Download 2-Intro-SSL

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts
no text concepts found
Transcript 
Network Security
Gene Itkis

Internet Engineering Task Force (IETF)



ANSI


X9.42
ITU


www.ietf.org
Documents: RFC 2246
X.509
Netscape
5/25/2017
Gene Itkis: CS558 Network Security
2


1993 – Mosaic (“browser #1”)
1994 – Netscape Browser released


SSL v1 design complete – never released
SSL v2 released in Navigator 1.1
 Badly broken (bad seeds for PRNG)

1995 – Explorer released



5/25/2017
PCT (MS), SSL v3 (Netscape)
1996-1999 – TLS 1.0
1999 – WTLS
Gene Itkis: CS558 Network Security
3
Application (HTTP)
SSL
TCP
IP
5/25/2017
Gene Itkis: CS558 Network Security
4

Separate Layer



Application-Specific


Over TCP: SSL
Over IP: IPSec
SHTTP
Parallel

5/25/2017
Kerberos; Kerberos with TLS?
Gene Itkis: CS558 Network Security
5

Connection-oriented



No non-repudiation


SSL, TLS do not support UDP
But WTLS does
But signatures are used for AKE
“Only protects the pipe”

5/25/2017
Attacks are mounted on data before and after “the
pipe”
Gene Itkis: CS558 Network Security
6

Server authentication



Client authentication is optional
Encryption
Message integrity
5/25/2017
Gene Itkis: CS558 Network Security
7

Handshake
 Set protocol details



Authenticate server
Establish keys
Data transfer
5/25/2017
Gene Itkis: CS558 Network Security
8

ClientHello


ServerHello





Supported options
Options to be used
ServerCertificate (ServerKeyExchange)
ServerHelloDone
ClientKeyExchange
Finished (sent by client)
5/25/2017
Gene Itkis: CS558 Network Security
9
Related documents