Secure Sokets Layer Jordan University of Science and 安全套接字层 乔丹科技大学.ppt

Information System SecurityAABFS-JordanSummer 2006Web security:SSL and TLS Prepared by : Mohammed tarawneh Presented to: Dr. Lo’ai Tawalebeh Agend Definition The idea SSL components Implementation How it work SSL hand shake protocol Confidentiality Certificate Authentication TLS VS SSL What are SSL and TLS? SSL – Secure Socket Layer TLS – Transport Layer Security both provide a secure transport connection between applications (e.g., a web server and a browser) SSL was developed by Netscape SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet SSL v3.0 was specified in an Internet Draft (1996) it evolved into TLS specified in RFC 2246 TLS can be viewed as SSL v3.1 The Idea Encrypt the web traffic between two sites, so no one can listen in and get credit card numbers Uses something called “Secure Sockets Layer” (SSL) SSL components SSL Handshake Protocol negotiation of security algorithms and parameters key exchange server authentication and optionally client authentication SSL Record Protocol fragmentation compression message authentication and integrity protection encryption SSL Alert Protocol error messages (fatal alerts and warnings) SSL Change Cipher Spec Protocol a single message that indicates the end of the SSL handshake The Implementation The secure web site includes a digital certificate signed by some certificate authority. The certificate includes the server name, its public key, IP number, and an expiration date. It is typically signed with a 1024 bit key by the CA The list of certificate authorities that you trust to identify people is available in Netscape by clicking on the lock icon at top; in IE, Internet Options-Content How It Works The browser reads the site certificate; if it is signed by one of the trusted certificate authorities, browser accepts the certificate as valid If the certificate is signed by some unknown certificate authori