Secure Sockets Layer (SSL) - Jordan University of Science and 安全套接字层（SSL） -乔丹科技大学.ppt

Secure Sockets Layer (SSL)_ - Jordan University of Science and 安全套接字层（SSL）_ -乔丹科技大学InformationSystemSecurityAABFS-JordanSummer2006Websecurity:SSLandTLSPreparedby:MohammedtarawnehPresentedto:’ponentsImplementationHowitworkSSLhandshakeprotocolConfidentialityCertificateAuthenticationTLSVSSSL2WhatareSSLandTLS?SSL–SecureSocketLayerTLS–TransportLayerSecuritybothprovideasecuretransportconnectionbetweenapplications(.,awebserverandabrowser)(.,Explorer)(1996),sonoonecanlisteninandgetcreditcardnumbersUsessomethingcalled“SecureSocketsLayer”(SSL)pressionmessageauthenticationandintegrityprotectionencryptionSSLAlertProtocolerrormessages(fatalalertsandwarnings),itspublickey,IPnumber,;inIE,Options->Content6HowItWorksThebrowserreadsthesitecertificate;ifitissignedbyoneofthetrustedcertificateauthorities,scapewillaskyouifyouwanttotrusttheguywhosignedit7HowItWorks(BasicProtocol)Thebrowsernegotiatesasecuresessionusingsomethinglikethefollowingprotocol:1:A->B:hello2:B->A:Hi,I'mBob,bobs-certificate3:A->B:proveit4:B->A:Alice,ThisIsbob{digest[Alice,ThisIsBob]}bobs-private-key5:A->B:okbob,hereisasecret{secret}bobs-public-key6:B->A:{somemessage}secret-key8HowItWorksStep1:yourbrowserintroducesitselftothesecureserverStep2:theserverrespondsbysendingbackamessagewiththecertificateincludedStep3:Yourbrowsertellsthesecuresitetoproveitsidentity,:Thesecureserverproveswhoitisbycreatingamessageforthebrowser,generatinga“fingerprint”ofthatmessage,andencryptingthe“fingerprint”“fingerprint”forthemessageitself,thendecryptsthe“fingerprint”g