上海大字 SHANGH AI JIAO TONG INTVEANTY Http is not secure Nmnl Http TencentWebsiteWww.qq.com FacultySystemofCseWebsitewww.cs.stu.edu.cn/studentlogin.aspx Https Mail system of SJTU: mail sjtu. edu.cn GitHub Login Website: github. com
▪ HTTP ▪ Tencent Website: www.qq.com ▪ Faculty System of CSE Website : www.cs.sjtu.edu.cn/StudentLogin.aspx ▪ HTTPS ▪ Mail system of SJTU: mail.sjtu.edu.cn ▪ GitHub Login Website: github.com HTTP is not secure
上海大字 SHANGH AI JIAO TONG INTVEANTY This reminds me of Mission Impossible 5n
This reminds me of Mission Impossible 5
上海大字 SHANGH AI JIAO TONG INTVEANTY Brief Introduction of SSL/TLs mn SSL Secure Socket layer The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral The latest version ssl30 Deprecated because of the vulnerability revealed by google in 2014 POODLE(Padding Oracle On downgraded Legacy Encryption) attack. TLS Transport Layer Security Cryptographic protocols that provide communication security over a computer network The processor of SsL, published by Internet Engineering Task Force (ETF The latest version: TLS13 Draft22
▪ SSL ▪ Secure Socket Layer ▪ The standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. ▪ The latest version: SSL3.0 ▪ Deprecated because of the vulnerability revealed by Google in 2014. ▪ POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. ▪ TLS ▪ Transport Layer Security ▪ Cryptographic protocols that provide communication security over a computer network. ▪ The processor of SSL, published by Internet Engineering Task Force (IETF) ▪ The latest version: TLS1.3 Draft22 Brief Introduction of SSL/TLS
上海大字 SHANGH AI JIAO TONG INTVEANTY History and Development of SSL/TIS nl History c0-0 Nesco IETF TLS 1.2 SSL 2.0SSL 3.0TLS 1.0.1 TLS 1.2" refined 199419961999 2006200820112012 00c0 complete· minor changes MDS-SHA1→SHA256 redesign. no interoperation authenticated encryption with SSL3 e.g. AES in CCM mode can downgrade connections to rotectio ainst cBc-attacks SSL3 implicit I→ explicitⅳ MAC Message Authentication Code MD5 Message Digest Algorithm IETF Internet Engineering Task Force SHA Secure Hash Algorithm CBc Cipher Block Chaining AEs Advanced Encryption Standard Iv Initialization Vector CCM Counter with CBC-MAC Dan Luedtke <mail edant de>. Wed Apr IB, 2012.Universty of the Geman Federal /med Foree, Munich e stde 3
History and Development of SSL/TLS
上海大字 SHANGH AI JIAO TONG INTVEANTY Attacks methods Nmnl Privacy The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session Identification The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional but is generally required for at least one of the parties( typically the server)
▪ Privacy ▪ The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session. ▪ Identification ▪ The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server). Attacks & Methods