Security Protocols PDF

Summary

This document describes different security protocols used in internet communications. It covers topics such as TLS, SSL, and HTTP, outlining their functionalities and advantages. The document also highlights the disadvantages of each protocol and how they compare. This educational material provides a foundation for understanding these essential networking concepts.

Full Transcript

Cyptograpic
Transport
Protocols
Cryptograpy

SCRAMBLING” DATA SO THAT IT CANNOT BE READ IS A PROCESS KNOWN
AS CRYPTOGRAPHY.
Plaintext (clear text) Unencrypted message.
Encryption convert plaintext into ciphertext.
Ciphertext an Encrypted message
Decryption turn ciphertext back to plaintext.
Transport Layer

The logical connection at the transport layer is end-to-end.

Working of Transport Layer
The transport layer at the source host gets the message from the
application layer, Encapsulates it.
In a transport layer packet (called a segment or a user datagram in
different protocols) and sends.
Working of Transport Layer

It, through the logical connection to the transport layer at the
destination host.

The transport layer is responsible for giving services to the application
layer.
An application program running on the source host and deliver it to the
corresponding application layer.
Program on the destination host.
CRYPTOGRAPHIC TRANSPORT Protocol

Cryptographic protocols provide secure connections, enabling two parties
to communicate with privacy and data integrity.
The Transport Layer Security (TLS) protocol evolved from that of the
Secure Sockets Layer (SSL).
Goal of Cryptograpic Transport protocol
The primary goals of both protocols is to provide confidentiality,
(sometimes referred to as privacy ), data integrity, identification, and
authentication using digital certificates.
Cryptograpic Transport protocol
What is Transport Layer Security?

Transport Layer Security (TLS) encrypts data sent over the Internet to
ensure that hackers are unable to see what you transmit which is
particularly useful for private and sensitive information such as passwords,
credit card numbers, and personal correspondence.

TLS is a cryptographic protocol that provides end-to-end security of data
sent between applications over the Internet. It is mostly familiar to users
through its use in secure web browsing.
How TLS Works?

TLS uses a combination of symmetric and asymmetric cryptography, as
this provides a good compromise between performance and security when
transmitting data securely.
With symmetric cryptography, data is encrypted and decrypted with a
secret key known to both sender and recipient.
Asymmetric cryptography uses key pairs of public key and a private key.
TLS Working
Advantages of TLS

1. Data Integrity
TLS ensures that no any data that is being transmitted gets lost on its way.
It will reach its destination safely.
2. Trustworthy Whenever a site is secured by the TLS, it can be considered
to be reliable.
3. Security TLS is considered to be secure solution to transfer data on the
web.
4. Malware Prevention Some intruders can come up with malwares that
tamper the communication between the web browser and the client.
5. Granular Control TLS provides more advanced and reactive alert system.
Disadvantages of TLS

1. High Latency Comparing to most of other secure encryption methods
TLS provides higher latency.
2. MiM Attacks Allthough TLS is generally considered to be secure, some
versions of TLS is still vulnerable to Man in the Middle Attacks.
3. Network Complexity Complexity in the network architecture is another
major disadvantages of the TLS certificate
4.Implementation Cost
Secure Socket Layer

SSL or Secure Sockets Layer, is an encryption-based Internet security
protocol.
The purpose of ensuring privacy, authentication, and data integrity in
Internet communications.
How SSL Works?

In order to provide a high degree of privacy, SSL encrypts data that is
transmitted across the web. This means that anyone who tries to intercept
this data will only see a garbled mix of characters that is nearly impossible
to decrypt.
SSL initiates an authentication process called a handshake between two
communicating devices to ensure that both devices are really who they
claim to be.
SSL also digitally signs data in order to provide data integrity, verifying that
the data is not tampered with before reaching its intended recipient.
Advantages of SSL

1. Security
2. Authentication
3. Reliability
4. Prevent Phishing
5. Online Payments
6. SEO
Disadvantages of SSL

1. Performance
2. Cost
3. Expiry
4. Data Integrity
5. Caching.. 6.Application Support
 TLS VS SSL

SSL supports the Fortezza Cipher TLS doesn’t support the Fortezza
Suite. encryption.
The SSL Uses a pre-master secret message digest for a In the TLS master, secrecy is established; this is a
master secret generation. slightly different method.

For the record protocol, SSL uses the Message For the record Protocol, TLS uses Hashed MAC.
Authentication Code (MAC).

In the SSL alert message included, which is “no It eliminates warning summary and adds a dozen other
certificate.” values.
In the SSL Certificate, verify in the complex Sample Certificate Verification in the TLS.

Authentication of the SSL message provides ad-hoc key The version of TLS is based on the authentication code
information and client data. of the HMAC Hash Messages.
Hypertext Transport Protocol

HTTP stands for HyperText Transfer Protocol.
It is a protocol used to access the data on the World Wide Web (www).
The HTTP protocol can be used to transfer the data in the form of plain
text, hypertext, audio, video, and so on.
This protocol is known as HyperText Transfer Protocol because of its
efficiency that allows us to use in a hypertext environment where there
are rapid jumps from one document to another document.
HTTP is similar to the FTP as it also transfers the files from one host to
another host. But, HTTP is simpler than FTP as HTTP uses only one
connection, i.e., no control connection to transfer the files.
HTTP

HTTP is used to carry the data in the form of MIME-like format.
HTTP is similar to SMTP as the data is transferred between client and
server. The HTTP differs from the SMTP in the way the messages are sent
from the client to the server and from server to the client. SMTP messages
are stored and forwarded while HTTP messages are delivered immediately.
Features of HTTP

Connectionless protocol: HTTP is a connectionless protocol. HTTP client
initiates a request and waits for a response from the server. When the
server receives the request, the server processes the request and sends
back the response to the HTTP client after which the client disconnects the
connection. The connection between client and server exist only during the
current request and response time only.
Media independent: HTTP protocol is a media independent as data can be
sent as long as both the client and server know how to handle the data
content.
Stateless: HTTP is a stateless protocol as both the client and server know
each other only during the current request.
Disadvantages of HTTP

It does not have push capabilities.
➨It is too verbose.
➨It does not offer reliable exchange (without retry logic).
➨Client does not close the connection when all the data it needs have
been received.
Thank You