Professional Documents
Culture Documents
SSL architecture
TCP
IP
SSL components SSL Handshake Protocol SSL Record Protocol SSL Alert Protocol SSL Change Cipher Spec Protocol
fragmentation
compression
MAC
MAC
MAC
SSL record header: Fields content type, major and minor version, compressed length
Type(1 byte): one of the 10 messages used in handshake Length( 3 bytes) length of the message in bytes Content : parameters that are passed in the message: eg: client_hello ( version, session ID, cipher suite, compression method)
10
11
server
Phase 1:ESTABLISH SECURITY CAPABILITIES Negotiation of the session ID, key exchange algorithm, MAC algorithm, encryption algorithm, and exchange of initial random numbers,version
Phase 3: CLIENT AUTHENTICATION AND KEY XCHANGE Client sends certificate if requested and may send an explicit certificate verification message. Client always sends its key exchange message.
12
anonymous Diffie-Hellman
both the server and the client generate one-time DH parameters they send their parameters to the peer without authentication
Fortezza
Fortezza proprietary key exchange scheme
13
MAC
TLS uses HMAC the MAC covers the version field of the record header too The padding bytes are XORed with secret key rather than concatenating.
14
SET
15
SET
Secure Electronic Transaction
Provides services like Confidentiality: all messages encrypted Trust: all parties must have digital certificates Privacy: information made available only when and where necessary
16
Components of SET
17
SET Transactions
18
customer
Merchant
Payment gateway
Initiate request
Capture response
19
Dual Signature
20
DS Verification by Merchant
21
Payment Processing
Purchase Request Payment Authorization Payment Capture
22
Purchase Request Browsing, Selecting, and Ordering is Done Purchasing Involves 4 Messages: Initiate Request Initiate Response Purchase Request Purchase Response
23
24
25
26
Purchase Request
27
28
Payment Authorization
The merchant sends an authorization request message to the payment gateway consisting of the following: Purchase-related information PI Dual signature calculated over the PI & OI and signed with customers private key. The OI message digest (OIMD) The digital envelop Authorization-related information Certificates
30
Certificates
Cardholders signature key certificate Merchants signature key certificate Merchants key exchange certificate
31
32
PIMD
KUc
D Ks D POMD Compare
PRb
Accept/ reject
33
Authorization Response
Authorization Response Message
Authorization-related Information Capture Token Information Certificate
34