Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] 1...
-
Upload
brook-simpson -
Category
Documents
-
view
217 -
download
0
Transcript of Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. [email protected] 1...
![Page 2: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/2.jpg)
ITEC4614-NETE0519 2
Web Security Considerations SSL and TLS Secure Electronic Transaction (SET)
Roadmap
![Page 3: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/3.jpg)
ITEC4614-NETE0519 3
A Comparison of Threats on the Web
![Page 4: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/4.jpg)
ITEC4614-NETE0519 4
Relative Location of Security Facilities in the TCP/IP Protocol Stack
![Page 5: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/5.jpg)
ITEC4614-NETE0519 5
Web Security Considerations SSL and TLS
Secure Socket Layer Transport Layer Security
Secure Electronic Transaction (SET)
Roadmap
![Page 6: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/6.jpg)
ITEC4614-NETE0519 6
SSL (Secure Socket Layer)
transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS
(Transport Layer Security) uses TCP to provide a reliable end-to-end service SSL has two layers of protocols
![Page 7: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/7.jpg)
ITEC4614-NETE0519 7
SSL Architecture
![Page 8: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/8.jpg)
ITEC4614-NETE0519 8
SSL Session & Connection
Connection: a transport that provides a suitable type of service Peer-to-peer relationship Every connection is associated with one session
Session: an association between a client and a server created by handshake protocol Session defines a set of cryptographic parameters used among
multiple connections. One session may contain several connections
![Page 9: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/9.jpg)
ITEC4614-NETE0519 9
SSL Record Protocol Services
message integrity using a MAC with shared secret key similar to HMAC but with different padding
confidentiality using symmetric encryption with a shared secret key defined by
Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40,
RC4-128 message is compressed before encryption
![Page 10: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/10.jpg)
ITEC4614-NETE0519 10
SSL Record Protocol
Services provided: Confidentiality by encryption and Message integrity by MAC
![Page 11: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/11.jpg)
ITEC4614-NETE0519 11
SSL Record Format
![Page 12: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/12.jpg)
ITEC4614-NETE0519 12
Steps in SSL Record Protocol
1. Fragmentation data fragmented into blocks of 214 bytes (16384 bytes) or less
2. Compression (optional): Lossless compression function applied May increase message length by 1024 bytes No compression in SSLv3 and TLS (null)
![Page 13: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/13.jpg)
ITEC4614-NETE0519 13
Steps in SSL Record Protocol: 3. MAC
data
![Page 14: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/14.jpg)
ITEC4614-NETE0519 14
Steps in SSL Record Protocol (cont.)
4. Encryption May increase the length by 1024 bytes so the total length must
not exceed 214+2048 bytes
1024 bytes from encryption +1024 bytes from compression
![Page 15: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/15.jpg)
ITEC4614-NETE0519 15
Steps in SSL Record Protocol (cont.)
For stream encryption: message + MAC are encrypted For block encryption: padding and its length (1 byte) may
be attached after MAC so that the size of the message is a multiple of cipher’s clock length E.g. data = 58 bytes, MAC = 20 bytes (SHA-1), MAC length = 1
byteeach block length is 8 bytes (64 bits using DES)so pad length must be 1 byte so that 58+20+1+1 = 80 bytes (divisible by 8)
![Page 16: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/16.jpg)
ITEC4614-NETE0519 16
Steps in SSL Record Protocol (cont.)
5. Append header Content Type (8 bits)
Higher layer protocol used to process enclosed fragment Types: change_cipher_spec, alert, handshake, application_data
Major Version (8 bits) For SSLv3.0, the value is 3
Minor Version (8 bits) For SSLv3.0, the value is 0
Compressed Length (16 bits) Length of final message (max. 214+2048 bytes)
![Page 17: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/17.jpg)
ITEC4614-NETE0519 17
SSL Protocols above Record Protocol
Change Cipher Spec Protocol Alert Protocol Handshake Protocol
Seen as applications of SSL Record protocol, these protocols are compressed and encrypted using SSL Record protocol
![Page 18: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/18.jpg)
ITEC4614-NETE0519 18
SSL Record Protocol Payload
≥
≥
![Page 19: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/19.jpg)
ITEC4614-NETE0519 19
Change Cipher Spec Protocol
One of 3 SSL specific protocols which use the SSL Record protocol Simplest among SSL protocols To cause the pending state to be copied into the current state, which
updates the cipher suite to be used on this connection Basically, it tells the Record protocol to use the new set of
encryption parameters specified in phase 1 of Handshake protocol
![Page 20: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/20.jpg)
ITEC4614-NETE0519 20
Alert Protocol
Used to convey SSL-related alerts to peer entity Compressed & encrypted like all SSL data Message consists of 2 bytes
1st byte contains warning (1) or fatal (2) If 2, SSL immediately terminates connection, and no new connection
may be established. Then client must establish a new session. 2nd byte contains a code indicating specific alert
![Page 21: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/21.jpg)
ITEC4614-NETE0519 21
Alert Protocol (cont’d)
Alerts that are always fatal unexpected_message: impropriate message received bad_record_mac: incorrect MAC received decompression_failure: the function received improper
input handshake_failure: sender is unable to negotiate an
acceptable set of security parameter illegal_parameter: a field in handshake message is
inconsistent with other fields
![Page 22: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/22.jpg)
ITEC4614-NETE0519 22
Handshake Protocol
Allows server and client to authenticate each other Also to negotiate encryption and MAC keys used to protect
data sent in SSL Each Handshake protocol message contains 3 fields
Type (1 byte): indicates one of 10 messages Length (3 bytes): message length in bytes Content (≥ 1 byte): Type-related parameters
![Page 23: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/23.jpg)
ITEC4614-NETE0519 23
SSL Handshake Protocol Msg Types
![Page 24: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/24.jpg)
ITEC4614-NETE0519 24
Handshake Protocol Action
Change Cipher Spec protocol message
![Page 25: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/25.jpg)
ITEC4614-NETE0519 25
Phase1: Establish Security Capabilities
To initiate logical connection and to establish security capabilities associated with it
client_hello contains Version: SSL version Random: 32-bit timestamp and 28 bytes random number
generated by a secure random generator. Served as nonce during key exchange
Session ID: Non-zero value client wants to update connection parameters or
create a new connection on current session Zero value client wants to create a new connection on a new session
![Page 26: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/26.jpg)
ITEC4614-NETE0519 26
Phase1: Establish Security Capabilities (cont.)
Ciphersuite Contains a list of key exchange algorithms supported by the
client (for the server to select one of these) and a CipherSpec (definition of key exchange method)
Compression Method List of compression method supported by client
![Page 27: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/27.jpg)
ITEC4614-NETE0519 27
Phase1: Establish Security Capabilities (cont.)
server_hello contains Version
Same as that in client_hello Random:
generated by server, independent of client’s Random Session ID
If client’s Session ID is non-zero, Server’s is also contains the same value If zero, server’s Session ID contains the new value for a new session
CipherSuite: a single cipher suite selected by server from those proposed by client
Compression Method: the selected method from those proposed by client
![Page 28: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/28.jpg)
ITEC4614-NETE0519 28
CipherSuite
CipherSuite contains key exchange methods and CipherSpec Key exchange methods:
RSA (secret key is encrypted with RSA public key) Fixed DH (fixed public keys), Ephermeral DH (use one-time public key signed by sender), Anonymous DH (no verification of public-key sender) Fortezza scheme
CipherSpec: includes the following: CipherAlgorithm: encryption algo MACAlgorithm: MD5 or SHA-1 CipherType: Stream or Block HashSize: 0, 16 (MD5) or 20 (SHA-1) bytes Key Material: a data used to generating the write keys IV Size: size of IV for CBC encryption
![Page 29: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/29.jpg)
ITEC4614-NETE0519 29
Phase2: Server Authentication and Key Exchange
Server sends its certificate if needed. certificate msg is required except in anonymous DH server_key_exchange (to exchange DH keys) is sent if
required except two instances: Server has sent a certificate with fixed DH parameters (already sent in certificate message)
RSA key exchange is to be used (no DH parameters used) The parameters in server_key_exchange is used to
generate a pre-master secret using DH key exchange. The pre-master secret will be later used to create a master secret.
![Page 30: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/30.jpg)
ITEC4614-NETE0519 30
Phase2: Server Authentication and Key Exchange (cont.)
Server can request a cert from client. certificate_request includes:
Certificate_type: indicates public-key algo used Certificate_authorities: list of acceptable CAs
server_done Indicate the end of server hello. Server then waits for a client
response
![Page 31: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/31.jpg)
ITEC4614-NETE0519 31
Phase3: Client Authentication and Key Exchange
Client verifies server’s cert and checks if server_hello parameters are acceptable
If server requests for client’s cert, client sends certificate. If client doesn’t have a cert, client sends no_certificate alert instead
client_key_exchange contains (DH) key exchange parameters used to generate a pre-master secret and then later a master secret
Client may send certificate_verify to provide explicit verification of a client cert.
CertificateVerify.signature.md5_hashMD5(master_secret||pad_2||MD5(handshake_messages|| master_Secret||
pad_1))Certificate.signature.sha_hash
SHA(master_secret||pad_2||SHA(handshake_messages|| master_secret||pad_1))
All handshake msgs sent or received since client_hello except this msg
![Page 32: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/32.jpg)
ITEC4614-NETE0519 32
Phase4: Finish
Client sends change_cipher_spec and copies the pending CipherSpec into current CipherSpec (change cipher spec protocol message is sent)
Client also sends finished under new algos, keys, and secrets. finished verifies that key exchange and authentication were
successful. finished contains two values:
MD5(master_secret||pad2||MD5(handshake_messages|| Sender||master_secret||pad1))
SHA(master_secret||pad2||SHA(handshake_messages|| Sender||master_secret||pad1))
Server sends its own change_cipher_spec and finished to complete Handshake protocol
All handshake msgs sent or received since client_hello except this msg
![Page 33: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/33.jpg)
ITEC4614-NETE0519 33
Master Secret Creation
The shared 48-byte pre-master secret is one-time generated for this session for secure key exchange Exchange pre_master_secret Calculate master_secret
Exchange pre_master_secret RSA: client encrypts pre_master_secret with server’s RSA public
key and sends it to server DH: client and server generates DH public key and create
pre_master_secret
![Page 34: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/34.jpg)
ITEC4614-NETE0519 34
Create master_secret
master_secret = MD5(pre_master_secret||SHA(‘A’||pre_master_secret|| ClientHello.random||ServerHello.random))||MD5(pre_master_secret||SHA(‘BB’||pre_master_secret|| ClientHello.random||ServerHello.random))||MD5(pre_master_secret||SHA(‘CCC’||pre_master_secret|| ClientHello.random||ServerHello.random))
Until 48 bytes of secret are produced
Master Secret Creation (cont.)
![Page 35: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/35.jpg)
ITEC4614-NETE0519 35
Generation of Cryptographic Parameters
CipherSpecs require the following parameters Client write MAC secret Server write MAC secret Client write key Server write key Client write IV Server write IV
These values are generated from the master secret Such values will be later used for SSL Record protocol
![Page 36: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/36.jpg)
ITEC4614-NETE0519 36
Generation of Cryptographic Parameters (cont.)
Key_block = MD5(master_secret||SHA(‘A’||master_secret|| ServerHello.random||ClientHello.random))||
MD5(master_secret||SHA(‘BB’||master_secret|| ServerHello.random||ClientHello.random))||
MD5(master_secret||SHA(‘CCC’||master_secret|| ServerHello.random||ClientHello.random))||…
Until enough output has been generated.
![Page 37: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/37.jpg)
ITEC4614-NETE0519 37
Web Security Considerations SSL and TLS
Secure Socket Layer Transport Layer Security
Secure Electronic Transaction (SET)
Roadmap
![Page 38: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/38.jpg)
ITEC4614-NETE0519 38
Difference btw SSL and TLS
Version TLS Record protocol is the same as SSL Record protocol In TLS, major version is 3 and minor version is 1
Message Authentication Code Alert Codes:
TLS supports all SSLv3 alerts and provides additional alerts CipherSuites
Key Exchange: TLS supports all SSLv3 key exchange except Fortezza
Encryption algos: TLS supports all SSLv3 encryption except Fortezza
![Page 39: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/39.jpg)
ITEC4614-NETE0519 39
Web Security Considerations SSL and TLS Secure Electronic Transaction (SET)
Roadmap
![Page 40: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/40.jpg)
ITEC4614-NETE0519 40
Secure Electronic Transaction
![Page 41: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/41.jpg)
ITEC4614-NETE0519 41
Services Provided by SET
Secure communications channel among involved parties Trust by using X.509 certs Party privacy: parties will receive only the information that
they are intended to receive
![Page 42: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/42.jpg)
ITEC4614-NETE0519 42
SET Requirements
Provide confidentiality of payment and ordering information Ensure the integrity of all transmitted data Provide authentication that a cardholder is a legitimate user of a
credit card account Provide authentication that a merchant can accept credit card
transactions through its relationship with a financial institution Ensure the use of the best security practices and system design
techniques to protect all legitimate parties in an e-commerce transactions
Create a protocol that neither depends on transport security mechanisms nor prevents their use
![Page 43: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/43.jpg)
ITEC4614-NETE0519 43
Secure Electronic Transaction
12
34, 6
5, 10, 11
79
8
12
![Page 44: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/44.jpg)
ITEC4614-NETE0519 44
SET Transaction Overview
1. Client opens an account2. Client receives a certificate3. Merchants have their own certs4. The client places an order (C M)5. The merchant is verified (M C)6. The order and payment are sent (C M)7. The merchant requests payment authorization (M PG)8. Payment is approved (PG I, I A, I,A PG)9. The merchant receives authorization response (PG M)10. The merchant confirms the order (M C)11. The merchant provides goods or service (M C)12. The merchant requests payment (M A)
![Page 45: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/45.jpg)
ITEC4614-NETE0519 45
Dual Signature
In SET, two messages for two intended recipients are sent in one message Order Information (OI) from client to merchant -> not revealed to the bank Payment Information (PI) from client to the bank -> not revealed to the
merchant DS = EKRc[H(H(PI)||H(OI))] DS provides link btw OI and PI for the client
If merchant receives DS, H(PI), merchant can prove that client has sent purchase request (because merchant has OI).
If bank receives DS, H(OI), the bank can prove that client has request it to deduct money from client’s account (because the bank has PI).
![Page 46: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/46.jpg)
Dual Signature (cont.)
C M: EKRc[H(H(PI)||H(OI))], h(PI)
Merchant decrypts EKRc[H(H(PI)||H(OI))]Merchant knows OI, create h(OI)Merchant creates H(H(PI)||H(OI)) and compares with the received H(H(PI)||H(OI))
ITEC4614-NETE0519 46
![Page 47: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/47.jpg)
Dual Signature (cont.)
M PG: EKRc[H(H(PI)||H(OI))], h(OI)
PG decrypts EKRc[H(H(PI)||H(OI))]PG knows PI, create h(PI)PG creates H(H(PI)||H(OI)) and compares with the received H(H(PI)||H(OI))
ITEC4614-NETE0519 47
![Page 48: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/48.jpg)
ITEC4614-NETE0519 48
Dual Signature (cont.)
![Page 49: Lecture 06 SSL, TLS, and SET Asst.Prof.Supakorn Kungpisdan, Ph.D. supakorn@mut.ac.th 1 ITEC4614-NETE0519.](https://reader036.fdocuments.in/reader036/viewer/2022070412/5697bf8d1a28abf838c8c1a9/html5/thumbnails/49.jpg)
ITEC4614-NETE0519 49
Questions?