TLSSSL Transport Layer Security Secure Sockets Layer and

TLSSSL Transport Layer Security Secure Sockets Layer and X. 509 Certificates Ryan Gesler

Are your users safe? • username/password • encryption

Internet Protocol Suite • Link Layer – local network to host (lowest level) • Internet Layer – packets to multiple networks (routing) • Transport Layer – channel for task-specific data exchange • Application Layer – user services | client-server (highest level)

TLS/SSL Handshake Protocol

Certificate Authority • Third party • Issues digital certificates • Holds public key – visitors get private keys

Public-Key Infrastructure (PKI) registration authority – certification authority – validation authority

Some drawbacks • • Warranties often denied Expiration of keys Junk certificates Company can be compromised

Man in the Middle ATTACKS Malcol m

Self-Signed Certificate The PROS The CONS • Cheap • Not universally trusted • Great for testing • More work

Open. SSL (~1 k)

Public-Key Infrastructure (PKI) registration authority – certification authority – validation authority

Commercial Certificates • Veri. Sign - ‘Symantec’ (top pkg. > $1000) • Geo. Trust - $150 - $300 (good support) • Comodo - $70 - $360 (big warranty) • Digicert - (widely used by major sites) • Thawte - $150 & up (various packages) • Go. Daddy - $70 (biggest domain reg. ) • Network Solutions - $50 (cheapest)

Smartphoto? !

References • IUP COSC 316 Host Computer Security • http: //www. zytrax. com/tech/survival/ssl. html • http: //blog. pluralsight. com/top-reliable-ssl-certificates • http: //en. wikipedia. org/wiki/Public_key_infrastructure • http: //www. scriptjunkie. us/2013/11/adding-easy-ssl-client-authentication-to-any-webapp/ • http: //allthingsd. com/20130603/passwords-on-your-skin-and-in-your-stomach-inside-googles-wild-motorola-research-projects-video/