![Page 1: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/1.jpg)
Security
CNS 4650Fall 2004
Rev. 2
SSL, SASL, PKI
![Page 2: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/2.jpg)
Encryption
• Symmetric• Shared-secret• Password• Most common form of general
cryptography
• Asymmetric• Public/Private Key
![Page 3: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/3.jpg)
Symmetric
• User supplied password• Examples
• DES• AES• MD5• Crypt
• Cleartext password goes in and comes out as a hash
![Page 4: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/4.jpg)
Symmetric Example: MD5
%openssl passwd -1 -salt "test" -stdinpassword$1$test$28Tmd0tsvqI1Eq.TDxcaq/
Password: password
Resulting hash: 28Tmd0tsvqI1Eq.TDxcaq/
![Page 5: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/5.jpg)
Assymmetric
• Public key is derived from Private key
• Data encrypted with Public key can only be decrypted with Private and vice vesa
• Example• RSA• ElGamiel
![Page 6: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/6.jpg)
Assymetric Example: x509 certificate
%openssl x509 -inform DER -text -in root.der
Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=Utah, L=Orem, O=Apple, OU=Edu, CN=dsinema root CA/[email protected] Validity Not Before: Jun 14 18:19:48 2004 GMT Not After : Jul 14 18:19:48 2004 GMT Subject: C=US, ST=Utah, L=Orem, O=Apple, OU=Edu, CN=dsinema root CA/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ce:eb:78:66:c8:cf:a2:ab:39:9c:35:2b:3f:2e: 4e:bb:c8:cd:e3:3f:c2:67:5e:81:07:d6:ea:1d:75: 79:37:8f:e6:d8:92:e5:c2:15:d4:34:10:81:7b:d3: 24:18:ae:59:b3:52:8f:27:d9:9b:5b:fd:6d:9a:f1: e9:f5:c9:0d:6c:e4:60:35:ce:07:e4:02:c8:4a:92: 0b:bb:1c:d6:4f:f8:88:fa:d1:63:7b:da:49:80:90: b9:a4:19:ee:02:32:0b:c2:ad:45:30:49:2e:b1:1c:
![Page 7: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/7.jpg)
Basics of SSL
• Client sends handshake to the server
• Server replies with a certificate
• Key exchange and negotiation
• Data transfer
• Optionally• Client can be required to provide certificate
![Page 8: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/8.jpg)
SSL
![Page 9: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/9.jpg)
SASL
• Simple Authentication and Security Layer
• RFC 2222
• Plug-able authentication scheme
• Client/Server negotiate auth mechanism
• Can also negotiate a security layer• Such as SSL/TLS
![Page 10: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/10.jpg)
SASL cont.
• Defines • Kerberos v4• GSSAPI (Kerberos 5)• S/Key• External
![Page 11: Security CNS 4650 Fall 2004 Rev. 2 SSL, SASL, PKI](https://reader036.vdocuments.site/reader036/viewer/2022082712/56649f355503460f94c532f1/html5/thumbnails/11.jpg)
PKI
• A world wide “authentication” model• SSL/TLS uses PKI• Trusted third party authenticates the server and
issues certificates for the server• Third party can:
• Set expiration dates on certificate• Revoke certificates
• Certificates Authorities• Thwate• RSA