SSL Architecture 8 SSL1 Netscape Three protocols SSL




























































- Slides: 60








SSL Architecture 8

SSL簡介(1/) • Netscape所設計出來的安全通訊協定。 • Three protocols –SSL Record Protocol –SSL Handshake Protocol –SSL Alert protocol • 主要功能: 將要傳送的資料經過加密,再 送到網路上。 9

SSL簡介(2/) • SSL有以下三種特性: 1. The Connection is private. 2. The peer’s identity can be authenticated. 透過非對稱型及密碼學來認證 3. The connection is reliable. 10

SSL簡介(3/) • SSL v 3. 0, 有以下的四個目標: 1. Cryptographic security 2. Interoperability 3. Extensibility 4. Relative efficiency 11

Record Protocol 12


SSL簡介(5/) SSL session連結的狀態包含下列元素: • • client 端和server端的隨取亂數 server write MAC secret client write MAC secret server write key client write key initialization vectors sequence numbers 14

CA(Certificate Authority) de u l c (in e t a ific #, etc. t r e C a rity r u o c f e S st , e l u a i q c 1. Re ess, So r te Add a c i f rti e C da n e S 3. 4. Sen d Estab the Certi f lish I denti icate to ty CA 2. Create a Certificate 5. verify the Certificate 15



18

19

20



SSL簡介(5/) SSL session連結的狀態包含下列元素: • • client 端和server端的隨取亂數 server write MAC secret client write MAC secret server write key client write key initialization vectors sequence numbers 23



SSL Handshake Protocol(3/) • Server 送出認證要求, 如需要「Server key exchange」會跟著送出。 • Client回應 Certificate及key exchange, 送出 「change cipher spec」, 並且將下一個 Cipher Spec複製到現在的Cipher Spec 中。 • Server及Client回應「Finished」, 即可以開 始交換應用程式的資料。 26

27

SSL Reconnect 流程圖 28

SSL Reconnect • Client用session ID來送出一個「Client Hello 」 • Server檢查若session ID相符, 則在此session 下重新建立一個連結,並會用相同session ID的值送出一個「Server Hello」。 • Server 和Client都必須送出「Change cipher spec」。 • Server 和Client送出「Finished」後即可開始 29 交換應用程式的資料。



32

33


35

36




Open. CA SSL 連線 40


SET層級架構 HTTP SET application Telnet, Ftp, Others Socket TCP IP • SET是在application 層的應用軟體 42

SET成員 • SET 四個成員如下: – Electronic Wallet(電子錢包) – Merchant Server(商店端伺服機) – Payment Gateway(付款轉接站) – Certification Authority(認證中心) 43



SET 46









SET用到的密碼方法 • Cryptography – Secret-key cryptography(symmetric) – Public-key cryptography(asymmetric) – Digital signature(Message Digest) – Certificate Authority – Dual signature 55




59

60
Netscape 10
Navigator internet
1994 netscape navigator
Netscape
Netscape plugin api
H80004005
Netscape composer download
Ssl architecture
Ipsec protocol stack
Ssl architecture in network security
Wan connection types
Data link
Channel partitioning mac protocols
Proofs of work and bread pudding protocols
Presentation layer
Network security protocols
Lgs pms
Playfair cipher
Cache coherence protocols
Wan technologies overview
Wireless sensor network protocols
Define nursing protocols
Communication protocols for rpc
Cryptography standards and protocols
What are two pitfalls (problems) of lock-based protocols
Tcp and sctp are both layer protocols
Graph based locking protocol
What are two pitfalls (problems) of lock-based protocols
Functions of session layer
Reliability concepts and measures in distributed database
Pipelined protocol
Data link layer protocols
What are the 5 network topologies?
Therapist driven protocols
Gfta 3 basal and ceiling
Channel partitioning protocols
Real world protocols
²orange
Multimedia streaming protocols
Consistency protocols in distributed systems
Routing protocols administrative distance
Gateway protocols
Snmp uses two other protocols -------- and --------
Heartbeat alert chapter 22
Write a detailed note on unicast routing protocols
Rip vs ospf vs bgp
Routing protocols administrative distance
Remsa protocol
Lan standards and protocols
Protocols rhyme
Nyc bls protocols
Ppp data link
Snmp uses two other protocols
Channel partitioning protocols
Mobile station (ms)
Asynchronous rpc
Determine the taxonomy of multiple access protocols
Accountable talk protocols
Lab 4-1: routing concepts and protocols
Close reading protocols
Application layer protocols