Secure Socket Layer Transport Layer Security

More documents

Recommendations

Info

SSL State Information SSL session is stateful : SSL protocol must initialize and maintain session state information on either side of the session SSL run over TCP (not suitable for UDP) SSL session can be used for several connections : Connection state information SSL Connection State Variables Master Secret (shared key) Unique to each connection Server and client sequence numbers Server_random, Server_random, client_random: client_random: 32 bytes Unique to each connection, selected by server and client Cryptographic keys, keys, Initialization Vectors (IV) Derived from Master Secret using a Pseudo-Random Pseudo Random Function (PRF) What’s What s a PRF and how we use it?
A Pseudo-Random Pseudo Random Function An efficient function using secret key TLS’s TLS PRF is based on MD5 and SHA-1 SHA 1 (later…) (later That cannot be distinguished from random SSL Key Derivation x x RandomFunction(x) PRF k(x) The master key is used to derive the following six keys and values: Client MAC key Server MAC key Client encryption key Server encryption key Client Init Vector (for CBC encryption) Server Init Vector (for CBC encryption) Separate client and server keys are used So successful attack against server does not compromise client, and vice versa
Page 1 and 2: VPN Secure Socket Layer Transport L
Page 3 and 4: Transport Layer Security • Advant
Page 5 and 6: No client auth; weak encryption; Ma
Page 7 and 8: Principe de fonctionnement de SSL:
Page 9 and 10: Certificat X509 - Autorité de cert
Page 11 and 12: Web Security with SSL/TLS (simplifi
Page 13 and 14: Using Public Key Certificates • W
Page 15: SSL Sub-Protocols Sub Protocols La
Page 19 and 20: SSL Session State Information Eleme
Page 21 and 22: SSL Alert Protocol (2) Use two-byt
Page 23 and 24: Phase 1 - Establish Parameters Clie
Page 25 and 26: Phase 4 - Finish Client Server Clie
Page 27 and 28: SMTP over TLS : Solutions Serveurs
Page 29: Spoofed Location Bar (1) Spoofed w

Secure Socket Layer Transport Layer Security

Create successful ePaper yourself

Delete template?

Save as template?