DIGITAL CERTIFICATE - PowerPoint PPT Presentation

About This Presentation
Title:

DIGITAL CERTIFICATE

Description:

DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI CONTENTS What is SSL ? SSL Hand Shake Process Man-in-the-Middle Attack SSL Connection SOCKET LAYER Socket ... – PowerPoint PPT presentation

Number of Views:218
Avg rating:3.0/5.0
Slides: 12
Provided by: SwapnaEr
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: DIGITAL CERTIFICATE


1
DIGITAL CERTIFICATE SSL
PRESENTED BY, SWAPNA ERABATHINI
2
  • CONTENTS
  • What is SSL ?
  • SSL Hand Shake Process
  • Man-in-the-Middle Attack
  • SSL Connection

3
SOCKET LAYER Socket Layer lives between
Application Transport Layer
APPLICATION
Socket layer
TRANSPORT
. .
  • What is SSL ?
  • Secured Socket Layer
  • Its a protocol lies between HTTP TCP
  • Used for secured Internet transactions.
  • (conti..)

4
  • (conti..)
  • For example - Let us consider a transaction to
    buy items at ebay.com
  • Be sure about the Site ie Authenticate the site
  • The credit card information information should
    be secure while
  • transmitting i.e,
  • - Confidentiality
  • - Integrity

5
SSL HANDSHAKE PROCESS
1
SERVER
CLIENT
2
  • SSL Version
  • Cipher
  • Data Compression Methods
  • Session ID
  • Random Data Rb
  • CERTIFICATE
  • SSL Version
  • Cipher List
  • Data Compression Methods
  • Session ID
  • Random Data Ra

1
2
6
How Client Verifies the Server Certificate
? Certificate has 2 sections - Data
Section (Version No., Serial
No.,Public Key Information, Distinguished Name
(DN) of CA, Validity Period,
Domain Name) - Signature Section
(Cryptographic Algorithms, Digital Signature
of CA) Validating Process -
Issuing CAs are trusted one. - Validate CA
Digital Signature on Server Certificate. -
Validate Current date to ensure it is within the
validity period. - Domain Name match. - Server
Certificate Verified.
7
(CONTI) OF SSL HANDSHAKE
1
2
SERVER
CLIENT
SSERVER, E(h(msg,CLNT,K),K)
(h(msg,SRVR,K)
  • S - Pre-Master secret
  • msg - All previous messages
  • CLNT SRVR are constants
  • K - h(S,Ra,Rb)

8
  • The SSL Keys Derived
  • From K h(S,Ra,Rb) 2 keys are derived -
  • Client and server session key production is a
    function of the CIPHER-CHOICE
  • The Key K produced by Client is called
    CLIENT-WRITE-KEY (SERVER-READ-KEY).
  • The Key K produced by Server is called
    SERVER-WRITE-KEY (CLIENT-READ-KEY).
  • For eg - For SSL_CK_DES_64_CBC_WITH_MD5 Cipher
  • KEY-MATERIAL-0 MD5 MASTER-KEY,Ra, Rb
  • CLIENT-READ-KEY KEY-MATERIAL-00-7
  • CLIENT-WRITE-KEY KEY-MATERIAL-08-15

9
THE MAN-IN-THE-MIDDLE ATTACK
  • The Bad Guy cannot authenticate himself as Server
    by Server Certificate.
  • - The Bad Guy cannot decrypt the
    Sserver
  • Bad Guy own certificate fail
  • - Client verifies the Signature on
    Bad Guy certificate.

10
SSL CONNECTIONS
  • Its a efficient protocol
  • Opening new SSL connections if SSL sessions
    already exists.
  • Uses same symmetric key K
  • Avoids the expensive public key operation

Session ID,Cipher list, Ra
Session ID,Cipher , Rb, h(msg,SRVR,K)
SERVER
CLIENT
(h(msg,CLNT,K)
11
Q A
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "DIGITAL CERTIFICATE" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!