SlideShare a Scribd company logo

Transport layer security.ppt

Download as PPT, PDF
I
ImXaib

This document discusses various protocols for securing network communications, including SSL/TLS, HTTPS, and SSH. It provides details on how SSL/TLS uses encryption and authentication to provide secure connections between a client and server. It also explains how HTTPS combines HTTP and SSL/TLS to securely transmit web traffic, and how SSH establishes secure channels for remote login and forwarding of network traffic.

Education
1 of 24
Download to read offline
1
2
3
Most read
4
5
6
7
8
9
10
11
12
Most read
13
14
15
16
17
18
19
20
21
22
23
Most read
24
Socket Layer Security
In this Presentation:  need for web security  SSL/TLS transport layer security protocols  HTTPS  secure shell (SSH)
Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats  integrity  confidentiality  denial of service  authentication  need added security mechanisms
Web Traffic Security Approaches
SSL (Secure Socket Layer)  transport layer security service  originally developed by Netscape  version 3 designed with public input  subsequently became Internet standard known as TLS (Transport Layer Security)  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols
SSL Architecture
SSL Architecture  SSL connection  a transient, peer-to-peer, communications link  associated with 1 SSL session  SSL session  an association between client & server  created by the Handshake Protocol  define a set of cryptographic parameters  may be shared by multiple SSL connections
SSL Record Protocol Services  confidentiality  using symmetric encryption with a shared secret key defined by Handshake Protocol  AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4- 40, RC4-128  message is compressed before encryption  message integrity  using a MAC with shared secret key  similar to HMAC but with different padding
SSL Record Protocol Operation
SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use
SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data
SSL Handshake Protocol  allows server & client to:  authenticate each other  to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used  comprises a series of messages in phases 1. Establish Security Capabilities 2. Server Authentication and Key Exchange 3. Client Authentication and Key Exchange 4. Finish
SSL Handshake Protocol
Cryptographic Computations  master secret creation  a one-time 48-byte value  generated using secure key exchange (RSA / Diffie- Hellman) and then hashing info  generation of cryptographic parameters  client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV  generated by hashing master secret
TLS (Transport Layer Security)  IETF standard RFC 2246 similar to SSLv3  with minor differences  in record format version number  uses HMAC for MAC  a pseudo-random function expands secrets  based on HMAC using SHA-1 or MD5  has additional alert codes  some changes in supported ciphers  changes in certificate types & negotiations  changes in crypto computations & padding
HTTPS  HTTPS (HTTP over SSL)  combination of HTTP & SSL/TLS to secure communications between browser & server  documented in RFC2818  no fundamental change using either SSL or TLS  use https:// URL rather than http://  and port 443 rather than 80  encrypts  URL, document contents, form data, cookies, HTTP headers
HTTPS Use  connection initiation  TLS handshake then HTTP request(s)  connection closure  have “Connection: close” in HTTP record  TLS level exchange close_notify alerts  can then close TCP connection  must handle TCP close before alert exchange sent or completed
Secure Shell (SSH)  protocol for secure network communications  designed to be simple & inexpensive  SSH1 provided secure remote logon facility  replace TELNET & other insecure schemes  also has more general client/server capability  SSH2 fixes a number of security flaws  documented in RFCs 4250 through 4254  SSH clients & servers are widely available  method of choice for remote login/ X tunnels
SSH Protocol Stack
SSH Transport Layer Protocol  server authentication occurs at transport layer, based on server/host key pair(s)  server authentication requires clients to know host keys in advance  packet exchange  establish TCP connection  can then exchange data  identification string exchange, algorithm negotiation, key exchange, end of key exchange, service request  using specified packet format
SSH User Authentication Protocol  authenticates client to server  three message types:  SSH_MSG_USERAUTH_REQUEST  SSH_MSG_USERAUTH_FAILURE  SSH_MSG_USERAUTH_SUCCESS  authentication methods used  public-key, password, host-based
SSH Connection Protocol  runs on SSH Transport Layer Protocol  assumes secure authentication connection  used for multiple logical channels  SSH communications use separate channels  either side can open with unique id number  flow controlled  have three stages:  opening a channel, data transfer, closing a channel  four types:  session, x11, forwarded-tcpip, direct-tcpip.
SSH Connection Protocol Exchange
Port Forwarding  convert insecure TCP connection into a secure SSH connection  SSH Transport Layer Protocol establishes a TCP connection between SSH client & server  client traffic redirected to local SSH, travels via tunnel, then remote SSH delivers to server  supports two types of port forwarding  local forwarding – hijacks selected traffic  remote forwarding – client acts for server

More Related Content

PPTX
RSA Algorithm
Srinadh Muvva
 
PPT
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
PPTX
SHA- Secure hashing algorithm
Ruchi Maurya
 
PPT
Network security cryptographic hash function
Mijanur Rahman Milon
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPT
DES
Naga Srimanyu Timmaraju
 
PPT
Secure Socket Layer
Naveen Kumar
 
PPT
Classical Encryption Techniques in Network Security
babak danyal
 
RSA Algorithm
Srinadh Muvva
 
Cryptography and Network Security William Stallings Lawrie Brown
Information Security Awareness Group
 
SHA- Secure hashing algorithm
Ruchi Maurya
 
Network security cryptographic hash function
Mijanur Rahman Milon
 
Public Key Cryptography
Gopal Sakarkar
 
DES
Naga Srimanyu Timmaraju
 
Secure Socket Layer
Naveen Kumar
 
Classical Encryption Techniques in Network Security
babak danyal
 

What's hot (20)

PPT
Message authentication
CAS
 
PDF
2. public key cryptography and RSA
Dr.Florence Dayana
 
PDF
IP Security
Dr.Florence Dayana
 
PPT
Pretty good privacy
Pushkar Dutt
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PDF
RSA ALGORITHM
Dr. Shashank Shetty
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PDF
Application layer security protocol
Kirti Ahirrao
 
PPTX
Password based cryptography
Ishraq Al Fataftah
 
PPT
Symmetric & Asymmetric Cryptography
chauhankapil
 
PPT
Data encryption standard
Vasuki Ramasamy
 
PDF
AES-Advanced Encryption Standard
Prince Rachit
 
PPT
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
PPTX
Types of attacks
Vivek Gandhi
 
PPTX
Symmetric and asymmetric key
Triad Square InfoSec
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
PPTX
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
PPTX
Transport Layer Security (TLS)
Arun Shukla
 
PPTX
Key Management and Distribution
Syed Bahadur Shah
 
PDF
2. Stream Ciphers
Sam Bowne
 
Message authentication
CAS
 
2. public key cryptography and RSA
Dr.Florence Dayana
 
IP Security
Dr.Florence Dayana
 
Pretty good privacy
Pushkar Dutt
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
RSA ALGORITHM
Dr. Shashank Shetty
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Application layer security protocol
Kirti Ahirrao
 
Password based cryptography
Ishraq Al Fataftah
 
Symmetric & Asymmetric Cryptography
chauhankapil
 
Data encryption standard
Vasuki Ramasamy
 
AES-Advanced Encryption Standard
Prince Rachit
 
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Types of attacks
Vivek Gandhi
 
Symmetric and asymmetric key
Triad Square InfoSec
 
Secure Socket Layer (SSL)
Samip jain
 
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Transport Layer Security (TLS)
Arun Shukla
 
Key Management and Distribution
Syed Bahadur Shah
 
2. Stream Ciphers
Sam Bowne
 
Ad

Similar to Transport layer security.ppt (20)

PPT
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
PPT
Web security.ppt and Information Security introduction and management.pptx
daudevarist18
 
PPT
Transportsec
Bogdan Korniyenko
 
PPT
Web securiy - Network security essentials
ssuser000e54
 
PPT
4th unit bkjnkljnkjxzczczxczxczxczxvzxvzxzxv
saranyas493379
 
PDF
BAIT1103 Chapter 4
limsh
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
PPTX
Secure Sockets Layer (SSL)
BGSBU Rajouri
 
PPTX
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PDF
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PPTX
Sequere socket Layer
Raghavendra Rao
 
PPTX
Internet security protocol
Mousmi Pawar
 
PDF
Transport Layer Security
Ibrahiem Mohammed
 
PPT
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
PPT
SecureSocketLayer.ppt
PranavUndre1
 
PDF
wolfSSL and TLS 1.3
wolfSSL
 
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
Web security.ppt and Information Security introduction and management.pptx
daudevarist18
 
Transportsec
Bogdan Korniyenko
 
Web securiy - Network security essentials
ssuser000e54
 
4th unit bkjnkljnkjxzczczxczxczxczxvzxvzxzxv
saranyas493379
 
BAIT1103 Chapter 4
limsh
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
Secure Sockets Layer (SSL)
BGSBU Rajouri
 
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SSL And TLS
Ghanshyam Patel
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
cryptography and network security thid.ppt
ubaidullah75790
 
Sequere socket Layer
Raghavendra Rao
 
Internet security protocol
Mousmi Pawar
 
Transport Layer Security
Ibrahiem Mohammed
 
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
SecureSocketLayer.ppt
PranavUndre1
 
wolfSSL and TLS 1.3
wolfSSL
 
Ad

More from ImXaib (20)

PPTX
cellular-communication-system presentation.pptx
ImXaib
 
PPTX
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
PPTX
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
PPTX
Advance Machine Learning presentation.pptx
ImXaib
 
PPTX
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
PPTX
ERD introduction in databases model.pptx
ImXaib
 
PPTX
SDA presentation the basics of computer science .pptx
ImXaib
 
PPTX
terminal a clear presentation on the topic.pptx
ImXaib
 
PPTX
What is Machine Learning_updated documents.pptx
ImXaib
 
PPTX
Grid Computing and it's applications.PPTX
ImXaib
 
PDF
Firewall.pdf
ImXaib
 
PPT
4966709.ppt
ImXaib
 
PPT
lecture2.ppt
ImXaib
 
PPTX
Tools.pptx
ImXaib
 
PPT
lec3_10.ppt
ImXaib
 
PPT
ch12.ppt
ImXaib
 
PPT
Fullandparavirtualization.ppt
ImXaib
 
PPT
mis9_ch08_ppt.ppt
ImXaib
 
PPT
rooster-ipsecindepth.ppt
ImXaib
 
PPT
Policy formation and enforcement.ppt
ImXaib
 
cellular-communication-system presentation.pptx
ImXaib
 
informationandnetworksecurity16transpositionciphers-210723152730.pptx
ImXaib
 
ALI HAMZAH PRESENTATION ON INFO SECURITY.pptx
ImXaib
 
Advance Machine Learning presentation.pptx
ImXaib
 
NEW METHODOLOGIES FOR IDENTIFYING CUSTOMER NEEDS FROM USER-GENERATED CONTENTS...
ImXaib
 
ERD introduction in databases model.pptx
ImXaib
 
SDA presentation the basics of computer science .pptx
ImXaib
 
terminal a clear presentation on the topic.pptx
ImXaib
 
What is Machine Learning_updated documents.pptx
ImXaib
 
Grid Computing and it's applications.PPTX
ImXaib
 
Firewall.pdf
ImXaib
 
4966709.ppt
ImXaib
 
lecture2.ppt
ImXaib
 
Tools.pptx
ImXaib
 
lec3_10.ppt
ImXaib
 
ch12.ppt
ImXaib
 
Fullandparavirtualization.ppt
ImXaib
 
mis9_ch08_ppt.ppt
ImXaib
 
rooster-ipsecindepth.ppt
ImXaib
 
Policy formation and enforcement.ppt
ImXaib
 

Recently uploaded (20)

PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
master seminar digital applications in india
ananyaray35
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 

Transport layer security.ppt

  • 2. In this Presentation:  need for web security  SSL/TLS transport layer security protocols  HTTPS  secure shell (SSH)
  • 3. Web Security  Web now widely used by business, government, individuals  but Internet & Web are vulnerable  have a variety of threats  integrity  confidentiality  denial of service  authentication  need added security mechanisms
  • 4. Web Traffic Security Approaches
  • 5. SSL (Secure Socket Layer)  transport layer security service  originally developed by Netscape  version 3 designed with public input  subsequently became Internet standard known as TLS (Transport Layer Security)  uses TCP to provide a reliable end-to-end service  SSL has two layers of protocols
  • 7. SSL Architecture  SSL connection  a transient, peer-to-peer, communications link  associated with 1 SSL session  SSL session  an association between client & server  created by the Handshake Protocol  define a set of cryptographic parameters  may be shared by multiple SSL connections
  • 8. SSL Record Protocol Services  confidentiality  using symmetric encryption with a shared secret key defined by Handshake Protocol  AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4- 40, RC4-128  message is compressed before encryption  message integrity  using a MAC with shared secret key  similar to HMAC but with different padding
  • 10. SSL Change Cipher Spec Protocol  one of 3 SSL specific protocols which use the SSL Record protocol  a single message  causes pending state to become current  hence updating the cipher suite in use
  • 11. SSL Alert Protocol  conveys SSL-related alerts to peer entity  severity  warning or fatal  specific alert  fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter  warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown  compressed & encrypted like all SSL data
  • 12. SSL Handshake Protocol  allows server & client to:  authenticate each other  to negotiate encryption & MAC algorithms  to negotiate cryptographic keys to be used  comprises a series of messages in phases 1. Establish Security Capabilities 2. Server Authentication and Key Exchange 3. Client Authentication and Key Exchange 4. Finish
  • 14. Cryptographic Computations  master secret creation  a one-time 48-byte value  generated using secure key exchange (RSA / Diffie- Hellman) and then hashing info  generation of cryptographic parameters  client write MAC secret, a server write MAC secret, a client write key, a server write key, a client write IV, and a server write IV  generated by hashing master secret
  • 15. TLS (Transport Layer Security)  IETF standard RFC 2246 similar to SSLv3  with minor differences  in record format version number  uses HMAC for MAC  a pseudo-random function expands secrets  based on HMAC using SHA-1 or MD5  has additional alert codes  some changes in supported ciphers  changes in certificate types & negotiations  changes in crypto computations & padding
  • 16. HTTPS  HTTPS (HTTP over SSL)  combination of HTTP & SSL/TLS to secure communications between browser & server  documented in RFC2818  no fundamental change using either SSL or TLS  use https:// URL rather than http://  and port 443 rather than 80  encrypts  URL, document contents, form data, cookies, HTTP headers
  • 17. HTTPS Use  connection initiation  TLS handshake then HTTP request(s)  connection closure  have “Connection: close” in HTTP record  TLS level exchange close_notify alerts  can then close TCP connection  must handle TCP close before alert exchange sent or completed
  • 18. Secure Shell (SSH)  protocol for secure network communications  designed to be simple & inexpensive  SSH1 provided secure remote logon facility  replace TELNET & other insecure schemes  also has more general client/server capability  SSH2 fixes a number of security flaws  documented in RFCs 4250 through 4254  SSH clients & servers are widely available  method of choice for remote login/ X tunnels
  • 20. SSH Transport Layer Protocol  server authentication occurs at transport layer, based on server/host key pair(s)  server authentication requires clients to know host keys in advance  packet exchange  establish TCP connection  can then exchange data  identification string exchange, algorithm negotiation, key exchange, end of key exchange, service request  using specified packet format
  • 21. SSH User Authentication Protocol  authenticates client to server  three message types:  SSH_MSG_USERAUTH_REQUEST  SSH_MSG_USERAUTH_FAILURE  SSH_MSG_USERAUTH_SUCCESS  authentication methods used  public-key, password, host-based
  • 22. SSH Connection Protocol  runs on SSH Transport Layer Protocol  assumes secure authentication connection  used for multiple logical channels  SSH communications use separate channels  either side can open with unique id number  flow controlled  have three stages:  opening a channel, data transfer, closing a channel  four types:  session, x11, forwarded-tcpip, direct-tcpip.
  • 24. Port Forwarding  convert insecure TCP connection into a secure SSH connection  SSH Transport Layer Protocol establishes a TCP connection between SSH client & server  client traffic redirected to local SSH, travels via tunnel, then remote SSH delivers to server  supports two types of port forwarding  local forwarding – hijacks selected traffic  remote forwarding – client acts for server