Integrated Transport Layer Security : End-to-End Security Model between WTLS and TLS
|
|
- Ralf Nicholson
- 8 years ago
- Views:
Transcription
1 Integrated Transport Layer Security : End-to-End Security Model between WTLS and TLS Eun-Kyeong Kwon, Yong-Gu Cho, Ki-Joon Chae Kaywon School of Art and Design, Youngdong University, Ewha Womans University ekkwon@mercury.kaywon.ac.kr Abstract WAP is a set of protocols that optimizes standard TCP/IP/HTTP/HTML protocols, for use under the low bandwidth, high latency conditions often found in wireless networks. But, end-to-end security is not supported unless a WAP is operated by the content provider. We propose ITLS mechanism to solve the WAP security problem. The goal of ITLS is to prohibit the WAP from having the plain text message assuming the doesn t belong to the content provider. In ITLS, the security partner of a Web server is not a but a client, the client encrypts twice times for the Web server and the in the order named. To support these functions, IniCertificate and IntClientKeyExchange message types are added in ITLS handshake protocol, application data encryption and decryption rules are modified. It is one drawback that ITLS enabled mobile devices might have many loads than WTLS because of encryption and decryption twice times. compares the number of packets needed to process a stock quote query from a desktop browser using HTTP1.0 with the same query from a WAP browser. The WAP protocol uses less than half the number of packets that the standard HTTP/TCP/IP stack uses to deliver the same content. This improvement is essential to best utilize the limited wireless bandwidth available [1]. 1. Introduction Internet services and applications for mobile devices are increasing rapidly. In order to deliver these services and applications over the Internet in a secure, scalable and manageable way, new architectures and protocols are being designed. The WAP (Wireless Application Protocol) is a result of continuous work to define an industry-wide specification. M-Commerce (Mobile-Commerce) is being spurred by the mobile phone industry s widespread support of the Wireless Application Protocol. The protocol stack defined in WAP 1.0 optimizes standard TCP/IP/HTTP/HTML protocols, for use under the low bandwidth, high latency conditions often found in wireless networks. The improvements made in the WAP protocol stack lead to significant savings in wireless bandwidth. Figure 1 Figure 1. WAP protocols conserve wireless bandwidth The WAP is a bridge between the WTLS and TLS security protocols. In the data exchange between TLS and WTLS protocols, the message transmitted between the handset and the Web server is unencrypted for a very brief moment inside the WAP. Even though the interval time the message remains unencrypted is very short, end-toend security is not supported. It is very clear that who can process the message is only a sender or a recipient. In this paper, we propose end-to-end security model, which is called ITLS (Integrated TLS). It doesn t need any change in TLS part, because TLS is the existing standard in Internet. But WTLS must be
2 modified to integrate seamlessly wireless Internet security with TLS. The goal of ITLS is to prohibit the WAP from having the plain text message assuming the doesn t belong to the content provider. In chapter 2, Internet security issues are described. In chapter 3, WAP security problem having no end-to-end security is commented. In chapter 4, ITLS model concept and specification is proposed compared to WTLS or TLS specification. And ITLS analyses are described. Finally we conclude on ITLS in chapter Internet Security There are four different concerns that a security system can address: privacy, integrity, authenticity and non-repudiation. Privacy ensures that only the sender and the intended recipient of an encrypted message can read the contents of that message. Integrity ensures the detection of any change in the context of a message between the time it is sent and the time it is received. Authentication ensures that all parties in a communication are who they claim to be. Non-repudiation provides a method to guarantee that a party to a transaction cannot falsely claim that they did not participate in that transaction. A first step to understanding how the WAP security model works is to review how TLS security makes e-commerce secure over the Internet. TLS use public key cryptography, bulk encryption algorithms and shared secret key exchange techniques to provide privacy over the Internet [2]. TLS uses public key cryptography to exchange a shared secret key for bulk encryption at the beginning of a secure Internet conversation. To provide integrity, TLS uses hashing algorithms that create a small mathematical fingerprint of a message. Digital certificates are used to provide an authenticated way to distribute public and private keys. Server certificates and client certificates include the certificate holder s identity and public key, and other information used to authenticate the certificate. The certificate is itself encrypted with the private key of a certificate authority. Applications can request a digital signature from a client, which requests that the user specifically authorize a transaction. The authorization is then encrypted utilizing the user s private key from their client certificate. This digital signature provides non-repudiation [3]. Public Key Infrastructure (PKI) solutions help content providers and clients manage and maintain their digital certificates so that it is secure and easy to organize. PKI contains three common functional components: the certificate authority, a repository for keys, certificates and certificate revocation lists on an LDAP-enabled directory service, and a management function. 3. WAP Security Problem The WAP is a bridge between the WTLS and TLS security protocols like Figure 2. The need for translation between TLS and WTLS is incurred by the very nature of wireless communication: low bandwidth transmissions with high latency. WTLS processes security algorithms faster by minimizing protocol overhead and enables more data compression than traditional TLS solutions. The translation between TLS and WTLS takes milliseconds and occurs in the memory of the WAP, allowing for a virtual, secure connection between the two protocols. Suppliers of WAP take every measure possible to keep the WAP itself secure by for example using a process of decryption / re-encryption that is security conscious and optimised for speed so that the unencrypted content of a message is erased from the volatile internal memory of the WAP as quickly as possible. WTLS is based on Internet standard security protocol TLS 1.0, which in turn is based on SSL 3.0. WTLS goes beyond TLS1.0 by incorporating new features such as datagram support, optimised handshake and dynamic key refreshing [3]. As the market for highly secure applications increases, a more flexible and extensible solution of end-to-end secure content will be needed. In the data exchange between TLS and WTLS protocols, the message transmitted between the handset and the Web server is unencrypted for a very brief moment inside the WAP. Even though the interval time the message remains unencrypted is very short, who has an administrator account can attempt to view the unencrypted message. Suppliers of the WAP have no authority by which they can see the unencrypted message. It is very clear that who can process the message is only a sender or a recipient. To solve this problem, existing end-to-end security schema promote installing a WAP at a content provider or in an enterprise, which places a burden on the content provider to have a different configuration on their for each network and SMSC (Short Message Service Center)- combination.
3 This creates a number of difficulties for content providers, subscribers and wireless network operators. A well-designed enterprise WAP solution should insulate the content site from implementation details of the wireless network so that applications remain network- and SMSC independent. And it integrates seamlessly with network WAP solutions [3]. 4. Proposed End-to-End Security Model : ITLS The goal of ITLS is to integrate transparently wireless Internet security with TLS as follows. The WAP must not have the plain text even though the time is very short, because the is not a sender nor a receiver nor a CA (Certificate Authority) Suppliers of the WAP must belong to service providers or network providers. Content providers operating Web servers must be independent on service providers. In WTLS, a client and a become to share one secret key, a and a Web server do the other secret key during a WTLS or TLS secure session. The concept of ITLS is to change the owner of the secret key, shortly speaking. In ITLS, a client and a become to share one secret key no change by this time -, a client and a Web server do other secret key during one session. The security partner of a Web server is not a but a client. Figure2showsthisconcept. Figure 2. Security solution used in ITLS 4.1. ITLS Handshake Protocol Any change of TLS part is not needed, handshake protocol and record protocol of WTLS are modified in simple manner. A WTLS decrypts the cipher text from a client using one secret key, encrypts the plain text for a server using the other secret key. The former is the secret key of a client and a, the latter is one of a and a server. On the other hand, in ITLS the client encrypts twice times for the Web server and the in the order named. The decrypts the cipher text from the client and sends it to the server without encryption. But the message transmitted from the is also a cipher text because the message is encrypted by the client not the unlike WTLS. In reverse, the doesn t decrypts the cipher text sent by the server, only encrypts and sends it to the client. The client decrypts it using a secret key for the, and decrypts again using a secret key for the server. To apply this mechanism, new handshake flows are displayed in Figure 3. A client must know the public key of a server for secure sending the premaster key between a client and a server if key exchange protocol is RSA. ITLS handshake protocol adds IntCertificate message right after Certificate message, which is the certificate of a server, adds IntKeyExchange message right after ClientKeyExchange message, which includes the pre-master key for the secret key between a client and a server. In a, to relay Certificate to IntCertificate and IntKeyExchaneg to ClientKeyExchange is needed, which is displayed as thin arrows in Figure 3. And Hash_Handshake is added to compute finished message in client. To describe ITLS handshake protocol in detail, following notation rules are used. Pub x : x s public key Pri x :x sprivatekey E(K, M) : encryption of M using key K D(K, M) : decryption of M using key K SK x,y : the shared secret key between x and y HMAC(K, M) : the secure hash expression of M using the shared secret key K The followings are components for describing modification parts compared to WTLS, and are ITLS handshake protocol description using predefined components.
4 Pub c : Client s public key Pri c : Client s private key Pub gw : GW s public key from Certificate Pri gw : GW s private key from Certificate Pub s : Server s public key from IntCertificate Pri s : Server s private key from IntCertificate SK c,gw : the pre-master secret key between a client and a from ClientKeyExchange SK c,s : the pre-master secret key between a client and a server from IntClientKeyExchange SK gw,s : the pre-master secret key between a and a server, which is equal to SKc,s Additional operation of a client in ITLS Receiving and keeping IntCertificate IntClientKeyExchange (E(Pub s,sk c,s ), others) Note that ClientKeyExchage (E(Pub gw, SK c,gw ), others) is different from IntKeyExchange. Applied modification of a in ITLS ClientKeyExchange (R, others) in which R is E(Pub s,sk c,s ) of IntClientKeyExchange. No change of a server in ITLS Followings are more detailed description about ITLS full handshake in Figure 3. For example, j Œ Œ š G yˆ œ Œ G zœšš G j Œ Œ šg { œš Œ Œ šg j Œ šœ ŒšG j Œšš Œ šg zœ œœ ŠŒ œ Œ G rœ Œ Œš G j Œ / j Œ oœ G zœ Œ oœ G p zœ Œ rœ lÿš ˆ ŽŒQG jœ Šˆ ŒyŒ œœš QG zœ Œ oœ k Œ/ ~hwgnv~/ j Œ oœ GGGGGGGGGGG zœ Œ / zœ Œ oœ G zœ Œ rœ lÿš ˆ ŽŒQG jœ Šˆ ŒyŒ œœš QG zœ Œ oœ k Œ j Œ Œ š G yˆ œ Œ G zœšš G j Œ šœ ŒšG j Œšš Œ šg j Œ rœ lÿš ˆ ŽŒQG p j Œ rœ lÿš ˆ ŽŒQG jœ Šˆ Œ}Œ QG j ˆ ŽŒj Œ z ŒŠ/ oˆš oˆ š ˆ Œ/ j Œ rœ lÿš ˆ ŽŒQG jœ Šˆ Œ}Œ QG j ˆ ŽŒj Œ z ŒŠG j ˆ ŽŒj Œ z ŒŠGGGGGG j ˆ ŽŒj Œ z ŒŠGGGGGG Figure 3. The ITLS full handshake
5 ClientHello c, g is ClientHello message from a client to a. Underlined messages mean that they are newly added, italic messages mean that they are modified in ITLS. Our own symbols are introduced as follows. M - N where M and N are messages means that N can be computed from M. (M, N) represents the pairing of M and N which might be implemented by concatenation. [M, N] means that M and N are restructured or reordered. ClientHello c, g - ClientHello g, s random-number[32] g,s = (random-number[16] c,g, padding[16]) session-id g, s =session-id c, g cipher-suites g, s = [client-key-ids c, g, cipher-suites c, g ] compression-method g, s = compression-methods c, g ServerHello s, g - ServerHello g, c random-number[32] g, c = random-number[32] s, g client-key-id g, c = cipher-suite[keyexchange] s, g cipher-suite g, c =cipher-suite[mac,bulkencryption] s, g Certificate s, g - IntCertificate g, c ServerKeyExchange s, g - ServerKeyExchange g, c IntClientKeyExchange c, g - ClientKeyExchange g, s EncryptedPreMasterSecret[48] g, s = RSAEncryptedSecret[48] c, g HashHandshake = H(handshake_message g, s ) Finished c, g - Finished g, s Verify_data g, s = verify_data c, g [12..23] Finished c, g =verify_data[0..23] c, g Verify_data[0..11] c, g =PRF(master_secret c, g, finished_label, H(handshake_message c, g )) Verify_data[12..23] c, g =PRF(master_secret c, s, finished_label, HashHandshake) Finished s, g -Finished g, c Verify_data[0..11] g, c = PRF(master_secret c, g, finished_label, H(handshake_message c,g )) Verify_data[12..23] g, c = Verify_data[0..11] s, g server = Pre-master secret key between a client and a server No change of a server in ITLS The followings are additional components for describing record protocol. Table 1 is ITLS application data encryption and decryption expression for describing record protocol modification using predefined components, and shows easily the relation between messages in Figure 4. Puls(+) means concatenation in Table 1. MS x,y : MAC secret key between x and y including two values which are write and read key EK x,y : encryption secret key between x and y including two values which are write and read key SM o :originalfragment(plaintext)fromaclient SM e : encrypted fragment (cipher text) of SM o and decrypted fragment of SM e2 for a client and a server SM e2 : encrypted fragment of SM e for a client and a RM o : original fragment (plain text) from a server RM e : encrypted fragment (cipher text) of RM o and decrypted fragment of RM e2 for a client and a server RM e2 : encrypted fragment of RM e for a client and a j Œ / zt G l Š QYG GGG zt ŒYG nˆ Œžˆ / ŒŠ G G G zt ŒG yt ŒYG zœ Œ / zt G ŒŠ G GG yt G Œ Š G G G 4.2. ITLS Record Protocol yt G yt Œ Œ Š G GG Record protocol uses several keys, which are included in security parameters from handshake protocol. Record protocol modification related to keys is as follows. Additional information of a client in ITLS Server s certificate including server s public key Pre-master secret key between a client and a server Applied modification of a in ITLS Pre-master secret key between a and a kœš QYG GGG Figure 4. ITLS application data flow/ Table 1. Application data encryption and decryption Type Client -> Server client SM e =E(EK c,s,(sm o +HMAC(MS c,s,sm o ))) SM e2 =E(EK c,gw,(sm e +HMAC(MS c,gw, SM e )))
6 Type Server -> Client server RM e =E(EK c,s,(rm o +HMAC(MS c,s,rm o )) ) SM e =D(EK c,gw,sm e2 ) server SM o =D(EK c,s,sm e ) client RM e =D(EK c,gw,rm e2 ) RM o =D(EK c,s,rm e ) RM e2 =E(EK c,gw,(rm e +HMAC(MS c,gw, RM e ))) 4.3. ITLS Analyses Predictable concerns in ITLS implementation are described as follows. The first is that mobile devices might have many loads than WTLS because of encryption and decryption twice time. Statistical amount of overload is not accounted until now. Table 2 shows sample performance comparison in PalmPilot with 16Mhz, Motorola DragonBall Chip(68K family) [4]. Like Table 2, it might not be critical because of increasing power or memory of mobile devices rapidly. In second, even though the message sent by a server has errors like hacking or fraud, an ITLS enabled can not recognise it, since the doesn t decryptthemessage.the message including errors is sent to a client. This problem is trivial because at last the problem is known to the client, the client will try to solve the problem : to request the message again or to stop the session or to inform the upper layer simply. In third, additional consideration in design of the WAP is necessary so that two sessions, which are one of the client and the and the other of the and the server, are interoperated in real-time manner. Generally there are many types of that is one between OSI and TCP/IP or MHS X.400 and propriety messaging system, the internal design is not included in standards. Those materials has to be referenced [5][6][7]. Table 2. Timing measurements for cryptographic primitives on the PalmPilot Algorithm Time Comment DES encryption SHA-1 4.9ms/block 2.7ms/block 1) 2) 512RSA key generation 512RSA sign generation 512RSA sign verification 512RSA sign verification 3.4 minutes 7028ms 438ms 1376ms e=3 e= ECC-DSA key generation 163ECC-DSA sign generation 163ECC-DSA sign verification 1) 4900ms for 1000 encryptions 2) 2780 for a 1000 long hash chain 597ms 776ms 2448ms To extend ITLS is possible as follows. In handshake protocol to authenticate for each other also can be substituted by a client or a server not a. ITLS s key point is to provide privacy and integrity in record protocol, only the security partner who shares a secret key is changed. To try endto-end authenticity, all function partners have to be changed to a client or a server from a. Then the responsibility will decrease, many side effects must be solved. 5. Conclusion Now the industry is poised to take its next big leap forward into the wireless world. As the market for highly secure applications increases, a more flexible and extensible solution of end-to-end secure content will be needed. We proposed and described end-toend security model that is called ITLS (Integrated TLS) above chapters. The goal of ITLS is to prohibit the WAP from having the plain text message assuming the doesn t belong to the content provider. We can predict some concerns in ITLS implementation as follows. The first is that mobile devices might have many loads than WTLS because of encryption and decryption twice time. In second, even though the message sent by a server has errors like hacking or fraud, an ITLS enabled can not recognise it, since the doesn t decrypt the message. Those are remaining issues to be simulated statistically. 6. Reference [1] The Wireless Application Protocol, Wireless Internet Today, Unwired Planet, Inc., Feb [2] T. Dierks, C. Allen, The TLS Protocol Version 1.0, RFC2246, Jan [3] Understanding Security on the Wireless Internet, Phone.com, Jan / / [4] Neil Daswani and Dan Bonch, Experimenting with Electronic Commerce on PalmPilot, In proceedings of Financial Cryptography 99, 1999.
7 [5] Rikard Kjellberg, Ellipsus Communication Server Architecture Issue <1.0>, Ellipsus, May [6] WAP Corporate Version White paper, S.E.S.A. Software and System AG. [7] WAP Security Toolkit [WST], A Baltimore Technologies White Paper, Baltimore tm. [8] B. Schneier, Applied Cryptography, 2 nd ed, Wiley, New York, [9] D. Stinson, Cryptography Theory and Practice, CRC Press, Boca Raton, [10] H. Krawczyk, M. Bellare, R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC2104, Feb [11] R. Rivest, The MD5 Message-Digest Algorithm, RFC1321, Apr [12] WAP Forum, Wireless Application Protocol Architecture Specification, version 1.2, WAPForum, Apr. 1998, available at [13] WAP Forum, Wireless Transport Layer Security Specification, version 1.2, Nov [14] Martin Christinat, Markus Lsler, WTLS The security layer in the WAP stack, keyon, Jun [15] Tobias Eidem, The effect of the WAP on a WAP network, Royal Institute of Technology, 1999.
Overview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More informationUnderstanding Security on the Wireless Internet How WAP Security Is Enabling Wireless E-commerce Applications for Today and Tomorrow.
Understanding Security on the Wireless Internet How WAP Security Is Enabling Wireless E-commerce Applications for Today and Tomorrow white paper About Phone.com Phone.com, Inc. is a leading provider of
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationSecurity Engineering Part III Network Security. Security Protocols (I): SSL/TLS
Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationSSL Secure Socket Layer
??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake
More informationAnnouncement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 11: Transport Layer Security (TLS): Putting it all together Fall 2015 Prof. Aleksander Essex Security at the Transport Layer Where we started in this course:
More informationHTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)
CSCD27 Computer and Network Security HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL) 11 SSL CSCD27 Computer and Network Security 1 CSCD27F Computer and Network Security 1 TLS (Transport-Layer
More informationSECURE SOCKETS LAYER (SSL)
INFS 766 Internet Security Protocols Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 6: Transport Layer Security Dr. Peng Ning CSC 774 Network Security 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationCSC 474 Information Systems Security
CSC 474 Information Systems Security Topic 4.5 Transport Layer Security CSC 474 Dr. Peng Ning 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally developed to secure http Version
More informationSecure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.
Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Abstraction: Crypto building blocks NS HS13 2 Abstraction: The secure channel 1., run a key-exchange
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationSSL Secure Socket Layer
??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecure Socket Layer (SSL) and Trnasport Layer Security (TLS)
Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security
More informationSSL: Secure Socket Layer
SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties
More informationNetwork Security Web Security and SSL/TLS. Angelos Keromytis Columbia University
Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationLecture 7: Transport Level Security SSL/TLS. Course Admin
Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationOutline. Transport Layer Security (TLS) Security Protocols (bmevihim132)
Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationProperties of Secure Network Communication
Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationTLS-RSA-PSK. Channel Binding using Transport Layer Security with Pre Shared Keys
TLS-RSA-PSK Channel Binding using Transport Layer Security with Pre Shared Keys Christian J. Dietrich dietrich [at] internet-sicherheit. de Institut für Internet-Sicherheit https://www.internet-sicherheit.de
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationThe Secure Sockets Layer (SSL)
Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationSoftware Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald 0043306
Software Engineering 4C03 Research Project An Overview of Secure Transmission on the World Wide Web Sean MacDonald 0043306 Tuesday April 5, 2005 Introduction Software Engineering 4C03 Research Project
More informationLearning Network Security with SSL The OpenSSL Way
Learning Network Security with SSL The OpenSSL Way Shalendra Chhabra schhabra@cs.ucr.edu. Computer Science and Enginering University of California, Riverside http://www.cs.ucr.edu/ schhabra Slides Available
More informationThe Keyed-Hash Message Authentication Code (HMAC)
FIPS PUB 198-1 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION The Keyed-Hash Message Authentication Code (HMAC) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationTransport Layer Security Protocols
SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationAs enterprises conduct more and more
Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More informationAn Overview of Communication Manager Transport and Storage Encryption Algorithms
An Overview of Communication Manager Transport and Storage Encryption Algorithms Abstract The following paper provides a description of the standard algorithms that are implemented within Avaya Communication
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationSecure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.
Secure Socket Layer (TLS) Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Crypto building blocks AS HS13 2 Abstraction: The secure channel 1., run a key-exchange protocol
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationSECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols
INFS 766 Internet Security s Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport
More informationSSL Handshake Analysis
SSL Handshake Analysis Computer Measurement Group Webinar Nalini Elkins Inside Products, Inc. nalini.elkins@insidethestack.com Inside Products, Inc. (831) 659-8360 www.insidethestack.com www.ipproblemfinders.com
More informationSecure Socket Layer/ Transport Layer Security (SSL/TLS)
Secure Socket Layer/ Transport Layer Security (SSL/TLS) David Sánchez Universitat Pompeu Fabra World Wide Web (www) Client/server services running over the Internet or TCP/IP Intranets nets widely used
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationSecurity Protocols and Infrastructures. h_da, Winter Term 2011/2012
Winter Term 2011/2012 Chapter 7: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents Overview Record Protocol Cipher
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationCryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL
Cryptography and Network Security Sicurezza delle reti e dei sistemi informatici SSL/TSL Security architecture and protocol stack Applicat. (SHTTP) SSL/TLS TCP IPSEC IP Secure applications: PGP, SHTTP,
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationCertificates. Noah Zani, Tim Strasser, Andrés Baumeler
Certificates Noah Zani, Tim Strasser, Andrés Baumeler Overview Motivation Introduction Public Key Infrastructure (PKI) Economic Aspects Motivation Need for secure, trusted communication Growing certificate
More informationInternet Engineering Task Force (IETF) Request for Comments: 7568. Category: Standards Track ISSN: 2070-1721 A. Langley Google June 2015
Internet Engineering Task Force (IETF) Request for Comments: 7568 Updates: 5246 Category: Standards Track ISSN: 2070-1721 R. Barnes M. Thomson Mozilla A. Pironti INRIA A. Langley Google June 2015 Deprecating
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationSecurity. Learning Objectives. This module will help you...
Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security
More informationms-help://ms.technet.2005mar.1033/winnetsv/tnoffline/prodtechnol/winnetsv/plan/ssl...
Page 1 of 11 Windows Server 2003 SSL/TLS in Windows Server 2003 Chris Crall, Mike Danseglio, and David Mowers Microsoft Corporation Published: July 2003 Abstract The Microsoft Windows Server 2003 operating
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationERserver. iseries. Securing applications with SSL
ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users
More informationLab 7. Answer. Figure 1
Lab 7 1. For each of the first 8 Ethernet frames, specify the source of the frame (client or server), determine the number of SSL records that are included in the frame, and list the SSL record types that
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationGT 6.0 GSI C Security: Key Concepts
GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSome solutions commonly used in order to guarantee a certain level of safety and security are:
1. SSL UNICAPT32 1.1 Introduction The following introduction contains large excerpts from the «TCP/IP Tutorial and Technical Overview IBM Redbook. Readers already familiar with SSL may directly go to section
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationA Comparison of Secure Mechanisms for Mobile Commerce
A Comparison of Secure Mechanisms for Mobile Commerce Hann-Jang Ho 1 and RongJou Yang 2 1 Department of Computer Science and Information Engineering 2 Department of Information Management WuFeng Institute
More informationENHANCED SECURITY IN SECURE SOCKET LAYER 3.0 SPECIFICATION
ENHANCED SECURITY IN SECURE SOCKET LAYER 3.0 SPECIFICATION Meenu meenucs@mmmec.net Prabhat Kumar Pankaj prabhat.cse.mmmec@gmail.com Tarkeshwar Nath tkn_001@gmail.com Computer Science & Engineering Department.
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationSecurity agility solution independent of the underlaying protocol architecture
Security agility solution independent of the underlaying protocol architecture Valter Vasić and Miljenko Mikuc University of Zagreb, Faculty of Electrical Engineering and Computing, Unska 3, 10000 Zagreb,
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationPart III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-b Contents Part III-b Secure Applications and Security Protocols Practical Security Measures Internet Security IPSEC, IKE SSL/TLS Virtual Private Networks Firewall Kerberos SET Security Measures
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More information