Encryption, SSL and CertificatesBY JOSHUA COX AND RACHAEL MEAD
Outline Cryptography
Encryption SSL
Overview Keys Statistics
Certificates Explanation of certificates MITM attacks with keys
Disadvantages
Encryption Type of Cryptography
The practice and study of techniques for secure communication in the presence of third parties.
The process of encoding messages so that only authorized parties can read it. Use of encryption keys to encrypt and decrypt the
message. Used in military communications in the past. Primarily
used for protecting computer data nowadays.
SSLWhat is SSL? SSL stands for Secure Sockets Layer and it is a standard security technology
for establishing an encrypted link between a server and a client First SSL Certificate was created in 1994 by Netscape Communications SSL Certificate issuers are called Certificate Authority or CA’s SSL allows sensitive information such as credit card numbers and social security
numbers to be transmitted securely Required by the Payment Card Industry (PCI) to have an SSL Certificate Main component of SSL Certificates are keys which are the Public and Private key
SSLKeys Public Key –Encryption Private Key –Decryption Session Key- Temporary key shared by
sever and browser
SSL Asymmetric encryption or public-key cryptography uses a separate key for
encryption and decryption Only the intended receiver can decrypt the message Asymmetric keys are typically 1024 or 2048 bits. 2048 bit contains 617 digits of encryption code. 14 Billion years to crack. Video
Asymmetric Encryption
SSL Symmetric encryption uses a single key to both encrypt and decrypt data. Both the sender and the receiver need the same key to communicate Symmetric key sizes are typically 128 or 256 bits—the larger the key size,
the harder the key is to crack
Symmetric Encryption
SSLSymmetric vs. Asymmetric Symmetric keys have a major disadvantage because the
same key is used for symmetric encryption and decryption. Asymmetric encryption doesn’t have this problem. As long as you keep your private key secret, no one can
decrypt your messages. Only the person with the private key can decrypt it, which
makes Asymmetric stronger.
SSLSSL Handshake/ Example Connection between Browser and Server is known as the
“SSL Handshake”. Class activity!
SSLStatistics 55.9% of websites do not use
SSL Certificate 11.3% use self signed
certificates Out of the 32.8% who use
SSL Certificate Authorities. 38.3% use Symantec
Owns Verisign, and Geotrust among others
Sources: w3techs.com, sslshopper
CertificatesCertificates and What They do? Electronic Credentials
Think of a passport or an ID
Help to prevent MITM attacks
Help preserve data integrity
CertificatesMan in the Middle Attacks Someone is intercepting
and modifying communications
Make new public keys and can eavesdrop on messages.
Capable of impersonating official websites
Suppose Alice is your grandmother and Bob is her banker. Then Mallory is intercepting their messages.
CertificatesHow to Solve MITM Attacks Certificates wrap the keys and other identifying
information, and encrypt them. Certificate is signed by a trusted Certificate
Authority. This is what allows you to host a secure website (https) Certificate Authorities range from 60$ a year to 500$ a
year Source: whichssl.com
Can make your own Certificate, is not trusted. Certificate Example: tldp.org
Disadvantages of SSL and Certificates
Certificate Authorities security can be breached Diginotar. In July 2011 a man was able to make a near perfect google
replica. Diginotar certificates are now banned from most browsers. Trustwave, an international Certificate Authority sold the trusted root
certificates to unknown client. There is reason to believe Trustwave is not the only CA to do this.
HeartBleed Bug heartbleed.com
There are Patented interception taps: patent Governments, and Vendors use interception taps.
Top Related