Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved
|
|
- Corey Perry
- 8 years ago
- Views:
Transcription
1 Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010 Fedict All rights reserved
2 What is Entity Authentication? Entity authentication is the process whereby one party is assured of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired) Formal definition (A authenticated B if): Alice A, Bob B A believes freshness challenge_a A believes (B recently said challenge_a) Authentication vs. Session Key Establishment How to achieve this using an eid card? Fedict All rights reserved p. 2
3 eid Card Authentication Private Key (1024 bit RSA) PKCS1-RSA PIN authorization for Authn Key usage Card caches the authn PIN authorizations Log-off instruction to reset PIN authorization Creation of a signature: Set APDU: select the key. 0x82 = authn key Prepare DigestInfo PKCS1 DER sequence Verify PIN APDU: (PIN BCD encoded) Compute Digital Signature APDU Retrieve signature data eid can only sign (RSA decryption of DigestInfo) Fedict All rights reserved p. 3
4 eid Certificate Validation Authentication Certificate Chain GlobalSign CA Cert Root CA Cert same key Root CA Cert CRL Citizen CA Cert Gov CA Cert OCSP Responder CRL CRL Authn Cert SSL Cert Fedict All rights reserved p. 4
5 eid Certificate Validation (cont'd) jtrust: eid PKI Validation for Java Not using the Java Certification Path API (sucks) Flexible Architecture (eid Trust Service ready) Root CA CRL Set of Trust Points Public Key Trust Linker Certificate Repository CRL Trust Linker CRL Repo Trust Validator List of Trust Linkers OCSP Trust Linker OCSP Repo List of Cert Constraints Fallback Trust Linker eid Trust Service CRL Cache Trust Linker OCSP Responder Fedict All rights reserved p. 5
6 eid Entity Authentication eid Card authentication by itself is useless Remote Entities, e.g. web application context. We need an Authentication Protocol Different Authentication Protocols are possible Each Entity Authentication Protocol yields its own cryptographic goals. Of course Entity Authentication Session key via combined Key Agreement (SSL) DO NOT TRY TO INVENT YOUR OWN PROTOCOL! Needham-Schroeder protocol: replay attack Creativity is great for non-critical applications, like music. Fedict All rights reserved p. 6
7 Authentication Protocols Mutual SSL Browser initiated SSL handshake Relies on eid PIN authorization caching feature Tunneled Entity Authentication Uses unilateral SSL to authenticate the server Based on ISO/IEC Authentication SASL Mechanism (RFC 3163) Cryptographic channel binding to secure the channel (RFC 5056) Requires an eid Applet (or browser extension) Explicit eid card management possible Sequential eid card access possible Fedict All rights reserved p. 7
8 Validate cert chain Unilateral SSL (RFC 2246) Alice HelloClient(ciphers,Ra) HelloServer(cipher,Rb) Certificate(cert chain) ServerHelloDone ClientKeyExchange {pre_master_secret}kb+ ChangeCipherSpec Bob Ra: random by A Rb: random by B Kb+: public key of B pre_master_secret: random by A PRF: pseudo-random function ClientFinish (encrypted) PRF(master_secret,handshake_msgs) ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) master_secret=prf(pre_master_secret, Ra, Rb) Entity Authentication A believes freshness Ra A believes B recently said Ra session_key=f(master_secret) Fedict All rights reserved p. 8
9 Unilateral SSL features Resuming a TLS connection HelloClient(session_id) Reusing the same master_secret Reduces load due to a full TLS handshake Renegotiating the SSL handshake Over an already established SSL connection Useful when client authentication is required Both client and server can initiate a renegotiation Not all SSL stacks support this (Java does not) Security flaws in implementations Fedict All rights reserved p. 9
10 Mutual SSL using the eid Card Alice HelloClient(ciphers,Ra) HelloServer(cipher,Rb) Certificate(cert chain) CertificateRequest,ServerHelloDone Certificate(cert chain) ClientKeyExchange {pre_master_secret}kb+ Bob Ra: random by A Rb: random by B Kb+: public key of B pre_master_secret: random by A Ka-: private key of A PRF: pseudo-random function CertificateVerify sign_ka-(handshake_msgs) ChangeCipherSpec ClientFinish (encrypted) PRF(master_secret,handshake_msgs) ChangeCipherSpec ServerFinish (encrypted) PRF(master_secret,handshake_msgs) Entity Authentication A believes freshness Ra A believes (B recently said Ra) B believes freshness Rb B believes (A recently said Rb) Fedict All rights reserved p. 10
11 Tunneled Entity Authentication Alice Bob A trusts B Unilateral SSL Challenge sign_ka-(ra,challenge), Ra, cert A At this point B still doubts A What can B believe at this point? ISO/IEC Authentication SASL Mechanism RFC 3163 Unilateral client authentication: server already authenticated via unilateral SSL connection Did we achieve the same effect as mutual SSL? What if challenge actually is SHA1(contract)? B can abuse A's challenge signature. Fedict All rights reserved p. 11
12 Man-in-the-middle attack on SASL Alice Mallory Bob Unilateral SSL Unilateral SSL Challenge Challenge sign_ka-(ra,challenge), Ra, cert A sign_ka-(ra,challenge),ra,cert A Mallory can abuse the authentication token of Alice Why is this going wrong? SSL: sign_ka-(handshake_msgs) so the signature digests parts of the secure channel's identity SASL: sign_ka-(ra,challenge) does not digest any part of the secure channel's identity Fedict All rights reserved p. 12
13 Channel Binding to Secure Channels Alice Bob Unilateral SSL SSL context Challenge Sign_Ka-(Ra,challenge,channel_binding), Ra, cert A RFC 5056: cryptographic binding channel_binding = Hostname B (nice try) Inet address B (nice try) SSL certificate B (OK) SHA1(master_key) (even better) A channel binding should really digest part of the channel's identity. SSL stack must support this. Fedict All rights reserved p. 13
14 Web Applications Uses HTTP over TCP/IP HTTP is a stateless protocol How to create an HTTP session context? Via cookies: Set-Cookie, Cookie HTTP headers Via tokens: request token, response token in forms Via transport layer (SSL) How does an application session context correspond with the user eid login/logout experience? Vulnerable to remote attacks due to the evolutionary nature of the web protocol stack. Fedict All rights reserved p. 14
15 The Webshop Web Application Welcome Item list Add to Cart View Cart eid login pay eid logout We need a stateful protocol for the shopping cart We need to be able to trust the web application We want privacy during all steps We want eid authentication during payment Machine could be shared between users Different solutions are possible! Fedict All rights reserved p. 15
16 The Webshop: Trust and Privacy Using unilateral SSL using a trusted server cert. Different network topologies are possible. Internet firewall SSL Terminator Hardware or HTTPD Application Server Everything behind SSL to prevent session cookie stealing. AJP preferred between HTTPD and AS Fedict All rights reserved p. 16
17 The Webshop: Statefulness Using a session cookie initiated by the Application Server, protected by SSL. A B SSL connection GET index.html index.html GET list.jsf SSL session Browser Cookie Lifecycle list.jsf POST add_item.jsf Set-Cookie: , success.jsf Cookie: , GET list.jsf list.jsf Cookie: , GET cart.jsf cart.jsf App Server HTTP Session context Fedict All rights reserved p. 17
18 The Webshop: eid SSL authentication First we try out the mutual SSL scheme Application Server driven SSL renegotiation to instantly enable mutual SSL is tricky, especially for hardware SSL termination. Internet firewall SSL Terminator Hardware or HTTPD SSL reneg? Application Server We don't want to enable mutual SSL during the entire web application user session. Fedict All rights reserved p. 18
19 The Webshop: eid SSL authentication So we need two SSL terminations: One for unilateral SSL One for the mutual SSL using eid Requires 2 IP addresses (+ DNS names), or at least 2 different ports. Internet firewall SSL Terminator eid SSL Terminator Application Server Problem: how to properly link the SSL sessions? If same IP address, via session cookies If different IP address, via signed SAML tickets Fedict All rights reserved p. 19
20 The Webshop: eid SSL authentication How about session life cycles? The Application Server cannot inform SSL to terminate that easily... A Unilaternal SSL B eid Login Magical SSL Session Linking Mutual SSL Handshake Server SSL eid SSL eid PIN authz caching Show profile, payments Logout index.html eid Login Show profile What if the web application wants to sign a contract with eid of citizen C??? eid SSL session still alive!!! Short SSL sessions? :) Fedict All rights reserved p. 20
21 The Webshop: eid authentication eid authentication using a tunneled solution. It just works as expected. No more SSL session life cycle issues No more SSL handshake exceptions due to missing eid card Can reuse the eid card for signing within webapp Can explicitly logoff the eid card Fedict All rights reserved p. 21
22 eid Applet Architecture Web Browser Web Container Web Page 1 eid Applet 2 eid Applet Service 3 SPI Target Page HTTP Session Service Implementation 6 jtrust Fedict All rights reserved p. 22
23 Fedict cannot be held liable for any direct or indirect damages arising from the usage of the information provided by this presentation. The views expressed in this presentation can change over time due to new evolutions and/or new insights. Thank you Fedict Maria-Theresiastraat 1/3 Rue Marie-Thérèse Brussel 1000 Bruxelles TEL FAX info@fedict.belgium.be Fedict All rights reserved
The Belgian e-id: hacker vs developer
OWASP Belgium Chapter The OWASP Foundation http://www.owasp.org The Belgian e-id: hacker vs developer Erwin Geirnaert ZION SECURITY Frank Cornelis Fedict Agenda The OWASP Foundation http://www.owasp.org
More informationSecurity Engineering Part III Network Security. Security Protocols (I): SSL/TLS
Security Engineering Part III Network Security Security Protocols (I): SSL/TLS Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationEmbedded SSL. Christophe Kiennert, Pascal Urien. Embedded SSL - Christophe Kiennert, Pascal Urien 1
Embedded SSL Christophe Kiennert, Pascal Urien 1 Introduction TLS/SSL is the Holy Grail of WEB security Many applications may be secured by SSL HTTP, FTP, SIP, SMTP, POP, TLS is secured, but what about
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationBinding Security Tokens to TLS Channels. A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp.
Binding Security Tokens to TLS Channels A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp. The Problem: Bearer Tokens Web services generate various security tokens (HTTP cookies,
More informationWeb Security. Mahalingam Ramkumar
Web Security Mahalingam Ramkumar Issues Phishing Spreading misinformation Cookies! Authentication Domain name DNS Security Transport layer security Dynamic HTML Java applets, ActiveX, JavaScript Exploiting
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationOutline. Transport Layer Security (TLS) Security Protocols (bmevihim132)
Security Protocols (bmevihim132) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu Outline - architecture
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationCertificates and network security
Certificates and network security Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline X.509 certificates and PKI Network security basics: threats and goals Secure socket layer
More informationComputer and Network Security. Outline
Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A
More informationSSL Secure Socket Layer
??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake
More informationSSL Secure Socket Layer
??? SSL Secure Socket Layer - architecture and services - sessions and connections - SSL Record Protocol - SSL Handshake Protocol - key exchange alternatives - analysis of the SSL Record and Handshake
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More informationTLS-RSA-PSK. Channel Binding using Transport Layer Security with Pre Shared Keys
TLS-RSA-PSK Channel Binding using Transport Layer Security with Pre Shared Keys Christian J. Dietrich dietrich [at] internet-sicherheit. de Institut für Internet-Sicherheit https://www.internet-sicherheit.de
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationSECURE SOCKETS LAYER (SSL)
INFS 766 Internet Security Protocols Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:
Managing and Securing Computer Networks Guy Leduc Chapter 4: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationSSL: Secure Socket Layer
SSL: Secure Socket Layer Steven M. Bellovin February 12, 2009 1 Choices in Key Exchange We have two basic ways to do key exchange, public key (with PKI or pki) or KDC Which is better? What are the properties
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationISA 562 Information System Security
Outline ISA 562 Information System Security PKI SSL PKI SSL ISA 562 1 ISA 562 2 Motivation 1- Key Distribution Problem In a secret key cryptosystem, the secret key must be transmitted via a secure channel
More informationeid Security Frank Cornelis Architect eid fedict 2008. All rights reserved
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationOpen Source eid Projects
Open Source eid Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eid Cryptography in Java via JCA RSA, PKI, jtrust, eid Trust Service Integration levels for eid eid Applet Commons eid eid Identity
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationSSL implementieren aber sicher!
SSL implementieren aber sicher! Karlsruher Entwicklertag 2014 21.05.2014 Dr. Yun Ding SSL in the news 2011 2012 2013 2014 BEAST CRIME Lucky 13 Compromised CAs RC4 biases BREACH DRBG Backdoor Apple goto
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationNetwork Fundamentals. 2010 Carnegie Mellon University
Network Fundamentals What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working Together
More informationAnnouncement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1 We have learned Symmetric encryption: DES, 3DES, AES,
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationLecture 7: Transport Level Security SSL/TLS. Course Admin
Lecture 7: Transport Level Security SSL/TLS CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lecture by Tony Barnard Course Admin HW/Lab 1 Graded; scores posted; to be
More informationConfiguring Digital Certificates
CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationHistory of the TLS Authentication Gap Bug. Marsh Ray Steve Dispensa PhoneFactor
History of the TLS Authentication Gap Bug Marsh Ray Steve Dispensa PhoneFactor Customary Protocol Stack Diagram application code https library SSL/TLS library TLS TCP/IP TLS Details Exploitable MitM attack
More informationNetwork Automation 9.22 Features: RIM and PKI Authentication July 31, 2013
Network Automation 9.22 Features: RIM and PKI Authentication July 31, 2013 Brought to you by Vivit Network Management Special Interest Group (SIG) Leaders: Wendy Wheeler and Chris Powers www.vivit-worldwide.org
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationApache Security with SSL Using Ubuntu
Apache Security with SSL Using Ubuntu These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Some SSL background
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa 7. [N b ] PKb B Here,
More informationSecurity. Learning Objectives. This module will help you...
Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationThree attacks in SSL protocol and their solutions
Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer
More informationCisco AnyConnect Secure Mobility Client VPN User Messages, Release 3.1
Cisco AnyConnect Secure Mobility Client VPN User Messages, Release 3.1 October 15, 2012 The following user messages appear on the AnyConnect client GUI. A description follows each message, along with recommended
More informationSSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationDigital Signature Service. e-contract.be BVBA info@e-contract.be 2 september 2015
Digital Signature Service e-contract.be BVBA info@e-contract.be 2 september 2015 About e-contract.be BVBA Consultancy Projects: eid/security related only SOA security From analysis to operational hosting
More informationApache Security with SSL Using Linux
Apache Security with SSL Using Linux These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Some SSL background
More informationA PKI case study: Implementing the Server-based Certificate Validation Protocol
54 ISBN: 978-960-474-048-2 A PKI case study: Implementing the Server-based Certificate Validation Protocol MARIUS MARIAN University of Craiova Department of Automation ROMANIA marius.marian@cs.ucv.ro EUGEN
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationNetwork Security Standards. Key distribution Kerberos SSL/TLS
Network Security Standards Key distribution Kerberos SSL/TLS 1 Many-to-Many Authentication? Users Servers How do users prove their identities when requesting services from machines on the network? Naïve
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationNetwork Security Web Security and SSL/TLS. Angelos Keromytis Columbia University
Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)
More informationUsing EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience
Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More informationSecure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.
Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Abstraction: Crypto building blocks NS HS13 2 Abstraction: The secure channel 1., run a key-exchange
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationExtensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks
White Paper Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks 1 Scope This document discusses the Extensible Authentication Protocol Transport Layer
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationSECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols
INFS 766 Internet Security s Lecture 5 SSL Prof. Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport
More informationLab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace
Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationSecure Socket Layer (SSL) and Transport Layer Security (TLS)
Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More information