130 likes | 405 Views
SSL & TLS. “At the end of the day, the goals are simple: safety and security” – Jodi Rell. - Richard Bhuleskar. Goals of Security. Integrity. Authenticity. Confidentiality. SSL. Public Key Cryptography Key generation eg. Deffie Hellman Encrypt data. Handshake.
E N D
SSL & TLS “At the end of the day, the goals are simple: safety and security” – Jodi Rell - Richard Bhuleskar
Goals of Security Integrity Authenticity Confidentiality
SSL • Public Key Cryptography • Key generation eg. Deffie Hellman • Encrypt data
Handshake 1. Available Ciphers, Random number 2. Select Cipher, Random no, Server certificate 3. Encrypted pre-master-secret Server Client 4. Compute Keys 4. Compute Keys 5. MAC of handshake messages 6. MAC of handshake messages
SSL Security - MITM Intended connect Bob Alice Trudy claims as Alice Trudy claims as Bob Trudy
Benefits • Transparent- application and transport layer • Authentication and Key exchange. • Communication privacy, Message Integrity.
Conclusion • Not a complete solution. • Cannot protect if systems compromised. • Poor performance