Secure Sockets SSLTLS - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Secure Sockets SSLTLS

Description:

The TLS layer runs between the Application layer and the Transport layer. ... SSL/TLS can set up a secure connection with someone if we have their public key. ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 19
Provided by: a1575
Category:
Tags: ssltls | keys | secure | sockets

less

Transcript and Presenter's Notes

Title: Secure Sockets SSLTLS


1
Secure Sockets SSL/TLS
  • ICW Lecture 6
  • Tom Chothia

2
Last Lecture
  • How to make socket connections between computers.
  • Socket (IP_from,port_from,IP_t
    o,port_to)
  • java.io.Socket
  • java.io.ServerSocket

3
Introduction
  • Why sockets aren't secure.
  • How to make secure socket connections.
  • The TLS/SSL protocol.
  • TLS/SSL in Java
  • javax.net.ssl.SSLSocket
  • javax.net.ssl.SSLServerSocket
  • Authenticating the Server.

4
The SSL/TLS Protocol
  • The Secure Sockets Layer (SSL) protocol has been
    renamed the Transport Layer Security (TLS).
  • It provides encrypted socket communication and
    optionally authentication.
  • It may use a range of ciphers (RSA,DES,DH,..)
  • These are negotiation at the start of the run.

5
The Internet Protocol Stack, (Most of the Time)
Stuff that you write
Application
TCP or UDP
Transport
Network
IP
Link/Hardware
Ethernet or 802.11
6
The Internet Protocol Stack with TLS
Application
The TLS layer runs between the Application layer
and the Transport layer. Once the socket is open
the encryption is transparent to the Application
layer. The normal TCP and IP protocols etc. can
be used at the low layers
TLS
Transport
Network
Link/Hardware
7
TLS in Java
8
TLS with no Authentication
  • Create a SSLServerSocketFactory using
  • sockFact SSLServerSocketFactory.getDefault()
  • Create a SSLServerSocket
  • secSocksockFact.createServerSocket(portNo)
  • Set the Ciphers
  • secSocket.setEnabledCipherSuites(ciphers)
  • Listen on the socket for an encrypted connection
  • socket (Socket) secSocket.accept()

9
Verifying Identity
  • A private key can be used sign a message.
  • The public key can be used to verify this
    signature.
  • If I have someone's public key, I can use it to
    make sure I'm talking to them.

10
Cipher Suites
  • Cipher Suites with just authentication
  • SSL_RSA_WITH_NULL_MD5
  • SSL_RSA_WITH_NULL_SHA
  • Cipher Suites with just encryptions
  • SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
  • SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  • SSL_DH_anon_WITH_DES_CBC_SHA
  • SSL_DH_anon_WITH_RC4_128_MD5
  • TLS_DH_anon_WITH_AES_128_CBC_SHA
  • TLS_DH_anon_WITH_AES_256_CBC_SHA
  • Cipher Suites with encryptions and
    authentication
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_DES_CBC_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • SSL_RSA_WITH_RC4_128_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
  • TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
  • ...

11
TLS in Java
12
SSL/TLS contexts and Trust
  • SSL/TLS can set up a secure connection with
    someone if we have their public key.
  • The SSL context can be loaded with
  • the keys used to identify yourself.
  • the public keys of people we trust.

13
Keystores a Reminder
  • We saw keystores in the Crypto Lecture.
  • The Keystore stores password protected keys and
    certifications.
  • Use java.security.KeyStore or the keytool
    from the command line.

14
keytool
  • Generate and show a key for the server
  • keytool -genkey -alias serverKey -keystore
    server.jks
  • keytool -list -keystore server.jks -storepass
    password
  • Export a certification for the key
  • keytool -export -alias serverKey -file server.crt
  • -keystore
    server.jks
  • Import and show the certificate, at the client
    end
  • keytool -import -keystore client.jks -alias
    serverCert
  • -file
    server.crt
  • keytool -list -keystore client.jks -storepass
    password

15
Certificate Chains
  • The public keys are stored as certificates.
  • If we have someone's public key we can use it to
    check their identity.
  • But we can't have the public key of everyone on
    the Internet. -(

16
Certificate Chains
  • If someone we trust signs someone else's public
    key, we can trust them.
  • There are a number of companies that check
    peoples identity and will sign their public key.
    e.g. Versign.
  • These companies certificates are embedded in most
    browsers.

17
Summary
  • SSL/TLS is the most common way to secure
    connections
  • javax.net.ssl.SSLSocket
  • javax.net.ssl.SSLServerSocket
  • To Authenticate someone, you must have a
    certificate/certificate chains for the server.
  • Browsers come with certificates of Versign, etc.
    they will check your IS and sign your key for a
    fee.

18
Next Time
  • XML and Java XML tools.
  • XML is the default file format of Internet
    systems.
  • The next lecture will tell you what XML is and
    how to manipulate XML in Java.
Write a Comment
User Comments (0)
About PowerShow.com