SSL Trust Pitfalls - PowerPoint PPT Presentation

About This Presentation
Title:

SSL Trust Pitfalls

Description:

prof. ravi sandhu server-side ssl (or 1-way) handshake with rsa client-side ssl (or 2-way) handshake with rsa single root ca model single root ca multiple ra s ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 23
Provided by: RaviS8
Learn more at: https://cs.gmu.edu
Category:

less

Transcript and Presenter's Notes

Title: SSL Trust Pitfalls


1
SSL Trust Pitfalls
Prof. Ravi Sandhu
2
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
3
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
4
SINGLE ROOT CA MODEL
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
User
5
SINGLE ROOT CAMULTIPLE RAs MODEL
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
6
MULTIPLE ROOT CAs MODEL
Root CA
Root CA
Root CA
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
Root CA
User
Root CA
User
Root CA
User
7
ROOT CA PLUS INTERMEDIATE CAs MODEL
Z
X
Y
Q
R
S
T
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
8
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
9
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
10
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
X
S
T
Q
R
A
C
E
G
I
K
M
O
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
11
MULTIPLE ROOT CAs PLUS INTERMEDIATE CAs MODEL
  • Essentially the model on the web today
  • Deployed in server-side SSL mode
  • Client-side SSL mode yet to happen

12
SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
13
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Server-side SSL
Ultratrust Security Services
www.host.com
14
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Ultratrust Security Services
Server-side SSL
Server-side SSL
Mallorys Web server
www.host.com
BIMM Corporation
www.host.com
15
SERVER-SIDE MASQUARADING
Bob Web browser
www.host.com Web server
Ultratrust Security Services
Server-side SSL
Server-side SSL
BIMM Corporation
Mallorys Web server
www.host.com
Ultratrust Security Services
www.host.com
16
CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA
Handshake Protocol
Record Protocol
17
MAN IN THE MIDDLEMASQUARADING PREVENTED
Client Side SSL end-to-end
Ultratrust Security Services
Bob Web browser
www.host.com Web server
Bob
Ultratrust Security Services
Client-side SSL
Client-side SSL
BIMM Corporation
BIMM Corporation
www.host.com
Mallorys Web server
Ultratrust Security Services
Ultratrust Security Services
www.host.com
Bob
18
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Joe_at_anywhere Web browser
BIMM.com Web server
Client-side SSL
Ultratrust Security Services
Ultratrust Security Services
Joe_at_anywhere
BIMM.com
19
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice_at_SRPC Web browser
BIMM.com Web server
Client-side SSL
SRPC
Ultratrust Security Services
Alice_at_SRPC
BIMM.com
20
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Bob_at_PPC Web browser
BIMM.com Web server
Client-side SSL
PPC
Ultratrust Security Services
Bob_at_PPC
BIMM.com
21
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING
Alice_at_SRPC Web browser
BIMM.com Web server
Client-side SSL
SRPC
Ultratrust Security Services
BIMM.com
PPC
Bob_at_PPC
22
PKI AND TRUST
  • Got to be very careful
  • Not a game for amateurs
  • Not many professionals as yet
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SSL Trust Pitfalls" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!