secure socket ssl
TRANSCRIPT
-
8/8/2019 Secure Socket Ssl
1/22
SECURE SOCKET LAYER(SSL)&
HTTPS
Divey GuptaSunny Gajjar
B.Tech-IV
Computer Engg.
NIT-Surat
-
8/8/2019 Secure Socket Ssl
2/22
SSL???
TLS & SSL are cryptographic protocols forproviding secure communication.
Work on Application Layer of OSI Model
SSL encrypt the segments of network
connections at the Application Layer to ensuresecure end-to-end transit at the TransportLayer
-
8/8/2019 Secure Socket Ssl
3/22
HISTORY
Originally developed by Netscape
SSL ver. are 1,2 & 3
TLS 1.0 and TLS 1.1
Latest standard used :TLS 1.2
-
8/8/2019 Secure Socket Ssl
4/22
NEED OF SSL??
you have an online store or accept online
orders and credit cards
you offer a login or sign in on your site you process sensitive data such as address,
birth date, license, or ID numbers
you need to comply with privacy and securityrequirements
you value privacy and expect others to trust
you
-
8/8/2019 Secure Socket Ssl
5/22
How does it work??
What Happens When a Web Browser Connects to a Secure Web Site
A browser attempts to connect to a Web site secured with SSL.
-
8/8/2019 Secure Socket Ssl
6/22
HOW DOES SSL ENCRYPTION WORK?
Web servers and Web browsers rely on the Secure SocketsLayer (SSL) protocol to create a uniquely encrypted channelfor private communications over the public Internet.
Each SSL Certificate consists of a public key and a privatekey. The public key is used to encrypt information and theprivate key is used to decipher it.
When a Web browser points to a secured domain, a level ofencryption is established based on the type of SSLCertificate as well as the client Web browser, operatingsystem and host servers capabilities. That is why SSLCertificates feature a range of encryption levels such as "upto 256-bit".
-
8/8/2019 Secure Socket Ssl
7/22
Security Issues
Privacy: Messages encrypted using conventionalcryptography with shared key
eg: 3DES,RC2 etc
Key Exchange: Public key encryption
eg: RSA or Diffie-Hellman
Integrity: Message Authentication Code(MAC)eg: MD5, SHA1
Authentication
-
8/8/2019 Secure Socket Ssl
8/22
HOW DO I KNOW THAT A SITE HAS A
VALID SSL CERTIFICATE?
-
8/8/2019 Secure Socket Ssl
9/22
-
8/8/2019 Secure Socket Ssl
10/22
Certificate Authority(CA)
A CA issues digital certificates that containa public key and the identity of the owner.
In essence, the CA is responsible for saying "yes,this person is who they say they are, and we, theCA, verify that".
Providers: VeriSign and its acquisitions (whichinclude Thawte and Geotrust) have a 47.5% shareof the certificate authority market, followedby GoDaddy (23.4%), and Comodo (15.44%).
-
8/8/2019 Secure Socket Ssl
11/22
Latest Developments
Extended Validation (EV) SSL:EV SSL requires
a rigorous process ofWeb site authentication
and is considered the gold standard in the e-
commerce industry for authenticating the
legitimate identity of a Web site.
For combating increased phishing attacks
-
8/8/2019 Secure Socket Ssl
12/22
LIMITATIONS
SSL is designed to provide point-to-point security. Incase of multipleintermediary nodes exist between the two endpoints, point-to-pointsecurity fails and end-to-end security is required
Web Service Scenario: SOAP messages route through multipleintermediary nodes, those intermediary nodes will not be able toparticipate to operations
SSL encryption is at the transport level rather than at theapplication.
Messages are encrypted only during transmission over network
Other security mechanisms are required to handle security ofthe messages in an application or disk
-
8/8/2019 Secure Socket Ssl
13/22
HTTPS??
HTTPS (HTTP over SSL or HTTP Secure) is the
use of SSL or TLS as a sublayer under regular
HTTP application layering.
HTTPS connections are often used for
payment transactions.
-
8/8/2019 Secure Socket Ssl
14/22
DIFF BETWEEN HTTP & HTTPS
HTTP is a protocol for information to be
passed back and forth between web servers
and clients. It uses port 80.
HTTPS-It's all about keeping you secure. It
uses port 443.
-
8/8/2019 Secure Socket Ssl
15/22
HOW DOES SHTTP DIFFERS FROM
HTTPS
SHTTP is an alternative to the HTTPS URI
scheme for encrypting web communications
carried over HTTP. SHTTP authenticates a user.
SHTTP & HTTPS were both defined in 1990s
but NETSCAPE and MICROSOFT supported
HTTPS. HTTPS authenticates a server.
-
8/8/2019 Secure Socket Ssl
16/22
Problems with HTTPS and the Lock
Icon1. Upgrade from HTTP to HTTPS
2. Semantic attacks on certificates
3. Invalid certificates
4. Mixed content
-HTTP and HTTPS on the same page
-
8/8/2019 Secure Socket Ssl
17/22
HTTP HTTPS upgrade
-
8/8/2019 Secure Socket Ssl
18/22
-
8/8/2019 Secure Socket Ssl
19/22
HOW TO TRUST AN HTTPS CONN.
If the user trusts that its browser software correctlyimplements HTTPS with correctly pre-installed certificateauthorities.
If the user trusts the certificate authority to vouch only for
legitimate websites without misleading names. If the website provides a valid certificate (an invalid
certificate shows a warning in most browsers), which meansit was signed by a trusted authority.
If the certificate correctly identifies the website (e.g. visitinghttps://example and receiving a certificate for "Example Inc."and not anything else)
If either the intervening hops on the Internet aretrustworthy, or the user trusts the protocol's encryption
layer (TLS or SSL) is unbreakable by an eavesdropper.
-
8/8/2019 Secure Socket Ssl
20/22
Why is HTTPS not used for all web
traffic?Slows down web servers
Breaks Internet caching-ISPs cannot cache HTTPS traffic
-Results in increased traffic at web site
Incompatible with virtual hosting (older
browsers)
-
8/8/2019 Secure Socket Ssl
21/22
HOW TO CREATE HTTPS WITH OpenSSL
1. Generate a RSA private key
openssl genrsa -des3 -out server.key 1024
2. Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
3. Generating a Self-Signed Certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key out
server.crt
4. Installing the Private Key and Certificate
cp server.crt /usr/local/apache/conf/ssl.crt
cp server.key /usr/local/apache/conf/ssl.key
-
8/8/2019 Secure Socket Ssl
22/22
Questions?