110 likes | 268 Views
DIGITAL CERTIFICATE & SSL. PRESENTED BY, SWAPNA ERABATHINI. CONTENTS What is SSL ? SSL Hand Shake Process Man-in-the-Middle Attack SSL Connection. SOCKET LAYER Socket Layer lives between Application & Transport Layer. APPLICATION. Socket layer. TRANSPORT. . .
E N D
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI
CONTENTS • What is SSL ? • SSL Hand Shake Process • Man-in-the-Middle Attack • SSL Connection
SOCKET LAYER Socket Layer lives between Application & Transport Layer APPLICATION Socket layer TRANSPORT . . • What is SSL ? • Secured Socket Layer • It’s a protocol lies between HTTP & TCP • Used for secured Internet transactions. • (conti..)
(conti..) • For example :- Let us consider a transaction to buy items at ebay.com • Be sure about the Site ie Authenticate the site • The credit card information information should be secure while • transmitting i.e, • - Confidentiality • - Integrity
SSL HANDSHAKE PROCESS 1 SERVER CLIENT 2 • SSL Version • Cipher • Data Compression Methods • Session ID • Random Data Rb • CERTIFICATE • SSL Version • Cipher List • Data Compression Methods • Session ID • Random Data Ra 1 2
How Client Verifies the Server Certificate ? Certificate has 2 sections - Data Section (Version No., Serial No.,Public Key Information, Distinguished Name (DN) of CA, Validity Period, Domain Name) - Signature Section (Cryptographic Algorithms, Digital Signature of CA) Validating Process - Issuing CA’s are trusted one. - Validate CA Digital Signature on Server Certificate. - Validate Current date to ensure it is within the validity period. - Domain Name match. - Server Certificate Verified.
(CONTI…) OF SSL HANDSHAKE 1 2 SERVER CLIENT {S}SERVER, E(h(msg,CLNT,K),K) (h(msg,SRVR,K) • S :- Pre-Master secret • msg :- All previous messages • CLNT & SRVR are constants • K :- h(S,Ra,Rb)
The SSL Keys Derived • From K = h(S,Ra,Rb) 2 keys are derived :- • Client and server session key production is a function of the CIPHER-CHOICE • The Key K produced by Client is called CLIENT-WRITE-KEY (SERVER-READ-KEY). • The Key K produced by Server is called SERVER-WRITE-KEY (CLIENT-READ-KEY). • For eg :- For SSL_CK_DES_64_CBC_WITH_MD5 Cipher • KEY-MATERIAL-0 = MD5[ MASTER-KEY,Ra, Rb ] • CLIENT-READ-KEY = KEY-MATERIAL-0[0-7] • CLIENT-WRITE-KEY = KEY-MATERIAL-0[8-15]
THE MAN-IN-THE-MIDDLE ATTACK • The Bad Guy cannot authenticate himself as Server by Server Certificate. • - The Bad Guy cannot decrypt the {S}server • Bad Guy own certificate fail • - Client verifies the Signature on Bad Guy certificate.
SSL CONNECTIONS • It’s a efficient protocol • Opening new SSL connections if SSL sessions already exists. • Uses same symmetric key K • Avoids the expensive public key operation Session ID,Cipher list, Ra Session ID,Cipher , Rb, h(msg,SRVR,K) SERVER CLIENT (h(msg,CLNT,K)