BSCIT

Network Security
Unit 4
Transport Level Security

Network Security 1
 Unit 4
Transport Level Security

Network Security 2
 Topics
1. Web Security Issues

2. Secure Socket Layers (SSL)

3. Transport Layer Security (TLS)

4. HTTPS (HyperText Transfer Protocols)

5. Secure Shell (SSH)

Network Security 3
4.1 Web Security Issues

Network Security 4
Network Security 5
Network Security 6
h"p:// ⚔ h"ps://
Network Security 7
4.1.1 Web Security Threats
4.1.2 Web Traffic Security Approaches

Network Security 8
 4.1.1 Web Security Threats

Network Security 9
 Two way of grouping Web Security
Threats
> Nature of a+ack.

> Loca'on of A+ack.

Network Security 10
 Nature of a*ack.

Network Security 11
 1 Ac%ve A(ack
2 Passive A*ack

Network Security 12
 Loca%on of A*ack.

Network Security 13
 Client Server Architecture

Network Security 14
 3 Loca'ons for a,ack
1. Client

2. Server

3. Network

Network Security 15
 In the context of web
1. Web browser

2. Web server

3. Network traffic in between them

Network Security 16
 OSI Reference Model

Network Security 17
Network Security 18
Network Security 19
 SSL History
• SSL V1
• SSL V2
• SSL V3 / TLS V1.0
• TLS V1.1
• TLS V1.2 (Latest)
• TLS V1.3 (Dra5)

Network Security 20
 SSL Concepts
• SSL Connec*on
• SSL Session

Network Security 21
 SSL Architecture

Network Security 22
 SSL Architecture
• SSL Record Protocol

1. The Change Cipher Spec Protocol

2. The Alert Protocol

3. The Handshake Protocol

Network Security 23
 SSL Record Protocol
• Services
• Message Integrity using MAC
• Confiden7ality using Symm. Enc.
• Opera7on (6 Steps)

Network Security 24
Network Security 25
 Opera&on (6 Steps)
1. App Data from Applica0on Layer

2. Fragmenta0on

3. Compass

4. Add MAC

5. Encrypt

6. Add SSL Record Header

Network Security 26
Network Security 27
 SSL Record Header
• Content Type ('text/html', 'audio/mp3', 'image/png')
• Major Version
• Minor Version
• Compressed Length

Network Security 28
 SSL Record Protocol
• 1. The Change Cipher Spec Protocol
• 2. The Alert Protocol
• 3. The Handshake Protocol

Network Security 29
Network Security 30
 1. The Change Cipher
Spec Protocol
• Simplest
• Consists of single message
• Single Byte with Value 1
• Causes the pending state to be copied
into the current state, which updates
the cipher suite to be used on this
connec=on.

Network Security 31
 2. Alert Protocol
• Convey SSL alerts to the peer-en3ty
• 2 Bytes
• First Byte - Denotes level of the
message
• Warning
• Fatal
• Alert code for specific alert

Network Security 32
 3. Handshake Protocol
• Size: Minimum 4 Bytes
• Type (1B) indicates one of 10 SSL
Handshake Protocol Message Types
• Length (3B) indicates length of message
in Bytes
• Content (>=0B) indicates the parameters
associated with the messages

Network Security 33
Network Security 34
 4 Phases of SSL Handshake
1. Establish Security Capabili4es

2. Server Authen4ca4on and Key Exchange

3. Client Authen4ca4on and Key Exchange

4. Finish

Network Security 35
Network Security 36
Network Security 37
Network Security 38
Network Security 39
Network Security 40
 Transport Layer Security (TLS)

Network Security 41