!" # $%!" &$' *'! +&,% -./!&,%!!/ 0!" 1$! Eve. Bob. Alice. Bob. Alice
|
|
- Neil Henry
- 8 years ago
- Views:
Transcription
1 !" # $%!" &% &$' ) $%" '$ '! +&,% -./!&,%!!/ 0!" '$ $" 1$! Alice Bob Alice Eve 2$ Bob 1
2 ! " Alice Malek Bob Spikey Bob tampering Exemplo: spoofing... " ## Alice Dan, the Devil Alice Exemplo: Web-Site Masquerading... 2
3 $ ". " %0'0%+$ $0 0$! 300%0$0" %0$ $0$0%'0 $%%%04$ % ' %' &# %'$ 5%0300' 2%04%!% ' %$' %0' % %0' % 60.'!3'%7 8 +$0% ' %0 3
4 SSL ) $% %$./01% ) $23%! ) $% Signatures Encryption Hashing DSA RSA RSA DES SHA1 MD5 +, , 6 # 5, 6 & K A K B K AB K Apriv K Apub {M}K [M] K Alice s secret key Bob s secret key Secret key shared between Alice and Bob Alice s private key known only to Alice) Alice s public key published by Alice for all to read) Message M encrypted with key K Message Msigned with key K 4
5 8 8+ $4! $ Alice Alice and Bob share a secret that they have discussed previously KAB) Bob Alice Bob has a Public Key KBpub) Bob M Hello, I like you! {M}KAB acew345ksdas M Hello, I like you! M Hello, I like you! {M}KBpub acew345ksdas M Hello, I like you! encryptm, KAB) decrypt{m}kab, KAB) encryptm, KBpub) decrypt{m}kbpub, KBpriv).9$.%$0$).2 ::;"0<$=.!'>!.'+ 9#021' :>>"?$ $.!'8!.'+ PROBLEM: How to share the symmetric key among two anonymous persons? If there is one Web-site and multiple Clients, there cannot be a single encryption key for all the communications. Solution: use a Key Distribution Center. %9 $1'$0 ::"A.$ #=.!'>!.'+ 9' ::>"=+.!' #0.% 88&BC 5
6 ): ; )$'$0 10 %D! #' $0.$!'E 10.! D.%0'3!0'0!'!0'0$< < $, ;.!' ;.$ 6'%$'0'0$E $'!.'.%.% =.!'9 =.$ #0%.$00%.$%$ $ '.%F G%7 $0%% Se uma chave tiver 128 bits então há cerca de x ) combinações. Se for possível arranjar um bilião 10 3 x 10 6 ) de computadores, capazes de testarem um bilião de chaves por segundo cada um, é possível testar chaves por segundo. Então são necessários anos para completar o ataque a uma chave de 128 bits. Ora estima-se que a idade do universo é de cerca de anos. )= 1 91$.' &02$.%$.!' H::>9A)I30!'301-0'J#030.!'3! H%::>9!0.'.% A%9.3;0 30%9%&B4% 0$0.!%!0!'93!0!K0!' 5%!'%'9&0$ B%#<"30%:&04 5%1.%70$' '$0$.$ A)A);A)81 81 '$3.%,%$!'4. 1.$'% '301%. %$.$ L : M 6
7 ''0.$.%.$$!9. % > / $ ### ): ;! " # " $ %& '! " $ " ) #0,%0'!' 3%0%%.$!'0,%J $09 %%.$!''0' %& ' % '! + $ " + 7
8 ### #%'$.". $" ### + & -, +,, $. &,, -, /! " #!, $0 ): ;, $.N / $%. 0,% O % 1,% $0 O O %% % 0 $%PO9% % 0 O % %.%PO 0,%$$. 8
9 , 5,6 0!'300 @1) %30@1)!/1 /1 5/1 /1 2/1!/1 3/1 4/1, 5,6 7 /1! # $ 6 $% /1 6!! $ 6 $ $ &# / $ &# $ $.$ %$% %%% P 0 6@1) 4 0 O % % % 6$,%,%$'?6 #@,+ & %%,% $ %L!M %% $? %Q $R,% L%M PO,% $? Q O % A6, #@ + B &, B, C,C,,% O?@! % 0@O $? R $ $ "O! 0 96 #@ + B, C, B&DC, 4,%,% $ $ $0! E6 #@ + B&D#?C,,% 4 S?T@,% %U,% %S@T@. 9
10 $ " > ", 8" $' V O #%' % %. $$%PO %!,%.R. 8" #$<,% 4 %$ % V$,%. 6$ O 9?6 #@,+ & %%,% $ %! %% $? %Q $R - %$4PO $'! A6, #@ + B &, B, C, C,,% O?@! % 0@O $? 0 96 #@ + B, C, B&DC, Client C Step A 1. Request for TGS ticket 2. TGS ticket Login session setup Server session setup DoOperation Kerberos Key Distribution Centre Authentication service A Authentication database Step B 3. Request for server ticket 4. Server ticket Ticketgranting service T Step C 5. Service request Request encrypted with session key Reply encrypted with session key Service function Server S E6 #@ + B&D#?C, $, 5F-G6 PHASE 1: OBTAIN KERBEROS SESSION KEY AND TGS TICKET. ONCE PER LOGIN SESSION A -> AS: A, TGS, n1 Olá AS, eu sou a Alice e quero fazer login no sistema. AS -> A: { Ks, n1}ka, {A,TGS, t1, t2, Ks}Ktgs Toma lá uma chave Ks) cifrada com a tua chave, que te permite obter tickets e um ticket que te permite falar com o TGS, válido de t1 até t2. $) %%+ /.%&.%,. 1/ - /& $ 3%&.# %/&- #@.0+ B.0? A,C, B 9C, A 6$ #W%%,% $ XS8T@% #W,%,% H!S#W@T@ $ #W% $0 $ R S8T@4%L%M % 8",% $'.0 #@ + B A,C, B?D AD,C,,% % $ AS= Authentication Service TGS: Ticket Granting Service 10
11 $) %%%+ %' I'. J%.).%,.- + B 9DC, B?D AD,C, 9 $) %+ '.)&.%. - #@ + B9C,,% %,% $0 % 8",% % L0 $M $' 6$ O,% #WF 4 $,% N % %POX$ $',% %U,% $R,% O 4 8O,%,% /%$ X. $' ' $,?D $ 5 6PN0 ) $ % $ #W % 0 O %! $, $#, Alice Bob publishes his public key to the world. Everyone knows it. KBob_Public Bob keeps his private key safe from the world. KBob_Private Bob M Hello, I like you! {M}KPublic_Bob acew345ksdas M Hello, I like you! encryptm, KPublic_Bob) decrypt{m}kpublic_bob, KPrivate_Bob) 11
12 Y ;." 0 #)! ;;:" $%$0 &$9---- %.$!''<$30' ' - $ Key size/hash size bits) Extrapolated PRB optimized speed kbytes/s) kbytes/sec.) TEA DES Triple-DES IDEA RSA RSA MD SHA ):.; ) 1 #$'0$% $#: " Data Data $..'0L00M % Hash Message Hash - Creates a unique fingerprint for a message - Anyone can alter the data and calculate a new hash value - Hash has to be protected in some way 12
13 56 Data %0! Hash Hash Message Hash Sign Signature Signature Verify? Sender s Private Key ).0030$%$0 These digital signatures validate data integrity. Sender s Public Key H+ M hm = hashm) encrypt[hm, KSender_Private] M enc. digest Signed Document SENDER 1 E =." F =." )#?." Signed Document M hashm) enc. digest Equal? RECEIVER decrypt[enc. digest, KSender_Public] 13
14 ) K %% %.$!''%%.$ $%#$3 %.$!'''0'.3'!0.% 2%.$!'' 0 %0!' 0%.'05$ #. $ Alice Bob s public key Bob Bob s private key Session key: KAB Randomly generated) {KAB}KBob_Public Session key: KAB {KAB}KBob_Public Public key decryption Message M) Public key encrytion {Session key}kbob_public {M}KAB {M}KAB Message M) symmetric encrytion symmetric decryption 14
15 --- I--- $. Incoming Message... )..%00$J.$0&$!J B30%J Alice: mobile phone number $% %'%$ '0' 30 %.$!''0'% 0.$ Individual s Public-Key CA s Private-Key CA Signed Certificate )%0 )"0 $% 15
16 / 3 2 '%0' )" 0 Q.$ $ Z% $,%,%$0 Q.$.9 "/ % 0. $E" "[ % ) 0 Q.$ &+ &+ J # + 3 &+ &+ %$ & J & # ' $+ ' 5P + #PQ6 3+ / /< &+ J %- - ' &+ J / :::--5 6 OL- :::--?NA-E?-??-F? M L- + $%. %,%%".%3$% $0!'$%$ 03".% % $ $ %.'% 1. Certificate type: Public key 2. Name: Bob s Bank 3. Public key: K Bpub 4. Certifying authority: Fred The Bankers Federation 5. Signature: {Digestfield 2 + field 3)} KFpriv 16
17 . $) 5) +& &) 3%.$0) )) [ #30 )A? &%$! W.. 0.% %.%0!' 0) %'%''%0)7 %.$!'E %.$!') %.$ 0%0% 0$ $)1 %03'%%0)JB3 '%0)7%.$!'%$'JJJ 17
18 $ " "!# !.! -! - & -! - " - # $ - - $!. # -! -!#! -. -! $ # & 9 9 # 8 # $ " " # "!. " $ #.!.! -! - & 18
19 $ 0 $ 5$0$6 $' 0 2'!' '0'%.$!' '0'00 %$ %. ' %0' 0$C 38' $ BEGIN PGP SIGNED MESSAGE-- - Hash: SHA1 Bob:My husband is out of town tonight.passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhhjrhhgjghgg/12epj+lo8ge4vb3 mqjhfevzp9t6n7g6m5gw2 ---END PGP SIGNATURE--- 3 $ 3 3 $ )..$ 5)..$ 36 %!5' #)+!'" %0%$% )%0$ $" )$'' ' 30 19
20 3 3+ SSL Handshake protocol SSL protocols: SSL Change Cipher Spec SSL Alert Protocol SSL Record Protocol HTTP Telnet Transport layer usually TCP) Network layer usually IP) Other protocols: 5,%5% 0$\00!\0 0$%00 ]' #0%0%$#, 00 0$. 600.%00$ %0,%#, 300'' $00' <000 '0'0% 3+ ) $?00%.$00!' %000$ 6 $'%00$0 $0'0$00 00'.0% 2%.$!''0,% 0.$0' $% 0 Q.$ ) 6.3$ % % ),% $ 6.3% 0 Q.$ ) < 0 Q.$ 20
21 3+ ) $ 3 / Client ClientHello ServerHello Certificate Certificate Request ServerHelloDone Certificate Certificate Verify Server Establish protocol version, session ID, cipher suite, compression method, exchange random values Optionally send server certificate and request client certificate S end client certificate response if requested Component Description Example Key exchange method Cipher for data transfer Message digest function the method to be used for exchange of a session key the block or stream cipher to be used for data for creating message authentication codes MACs) RSA with public-key certificates IDEA SHA Change Cipher Spec Finished Change cipher suite and finish handshake Change Cipher Spec Finished : 3 3-1' - F- &1$0$.'A A E- A '0 A1%'" - %.$!'$0.0'%0 1$.'A0$ H-!'<0$05. 0A$0 )#?- %B0$0,%$M,- $'!'$0$ D6A#CC$03%.'02W.#- 1$0 1%$$$ B## &#??#68D#" &$'%B## )%9 8)230;. A!'?3%%0 21
22 $Y.!:: #0;.0!'3.!.'.% 03!.%3!3 $$ %?A D )+ #0!'3%$$00$0!' =' &7$390%$30%.$ '=0 #'7%.%=<0:: ='+=^0% ) $ ) $ )$ 9,%3 )$9!0BBJ )$ 90 )$9%.$_@'#'_@' )$ 9_@'0' 300#'_@'0%.$_@'0 9%_@''0 _@' #0%00$300 91A6W3 22
23 )#A. )
24 I 8 ; I %; Mitnick Simpson / 08 $9$0! )4<$ V %$.$ 6 $PU $ 1V$0 / % Z%J % 0. D43$,% <%,%.%F D$9. $ ` &O $F /: /: func 2 s address func 1 s address func buf s 2 s address func 1 s address buf c, d a, b evil_assembly_code) buf c, d a, b func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; } read_user_inputbuf); } func_3); } func_2); } read_user_inputbuf); } func_3); } func_2); Attacker is supplying input to buf so buf gets a very carefully constructed string containing assembly code, and overwriting func 2 s address with buf s address. When func3 returns, it will branch to buf instead of func2. 24
25 1: evil Internet DMZ internal network 1: Firewall ensures that the internal network and the Internet can both talk to the DMZ, but usually not to each other; The DMZ relays services at the application level, e.g. mail forwarding, web proxying; The DMZ machines and firewall are centrally administered by people focused on security fulltime installing patches, etc.); it s easier to secure 20 machines than 20,000. Now the internal network is safe but not from internal attacks,.) J$+ $ 5%6 J1 5RGA-??6 $00%$4 OO% $A);;.&%$! = %09=< ' =." 25
Communication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationLab 7. Answer. Figure 1
Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationAnnouncement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCS 3251: Computer Networking 1 Security Protocols I
Georgia Tech CS 3251: Computer Networking 1 Security Protocols I Brad Reaves, PhD Student 11/21/13 (slides from Prof. Patrick Traynor) CS 3251 - Computer Networks I Last Time Trying to prove who you are
More information, ) I Transport Layer Security
Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More information0. Course Overview. Architecture models; network architectures: OSI, Internet and LANs; interprocess communication
0. Course Overview I. Introduction II. Fundamental Concepts of Distributed Systems Architecture models; network architectures: OSI, Internet and LANs; interprocess communication III. Time and Global States
More informationSECURE SOCKETS LAYER (SSL)
INFS 766 Internet Security Protocols Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationSecure Socket Layer (SSL) and Trnasport Layer Security (TLS)
Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationInstitute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos
SSL, PGP, Kerberos Secure Socket Layer (Web Security), Pretty Good Privacy (Email Security) and Authentication Agenda SSL PGP Kerberos SSL, PGP, Kerberos, v4.4 2 Page 96-1 SSL versus IPsec Application
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationHTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)
CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More informationSecure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationThe Secure Sockets Layer (SSL)
Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationNetwork Security Web Security and SSL/TLS. Angelos Keromytis Columbia University
Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)
More informationSECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols
INFS 766 Internet Security s Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationAs enterprises conduct more and more
Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside
More informationChapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms
Chapter 11 Security Protocols Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms Chapter 11 Security Protocols Network Security Threats Network Security
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationNetwork Security Standards. Key distribution Kerberos SSL/TLS
Network Security Standards Key distribution Kerberos SSL/TLS 1 Many-to-Many Authentication? Users Servers How do users prove their identities when requesting services from machines on the network? Naïve
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationCryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL
Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,
More informationOutline. Transport Layer Security (TLS) Security Protocols (bmevihim132)
Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture
More informationOverview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture
OS Appl. CSC/ECE 574 Computer and Network Security Outline I. Overview II. The Record Protocol III. The Handshake and Other Protocols Topic 8.3 /TLS 1 2 Reminder: What Layer? Overview of 3 4 Protocols
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 3: Securing applications Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.5)
More informationSecurity Protocols and Infrastructures. h_da, Winter Term 2011/2012
Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher
More informationSECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA. A Research Project NAGENDRA KARRI
SECURE SOCKET LAYER PROTOCOL SIMULATION IN JAVA A Research Project By NAGENDRA KARRI Submitted to the College of Graduate Studies Oregon State University in partial fulfillment of the requirements for
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationLecture 7: Transport Level Security SSL/TLS. Course Admin
Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More information1. a. Define the properties of a one-way hash function. (6 marks)
1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find
More informationOverview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security
Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect
More informationSSL: Secure Socket Layer
SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties
More informationECE 428 Network Security
ECE 428 Network Security 1 Learning objectives Security requirements and tools Symmetric-key (secret key) cryptography Substitution, transposition, and product ciphers (DES) Public key cryptography: RSA
More informationSecurity Engineering Part III Network Security. Security Protocols (I): SSL/TLS
Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationChair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3
Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 3 Cryptographic Protocols for Encryption, Authentication and Key Establishment Overview
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationNetwork Security. Network Security. Security in Computer Networks
Network Security Network Security introduction cryptography authentication key exchange Reading: Tannenbaum, section 7.1 Ross/Kurose, Ch 7 (which is incomplete) Intruder may eavesdrop remove, modify, and/or
More informationPart 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext
Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private
More informationChapter 15: Security
Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling
More informationISM/ISC Middleware Module
ISM/ISC Middleware Module Lecture 13: Security for Middleware Applications Dr Geoff Sharman Visiting Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 13 Aims to: 2 Show why
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationIntroduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi
Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More information