Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 106 views

    SSL TCL

    Uploaded by

    dwnldme
    This document summarizes information about web security and protocols for secure transactions. It covers topics like web security considerations, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and the Secure Electronic Transaction (SET) specification. The document provides overviews of the architecture, record protocol, and handshake protocol of SSL/TLS, as well as describing the participants, services, and processing of SET transactions. It concludes with recommended reading and web sites for further information.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    SSL TCL

    Uploaded by

    dwnldme
    106 views22 pages
    This document summarizes information about web security and protocols for secure transactions. It covers topics like web security considerations, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and the Secure Electronic Transaction (SET) specification. The document provides overviews of the architecture, record protocol, and handshake protocol of SSL/TLS, as well as describing the participants, services, and processing of SET transactions. It concludes with recommended reading and web sites for further information.

    Original Description:

    gives brief intro about ssl and tcl

    Original Title

    Ssl Tcl

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes information about web security and protocols for secure transactions. It covers topics like web security considerations, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and the Secure Electronic Transaction (SET) specification. The document provides overviews of the architecture, record protocol, and handshake protocol of SSL/TLS, as well as describing the participants, services, and processing of SET transactions. It concludes with recommended reading and web sites for further information.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    106 views22 pages

    SSL TCL

    Uploaded by

    dwnldme
    This document summarizes information about web security and protocols for secure transactions. It covers topics like web security considerations, the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and the Secure Electronic Transaction (SET) specification. The document provides overviews of the architecture, record protocol, and handshake protocol of SSL/TLS, as well as describing the participants, services, and processing of SET transactions. It concludes with recommended reading and web sites for further information.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 22

    Chapter 7

    WEB Security
    Henric Johnson

    Blekinge Institute of Technology, Sweden


    http://www.its.bth.se/staff/hjo/ henric.johnson@bth.se
    Henric Johnson 1

    Outline
    Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Recommended Reading and WEB Sites

    Henric Johnson

    Web Security Considerations


    The WEB is very visible. Complex software hide many security flaws. Web servers are easy to configure and manage. Users are not aware of the risks.

    Henric Johnson

    Security facilities in the TCP/IP protocol stack

    Henric Johnson

    SSL and TLS


    SSL was originated by Netscape TLS working group was formed within IETF First version of TLS can be viewed as an SSLv3.1

    Henric Johnson

    SSL Architecture

    Henric Johnson

    SSL Record Protocol Operation

    Henric Johnson

    SSL Record Format

    Henric Johnson

    SSL Record Protocol Payload

    Henric Johnson

    Handshake Protocol
    The most complex part of SSL. Allows the server and client to authenticate each other. Negotiate encryption, MAC algorithm and cryptographic keys. Used before any application data are transmitted.
    Henric Johnson 10

    Handshake Protocol Action

    Henric Johnson

    11

    Transport Layer Security


    The same record format as the SSL record format. Defined in RFC 2246. Similar to SSLv3. Differences in the:
    version number message authentication code pseudorandom function alert codes cipher suites client certificate types certificate_verify and finished message cryptographic computations padding
    Henric Johnson

    12

    Secure Electronic Transactions


    An open encryption and security specification. Protect credit card transaction on the Internet. Companies involved: MasterCard, Visa, IBM, Microsoft, Netscape, RSA, Terisa and Verisign Not a payment system. Set of security protocols and formats.
    Henric Johnson 13

    SET Services
    Provides a secure communication channel in a transaction. Provides tust by the use of X.509v3 digital certificates. Ensures privacy.

    Henric Johnson

    14

    SET Overview
    Key Features of SET: Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication

    Henric Johnson

    15

    SET Participants

    Henric Johnson

    16

    1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

    The customer opens an account. The customer receives a certificate. Merchants have their own certificates. The customer places an order. The merchant is verified. The order and payment are sent. The merchant request payment authorization. The merchant confirm the order. The merchant provides the goods or service. The merchant requests payments.
    Henric Johnson 17

    Sequence of events for transactions

    Dual Signature
    DS E KRc [ H ( H ( PI ) || H(OI))]

    Henric Johnson

    18

    Payment processing

    Cardholder sends Purchase Request


    Henric Johnson 19

    Payment processing

    Merchant Verifies Customer Purchase Request


    Henric Johnson 20

    Payment processing
    Payment Authorization: Authorization Request Authorization Response Payment Capture: Capture Request Capture Response
    Henric Johnson 21

    Recommended Reading and WEB sites


    Drew, G. Using SET for Secure Electronic Commerce. Prentice Hall, 1999 Garfinkel, S., and Spafford, G. Web Security & Commerce. OReilly and Associates, 1997 MasterCard SET site Visa Electronic Commerce Site SETCo (documents and glossary of terms)
    Henric Johnson 22

    You might also like