Upload
netri
View
900
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Topic:Topic:Implementation of SSL & Implementation of SSL &
TLS for Application serversTLS for Application servers
03/19/08 1
Introduction:
Internet - network for everyone. Everyone and everything open. Highly insecure Internet Thus, Netscape Corporation -protocol
SSL. For secure Transactions.
03/19/08 2
SSL –Secured Socket Layer Protocol for data encryption . Open & nonproprietary protocol .Current implementation-OpenSSLused for:
a. data-encryptionb. server authentication c. data integrity d. client authentication
03
/19
/08
3
Enhance and ensure transactional data
Securing transactions on the Web using Apache-SSL.
Securing user access for remote access
Securing e-mail services (IMAP, POP3)
03/19/08 4
TLS:
Transport Layer Security(TLS)
Provides security at transport layer.
Non –proprietory version of SSL.
Allows two parties to exchange messages in secure environment.
03/19/08 5
Position of TLS:
03/19/08 6
TLS requirementsTLS requirements::
Protocols:Protocols:**entity authentication protocol entity authentication protocol
*message authentication protocol*message authentication protocol
*encryption/decryption protocol*encryption/decryption protocol
Each party uses a predefined function to create session Each party uses a predefined function to create session keys.keys.
Digest calculated & appended to each message .Digest calculated & appended to each message . Message & digest are encrypted using encryption Message & digest are encrypted using encryption
/decryption protocols./decryption protocols. Each party extracts necessary keys and parameters for Each party extracts necessary keys and parameters for
message authentication & encryption/decryptionmessage authentication & encryption/decryption..
03/19/08 7
8
**In Greek means “secret writing.”In Greek means “secret writing.” *Refers to the science and art of transforming *Refers to the science and art of transforming messages to make them secure and immune to messages to make them secure and immune to attacks.attacks.
Types of Cryptography:Types of Cryptography:
Symmetric-Key Cryptography Symmetric-Key Cryptography Asymmetric-Key Cryptography Asymmetric-Key Cryptography
9
Symmetric-key cryptography
Asymmetirc Cryptography:Asymmetirc Cryptography:
Use two keys – public & private key.
keys -completely independent .
a private key cannot be deduced from a public one.
sign a message using public key, only the holder of the private key can read it.
public key is open.Private key is secret.03/19/08 10
11
Asymmetric-key encryption
03/19/08 12
Asymmetric Encryption/Decryption
Asymmetric cryptography Simulate the security properties of a
handwritten signature Two algorithms-
1. for signing which involves the user' private key,
2. for verifying signatures which involves the user's public key.
03/19/08 13
TCP/IP Protocol Suite 14
Hash function
TCP/IP Protocol Suite 15
Sender site
16
Receiver site
03/19/08 17
Your public key:
Your name & e-mail address:
Expiration date of the public key:
Name of the company:
Serial number of the Digital ID
03/19/08 18
Bob’s private key
Bob’s public key
Pat Doug Susan
Anyone can get Bob's Public Key, but Bob keeps his Private Key to himself
Bob’sCo-workers
03/19/08 19
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
HNFmsEm6UnBejhhyCGKOKJUxhiygSBCEiC0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
Susan
Bob
03/19/08 20
Bob prepares a message Digest using Hash function
03/19/08 21
Bob encrypts the digest with his private key.
Digital Signature Created
03/19/08 22
Digital Signature Appended to the Original document &Sent to Susan
03/19/08 23
Separates Original Document & Digital signature
TCP/IP Protocol Suite 24
Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption
must be applied.
Note:Note:
Important tools:1.GNUPG:Stands for GNU privacy guard.Used for: * encrypt data *create digital signatures *help authenticating using Secure
Shell * provide a framework for public
key cryptography.
03/19/08 25
OpenPGP part of the GNU Privacy Guard (GnuPG).
provide digital encryption and signing services using
the OpenPGP standard.
2
03/19/08 26
03/19/08
Standard sponsored by Standard sponsored by ITUITU
International standard International standard for for digital certificates digital certificates
used to used to authenticate digital authenticate digital signatures.signatures.
X.509:X.509:
27
2828
X.509 fieldsX.509 fields
03/19/08 29
Certificate:
body of data placed in a message to serve as Proof of the sender’s authenticity. consists of encrypted information that associates a public key with the true identity of an individual
Includes the identification and electronic signature of Certificate Authority (CA).
Includes serial number and period of time when the certificate is Valid
Why do I need Digital certificate?
AuthenticationPrivacyIntegrityNonrepudiation
03/19/08 30
Certificate Signing Request: Request made to a CA from an organization to obtain a digital certificate.
Requesting party includes information that proves its identity and digitally signs the CSR with the private key.
03/19/08 31
03/19/0803/19/08 3232
Certificate Authority :
trusted organization that issues certificates for both servers and clients.
create digital certificates that securely bind the names of users to their public keys.
Two types of CA:
* Commercial CA* Self-certified private CA
COMMERCIAL CA:
JOB - TO VERIFY THE AUTHENTICITY OFOTHER COMPANIES’ MESSAGES ON THE INTERNETEXAMPLE:VERISIGN,THAWTE.
03
/19
/08
33
Self-certified CA:
Root-level commercial CA: It’s self-certified.
Typically used in a LAN or WAN environment
03/19/08 34
Public-key infrastructure(PKI)
provides public-key encryption & digital signature services.
Manage keys and certificates- organization establishes and maintains a trustworthy networking environment.
03/19/08 35
E-mail server security:
Biggest problem- unsolicited mail or spam.
Simple Mail Transport Protocol (SMTP) -simple & insecure.
biggest abuse of e-mail service- open mail relay.
03/19/08 36
.
03/19/08 37
Open mail Relay:
• send unwanted emails to people
• Waste resources.
legal problems for companies that leave their email system open.
Web-server security
The Web site hacked because holes in applications or scripts are exploited.
protecting Web site - understanding & identifying security risks.
03/19/08 38
ConclusionConclusion Secure Digital transactions- an Secure Digital transactions- an
important part of electronic commerce important part of electronic commerce in the future.in the future.
Privacy of transactions, and Privacy of transactions, and authentication of all parties, is authentication of all parties, is important for achieving the level of important for achieving the level of trust. trust.
encryption algorithms and key-sizes encryption algorithms and key-sizes must be robust enough to prevent must be robust enough to prevent observation by hostile entitiesobservation by hostile entities03/19/08 39
Thank you
41