SSL Trust Pitfalls Prof Ravi Sandhu SERVERSIDE SSL
- Slides: 22
SSL Trust Pitfalls Prof. Ravi Sandhu
SERVER-SIDE SSL (OR 1 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 2
CLIENT-SIDE SSL (OR 2 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 3
SINGLE ROOT CA MODEL Root CA a b c User © Ravi Sandhu d e f g h i j k l m n o p Root CA 4
SINGLE ROOT CA MULTIPLE RA’s MODEL Root CA a b c User d e f g h i k l m n o p RA User RA © Ravi Sandhu j Root CA 5
MULTIPLE ROOT CA’s MODEL Root CA a b © Ravi Sandhu c Root CA d e f g h i Root CA j k l m n User Root CA o p 6
ROOT CA PLUS INTERMEDIATE CA’s MODEL Z X Y Q A a R C b © Ravi Sandhu c S E d e G f g T I h i K j k M l m O n o p 7
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S Q A a R C b © Ravi Sandhu c T E d e G f g I h i K j k M l m O n o p 8
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S Q A a R C b © Ravi Sandhu c T E d e G f g I h i K j k M l m O n o p 9
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL X S Q A a R C b © Ravi Sandhu c T E d e G f g I h i K j k M l m O n o p 10
MULTIPLE ROOT CA’s PLUS INTERMEDIATE CA’s MODEL v Essentially the model on the web today v Deployed in server-side SSL mode v Client-side SSL mode yet to happen © Ravi Sandhu 11
SERVER-SIDE SSL (OR 1 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 12
SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL www. host. com Web server Ultratrust Security Services www. host. com © Ravi Sandhu 13
SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL BIMM Corporation www. host. com Web server Server-side SSL Mallory’s Web server Ultratrust Security Services www. host. com © Ravi Sandhu 14
SERVER-SIDE MASQUARADING Bob Web browser Server-side SSL www. host. com Web server Server-side SSL BIMM Corporation Ultratrust Security Services www. host. com © Ravi Sandhu Mallory’s Web server Ultratrust Security Services www. host. com 15
CLIENT-SIDE SSL (OR 2 -WAY) HANDSHAKE WITH RSA Handshake Protocol Record Protocol © Ravi Sandhu 16
MAN IN THE MIDDLE MASQUARADING PREVENTED Ultratrust Security Services Bob Web browser Client Side SSL end-to-end www. host. com Web server Bob Client-side SSL Ultratrust Security Services Client-side SSL BIMM Corporation www. host. com Ultratrust Security Services www. host. com © Ravi Sandhu Mallory’s Web server Ultratrust Security Services Bob 17
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Joe@anywhere Web browser Client-side SSL BIMM. com Web server Ultratrust Security Services Joe@anywhere BIMM. com © Ravi Sandhu 18
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser Client-side SSL BIMM. com Web server SRPC Ultratrust Security Services Alice@SRPC BIMM. com © Ravi Sandhu 19
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Bob@PPC Web browser Client-side SSL BIMM. com Web server PPC Ultratrust Security Services Bob@PPC BIMM. com © Ravi Sandhu 20
ATTRIBUTE-BASED CLIENT SIDE MASQUARADING Alice@SRPC Web browser SRPC Client-side SSL BIMM. com Web server Ultratrust Security Services BIMM. com PPC Bob@PPC © Ravi Sandhu 21
PKI AND TRUST v Got to be very careful v Not a game for amateurs v Not many professionals as yet © Ravi Sandhu 22
Clark-wilson model
Cruli
Winkle sandhu
Charitable work
Forward elimination
Contoh highly open question
Concurrency control mechanisms
Strategic management process
Pitfalls of operator overloading in c++
The perils and pitfalls of leading change case solution
Circuit pitfalls in vlsi
Pitfalls in relational database design tutorialspoint
Operational pitfalls aviation
C traps and pitfalls
Tony albrecht
Circuit pitfalls in vlsi
Discuss pitfalls in differentiation.
What are two pitfalls (problems) of lock-based protocols
The pitfalls of a differentiation strategy include
Security handshake pitfalls
The protocol ensures freedom from deadlock.
Pitfalls in selecting new ventures
What are two pitfalls (problems) of lock-based protocols
