Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • G1

    Загружено:

    Tamanna Sheikh
    18 просмотров15 страниц
    this advance network security ppt

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    this advance network security ppt

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    18 просмотров15 страниц

    G1

    Загружено:

    Tamanna Sheikh
    this advance network security ppt

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 15

    Secure Socket Layer (SSL)

    Secure Socket Layer (SSL)


    Worlds most widely used security
    mechanism on the Internet
    Secures communication between a client
    and a server
    Located between the Application and
    Transport Layers of TCP/IP protocol suite

    Position of SSL in TCP/IP


    Application Layer
    SSL Layer
    Transport Layer
    Internet Layer
    Data Link Layer
    Physical Layer

    Fig 6.9

    Data Exchange including SSL


    X

    L5 data
    L5 data

    SH

    L5 data

    L3 data

    L5 data

    SSL

    L5 data

    Transport

    H4

    L4 data

    Application

    L5 data

    Internet

    H3
    H2

    L3 data

    H3
    H2

    010101010100010101010010

    Transmission medium

    Fig 6.10

    H4

    L4 data

    Data Link

    010101010100010101010010 Physical

    SH

    SSL Sub-Protocols
    Handshake Protocol
    Record Protocol
    Alert Protocol

    SSL Handshake Message Format

    Type

    Length

    1 byte 3 bytes

    Content
    1 or more bytes

    Fig 6.11

    SSL Handshake Messages


    Message Type

    Parameters

    Hello request

    None

    Client hello

    Certificate

    Version, Random number, Session id, Cipher suite, Compression


    method
    Version, Random number, Session id, Cipher suite, Compression
    method
    Chain of X.509V3 certificates

    Server key exchange

    Parameters, signature

    Certificate request

    Type, authorities

    Server hello done

    None

    Certificate verify

    Signature

    Client key exchange

    Parameters, signature

    Finished

    Hash value

    Server hello

    Fig 6.12

    SSL Handshake Process


    Web
    Browser

    1.

    Establish security capabilities

    2.

    Server authentication and key


    exchange

    3.

    Client authentication and key


    exchange
    4.

    Finish

    Fig 6.13

    Web
    Server

    SSL Handshake - Phase 1

    Web
    Browser

    Step 1: Client hello

    Step 2: Server hello

    Fig 6.14

    Web
    Server

    SSL Handshake - Phase 2


    Step 1: Certificate
    Web
    Browser

    Step 2: Server key exchange

    Step 3: Certificate request

    Step 4: Server hello done

    Fig 6.15

    Web
    Server

    SSL Handshake - Phase 3


    Web
    Browser

    Web
    Server

    Fig 6.16

    SSL Handshake - Phase 4


    1. Change cipher specs
    Web
    Browser

    2. Finished

    Step 3: Change cipher specs

    Step 4: Finished

    Fig 6.17

    Web
    Server

    SSL Record Protocol


    Application data

    Fragmentation

    Compression

    Addition of MAC

    Encryption

    Append header

    Fig 6.20

    SHTTP and SSL Positions


    Application Layer, SHTTP
    SSL Layer
    Transport Layer
    Internet Layer
    Data Link Layer
    Physical Layer

    Fig 6.24

    SSL versus SET


    Issue

    SSL

    SET

    Main aim

    Exchange of data in an encrypted


    form

    E-commerce related payment


    mechanism

    Certification

    Two parties exchange certificates

    All the involved parties must be


    certified by a trusted third party

    Authentication

    Mechanisms in place, but not


    very strong

    Risk of merchant fraud

    Possible, since customer gives


    financial data to merchant

    Risk of customer fraud

    Possible, no mechanisms exist if


    a customer refuses to pay later

    Strong
    mechanisms
    for
    authenticating all the parties
    involved
    Unlikely, since customer gives
    financial data to payment
    gateway
    Customer has to digitally sign
    payment instructions

    Action in case of customer fraud

    Merchant is liable

    Payment gateway is liable

    Practical usage

    High

    Low at the moment, expected to


    grow

    Fig 6.40

    Вам также может понравиться