SSL Secure Socket Layer
omkarbhagat31
214 views
25 slides
Apr 04, 2017
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
SSL Working
Slide Content
1
Omkar Bhagat Siddhesh Palkar
Omkar Bhagat Siddhesh Palkar
2
• SSL Basics
•SSL Architecture
•SSL Session & Connection
•Process In SSL
• SSL Basics
•SSL Architecture
•SSL Session & Connection
•Process In SSL
3
•SSL was first developed by Netscape in 1994
and became an internet standard in 1996
( RFC 2246 – TLS V1.0)
•SSL is a cryptographic protocol to secure
network across a connection-oriented layer
•Any program using TCP can be modified to
use SSL connection
•SSL was first developed by Netscape in 1994
and became an internet standard in 1996
( RFC 2246 – TLS V1.0)
•SSL is a cryptographic protocol to secure
network across a connection-oriented layer
•Any program using TCP can be modified to
use SSL connection
4
•SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
•SSL is flexible in choice of which symmetric
encryption, message digest, and
authentication can be used
•SSL provides built in data compression
•SSL connection uses a dedicated TCP/IP
socket(e.g. port 443 for https)
•SSL is flexible in choice of which symmetric
encryption, message digest, and
authentication can be used
•SSL provides built in data compression
5
•Authenticate the server to the client
•Allow the client and server to select
cryptographic algorithms, or ciphers, that they
both support
•Optionally authenticate the client to the server
•Use public key encryption techniques to
generate shared secret
•Establish an encrypted SSL connection
•Authenticate the server to the client
•Allow the client and server to select
cryptographic algorithms, or ciphers, that they
both support
•Optionally authenticate the client to the server
•Use public key encryption techniques to
generate shared secret
•Establish an encrypted SSL connection
6
SSL is a secure protocol which runs above
TCP/IP and allows users to encrypt data and
authenticate servers/vendors identity securely
Application
layer
Transport
layerTCP/IP layer
SMTPSFTPSHTTPS
SECURE SOCKET LAYER
SSL is a secure protocol which runs above
TCP/IP and allows users to encrypt data and
authenticate servers/vendors identity securely
Application
layer
Transport
layerTCP/IP layer
SMTPSFTPSHTTPS
SECURE SOCKET LAYER
7
SSL Protocol Stack
SSL Protocol Stack
8
DATA
DATA 1 DATA 2 DATA 3
Application Data
Fragment
Compress
Add MAC
Encryption
Append SSL
Record Header
DATA
DATA 1 DATA 2 DATA 3
Application Data
Fragment
Compress
Add MAC
Encryption
Append SSL
Record Header
9
E
n
c
r
y
p
t
e
d
E
n
c
r
y
p
t
e
d
10
SSL handshake verifies the server and
allows client and server to agree on an
encryption set before any data is sent
out
SSL handshake verifies the server and
allows client and server to agree on an
encryption set before any data is sent
out
11
Server
Client
Public
key
Private
key
Client
request
Public key
Server
Client
Public
key
Private
key
Client
request
Public key
12
Server
Client
Public
key
Private
key
Public key Pre-Master
Pre-
Master
Pre-
Master
Session key
Session key
Server
Client
Public
key
Private
key
Public key Pre-Master
Pre-
Master
Pre-
Master
Session key
Session key
13
Server
Client
Public
key
Private
key
Session
key
Data Session key Data
Data
Data Session key Data
Server
Client
Public
key
Private
key
Session
key
Data Session key Data
Data
Data Session key Data
14
Server
Client
Public
key
Private
key
Hacker
Public
key
Private
key
Pre-
master
Public
key
Public
key
Public key
Session
key
Pre-master
Public
key
Pre-
master
Pre-
master
Session
key
Server
Client
Public
key
Private
key
Hacker
Public
key
Private
key
Pre-
master
Public
key
Public
key
Public key
Session
key
Pre-master
Public
key
Pre-
master
Pre-
master
Session
key
15
SSL version number client supported
(v2, v3)
Ciphers supported client
(DES, RC2, RC4)
Client Random Number
SSL version number server picked
(v2, v3)
Ciphers server picked
(DES, RC2, RC4)
Server Random Number
Server
Client
Public
key
Private
key
Public key
Certificate
SSL version number client supported
(v2, v3)
Ciphers supported client
(DES, RC2, RC4)
Client Random Number
SSL version number server picked
(v2, v3)
Ciphers server picked
(DES, RC2, RC4)
Server Random Number
Server
Client
Public
key
Private
key
Public key
Certificate
16
Checking
Server
Client
Public
key
Private
key
Client
request
Certificate
Certificate
Valid
Public key
Certificate is Good and Valid
Server/vendor has been verified and authenticated
Client has vendor’s public key and Client has vendor’s public key and
can now encrypt pre-master to send can now encrypt pre-master to send
to server/vendorto server/vendor
Checking
Server
Client
Public
key
Private
key
Client
request
Certificate
Certificate
Valid
Public key
Certificate is Good and Valid
Server/vendor has been verified and authenticated
Client has vendor’s public key and Client has vendor’s public key and
can now encrypt pre-master to send can now encrypt pre-master to send
to server/vendorto server/vendor
17
18
•Notifies the client that they should send a client
hello message to begin the negotiation process
•Sent by the server at any time
•After the server sends a request, it does not
send another one until a handshake has been
completed
•Client can choose to ignore them or send a
Client Hello
•Notifies the client that they should send a client
hello message to begin the negotiation process
•Sent by the server at any time
•After the server sends a request, it does not
send another one until a handshake has been
completed
•Client can choose to ignore them or send a
Client Hello
19
• Sent by the client
When first connecting to a server
In response to a hello request or on its
own
• Contains
32 bytes random number created by a
secure random number generator
Protocol version
Session ID
A list of supported ciphers
A list of compression methods
• Sent by the client
When first connecting to a server
In response to a hello request or on its
own
• Contains
32 bytes random number created by a
secure random number generator
Protocol version
Session ID
A list of supported ciphers
A list of compression methods
20
• Sent as response if client hello is accepted
If not, a handshake failure alert is sent
• Contains
32 bytes random number created by a secure random
number generator
Protocol version
Session ID
Cipher suite chosen
Compression method selected
• Sent as response if client hello is accepted
If not, a handshake failure alert is sent
• Contains
32 bytes random number created by a secure random
number generator
Protocol version
Session ID
Cipher suite chosen
Compression method selected
21
•Immediately following the server hello,
the server sends its certificate
Generally an X.509.v3 certificate
•Server sends server hello done message
•Immediately following the server hello,
the server sends its certificate
Generally an X.509.v3 certificate
•Server sends server hello done message
22
23
24
•Client sends 48-bytes pre-master, encrypted
using server’s public key, to the server
•Both server and client use the pre-master to
generate the master secret
•A same session key is generated on both
client and server side using the master secret
•Client sends 48-bytes pre-master, encrypted
using server’s public key, to the server
•Both server and client use the pre-master to
generate the master secret
•A same session key is generated on both
client and server side using the master secret
25
• Client sends change_cipher_spec
• Client sends finished message
• Server sends change_cipher_spec
• Server sends finished message
• Client sends change_cipher_spec
• Client sends finished message
• Server sends change_cipher_spec
• Server sends finished message
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 214
- Slides 25
- Favorites 2
- Age 3163 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views