SSL Trust Pitfalls Prof Ravi Sandhu SERVERSIDE SSL Slides: 9 Download presentation SSL Trust Pitfalls Prof. Ravi Sandhu SERVER-SIDE SSL (OR 1 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 2006 2 CLIENT-SIDE SSL (OR 2 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 2006 3 MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S Q A a R C b c © Ravi Sandhu 2006 T E d e G f g I h i K j k M l m O n o p 4 MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL v Essentially the model on the web today v Deployed in server-side SSL mode v Client-side SSL mode yet to happen © Ravi Sandhu 2006 5 SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL www. host. com Web server Ultratrust Security Services www. host. com © Ravi Sandhu 2006 6 SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL BIMM Corporation www. host. com Web server Server-side SSL Mallory’s Web server Ultratrust Security Services www. host. com © Ravi Sandhu 2006 7 SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL www. host. com Web server Server-side SSL BIMM Corporation Ultratrust Security Services www. host. com © Ravi Sandhu 2006 Mallory’s Web server Ultratrust Security Services www. host. com 8 REFERENCES v "The problem with multiple roots in Web browsers-certificate masquerading" by Hayes, J. M. Proceedings Seventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE 1998. (WET ICE '98) 17 -19 June 1998 Page(s): 306 -311. © Ravi Sandhu 2006 9 Dr ravi sandhuServerside scriptsWinkle sandhuCharitable workPitfalls of operator overloading in c++Circuit pitfalls in vlsiOperational pitfalls aviationC traps and pitfallsPitfalls in relational database design geeksforgeeksCircuit pitfalls in vlsi