security in different layers new 2003
TRANSCRIPT
-
8/14/2019 Security in Different Layers New 2003
1/17
-
8/14/2019 Security in Different Layers New 2003
2/17
Security services in following layer
Application layer:
In this layer consist of three servicesconfidentiality , authentication , integrity.
Transport layer:
In transport layer security services provided withhelp of transport protocol.
Network layer:
security is provided at the network layer on a host host basis.
Link layer:when security is provided on a link basis , then the
data in all frames travelling over the link receive the securityservices.
-
8/14/2019 Security in Different Layers New 2003
3/17
Secure E-mail
Here first we create high level design of secure e-mail system.
Before designing a secure e-mail system we should
consider which security feature most desirable forthem.
Following feature are used in secure e-mail system
1.confidentiality
2.sender authentication3.message integrity.
-
8/14/2019 Security in Different Layers New 2003
4/17
Mr. A uses symmetric session key, to
send a secret e-mail to Mr. B
Ks(.)m
kB+(.)
ks
internet -
+
Ks(.)
kB-(.)
m
Kb+(.)
-
8/14/2019 Security in Different Layers New 2003
5/17
Using hash function & digital
signature
Ks(.)m
internet-+
Ks(.)
kB-(.)
ka
compare
-
8/14/2019 Security in Different Layers New 2003
6/17
PGP (PRETTY GOOD PRIVACY):
PGP is an e-mail encryption scheme that has become a defacto standard.
Versions of PGP are available in public domain, and thenPGP versions are PGPI 2004,zimmermann 2004.
Depending on the version PGP software uses MD5 or SHAfor calculating the message digest.
Sum of the symmetric key encryptions are CAST, triple-DES, or IDEA.
In addition PGP provides data compression.
When PGP installed ,the software creates a public key pairfor the user..
PGP also provide a mechanism for public key certification.
-
8/14/2019 Security in Different Layers New 2003
7/17
uses symmetric key cryptography , public key
cryptography , a hash function,
m H(.) Ka^-(.)
+ Ks(.)
-
Kb^+(.)
interne
t
-
8/14/2019 Security in Different Layers New 2003
8/17
Features of SSL
SSL server authentication:
In this case allowing userto confirm a server identity.
An SSL enabled browser maintain list of trustedcertification authorities (CAs) with public key ofCAs;.
This feature allows the browser to authenticate theserver before the user submits a payment card
number. SSL client authentication:
It allowing a server toconfirm a users identity .
-
8/14/2019 Security in Different Layers New 2003
9/17
Encrypted SSL:
information send between
browser and server.
* Its encrypted by sending software and
decrypted by receiving software.
-
8/14/2019 Security in Different Layers New 2003
10/17
Secure sockets layer(SSL) and Transport
layer security(TLS) Various mechanisms of SSL & TLS:-
1.encryption
2.authentication
3.key distribution
4.message integrity
5.digital signature.
-
8/14/2019 Security in Different Layers New 2003
11/17
Secure sockets layer(SSL)
SSL developed by Netscape in 1994.
This protocol design to provide data encryption &authentication..
The protocol begins with handshake phase thatindicates an encryption algorithm..
Once handshake is completed then all the data will beencrypted with help of session key.
Applications:* internet commerce , browsers and web
server.
-
8/14/2019 Security in Different Layers New 2003
12/17
Working of SSL
The browser and server run the handshake
protocol which
(1)authenticates the server(2)generates a shared symmetric key.
* These tasks make use of RSA public key
technology.
-
8/14/2019 Security in Different Layers New 2003
13/17
Steps for SSL handshake
The browser sends the server browsers SSLversion number & cryptographic preference
The server sends the browser the serversSSL version , cryptographic preference andits certificate.
The browser has a list of trusted CAs and apublic key for each CA on the list.
-
8/14/2019 Security in Different Layers New 2003
14/17
The browser generates a symmetrickey & encrypts with server publickey &sends to the server.
The browser sends a informingmessage to the server ..
The server sends a informing
message to the browser.. The SSL handshake is complete and
then the data will be encrypt&decrypt with help of session key.
-
8/14/2019 Security in Different Layers New 2003
15/17
High level overview of the handshake
phase of SSL
Bob extract
Alices
public key
Bobgenerates a
randomsymmetric
key andencrypts it
using
Bob browse
Alices secure
page
Alice extractthe symmetric
key
Alice sends Bobher certificate
-
8/14/2019 Security in Different Layers New 2003
16/17
Limitations of SSL
SSL was not specifically created for payment
card transaction .
Client authorization is one of the limitations of
SSL.
-
8/14/2019 Security in Different Layers New 2003
17/17
Thank you