0% found this document useful (0 votes)
108 views12 pages

Cryptography and Network Security

This document discusses web security and the SSL/TLS protocol. It provides an overview of why additional security is needed for the web given its threats. It then describes how SSL/TLS provides transport layer security using encryption and authentication. The SSL/TLS architecture has two main components - the SSL connection and SSL session. It also describes the four main SSL protocols - Record, Change Cipher Spec, Alert, and Handshake that provide different security functions like integrity, confidentiality and authentication between clients and servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
108 views12 pages

Cryptography and Network Security

This document discusses web security and the SSL/TLS protocol. It provides an overview of why additional security is needed for the web given its threats. It then describes how SSL/TLS provides transport layer security using encryption and authentication. The SSL/TLS architecture has two main components - the SSL connection and SSL session. It also describes the four main SSL protocols - Record, Change Cipher Spec, Alert, and Handshake that provide different security functions like integrity, confidentiality and authentication between clients and servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

Cryptography and

Network Security
Chapter 6
Fourth Edition
by William Stallings
Lecture slides by Lawrie Brown

Web Security
Web now widely used by business,

government, individuals
but Internet & Web are vulnerable
have a variety of threats

integrity
confidentiality
denial of service
authentication

need added security mechanisms

SSL (Secure Socket Layer)


transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard

known as TLS (Transport Layer Security)


uses TCP to provide a reliable end-to-end
service
SSL has two layers of protocols

SSL Architecture

SSL Architecture
SSL connection

a transient, peer-to-peer, communications link


associated with 1 SSL session

SSL session

an association between client & server


created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections

SSL Record Protocol Services


message integrity

using a MAC with shared secret key


similar to HMAC but with different padding

confidentiality

using symmetric encryption with a shared


secret key defined by Handshake Protocol
AES, IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128
message is compressed before encryption

SSL Record Protocol


Operation

SSL Change Cipher Spec


Protocol
one of 3 SSL specific protocols which use

the SSL Record protocol


a single message
causes pending state to become current
hence updating the cipher suite in use

SSL Alert Protocol

conveys SSL-related alerts to peer entity


severity
warning or fatal

specific alert
fatal: unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
warning: close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked,
certificate expired, certificate unknown

compressed & encrypted like all SSL data

SSL Handshake Protocol

allows server & client to:

authenticate each other


to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used

comprises a series of messages in phases


1.
2.
3.
4.

Establish Security Capabilities


Server Authentication and Key Exchange
Client Authentication and Key Exchange
Finish

SSL Handshake Protocol

TLS (Transport Layer


Security)
IETF standard RFC 2246 similar to SSLv3
with minor differences

in record format version number


uses HMAC for MAC
a pseudo-random function expands secrets
has additional alert codes
some changes in supported ciphers
changes in certificate types & negotiations
changes in crypto computations & padding

You might also like