTPS connections are encrypted and authenticated to prevent sniffing and spoofing 23
24 SSL/TLS in the protocol stack SSL implements cryptographic encryption and authentication for TCP connections SSL offers a secure socket API, similar to the TCP socket API, to applications TLS is the standardized version of SSL similar but not quite compatible Applications: HTTP Socket API Secure socket API Transport layer: TCP Network layer: IP Data link layer 24
25 SSL/TLS protocol SSL provides a secure connection over the insecure network Two stages: Handshake i.e. authenticated key exchange creates a shared session key between the browser and the server Session protocol protects the confidentiality and integrity of the session with symmetric encryption, message authentication codes, and the session key Handshake may use digital signatures or RSA encryption Basic idea of the RSA-based handshake protocol: The server sends its certificate to the client, which thus learns the server name and public RSA key The browse generates random bytes, encrypts them with the servers RSA key, and sends to the server Usually only the server authenticated!! 25
26 TLS handshake Client Server ClientHello > Certificate = Sign CA (server name, server PK, validity_period) Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished > ServerHello Certificate* ServerKeyExchange* CertificateRequest* < ServerHelloDone E PK (secret session key material) [ChangeCipherSpec] < Finished Application Data < > A pplication Data 26
27 Trust chain In the handshake, browser receives a certificate chain from the server Browser checks that the chain start with a (self-signed) certificate that is in its trusted CA list Browser checks the certificate chain: Each certificate is signed with the subject key of the previous one All but the last certificate are CA certificates Some other details, e.g. CRL, key usage, constraints If the certificate chain is valid, the last certificate binds together the host name and public key of the server Public key is used for server authentication in the SSL handshake Host name shown to user in the browser address bar 27
28 Certificate checking details 1. Browser has a list of self-signed certificates for trusted root CAs 2. In the SSL handshake, the browser receives a certificate chain from the server 3. Browser checks that the root certificate in the received chain is in the trusted list 4. Browser checks the validity of the certificate chain A. Issuer of each certificate matches the subject of the previous certificate B. Signature of each certificate is verified with the subject public key of the previous certificate C. All certificates are CA certificates, except for the last one, which is an end-entity certificate D. Browser downloads and checks the CRL for every certificate that specifies one, unless cached 5. Extended key usage field of the end-entity certificate must specify SLL server authentication: check that the certificate has been issued for this purpose 6. Any constraints in the certificates must also be checked 7. Browser checks that the host name in the address bar matches the subject name of the end-entity certificate 8. Browser uses the subject key from the end-entity certificate in the authenticated key exchange with the server (SSL handshake) 9. The created session key is used to encrypt and authenticate data between the browser and server (SSL session) The web page shown in the browser comes from the server whose name is in the address bar 28
29 What does SSL achieve? Issuer is Sonera Class2 CA Thanks to the trust chain, the I know that this server really is webmail3.tkk.fi Certificate of the web server webmail3.tkk.fi Sonera root CA was not pre-installed in the browser; so I downloaded the self-signed certificate from the web (insecurely) and added it to the list of trusted root CAs How do I know that the webmail server should have the name webmail3? 29
30 SSL vulnerabilities in practice Recently, SSL has been found to be vulnerable to many kinds of attacks Implementation bugs in certificate validation have been found (and fixed) regularly Earlier in desktop browsers, recently in mobile apps Heartbleed: bug in the OpenSSL library enables theft of private keys from server More general question about flaws in security-critical software, even in widely reviewed open-source code Hash collisions in the outdated MD5 function have been used to create malicious certificate requests: CA signs one certificate and the signature is used for another Incompetent CAs have issued fraudulent certificates Application software cannot always know which name there should be in the client or server certificate, and some don t care 30
31 SSL/TLS session protocol After the handshake, data is protected with the session protocol Data confidentiality is protected with symmetric encryption, e.g. AES in CBC mode Data integrity is protected with message authentication codes (MAC) Secret session keys are created from the encrypted key material (random bytes) sent by the client to the server 31
32 Exercises Set up your own CA with OpenSSL (or a commercial CA implementation if you have access to one) and try to use it for protecting web access; what were the difficult steps? What are extended validation certificates and how do they improve security? Find several web and user certificates and compare the names and certification paths on them Why do almost all web sites have certificate chains with two CAs and not just one? What information does the signature on the root certificate convey? Why is the front page of a web site often insecure (HTTP) even if the password entry and/or later data access are secure (HTTPS)? What security problems can this cause? What actions are required from the user when logging into a secure bank web site? What is the Heartbleed vulnerability and how has it been exploited? How should a browser creator select the default root CAs? See e.g
33 Related reading Stallings and Brown: Computer security, principles and practice, 2008, chapters other Stallings books have similar sections Stallings, Network security essentials, 4th ed. chapters , 5 Dieter Gollmann: Computer Security, 2nd ed., chapter 12-13; 3rd ed. chapters 15.5, Matt Bishop: Introduction to computer security, chapter 13 Online: Survival guides - SSL/TLS and X.509 (SSL) Certificates, 33
Web Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationToday s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities
SSL/TLS Today s Topics Server Certificates Client Certificates Certification Authorities Trust Registration Authorities VPN IPSec Client tunnels LAN-to-LAN tunnels Secure Sockets Layer Secure Sockets Layer
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationCiphermail S/MIME Setup Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail S/MIME Setup Guide September 23, 2014, Rev: 6882 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 S/MIME 3 2.1 PKI...................................
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationSecurity Engineering Part III Network Security. Security Protocols (I): SSL/TLS
Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationPublic Key Infrastructure
Public Key Infrastructure A cheezy Man-in-the-Middle attack hack okoeroo@nikhef.nl @okoeroo Graphics: Real Time Monito Gidon Moont, Imperial College London, see http://gridportal.hep.ph.ic.ac.uk/rtm Particle
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationX.509 Certificate Generator User Manual
X.509 Certificate Generator User Manual Introduction X.509 Certificate Generator is a tool that allows you to generate digital certificates in PFX format, on Microsoft Certificate Store or directly on
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationOutline. Transport Layer Security (TLS) Security Protocols (bmevihim132)
Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationSSL/TLS/X.509. Aggelos Kiayias
SSL/TLS/X.509 Aggelos Kiayias Client Objective Build a point to point secure channel Server Client Server Server Client Confidentiality Integrity YES directionality end-point privacy size of data NO Identification
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationAnnouncement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationSecure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationManaging SSL certificates in the ServerView Suite
Overview - English FUJITSU Software ServerView Suite Managing SSL certificates in the ServerView Suite Secure server management using SSL and PKI Edition September 2015 Comments Suggestions Corrections
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationEncrypted Connections
EMu Documentation Encrypted Connections Document Version 1 EMu Version 4.0.03 www.kesoftware.com 2010 KE Software. All rights reserved. Contents SECTION 1 Encrypted Connections 1 How it works 2 Requirements
More informationLecture 7: Transport Level Security SSL/TLS. Course Admin
Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationCertificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr
Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationNetzwerksicherheit Übung 6 SSL/TLS, OpenSSL
Netzwerksicherheit Übung 6 SSL/TLS, Thomas Schneider Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 10. 14.12.2007 Thomas Schneider: Netzwerksicherheit
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa 7. [N b ] PKb B Here,
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationSSL: Secure Socket Layer
SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties
More informationNetwork Security Web Security and SSL/TLS. Angelos Keromytis Columbia University
Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)
More informationSECURITY IN ELECTRONIC COMMERCE - SOLUTION MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationSSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust
SSL Interception Proxies Jeff Jarmoc Sr. Security Researcher Dell SecureWorks and Transitive Trust About this talk History & brief overview of SSL/TLS Interception proxies How and Why Risks introduced
More informationPublic Key Infrastructure
UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported
More informationAutomated Vulnerability Scan Results
Automated Vulnerability Scan Results Table of Contents Introduction...2 Executive Summary...3 Possible Vulnerabilities... 7 Host Information... 17 What Next?...20 1 Introduction The 'www.example.com' scan
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationSecurity Protocols and Infrastructures. h_da, Winter Term 2011/2012
Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher
More informationSecurity. Learning Objectives. This module will help you...
Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationSECURITY IN ELECTRONIC COMMERCE MULTIPLE-CHOICE QUESTIONS
MULTIPLE-CHOICE QUESTIONS Each question has only one correct answer, which ought to be clearly pointed out with an 'X'. Each question incorrectly answered will be evaluated as minus one third of the mark
More informationConfiguring SSL Termination
CHAPTER 4 This chapter describes the steps required to configure a CSS as a virtual SSL server for SSL termination. It contains the following major sections: Overview of SSL Termination Creating an SSL
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationHTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)
CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationA quick overview of the DANE WG. * DNS-based Authentication of Named Entities
A quick overview of the DANE WG * DNS-based Authentication of Named Entities Some background... When you connect to https://www.example.com you use SSL (actually TLS) to secure your connection. Need a
More informationSSL/TLS Hands-on Thomas Herlea
SSL/TLS Hands-on Thomas Herlea SecAppDev, 2014-02-12 thomas.herlea@trasysgroup.com Creative Commons Attribution Non-Commercial License A TLS Stack PEOPLE APPLICATIONS You are here LIBRARIES PROTOCOLS CRYPTO
More informationX.509 and SSL. A look into the complex world of X.509 and SSL http://www.phildev.net/ssl/ UUASC 07/05/07. Phil Dibowitz http://www.phildev.
X.509 and SSL A look into the complex world of X.509 and SSL http://www.phildev.net/ssl/ UUASC 07/05/07 Phil Dibowitz http://www.phildev.net/ The Outline Introduction of concepts X.509 SSL End-User Notes
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationDIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI)
DIMACS Security & Cryptography Crash Course, Day 2 Public Key Infrastructure (PKI) Prof. Amir Herzberg Computer Science Department, Bar Ilan University http://amir.herzberg.name Amir Herzberg, 2003. Permission
More informationMINICA: A WEB-BASED CERTIFICATE AUTHORITY. A Project. Presented to the. Faculty of. California State University, San Bernardino
MINICA: A WEB-BASED CERTIFICATE AUTHORITY A Project Presented to the Faculty of California State University, San Bernardino In Partial Fulfillment of the Requirements for the Degree Master of Science in
More informationCryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL
Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationLearning Network Security with SSL The OpenSSL Way
Learning Network Security with SSL The OpenSSL Way Shalendra Chhabra schhabra@cs.ucr.edu. Computer Science and Enginering University of California, Riverside http://www.cs.ucr.edu/ schhabra Slides Available
More informationCertificate technology on Pulse Secure Access
Certificate technology on Pulse Secure Access How-to Guide Published Date July 2015 Contents Introduction: 3 Creating a Certificate signing request (CSR): 3 Import Intermediate CAs: 5 Using Trusted Client
More informationUnderstanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012
Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012 Wai Choi, CISSP IBM Corporation RACF/PKI Development & Design Poughkeepsie, NY e-mail: wchoi@us.ibm.com 1 Trademarks
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationCertificate technology on Junos Pulse Secure Access
Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure
More informationMicrosoft Trusted Root Certificate: Program Requirements
Microsoft Trusted Root Certificate: Program Requirements 1. Introduction The Microsoft Root Certificate Program supports the distribution of root certificates, enabling customers to trust Windows products.
More informationFactory Application Certificates and Keys Products: SB700EX, SB70LC
Factory Application Certificates and Keys Products: SB700EX, SB70LC 1 Contents 1 Overview... 3 2 Certificates and Keys... 3 2.1 What is in a Certificate?... 4 3 SSL Certificates and Keys... 6 3.1 NetBurner
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationThe Beautiful Features of SSL And Why You Want to Use Them?
The Beautiful Features of SSL And Why You Want to Use Them? Holger Reif 1999/08/24 Content What is SSL? Apache based SSL servers mod_ssl Crypto basics SSL basics Server certificates and
More informationIntegrated SSL Scanning
Software Version 9.0 Copyright Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More informationConfiguration Guide for RFMS 3.0 Initial Configuration. WiNG 5 How-To Guide. Digital Certificates. July 2011 Revision 1.0
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG 5 How-To Guide Digital Certificates July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark
More informationISA 562 Information System Security
Outline ISA 562 Information System Security PKI SSL PKI SSL ISA 562 1 ISA 562 2 Motivation 1- Key Distribution Problem In a secret key cryptosystem, the secret key must be transmitted via a secure channel
More informationAsymmetric cryptosystems fundamental problem: authentication of public keys
Network security Part 2: protocols and systems (a) Authentication of public keys Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Asymmetric cryptosystems fundamental
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationCS 772. Network Security: Concepts, Protocols and Programming Fall 2008 Final Exam Time 2 & 1/2 hours Open Book & Notes.
CS 772 Network Security: Concepts, Protocols and Programming Fall 2008 Final Exam Time 2 & 1/2 hours Open Book & Notes Name: Login: Question 1: A. Considering mod 5 arithmetic, determine all possible:
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More information