1 dcs 835 – computer networking and the internet digital certificate and ssl (rev.06-17-07) team 1...

20
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos Thomas Kevin Gravesande, Scott Weaver

Upload: clyde-bennett

Post on 03-Jan-2016

217 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

1

DCS 835 – Computer Networking and the Internet

Digital Certificate and SSL(rev.06-17-07)

Team 1

Rasal Mowla (project leader) Alvaro Restrepo, Carlos Thomas

Kevin Gravesande, Scott Weaver

Page 2: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

2

Agenda

Digital Certificate Digital Certificate Example SSL SSL Example Protocol Overview Why SSL is Secure SSL Versions Conclusion

Page 3: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

3

What is a Digital CertificateDigital Certificate prove your identity or your right to access information or services online.

They bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information.

A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key.

A Digital Certificate typically contains the:

•Owner's public key

•Owner's name

•Expiration date of the public key

•Name of the issuer (the CA that issued the Digital Certificate)

•Serial number of the Digital Certificate

Page 4: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

4

Example of Digital Certificate

From: Staples.com

Page 5: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

5

Digital CertificatesWhat are Digital Certificates used for? Digital Certificates are used in e-mail, e-commerce, groupware and electronic funds transfers, code signing, VPNs, and SSL (security and encryption). Why do I need a Digital Certificate?  Digital certificates provide with security and privacy for transacting online transactions. How do I use Digital Certificates? Digital certificates can be used in conjunction with digital signatures to provide authenticity. Furthermore, they provide verification of identity for secure server access.

Page 7: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

7

Digital Certificates and SSLWhat is SSL and what is it used for?

Secure Sockets Layer (SSL) protects the data transferred using encryption enabled by a SSL server’s certificate.

Browser address directs to a secured domain, SSL handshake authenticates the server and client and establishes an encryption method and a unique session key.

Encryption is done by a public key and a private key deciphers it. Why do I need a SSL?

Provides a secure medium of communication between a client and server via encryption.

Page 8: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

8

SSL (Introduction) • Reliable commutation on the Internet

• SSL Main Goal:– Cryptography security– Reliability– Interoperability– Extensibility– Relative efficiency

• Chiper Used with SSL

Page 9: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

9

Uses of SSL

1. An organization, which wants to supply Internet privacy communication between it and its clients, may use the SSL  protocol.

2. Bank-Systems are using this protocol to allow their clients to view their confidential accounts’ data on their own browser and to make their account orders from home.

3. The same idea is applied in academic organizations. Students can view safely personal information on the web, such as course grades.

4. Most electronic commerce (i.e. the sharing of personal details and credit card numbers) through the net is protected under SSL.

Page 10: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

10

SSL Example

http://www.bankofamerica.com

Page 11: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

11

SSL Example

Page 12: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

12

SSL (Protocol Overview)

• SSL is a Layered protocol.

The SSL Protocol Stack

Page 13: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

13

SSL (Protocol Overview) cont.

• SSL Handshake protocol– Establishes a secure session– Structure:

  

             · Type: SSL handshake message type.                 · Length: Length (in bytes) of the message.                 · Content: Parameters additional to the message.

Page 14: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

14

SSL (Protocol Overview) cont.

• SSL Handshake protocol

Page 15: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

15

SSL (Protocol Overview) cont.

• SSL Change Chiper Spec protocol

– Used at the last stage of SSL Handshake in order parties to move from their pending state to their current state.

– This message has one byte with content of “1” and is encrypted and compressed under the current CipherSpec.

Page 16: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

16

SSL (Protocol Overview) cont.

• SSL Alert protocol– Responsible for error– Two levels of alert

• fatal alert

• warning alert

                · Level: Indicates a fatal or warning alert.                 · Alert: Indicates the specific alert.

Page 17: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

17

SSL (Protocol Overview) cont.

• SSL Record protocol– Data is encapsulated into an object called record

– Record consist of • Header – 5 bytes long

• Data – portion undergoes 4 stages: Fragmentation , Compression (optional), Applying MAC, and Encryption

Page 18: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

18

Why use SSL?• Preventing Identity Fraud

• Preventing Garbling Attacks

• Preventing Replaying Messages

• Preventing Cut and Paste Attacks

• Preventing Cipher Suite rollback attacks

• Preventing Version rollback attacks

• Preventing Dictionary attacks

• Traffic attacks

• Short-block attacks

Page 19: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

19

SSL versions

• SSL v2.0

• SSL v3.0

• TLS

Page 20: 1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev.06-17-07) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos

20

ReferencesDigital Certificates

Verising, “Digital Certificates” http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml

Verising is one the key and innovative Certificate Authority companies on the web.

The Open–source PKI Book: A guide to PKIs and Open–source Implementations. Sample CA Certificate in TXT format http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/sample-ca-cert-txt.htm Website provided sample text image of a digital certificate.

SSL