Secure Sockets Layer SSL SSL is a communications protoco - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Secure Sockets Layer SSL SSL is a communications protoco

Description:

Secure Sockets Layer SSL SSL is a communications protocol layer which can be placed between TCP/IP and HTTP It intercepts web traffic and provides security between ... – PowerPoint PPT presentation

Number of Views:147
Avg rating:3.0/5.0
Slides: 21
Provided by: csUccIej
Category:

less

Transcript and Presenter's Notes

Title: Secure Sockets Layer SSL SSL is a communications protoco


1
Secure Sockets Layer
2
SSL
  • SSL is a communications protocol layer which can
    be placed between TCP/IP and HTTP
  • It intercepts web traffic and provides security
    between browser and server
  • Encryption is used to guarantee secure
    communication in an insecure environment
  • All security operations are transparent at both
    ends of the communication
  • SSL uses public-key cryptography

3
Mortice-lock cryptography
  • Ordinary encryption is like sending messages in a
    box that is locked with a mortice lock
  • Both the sender of the message and the recipient
    must share a secret
  • they must each have a copy of the key to the lock
  • the sender needs a copy of the key to lock the
    box
  • the recipient needs a copy of the key to open the
    box
  • However, we dont have to use mortice locks
  • we can use Yale locks

4
Yale lock cryptography
  • Consider a box with a Yale lock
  • If the box is open, anybody can put a message
    inside and lock the box
  • no key is needed to lock the box
  • However, only the person who has the key of the
    Yale lock can open the box and read the message
  • The owner of the key can make many copies of the
    lock and send them to anybody who wants to send
    him a message
  • these people need never see the owners private
    key

5
Public-key cryptography
  • Public-key cryptography is also known as
    asymmetric key cryptography
  • It allows users to communicate securely without
    having prior access to a shared secret key
  • Instead, it uses a pair of keys which are related
    mathematically
  • a message encoded with Key1 can only be decoded
    by using Key2
  • a message encoded with Key2 can only be decoded
    by using Key2

6
Public-key cryptography (contd.)
  • Typically, one key is called a public key and the
    other is called a private key
  • The public key can be regarded as like a Yale
    lock
  • many copies of it can be made
  • they can be given to everybody who asks for one
  • The private key can be regarded as like the key
    to a Yale lock
  • the owner of the key does not share it with
    anybody else
  • he can use it to open locked boxes that people
    send to him

7
Public Key certificates
  • Suppose you want to send a secure message to
    somebody and ask him to send you a Yale lock in
    the post
  • Suppose a Yale lock arrives in the post
  • How do you know the Yale lock is really from the
    person to whom you want to send your secure
    message?
  • You would require some guarantee
  • In public-key cryptography, this guarantee is
    called a public-key certificate

8
Public-key certificates (contd.)
  • A public-key certificate binds a public key with
    a name
  • it guarantees that the public key is indeed owned
    by the person/organization/program with the given
    name
  • thus, it guarantees that any message encoded with
    the public key will only be readable by that
    person/organization/program
  • To increase the credibility of a public-key
    certificate, it is often signed by a trusted
    organization known as a Certification Authority
    (CA)

9
Unidirectional versus bi-directional cryptography
  • Sometimes, both parties to a conversation need to
    send secret information
  • bi-directional cryptography is needed
  • each party must send his public key to the other
  • Sometimes, only one party to a conversation needs
    to send secret information
  • only unidirectional cryptography is needed
  • only the recipient of the secret information
    needs to own a public key
  • which he must send to sender of the secret
    information

10
Much e-Commerce involves only unidirectional
cryptography
  • A customer making an online purchase needs to
    send secret information, such as a credit card
    number, to the company
  • The company does not need to send any secret
    information to the customer
  • In this case, only unidirectional cryptography is
    needed
  • Thus, the customer need not own any cryptographic
    key, but the company must
  • the server will have to send its public key to
    the customers browser

11
An example
  • Consider buying a ticket from Aer Lingus
  • Initially, no secret information is being
    exchanged
  • Aer Lingus merely lists flight availability
  • the customer selects flights
  • Then, however, the customer must provide credit
    card details
  • before that can happen, Aer Lingus must send its
    public key to the customer

12
Customer specifies Cork-Heathrow itineraryhttp
protocol in use no lock on status bar
13
Customer selects flightsstill http protocol no
lock on status bar
14
Customer is warned that SSL communication is
about to start
15
Customer is warned that SSL communication is
about to start
16
Customer is being asked for credit card
detailsprotocol is now https there is a lock on
the status bar
17
HTTPS and lock
18
What happened when user agreed to secure
connection
  • The Aer Lingus server sent its certificate to the
    users browser
  • The browser decided that the CA on the
    certificate was trustworthy and that the public
    key really was for Aer Lingus
  • Henceforth, all information sent by the user
    would be encoded using the public key

19
Sometimes, a browser needs to receive secrets
from a server
  • If a browser needs to receive secrets from a
    server, the browser must be able to provide a
    public-key certificate to the server
  • There are freely-available utilities, such as
    OpenSSL, which enable you to
  • select a publicprivate key combination
  • get a signed certificate for your public key
  • import the certificate into your browser, so that
    it can send this to servers who request it

20
openSSL
  • Available on cosmos.ucc.ie
  • It provides a great many options
  • Too many to consider here today
Write a Comment
User Comments (0)
About PowerShow.com