SlideShare ist ein Scribd-Unternehmen logo

web security

Chirag Patel
Chirag Patel

Cryptography and network security Firewall, network security, william stallings

Ingenieurwesen
1 von 22
Web Security
Web Security Threats Threats Consequences Counter Measures Integrity Modification of user data, memory or message traffic Loss of Information, Compromise of machine Cryptographic of checksum Confidentiality Eavesdropping on the Net Theft of into from server/client Info about Network Configuration Loss of Information and Privacy Encryption and Web Proxies Denial of Service Killing of user Threads Flooding machines with bogus requests Filling up Disk or Memory Isolating machine by DNS attack Prevent user from getting work Done Difficult to prevent Authentication Impersonation of legitimate user Misrepresentation of user Belief that false information is valid Cryptographic techniques
Security Facilities HTTP FTP SMTP TCP IP / IPSec HTTP FTP SMTP SSL or TLS TCP IP S/MIME PGP SET Kerberos SMTP HTTP UDP TCP IP Network Level Transport Level Application Level
Secure Socket Layer SSL Architecture Handshake Protocol Change Cipher Spec Protocol Alert Protocol HTTP SSL Record Protocol TCP IP
Secure Socket Layer Connection Session A connection is a transport that provides a suitable type of service. For SSL its peer-to-peer relationship They are transient. Associated with one session. Association between Client and Server Created by handshake protocol Defines security parameters Shared among multiple connections Avoid expensive negotiation of new security parameters
Secure Socket Layer Session Session Identifier Peer Certificate Compression Method Cipher Spec Master Secret Is Resumable Connection Server and Client Random Server write MAC secret Client write MAC secret Server write Key Client Write Key Initialization Vector Sequence Number Parameters
Secure Socket Layer Protocols SSL Record Protocol Handshake Protocol Change Cipher Spec Protocol Alert Protocol
SSL Record Protocol Provides Confidentiality Message Integrity
SSL Record Protocol Hash( MAC_write_secret ||pad_2 || hash(MAC_write_secret || pad_1 || seq_num || SSLCompressed.type || SSLCompressed.length || SSLCompressed.fragment ) )
SSL Record Protocol SSL Record Protocol Header Content Type : The higher layer Protocol Major Version : For SSlv3 its value is 3 Minor Version : For SSlv3 its value is 0 Compressed Length : The length of bytes of Plaintext fragment
SSL Handshake Protocol
SSL Handshake Protocol
SSL Handshake Protocol
SSL Handshake Protocol
SSL Change Cipher Specification Protocol a single message. causes pending state to become current. hence updating the cipher suite in use.
SSL Alert Protocol conveys SSL-related alerts to peer entity Severity warning or fatal Specific alert fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown compressed & encrypted like all SSL data
Secure Electronic Transaction Business Requirements • Provide confidentiality of PAYMENT and ORDERING info. • Ensure the integrity of all TRANSMITTED data • Provide authentication that a card holder is a LEGITIMATE user • Provide authentication that a merchant can accept credit card transaction • Ensure the use of best security practices and system design techniques • Create protocol that doesn’t depends on transport security mechanism.
Secure Electronic Transaction Features of SET • Confidentiality of INFORMATION • Integrity of DATA • Cardholder account authentication • Merchant authentication
Secure Electronic Transaction SET Participants
Secure Electronic Transaction SET Transaction 1. customer opens account 2. customer receives a certificate 3. merchants have their own certificates 4. customer places an order 5. merchant is verified 6. order and payment are sent 7. merchant requests payment authorization 8. merchant confirms order 9. merchant provides goods or service 10.merchant requests payment
Secure Electronic Transaction SET Transaction
Secure Electronic Transaction Dual Signature • customer creates dual messages • order information (OI) for merchant • payment information (PI) for bank • neither party needs details of other • but must know they are linked

Empfohlen

Web Security
Web SecurityWeb Security
Web Security
Ram Dutt Shukla
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
pavansmiles
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
rajakhurram
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 

Empfohlen

Web Security
Web SecurityWeb Security
Web Security
Ram Dutt Shukla
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
pavansmiles
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
Ahmed Elnaggar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
rajakhurram
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
Avirot Mitamura
 
Security
SecuritySecurity
Security
majstors
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
Sagar Mali
 
Web Security
Web SecurityWeb Security
Web Security
Ram Dutt Shukla
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Abhishek Gupta
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SSL overview
SSL overviewSSL overview
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS Analysis
Duduman Bogdan Vlad
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
Samip jain
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Pina Parmar
 
SSL
SSLSSL
SSL
theekuchi
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
amanchaurasia
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
Frank Kelly
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Nishant Pahad
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
n|u - The Open Security Community
 
SSL
SSLSSL
SSL
Duy Do Phan
 
Ch17
Ch17Ch17
Ch17
Joe Christensen
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
SonukumarRawat
 

Weitere ähnliche Inhalte

Was ist angesagt?

Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
Sagar Mali
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 

Was ist angesagt? (20)

SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Security
SecuritySecurity
Security
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SSL overview
SSL overviewSSL overview
SSL overview
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS Analysis
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL
SSLSSL
SSL
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
 
S/MIME
S/MIMES/MIME
S/MIME
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
SSL
SSLSSL
SSL
 

Ähnlich wie web security

Web Security in Network Security NS7
Web Security in Network Security NS7Web Security in Network Security NS7
Web Security in Network Security NS7
koolkampus
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 

Ähnlich wie web security (20)

Ch17
Ch17Ch17
Ch17
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Web Security in Network Security NS7
Web Security in Network Security NS7Web Security in Network Security NS7
Web Security in Network Security NS7
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.ppt
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
The last picks
The last picksThe last picks
The last picks
 
Network and internet security
Network and internet security Network and internet security
Network and internet security
 
SSL TSL;& SET
SSL TSL;& SETSSL TSL;& SET
SSL TSL;& SET
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
IS-Crypttools.pptx
IS-Crypttools.pptxIS-Crypttools.pptx
IS-Crypttools.pptx
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Ssl Https Server
Ssl Https ServerSsl Https Server
Ssl Https Server
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__ssl
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 

Kürzlich hochgeladen

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 

Kürzlich hochgeladen (20)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 

web security

  • 2. Web Security Threats Threats Consequences Counter Measures Integrity Modification of user data, memory or message traffic Loss of Information, Compromise of machine Cryptographic of checksum Confidentiality Eavesdropping on the Net Theft of into from server/client Info about Network Configuration Loss of Information and Privacy Encryption and Web Proxies Denial of Service Killing of user Threads Flooding machines with bogus requests Filling up Disk or Memory Isolating machine by DNS attack Prevent user from getting work Done Difficult to prevent Authentication Impersonation of legitimate user Misrepresentation of user Belief that false information is valid Cryptographic techniques
  • 3. Security Facilities HTTP FTP SMTP TCP IP / IPSec HTTP FTP SMTP SSL or TLS TCP IP S/MIME PGP SET Kerberos SMTP HTTP UDP TCP IP Network Level Transport Level Application Level
  • 4. Secure Socket Layer SSL Architecture Handshake Protocol Change Cipher Spec Protocol Alert Protocol HTTP SSL Record Protocol TCP IP
  • 5. Secure Socket Layer Connection Session A connection is a transport that provides a suitable type of service. For SSL its peer-to-peer relationship They are transient. Associated with one session. Association between Client and Server Created by handshake protocol Defines security parameters Shared among multiple connections Avoid expensive negotiation of new security parameters
  • 6. Secure Socket Layer Session Session Identifier Peer Certificate Compression Method Cipher Spec Master Secret Is Resumable Connection Server and Client Random Server write MAC secret Client write MAC secret Server write Key Client Write Key Initialization Vector Sequence Number Parameters
  • 7. Secure Socket Layer Protocols SSL Record Protocol Handshake Protocol Change Cipher Spec Protocol Alert Protocol
  • 9. SSL Record Protocol Hash( MAC_write_secret ||pad_2 || hash(MAC_write_secret || pad_1 || seq_num || SSLCompressed.type || SSLCompressed.length || SSLCompressed.fragment ) )
  • 10. SSL Record Protocol SSL Record Protocol Header Content Type : The higher layer Protocol Major Version : For SSlv3 its value is 3 Minor Version : For SSlv3 its value is 0 Compressed Length : The length of bytes of Plaintext fragment
  • 15. SSL Change Cipher Specification Protocol a single message. causes pending state to become current. hence updating the cipher suite in use.
  • 16. SSL Alert Protocol conveys SSL-related alerts to peer entity Severity warning or fatal Specific alert fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown compressed & encrypted like all SSL data
  • 17. Secure Electronic Transaction Business Requirements • Provide confidentiality of PAYMENT and ORDERING info. • Ensure the integrity of all TRANSMITTED data • Provide authentication that a card holder is a LEGITIMATE user • Provide authentication that a merchant can accept credit card transaction • Ensure the use of best security practices and system design techniques • Create protocol that doesn’t depends on transport security mechanism.
  • 18. Secure Electronic Transaction Features of SET • Confidentiality of INFORMATION • Integrity of DATA • Cardholder account authentication • Merchant authentication
  • 20. Secure Electronic Transaction SET Transaction 1. customer opens account 2. customer receives a certificate 3. merchants have their own certificates 4. customer places an order 5. merchant is verified 6. order and payment are sent 7. merchant requests payment authorization 8. merchant confirms order 9. merchant provides goods or service 10.merchant requests payment
  • 22. Secure Electronic Transaction Dual Signature • customer creates dual messages • order information (OI) for merchant • payment information (PI) for bank • neither party needs details of other • but must know they are linked