1 / 22

SSL Trust Pitfalls

SSL Trust Pitfalls. Prof. Ravi Sandhu. SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA. Handshake Protocol. Record Protocol. CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA. Handshake Protocol. Record Protocol. SINGLE ROOT CA MODEL. Root CA. a. b. c. d. e. f. g. h. i. j. k. l.

vince
Download Presentation

SSL Trust Pitfalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SSL Trust Pitfalls Prof. Ravi Sandhu

  2. SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol

  3. CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol

  4. SINGLE ROOT CA MODEL Root CA a b c d e f g h i j k l m n o p Root CA User

  5. User RA User RA User RA SINGLE ROOT CAMULTIPLE RA’s MODEL Root CA a b c d e f g h i j k l m n o p Root CA

  6. MULTIPLE ROOT CA’s MODEL Root CA Root CA Root CA a b c d e f g h i j k l m n o p Root CA User Root CA User Root CA User

  7. ROOT CA PLUS INTERMEDIATE CA’s MODEL Z X Y Q R S T A C E G I K M O a b c d e f g h i j k l m n o p

  8. MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p

  9. MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p

  10. MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S T Q R A C E G I K M O a b c d e f g h i j k l m n o p

  11. MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL • Essentially the model on the web today • Deployed in server-side SSL mode • Client-side SSL mode yet to happen

  12. SERVER-SIDE SSL (OR 1-WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol

  13. SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Server-side SSL Ultratrust Security Services www.host.com

  14. SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Ultratrust Security Services Server-side SSL Server-side SSL Mallory’s Web server www.host.com BIMM Corporation www.host.com

  15. SERVER-SIDE MASQUARADING Bob Web browser www.host.com Web server Ultratrust Security Services Server-side SSL Server-side SSL BIMM Corporation Mallory’s Web server www.host.com Ultratrust Security Services www.host.com

  16. CLIENT-SIDE SSL (OR 2-WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol

  17. MAN IN THE MIDDLEMASQUARADING PREVENTED Client Side SSL end-to-end Ultratrust Security Services Bob Web browser www.host.com Web server Bob Ultratrust Security Services Client-side SSL Client-side SSL BIMM Corporation BIMM Corporation www.host.com Mallory’s Web server Ultratrust Security Services Ultratrust Security Services www.host.com Bob

  18. ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Joe@anywhere Web browser BIMM.com Web server Client-side SSL Ultratrust Security Services Ultratrust Security Services Joe@anywhere BIMM.com

  19. ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser BIMM.com Web server Client-side SSL SRPC Ultratrust Security Services Alice@SRPC BIMM.com

  20. ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Bob@PPC Web browser BIMM.com Web server Client-side SSL PPC Ultratrust Security Services Bob@PPC BIMM.com

  21. ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser BIMM.com Web server Client-side SSL SRPC Ultratrust Security Services PPC BIMM.com Bob@PPC

  22. PKI AND TRUST • Got to be very careful • Not a game for amateurs • Not many professionals as yet

More Related